National effort urged to overhaul 'broken' health data system

health data
Credit: CC0 Public Domain

Our system for protecting health data in the United States is fundamentally broken and we need a national effort to rethink how we safeguard this information, say three experts in data privacy.

In a perspective article in the April 18, 2019, issue of the New England Journal of Medicine, the experts call for an effort similar to what led to the Belmont Report in 1979, which laid the foundation for bioethics standards in the United States to protect human participants in research.

"Data scandals are occurring on a regular basis, with no end in sight," said Efthimios Parasidis, a co-author of the NEJM article and a professor at the Ohio State University's Moritz College of Law and College of Public Health.

"Data privacy laws for information don't go far enough to protect individuals. We must rethink the underlying collection and use of to help frame amendments to the law."

Parasidis wrote the article with Elizabeth Pike, Director of Privacy Policy in the Office of the Chief Information Officer at the U.S. Department of Health and Human Services; and Deven McGraw, chief regulatory office at Citizen, a company that helps people collect, organize and share their medical records digitally. Previously, McGraw was Deputy Director for Health Information Privacy at the Office of Civil Rights in the U.S. Department for Health and Human Services, and Acting Chief Privacy Officer at the Office of the National Coordinator for Health Information Technology.

Parasidis said a process analogous to the Belmont Report would be a good blueprint to follow today.

The National Commission for the Protection of Human Subjects of Biomedical and Behavioral Research produced the 1979 report, which resulted in Congress passing laws to protect people who participated in medical research.

"Indignities in human subjects research compelled the government to create a commission to propose ethical guidance for new laws. We are experiencing a rerun of what was happening then, with the scandals involving use of health data now rather than the use of human subjects," Parasidis said. "We need an equivalent response."

Currently, the Health Insurance Portability and Accountability Act (HIPAA) is the main law protecting the data of patients. But it doesn't apply to many of the new companies and products that regularly store and handle customer health information, including social-media platforms, health and wellness apps, smartphones, credit card companies and other devices and companies.

"All of this data held by digital health companies raises a lot of ethical concerns about how it is being used," Parasidis said.

For example, some life insurers are offering contracts that have policyholders wear products that continuously monitor their health, and the information can be used to increase a customer's premiums.

Most regulations require only that consumers be notified about how their information is used and give their consent.

"That system doesn't work. Very few people read the notice and most people just click agree without knowing what they're agreeing to," he said.

So how can health data privacy be fixed?

One idea would be to establish data ethics review boards, which would review projects in which health data are collected, analyzed, shared or sold, according to the authors of the NEJM article.

Parasidis said such boards could function as safeguards required in both public and private settings, from university medical centers to private life insurance companies.

These boards could consider the benefits and risks of the proposed data use and consider policies governing data access, privacy and security. Members could include project developers, data analysts and ethicists, as well as people whose data would be collected.

"Right now, everything is about compliance. Companies and institutions check the boxes, fill out the forms and don't really think about whether they're doing the right thing," Parasidis said.

"Deliberations about use of health data should take the ethical obligations to individuals and society into account. The law should mandate that this occurs."


Explore further

Data sharing by popular health apps is routine and far from transparent, warn experts

Journal information: New England Journal of Medicine

Citation: National effort urged to overhaul 'broken' health data system (2019, April 17) retrieved 19 September 2019 from https://medicalxpress.com/news/2019-04-national-effort-urged-overhaul-broken.html
This document is subject to copyright. Apart from any fair dealing for the purpose of private study or research, no part may be reproduced without the written permission. The content is provided for information purposes only.
6 shares

Feedback to editors

User comments

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more