Mitigating Risks of Inappropriate Patient Data Sharing and Use

Mitigating Risks of Inappropriate Patient Data Sharing and Use

Mitigating risks of inappropriate patient data sharing and use is key to a healthy health data sharing ecosystem. To reduce risks of misusing personal health data, healthcare institutions should follow de-identification and anonymization strategies. These can remove sensitive personally identifiable information (PII) from individual-level and population-level data or otherwise make it difficult to identify the source of the data. Technical approaches for healthcare institutions can include:

  • Providing Anonymized Identifiers: These identifiers allow researchers to connect disparate datasets while preserving the privacy of individuals.
  • Removing Non-Critical Information: Researchers can remove key variables like ZIP code digits, social security numbers, or account information.
  • Leveraging Synthetic Data: Synthetic data is produced by “a complex statistical model that generates a simulated population that has the same general features as the original data.”
  • Applying Differential Privacy: Differential privacy places constraints on algorithms that rely on inputs from a database of information. Differential privacy masks personal information, making it hard for external users to determine the computation process used an individual’s information.
  • Building Generalized Statistical Approaches: Statistical approaches often include adding “noise” to the data to obscure specific variables such as age range or location.
  • Adopting Institutional Differential Access: The institutional differential access assumes that PHI can be made accessible to institutions under controlled conditions when release to the public is not appropriate or could negatively impact a patient’s privacy. It grants access to datasets only under specific circumstances, to specific organizations and individuals, and for specific purposes. Approaches to differential access can include a federated data cloud model. A federated data cloud model grants trusted users credentials to access the data. It also provides multiple levels of access for different types of users. Differential access may also include different options for data download in machine readable formats.
  • Providing Patient-Based Differential Access: This access enables individuals to grant access to their personal data for the benefits of public research. Patients may opt-in and provide consent to use their personal data for a specific purpose. This could include studying a rare disease or identifying genetic trends. Researchers are allowed to access this data based on the parameters of the patient’s original consent.