Minding Privacy in the Use of Health Data

Calls for more data and integrated data systems are nothing new, but those calls are now being answered thanks to technological advances and digitization. Mobile health (“mHealth”) apps, which connect providers to patients electronically, have exploded in popularity, and existing data are moving from paper records to linkable electronic databases. There’s a lot of interest in these data for policy and research applications, particularly within the context of efforts like the Global Partnership for Sustainable Development Data and the Health Data Collaborative, which aim to increase the use of data for decision-making. Yet, the power and potential of digitized and linked data require careful stewardship. For example, integrating routine data^[1] and HIV registers could generate efficiencies and potentially improve the delivery of health care services, but linking these systems may also put individuals’ privacy at greater risk. The ethics^[2] of developing, managing, and providing access to data needs to be at the forefront of conversations on data for development, along with practical strategies to proactively protect privacy.

What are the risks—and are they real? Lax protection of data systems, such as the collection of mHealth data on personal mobile phones, can put individuals at risk of identity theft, discrimination, and mental or physical harm. Yet only about half of all countries in the world have data privacy laws (which may or may not extend beyond the public sector to the private sector, or vice-versa) and fewer than half of all countries have data protection authorities (DPAs) to enforce those laws. Furthermore, the effectiveness of DPAs as a whole and with regards to specific programs remains unclear.

Why are data privacy, security, confidentially—and generally—ethics not valued more highly in the development and operation of data systems? One reason may be that efforts are focused on improving the low quality of key data points. Understanding the underlying legal issues and subsequently developing new legislation may also be seen by some policymakers as too complex or laborious. Nevertheless, policymakers and data advocates should bear in mind that trust in the data collector and in data systems is critical to achieving development gains. That trust may be eroded if personal data is misused or if individuals are misled about the security and actual use of their personal information, including who has access to it. As recent examples from high-income countries have shown, data security requires constant vigilance and a single breach can affect millions.

Several countries have addressed concerns around the protection of health data well. Switzerland and Singapore’s health databases fall largely under the mandate of a single institution, streamlining the process by which researchers (internal and external) can obtain data whilst reducing the need for multiple legal and information sharing frameworks. Singapore also only provides researchers with de-identified data and only under certain conditions, though it does facilitate data linking. In contrast, Portugal does not allow data linking and limits the sharing of data across agencies. As noted by our colleagues, Alan Gelb and Anna Diofasi, low- and middle-income countries have also taken steps to bolster data privacy. For example, Peru set up an autonomous agency (Registro Nacional de Identificación y Estado Civil, RENIEC) to oversee its registration and identification systems. New data privacy laws have also been passed in Mali, Cote d’Ivoire, and Lesotho, while individuals from Thailand, Ghana, and Mauritius sit on Global Pulse's Data Privacy Advisory Group.

In addition to these country experiences there are also many guidelines for the protection of personal data. The Organisation for Economic Co-operation and Development (OECD), the World Bank, and the World Health Organization (WHO) all outline best practices that include recommendations such as:

• "Personal data should be relevant to the purposes for which they are to be used, and, to the extent necessary for those purposes, should be accurate, complete and kept up-to-date.”—OECD
   
• "The purposes for which personal data are collected should be specified not later than at the time of data collection and the subsequent use limited to the fulfilment of those purposes or [other not incompatible purposes]”—OECD
   
• "Individuals should have control over how their personal information is managed and used”—World Bank & WHO
   
• "A high degree of transparency should accompany both the implementation and operation of the registry, including… permitting individuals access to their personal information and, where necessary, the ability to challenge and correct any inaccuracies”—World Bank & WHO
   
• "The relevant legal issues [to address] should include retention schedules and how information is to be retrieved from electronic media on which it is stored. The durability of the electronic media must also be tested and documented.”—WHO

Learning from countries that have thought about these issues, and what mistakes or inefficiencies they could have avoided in getting to where they are today (which still leaves room for improvement) can help countries leapfrog certain problems and create conversations around ongoing issues. For example, a review of the data privacy protocols in a set of OECD countries found that determining the best mechanisms through which to share and de-identify data remains a challenge. In addition, the passage of data privacy laws is not always associated with the capacity to implement those laws effectively. More work needs to be done to build these technical skills, improve stakeholder buy-in at all levels (everyone from doctors to lawmakers needs to be on board), and develop overarching policy frameworks on data protection. Furthermore, conversations with private sector organizations, which naturally have had to seek out ways to protect their intellectual property, need to be built into current and future conversations.

Data privacy might not be a sexy topic, but it is important to think about it, especially given the proliferation of electronic data systems worldwide—for both routine reporting and new initiatives, such as mHealth and biometric ID systems. And to be clear, we welcome the integration of data systems, using them to improve program performance, and making the data available for research. There is no reason why we can’t have both powerful data systems and robust safeguards for personal information. To that end, we hope to blog more frequently about routine data, digital payment mechanisms, and biometrics in the coming year. Next month one of us (Oroxom) will report back on the experiences and lessons shared at the first UN World Data Forum, which has an entire theme devoted to data principles and governance, so stay tuned!

Footnotes

[1] Data that is routinely collected or generated by health facilities, such as claims data.

[2] Ethical issues to consider include data privacy, data security, and data confidentiality. According to Nass et al. data privacy can be thought of as the identification of individuals or groups who are permitted to access personal information and under what conditions such data may be accessed. Data confidentiality refers to the safeguarding of information that is obtained via a personal relationship, such as the information exchanged between a doctor and her patient. Data security addresses the issue of unauthorized access to or use of stored information.