Khaled El Emam, PhD
Department of Pediatrics, University of Ottawa
Children’s Hospital of Eastern Ontario Research Institute
Topic
Assessing and Reducing Risk of Re-identification When Sharing Sensitive Research Datasets
Keywords
Clinical trials; Research ethics; Data security; Data sharing; Sensitive research data; De-identified data
Key Points
The cycle of risk de-identification involves setting a risk threshold, measuring the risk, evaluating the risk, and applying transformations to reduce the risk.
The Safe Harbor method of de-identification (removal of 18 categories of data) is a legal minimum standard that does not take context into account, and may not be sufficient when sharing sensitive data publicly.
A higher standard for de-identification is the “Expert Determination” method, whereby an expert with contextual knowledge of the broader data ecosystem can determine whether the risk is “not greater than very small.”
With increasing concern about the risks of sensitive data sharing, it is important to be transparent with data participants and continue to build trust for data uses.
Discussion Themes
When is a dataset safe for sharing? What is the risk of re-identification, and how can we reduce the risk? Consider who you are releasing the data to and what other kinds of data might they have access to that could potentially lead to re-identification.
For more information on the de-identification of protected health information, visit the U.S. Department of Health and Human Services’s Guidance Regarding Methods for De-identification of Protected Health Information in Accordance with the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule.
The Health Information Trust Alliance de-identification framework identifies 12 criteria for a successful de-identification program and methodology.
As part of an article published in Annals of Internal Medicine, Dr. Greg Simon created a short video in which he describes concerns related to data sharing and embedded research, as well as potential solutions for those concerns. We recently added this video to the Living Textbook chapter on Data Sharing and Embedded Research. In the chapter, the authors expand on the ideas presented in the Annals article and fame them using lessons learned from the NIH Collaboratory Trials. Data collected as part of research embedded in a health system comes from a fundamentally different context than stand-alone explanatory trials. When they are taken out of context or used for comparisons, they have the potential to do harm—something that can potentially discourage health systems from volunteering to participate in embedded research. The authors suggest that data sharing plans for embedded research be developed in partnership with health system leaders in ways that maximize the amount of data that can be shared while protecting patient privacy and healthcare system interests.
“Ultimately, it’s a practical question: if we want healthcare providers and healthcare systems to participate in research, we shouldn’t expect them to bear extra risk. In an ideal world, all information about the quality of health care and healthcare outcomes across the country would be completely open to everyone, but we don’t live in that world now. So if we are asking healthcare providers and healthcare systems to open up and be more transparent by participating in research, we certainly would not want to punish those who volunteer.” — Simon et al. in video for Ann Intern Med
In an article published in Annals of Internal Medicine, authors from the NIH Collaboratory describe concerns and solutions regarding data sharing and embedded research. Pragmatic research embedded in health systems uses data from the electronic health record and comes from a fundamentally different context than explanatory trials, which collect research-specific data. Data from embedded research have the potential to do harm if taken out of context or used for comparisons. Therefore, while the authors enthusiastically support data sharing, they also recognize that mandating data sharing may discourage health systems from volunteering to participate in embedded research.
“In an ideal world of transparency regarding healthcare processes and outcomes, health systems would have no expectation of or need for privacy regarding quality of health care delivery. But the current world is not perfect, and unintentional disclosures from participation in embedded research could be far greater than that required for public quality measures. Health systems volunteering to participate in research to improve public health may not be willing to bear the additional risk of misuse of sensitive information.” — Simon et al. Ann Intern Med
The authors use examples from the NIH Collaboratory Trials to illustrate potential solutions, and emphasize that data sharing plans for embedded research should be developed in partnership with health system leaders in ways that maximize the amount of data that can be shared while protecting patient privacy and healthcare system interests.
Meredith Nahm Zozus and colleagues from the NIH Collaboratory’s Phenotypes, Data Standards, and Data Quality Core (now the Electronic Health Records Core) have published a new Living Textbook chapter about key considerations for secondary use of electronic health record (EHR) data for clinical research.
In contrast to traditional randomized controlled clinical trials where data are prospectively collected, many pragmatic clinical trials use data that were primarily collected for clinical purposes and are secondarily used for research. The chapter describes the steps a prospective researcher will take to acquire and use EHR data:
Gain permission to use the data. When a prospective researcher wishes to use data, a data use agreement (DUA) is usually required that describes the purpose of the research and the proposed use of the data. This section also describes use of de-identified data and limited data sets.
Understand fundamental differences in context. Data collected in routine care settings reflect standard procedures at an individual’s healthcare facility, and are not collected in a standard, structured manner.
Assess the availability of health record data. Few assumptions can be made about what is available from an organization’s healthcare records; up-front, detailed discussions about data element collection over time at each facility is required.
Understand the available data. A secondary data user must understand both the data meaning and the data quality; both can vary greatly across organizations and affect a study’s ability to support research conclusions.
Identify populations and outcomes of interest. Because healthcare facilities are obligated to provide only the minimum necessary data to answer a research question, investigators must identify the needed patients and data elements with specificity and sensitivity to answer the research question given the available data.
Consider record linkage. Studies using data from multiple records and sources will require matching data to ensure they refer to the correct patient.
Manage the data. The investigator is responsible for receiving, managing, and processing data and must demonstrate that the data are reproducible and support research conclusions.
Archive and share the data after the study. Data may be archived and shared to ensure reproducibility, enable auditing for quality assurance and regulatory compliance, or to answer other questions about the research.
A new study examining public attitudes about the sharing of personal medical data through health information exchanges and distributed research networks finds a mixture of receptiveness and concerns about privacy and security. The study, conducted by researchers from the University of California, Davis and University of California, San Diego and published online in the Journal of the American Medical Informatics Association (JAMIA), reports results from a telephone survey of 800 California residents. Participants were asked for their opinions about the importance of sharing personal health data for research purposes and their feelings about related issues of security and privacy, as well as the importance of notification and permission for such sharing.
The authors found that a majority of respondents felt that sharing health data would “greatly improve” the quality of medical care and research. Further, many either somewhat or strongly agreed that the potential benefits of sharing data for research and care improvement outweighed privacy considerations (50.8%) or the right to control the use of their personal information (69.8%), although study participants also indicated that transparency regarding the purpose of any data sharing and controlling access to data remained important considerations.
However, the study’s investigators also found evidence of widespread concern over privacy and security issues, with substantial proportions of respondents reporting a belief that data sharing would have negative effects on the security (42.5%) and privacy (40.3%) of their health data. The study also explored attitudes about the need to obtain permission for sharing health data, as well as whether attitudes toward sharing data differed according to the purpose (e.g., for research vs. care) and the groups or individuals among which the data were being shared.
The authors note that while data-sharing networks are increasingly viewed as a crucial tool for enabling research and improving care on a national scale, they ultimately rely upon trust and acceptance from patients. As such, the long-term success of efforts aimed at building effective data-sharing networks may depend on accurately understanding the views of patients and accommodating their concerns.
Read the full article here:
Kim KK, Joseph JG, Ohno-Machado L. Comparison of consumers' views on electronic data sharing for healthcare and research. J Am Med Inform Assoc. 2015 Mar 30. pii: ocv014. doi: 10.1093/jamia/ocv014. [Epub ahead of print]
A series aired on American Public Media’s Marketplace program profiled real-world examples of using healthcare data to improve care and reduce costs in Camden, NJ.
The first segment follows Dr. Jeffrey Brenner, a MacArthur award–winning family physician who is conducting a randomized controlled trial of a care program targeted at healthcare “superutilizers”—patients with chronic conditions who accumulate high numbers of hospital visits and associated costs. The second story highlights how hospitals in Camden have created a health information exchange to share data for their Medicaid patients, with the goal of providing better care and preventing waste associated with duplicate tests. Interviewees explain that despite the potential benefits, hospitals have traditionally been reluctant to share data, but this position may be changed by incentives. The final program demonstrates that data can only go so far, sometimes revealing challenges that are not easily addressed.
“Diagnosis: Data” was produced in collaboration with Healthy States as part of reporting work examining changes in healthcare in the wake of the Affordable Care Act.
