Protecting Privacy of Pregnant and LGBTQ+ Research Participants.

This Viewpoint summarizes existing federal regulations aimed at protecting research data, describes the challenges of enforcing these regulations, and discusses how evolving privacy technologies could be used to reduce health disparities and advance health equity among pregnant and LGBTQ+ research participants.

Data Pseudonymization in a Range That Does Not Affect Data Quality: Correlation with the Degree of Participation of Clinicians.

Personal medical information is an essential resource for research; however, there are laws that regulate its use, and it typically has to be pseudonymized or anonymized. When data are anonymized, the quantity and quality of extractable information decrease significantly. From the perspective of a clinical researcher, a method of achieving pseudonymized data without degrading data quality while also preventing data loss is proposed herein. As the level of pseudonymization varies according to the research purpose, the pseudonymization method applied should be carefully chosen. Therefore, the active participation of clinicians is crucial to transform the data according to the research purpose. This can contribute to data security by simply transforming the data through secondary data processing. Case studies demonstrated that, compared with the initial baseline data, there was a clinically significant difference in the number of datapoints added with the participation of a clinician (from 267,979 to 280,127 points, P < 0.001). Thus, depending on the degree of clinician participation, data anonymization may not affect data quality and quantity, and proper data quality management along with data security are emphasized. Although the pseudonymization level and clinical use of data have a trade-off relationship, it is possible to create pseudonymized data while maintaining the data quality required for a given research purpose. Therefore, rather than relying solely on security guidelines, the active participation of clinicians is important.

Anonymity in EU Health Law: Not an Alternative to Information Governance.

Data sharing has long been a cornerstone of healthcare and research and is only due to become more important with the rise of Big Data analytics and advanced therapies. Cell therapies, for example, rely not only on donated cells but also essentially on donated information to make them traceable. Despite the associated importance of concepts such as 'donor anonymity', the concept of anonymisation remains contentious. The Article 29 Working Party's 2014 guidance on 'Anonymisation Techniques' has perhaps helped encourage a perception that anonymity is the result of data modification 'techniques', rather than a broader process involving management of information and context. In light of this enduring ambiguity, this article advocates a 'relative' understanding of anonymity and supports this interpretation with reference not only to the General Data Protection Regulation but also to European Union health-related legislation, which also alludes to the concept. Anonymity, I suggest, should be understood not as a 'technique' which removes the need for information governance but rather as a legal standard of reasonable risk-management, which can only be satisfied by effective data protection. As such, anonymity can be not so much an alternative to data protection as its mirror, requiring similar safeguards to maintain privacy and confidentiality.

Hacking HIPAA: "Best Practices" for Avoiding Oversight in the Sale of Your Identifiable Medical Information.

In light of the confusion invited by applying the label "de-identified" to information that can be used to identify patients, it is paramount that regulators, compliance professionals, patient advocates and the general public understand the significant differences between the standards applied by HIPAA and those applied by permissive "de-identification guidelines." This Article discusses those differences in detail. The discussion proceeds in four Parts. Part II (HIPAA's Heartbeat: Why HIPAA Protects Identifiable Patient Information) examines Congress's motivations for defining individually identifiable health information broadly, which included to stop the harms patients endured prior to 1996 arising from the commercial sale of their medical records. Part III (Taking the "I" Out of Identifiable Information: HIPAA's Requirements for De-Identified Health Information) discusses HIPAA's requirements for de-identification that were never intended to create a loophole for identifiable patient information to escape HIPAA's protections. Part IV (Anatomy of a Hack: Methods for Labeling Identifiable information "De-Identified") examines the goals, methods, and results of permissive "de-identification guidelines" and compares them to HIPAA's requirements. Part V (Protecting Un-Protected Health Information) evaluates the suitability of permissive "de-identification guidelines," concluding that the vulnerabilities inherent in their current articulation render them ineffective as a data protection standard. It also discusses ways in which compliance professionals, regulators, and advocates can foster accountability and transparency in the utilization of health information that can be used to identify patients.

Health Research, Consent and the GDPR Exemption.

This article analyses the balance which the GDPR strikes between two important social values: protecting personal health data and facilitating health research through the lens of the consent requirement and the research exemption. The article shows that the normative weight of the consent requirement differs depending on the context for the health research in question. This more substantive approach to consent is reflected in the research exemption which allows for a more nuanced balancing of interests. However, because the GDPR articulates the exemption at an abstract and principled level, in practice the balance is struck at Member State level. Thus, the GDPR increases difficulties for EU cross-border health projects and impedes the policy goal of creating a harmonised regulatory framework for health research. The article argues that in order to address this problem, the European Data Protection Board should provide specific guidance on the operation of consent in health research.

Pesquisa com prontuário: análise ético-jurídica à luz dos direitos humanos dos pacientes / Research ethics and access to medical records based on the human rights of patients

Este artigo objetiva analisar as normas internacionais e nacionais que tratam de ética em pesquisa e do acesso a dados de prontuário com base no referencial dos Direitos Humanos dos Pacientes, particularmente do direito à privacidade e do direito à confidencialidade. Neste estudo optou-se pela análise de normas nacionais e internacionais, com base no direito à privacidade e no direito à confidencialidade da informação pessoal. A partir das normas objeto dessa investigação, extraem-se as seguintes prescrições ético-jurídicas: a) o direito à privacidade e à confidencialidade do paciente/participante é o balizador ético jurídico da pesquisa envolvendo seres humanos e os interesses da produção científica não se sobrepõem ao do participante; b) o segundo uso de informação pessoal do paciente para fins de pesquisa não deve ser, prima facie, legalmente vedado; c) ferramentas devem ser adotadas visando assegurar a eticidade do segundo uso de dados pessoais para fins de pesquisa, tal como a anonimização de dados e o emprego de cláusulas especificas. Conclui-se que o segundo uso de dados do prontuário para fins de pesquisa há que ser legalmente autorizado e regulado e que a regra geral deve ser o acesso ao prontuário para fins de pesquisa consentido pelo paciente/participante, essa é a premissa de atuação de qualquer órgão de ética em pesquisa

This article aims to analyze international and national norms on research ethics and access to medical records based on the Human Rights of Patients, particularly the right to privacy and the right to confidentiality. It is a research of theoretical nature based on the Human Rights of Patients. In this study, we opted for the analysis of national and international norms based on the right to privacy and the right to confidentiality of personal information. The following ethical and legal prescriptions are taken out from the norms analyzed: a) the right to privacy and to confidentiality is the ethical-legal benchmark of research involving human subjects and the interests of scientific knowledge do not overlap the participant interest; b) the second use of the patient's personal information for research purposes should not be prima facie legally prohibited; c) tools should be adopted to ensure the ethics of the second use of personal data for research purposes, such as data anonymization and the use of specific clauses. It was concluded that the second use of the medical record for research purposes must be legally authorized and regulated and that the general rule should be access to medical records for the purposes of research by consent of the patient / participant, this is the premiseof any body of research ethics

Observational health research in Europe: understanding the General Data Protection Regulation and underlying debate.

Insights into the incidence and survival of cancer, the influence of lifestyle and environmental factors and the interaction of treatment regimens with outcomes are hugely dependent on observational research, patient data derived from the healthcare system and from volunteers participating in cohort studies, often non-selective. Since 25th May 2018, the European General Data Protection Regulation (GDPR) applies to such data. The GDPR focusses on more individual control for data subjects of 'their' data. Yet, the GDPR was preceded by a long debate. The research community participated actively in that debate, and as a result, the GDPR has research exemptions as well. Some of those apply directly; other exemptions need to be implemented into national law. Those exemptions will be discussed together with a general outline of the GDPR. I propose a substantive definition of research-absent in the GDPR-which can warrant its special status in the GDPR. The debate is not over yet. Most legal texts exhibit ambiguity and are interpreted against a background of values. In this case, those could be subsumed under informational self-determination versus solidarity and the deeper meaning of autonomy. Values will also guide national implementation and their interpretation. The value of individual control or informational self-determination should be balanced by nuanced visions about our mutual dependency in healthcare, as an ever-learning system, especially in the European solidarity-based healthcare systems. Good research governance might be a way forward to escape the consent or anonymise dichotomy.

Walking along the road with anonymous users in similar attributes.

Recently, the ubiquitousness of smartphones and tablet computers have changed the style of people's daily life. With this tendency, location based service (LBS) has become one of the prosperous types of service along with the wireless and positioning technology development. However, as the LBS server needs precise location information about the user to provide service result, the procedure of LBS may reveal location privacy, especially when a user is utilizing continuous query along the road. In continuous query, attributes of the user are released inadvertently with per-query, and the information can be collected by an adversary as background knowledge to correlate the location trajectory and infer the personal privacy. Although, a user can employ a central server (CS) to provide privacy preservation for his location, the trustfulness of CS still is without testified and it is usually considered as an un-trusted entity. Thus, in this paper, the trustfulness of CS is verified by a game tree, and then with the result we propose a hash based attribute anonymous scheme (short for HBAA) to obfuscate the attributes released in each query along the road. With the help of HBAA, the CS has no opportunity to get any information about the user who sends his query for generalization service. Furthermore, as the set of attributes is transmitted into a fixed length of hash value, the processing time that spent in attribute generalization is stripped down and the performance of executive efficiency is improved. At last, security analysis and simulation experiment are proposed, and then results of security proving as well as simulation experiments further reflect the superiority of our proposed scheme.

Criminal Prohibition of Wrongful Re­identification: Legal Solution or Minefield for Big Data?

The collapse of confidence in anonymization (sometimes also known as de-identification) as a robust approach for preserving the privacy of personal data has incited an outpouring of new approaches that aim to fill the resulting trifecta of technical, organizational, and regulatory privacy gaps left in its wake. In the latter category, and in large part due to the growth of Big Data-driven biomedical research, falls a growing chorus of calls for criminal and penal offences to sanction wrongful re-identification of "anonymized" data. This chorus cuts across the fault lines of polarized privacy law scholarship that at times seems to advocate privacy protection at the expense of Big Data research or vice versa. Focusing on Big Data in the context of biomedicine, this article surveys the approaches that criminal or penal law might take toward wrongful re-identification of health data. It contextualizes the strategies within their respective legal regimes as well as in relation to emerging privacy debates focusing on personal data use and data linkage and assesses the relative merit of criminalization. We conclude that this approach suffers from several flaws and that alternative social and legal strategies to deter wrongful re-identification may be preferable.

Informed consent and registry-based research - the case of the Danish circumcision registry.

BACKGROUND: Research into personal health data holds great potential not only for improved treatment but also for economic growth. In these years many countries are developing policies aimed at facilitating such research often under the banner of 'big data'. A central point of debate is whether the secondary use of health data requires informed consent if the data is anonymised. In 2013 the Danish Minister of Health established a new register collecting data about all ritual male childhood circumcisions in Denmark. The main purpose of the register was to enable future research into the consequences of ritual circumcision. DISCUSSION: This article is a study into the case of the Danish Circumcision Registry. We show that such a registry may lead to various forms of harm such as 1) overreaching social pressure, 2) stigmatization, 3) medicalization of a religious practice, 4) discrimination, and 5) polarised research, and that a person may therefore have a strong and legitimate interest in deciding whether or not such data should be collected and/or used in research. This casts doubt on the claim that the requirement of informed consent could and should be waived for all types of secondary research into registries. We finally sketch a new model of informed consent - Meta consent - aimed at striking a balance between the interests in promoting research and at the same time protecting the individual. Research participants may have a strong and legitimate interest in deciding whether or not their data should be collected and used for registry-based research whether or not their data is anonymised.

Reconsidering Anonymization-Related Concepts and the Term "Identification" Against the Backdrop of the European Legal Framework.

Sharing data in biomedical contexts has become increasingly relevant, but privacy concerns set constraints for free sharing of individual-level data. Data protection law protects only data relating to an identifiable individual, whereas "anonymous" data are free to be used by everybody. Usage of many terms related to anonymization is often not consistent among different domains such as statistics and law. The crucial term "identification" seems especially hard to define, since its definition presupposes the existence of identifying characteristics, leading to some circularity. In this article, we present a discussion of important terms based on a legal perspective that it is outlined before we present issues related to the usage of terms such as unique "identifiers," "quasi-identifiers," and "sensitive attributes." Based on these terms, we have tried to circumvent a circular definition for the term "identification" by making two decisions: first, deciding which (natural) identifier should stand for the individual; second, deciding how to recognize the individual. In addition, we provide an overview of anonymization techniques/methods for preventing re-identification. The discussion of basic notions related to anonymization shows that there is some work to be done in order to achieve a mutual understanding between legal and technical experts concerning some of these notions. Using a dialectical definition process in order to merge technical and legal perspectives on terms seems important for enhancing mutual understanding.