the case for de identification
play

The Case for De-identification Khaled El Emam uOttawa & CHEO RI - PDF document

The Case for De-identification Khaled El Emam uOttawa & CHEO RI Electronic Health Information Laboratory, CHEO Research Institute, 401 Smyth Road, Ottawa K1H 8L1, Ontario; www.ehealthinformation.ca 1 Section 1 Electronic Health Information


  1. The Case for De-identification Khaled El Emam uOttawa & CHEO RI Electronic Health Information Laboratory, CHEO Research Institute, 401 Smyth Road, Ottawa K1H 8L1, Ontario; www.ehealthinformation.ca 1

  2. Section 1 Electronic Health Information Laboratory, CHEO Research Institute, 401 Smyth Road, Ottawa K1H 8L1, Ontario; www.ehealthinformation.ca Benefits of Sharing Data • Many benefits to sharing data (as an M b fit t h i d t ( example for research data): – Confirm published results – Availability of data for meta-analyses – Feedback to improve data quality – Cost savings from not collecting the data Cost savings from not collecting the data again – Minimize need for participants to provide data repeatedly – Data for instruction and education Electronic Health Information Laboratory, CHEO Research Institute, 401 Smyth Road, Ottawa K1H 8L1, Ontario; www.ehealthinformation.ca 2

  3. I ncreased Demand for Health Data • More data needed for research purposes - M d t d d f h some in the health research community have phrased the stakes as: “It’s a matter of life and death” • Public health needs more data to detect and manage disease outbreaks • With better data we can find efficiencies in the healthcare system • Advertising and marketing efforts can be more targeted if detailed consumer/ patient information is available Electronic Health Information Laboratory, CHEO Research Institute, 401 Smyth Road, Ottawa K1H 8L1, Ontario; www.ehealthinformation.ca Case for De-identification • We make the case that de- W k th th t d identification is the main reasonable approach for many instances of sharing health information for secondary purposes under the legal framework that exists today that exists today Electronic Health Information Laboratory, CHEO Research Institute, 401 Smyth Road, Ottawa K1H 8L1, Ontario; www.ehealthinformation.ca 3

  4. Summary of Case • Better risk management for internal uses B tt i k t f i t l • Custodians reluctant to share data even when permitted • Current consent models have disadvantages – de-id the alternative • Breach notification not required if data is de-identified • Unexpected uses and disclosures – avoid surprises and retain value in data if it is de-identified • Privacy protective behaviors by the public and erosion of trust • Alternative access methods have important disadvantages Electronic Health Information Laboratory, CHEO Research Institute, 401 Smyth Road, Ottawa K1H 8L1, Ontario; www.ehealthinformation.ca Limiting Principles • Do not collect, use, or disclose PHI if other D t ll t di l PHI if th information will serve the purpose • For example, even if it is easier to disclose a whole record, that should not be done if lesser information will reasonably satisfy the purpose • De-identification would be one element in limiting the amount of PHI that is collected/ used/ disclosed • Same as “minimal necessary” criterion in the US Electronic Health Information Laboratory, CHEO Research Institute, 401 Smyth Road, Ottawa K1H 8L1, Ontario; www.ehealthinformation.ca 4

  5. Section 2 Electronic Health Information Laboratory, CHEO Research Institute, 401 Smyth Road, Ottawa K1H 8L1, Ontario; www.ehealthinformation.ca Secondary Use/ Disclosure disclosure collection recipient individuals custodian agent custodian use disclosure Electronic Health Information Laboratory, CHEO Research Institute, 401 Smyth Road, Ottawa K1H 8L1, Ontario; www.ehealthinformation.ca 5

  6. Data Flows • Mandatory disclosures M d t di l • Uses by an agent for secondary purposes • Permitted discretionary disclosures for secondary purposes (e.g., public health and research) d h) • Other disclosures for secondary purposes (e.g., marketing) Electronic Health Information Laboratory, CHEO Research Institute, 401 Smyth Road, Ottawa K1H 8L1, Ontario; www.ehealthinformation.ca Section 3 Electronic Health Information Laboratory, CHEO Research Institute, 401 Smyth Road, Ottawa K1H 8L1, Ontario; www.ehealthinformation.ca 6

  7. Uses by Agents • Data breaches by insiders are relatively D t b h b i id l ti l common (between a quarter and half): – Malicious: financial gain, revenge, dismissal – Accidental: loss of equipment, inadvertent disclosure • Applies to sub-contractors as well • De-identification of internally used data D id tifi ti f i t ll d d t protects against these internal breaches Electronic Health Information Laboratory, CHEO Research Institute, 401 Smyth Road, Ottawa K1H 8L1, Ontario; www.ehealthinformation.ca Section 4 Electronic Health Information Laboratory, CHEO Research Institute, 401 Smyth Road, Ottawa K1H 8L1, Ontario; www.ehealthinformation.ca 7

  8. Discretionary Disclosures • In many cases the data custodians do not I th d t t di d t want to disclose patient information unless it is de-identified, even if it is permitted, e.g., for public health purposes • Providers are also concerned about their own privacy • Most are willing to disclose patient data if it is de-identified Electronic Health Information Laboratory, CHEO Research Institute, 401 Smyth Road, Ottawa K1H 8L1, Ontario; www.ehealthinformation.ca Section 5 Electronic Health Information Laboratory, CHEO Research Institute, 401 Smyth Road, Ottawa K1H 8L1, Ontario; www.ehealthinformation.ca 8

  9. Obtaining Consent - I • Sometimes it is not possible or S ti it i t ibl practical to obtain individual consent: – Making contact to obtain consent may reveal the individual’s condition to others against their wishes – The size of the population may be too large The size of the population may be too large to obtain consent from everyone – Many patients may have relocated or died Electronic Health Information Laboratory, CHEO Research Institute, 401 Smyth Road, Ottawa K1H 8L1, Ontario; www.ehealthinformation.ca Obtaining Consent - I I – There may be a lack of existing or Th b l k f i ti continuing relationship with the patients – There is a risk of inflicting psychological, social or other harm by contacting individuals or their families in delicate circumstances – It would be difficult to contact individuals through advertisements and other public notices Electronic Health Information Laboratory, CHEO Research Institute, 401 Smyth Road, Ottawa K1H 8L1, Ontario; www.ehealthinformation.ca 9

  10. I mpact of Obtaining Consent • In the case where explicit individual I th h li it i di id l consent is used, consenters and non- consenters differ on: – age, sex, race, marital status, educational level, socioeconomic status, health status, mortality, lifestyle factors, functioning o a y, y a o , u o g • The consent rate for express consent varied from 16% to 93% Electronic Health Information Laboratory, CHEO Research Institute, 401 Smyth Road, Ottawa K1H 8L1, Ontario; www.ehealthinformation.ca Section 6 Electronic Health Information Laboratory, CHEO Research Institute, 401 Smyth Road, Ottawa K1H 8L1, Ontario; www.ehealthinformation.ca 10

  11. Data Breach Notification • The number of records involved in Th b f d i l d i known data breaches is very high • Many jurisdictions have breach notification laws • Breaches involving de-identified data need not be reported d b d Electronic Health Information Laboratory, CHEO Research Institute, 401 Smyth Road, Ottawa K1H 8L1, Ontario; www.ehealthinformation.ca Data Breach Notification Costs • Negative impact on share price N ti i t h i • Reduced loyalty and trust from clients, and discontinuing relationship with custodian • Cost to custodian ~ $300 per individual (notification, compensation, ( f investigation, penalties, and litigation) Electronic Health Information Laboratory, CHEO Research Institute, 401 Smyth Road, Ottawa K1H 8L1, Ontario; www.ehealthinformation.ca 11

  12. What are they worth ? • Medical records may contain financial M di l d t i fi i l information • Financial value in medical records themselves • Extortion attempts Electronic Health Information Laboratory, CHEO Research Institute, 401 Smyth Road, Ottawa K1H 8L1, Ontario; www.ehealthinformation.ca Sale of Healthcare Data - I Electronic Health Information Laboratory, CHEO Research Institute, 401 Smyth Road, Ottawa K1H 8L1, Ontario; www.ehealthinformation.ca 12

  13. Sale of Healthcare Data - I I Electronic Health Information Laboratory, CHEO Research Institute, 401 Smyth Road, Ottawa K1H 8L1, Ontario; www.ehealthinformation.ca Electronic Health Information Laboratory, CHEO Research Institute, 401 Smyth Road, Ottawa K1H 8L1, Ontario; www.ehealthinformation.ca 13

  14. Electronic Health Information Laboratory, CHEO Research Institute, 401 Smyth Road, Ottawa K1H 8L1, Ontario; www.ehealthinformation.ca Section 7 Electronic Health Information Laboratory, CHEO Research Institute, 401 Smyth Road, Ottawa K1H 8L1, Ontario; www.ehealthinformation.ca 14

  15. Compelled Disclosures • There are many instances where Th i t h individuals have no choice but to disclose information: – To obtain a service – more difficult with governments because they have a monopoly on some services o opo y o o – Prosecution • The public should demand that data be de-identified at the earliest opportunity Electronic Health Information Laboratory, CHEO Research Institute, 401 Smyth Road, Ottawa K1H 8L1, Ontario; www.ehealthinformation.ca Electronic Health Information Laboratory, CHEO Research Institute, 401 Smyth Road, Ottawa K1H 8L1, Ontario; www.ehealthinformation.ca 15

Recommend


More recommend