Mitigating Risks of Inappropriate Patient Data Sharing and Use

Mitigating Risks of Inappropriate Patient Data Sharing and Use

To reduce risks of misusing personal health data, healthcare institutions should follow de-identification and anonymization strategies to remove sensitive personally identifiable information (PII) from individual-level and population-level data or otherwise make it difficult to identify the source of the data. Technical approaches for healthcare institutions can include:

  • Providing Anonymized Identifiers: These identifiers allow researchers to connect disparate datasets while preserving the privacy of individuals.
  • Removing Non-Critical Information: Researchers can remove key variables such as ZIP code digits, social security numbers, account information, and other identifying information.
  • Leveraging Synthetic Data: Synthetic data is produced by “a complex statistical model that generates a simulated population that has the same general features as the original data.”
  • Applying Differential Privacy: Differential privacy places constraints on algorithms that rely on inputs from a database of information. This masks the personal information so an external user cannot determine if an individual’s information was used in the computation process.
  • Building Generalized Statistical Approaches: Statistical approaches often include adding “noise” to the data to obscure specific variables such as age range or location.
  • Adopting Institutional Differential Access: The institutional differential access assumes that PHI can be made accessible to institutions under controlled conditions when release to the public is not appropriate or could negatively impact a patient’s privacy. It grants access to datasets only under specific circumstances, to specific organizations and individuals (such as medical researchers), and for specific purposes. Approaches to differential access can include a federated data cloud model that grants trusted users credentials to access the data, and multiple levels of access for different types of users. Differential access may also include different options for data download in machine readable formats.
  • Providing Patient-Based Differential Access: This access enables individuals to grant access to their personal data for the benefits of public research. Patients may opt-in and provide consent to use their personal data for a specific purpose such as studying a rare disease or identifying genetic trends. Researchers are allowed to access this data based on the parameters of the patient’s original consent.