1
|
News Brief: CMS updates HIPAA-compliant practices for texting patient information and medical orders. Am J Nurs 2024; 124:13. [PMID: 38661687 DOI: 10.1097/01.NAJ.0001016320.65429.e0] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [What about the content of this article? (0)] [MESH Headings] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Indexed: 04/26/2024]
|
2
|
Rezaeikhonakdar D. AI Chatbots and Challenges of HIPAA Compliance for AI Developers and Vendors. J Law Med Ethics 2024; 51:988-995. [PMID: 38477276 PMCID: PMC10937180 DOI: 10.1017/jme.2024.15] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [MESH Headings] [Track Full Text] [Subscribe] [Scholar Register] [Indexed: 03/14/2024]
Abstract
Developers and vendors of large language models ("LLMs") - such as ChatGPT, Google Bard, and Microsoft's Bing at the forefront-can be subject to Health Insurance Portability and Accountability Act of 1996 ("HIPAA") when they process protected health information ("PHI") on behalf of the HIPAA covered entities. In doing so, they become business associates or subcontractors of a business associate under HIPAA.
Collapse
|
3
|
Zhang K, Jiang X. Sensitive Data Detection with High-Throughput Machine Learning Models in Electrical Health Records. AMIA Annu Symp Proc 2024; 2023:814-823. [PMID: 38222389 PMCID: PMC10785837] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [MESH Headings] [Grants] [Subscribe] [Scholar Register] [Indexed: 01/16/2024]
Abstract
In the era of big data, there is an increasing need for healthcare providers, communities, and researchers to share data and collaborate to improve health outcomes, generate valuable insights, and advance research. The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law designed to protect sensitive health information by defining regulations for protected health information (PHI). However, it does not provide efficient tools for detecting or removing PHI before data sharing. One of the challenges in this area of research is the heterogeneous nature of PHI fields in data across different parties. This variability makes rule-based sensitive variable identification systems that work on one database fail on another. To address this issue, our paper explores the use of machine learning algorithms to identify sensitive variables in structured data, thus facilitating the de-identification process. We made a key observation that the distributions of metadata of PHI fields and non-PHI fields are very different. Based on this novel finding, we engineered over 30 features from the metadata of the original features and used machine learning to build classification models to automatically identify PHI fields in structured Electronic Health Record (EHR) data. We trained the model on a variety of large EHR databases from different data sources and found that our algorithm achieves 99% accuracy when detecting PHI-related fields for unseen datasets. The implications of our study are significant and can benefit industries that handle sensitive data.
Collapse
Affiliation(s)
- Kai Zhang
- University of Texas Health Science Center, Houston, TX, USA
| | - Xiaoqian Jiang
- University of Texas Health Science Center, Houston, TX, USA
| |
Collapse
|
4
|
Negash B, Katz A, Neilson CJ, Moni M, Nesca M, Singer A, Enns JE. De-identification of free text data containing personal health information: a scoping review of reviews. Int J Popul Data Sci 2023; 8:2153. [PMID: 38414537 PMCID: PMC10898315 DOI: 10.23889/ijpds.v8i1.2153] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [MESH Headings] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Indexed: 02/29/2024] Open
Abstract
Introduction Using data in research often requires that the data first be de-identified, particularly in the case of health data, which often include Personal Identifiable Information (PII) and/or Personal Health Identifying Information (PHII). There are established procedures for de-identifying structured data, but de-identifying clinical notes, electronic health records, and other records that include free text data is more complex. Several different ways to achieve this are documented in the literature. This scoping review identifies categories of de-identification methods that can be used for free text data. Methods We adopted an established scoping review methodology to examine review articles published up to May 9, 2022, in Ovid MEDLINE; Ovid Embase; Scopus; the ACM Digital Library; IEEE Explore; and Compendex. Our research question was: What methods are used to de-identify free text data? Two independent reviewers conducted title and abstract screening and full-text article screening using the online review management tool Covidence. Results The initial literature search retrieved 3,312 articles, most of which focused primarily on structured data. Eighteen publications describing methods of de-identification of free text data met the inclusion criteria for our review. The majority of the included articles focused on removing categories of personal health information identified by the Health Insurance Portability and Accountability Act (HIPAA). The de-identification methods they described combined rule-based methods or machine learning with other strategies such as deep learning. Conclusion Our review identifies and categorises de-identification methods for free text data as rule-based methods, machine learning, deep learning and a combination of these and other approaches. Most of the articles we found in our search refer to de-identification methods that target some or all categories of PHII. Our review also highlights how de-identification systems for free text data have evolved over time and points to hybrid approaches as the most promising approach for the future.
Collapse
Affiliation(s)
- Bekelu Negash
- Manitoba Centre for Health Policy, Department of Community Health Sciences, Rady Faculty of Health Sciences, University of Manitoba
| | - Alan Katz
- Manitoba Centre for Health Policy, Department of Community Health Sciences, Rady Faculty of Health Sciences, University of Manitoba
- Department of Family Medicine, Rady Faculty of Health Sciences, University of Manitoba
| | | | - Moniruzzaman Moni
- George & Fay Yee Centre for Healthcare Innovation, Department of Community Health Sciences, Rady Faculty of Health Sciences, University of Manitoba
| | - Marcello Nesca
- Manitoba Centre for Health Policy, Department of Community Health Sciences, Rady Faculty of Health Sciences, University of Manitoba
| | - Alexander Singer
- Department of Family Medicine, Rady Faculty of Health Sciences, University of Manitoba
| | - Jennifer E. Enns
- Manitoba Centre for Health Policy, Department of Community Health Sciences, Rady Faculty of Health Sciences, University of Manitoba
| |
Collapse
|
5
|
Zahedi Z, Mahmud F, Pinto C. Systemic Risk Management Plan for Electronic Medical Records (EMR): Why and How? Stud Health Technol Inform 2023; 311:25-43. [PMID: 34047283 DOI: 10.3233/shti200016] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [MESH Headings] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Indexed: 11/15/2022]
Abstract
Electronic patient data use and handling are critical issues in terms of privacy, confidentiality, security, and the Health Insurance Portability and Accountability Act (HIPAA) regulations. The risks associated with electronic patient data are not limited to identity theft but rather include a person's social, economic, and psychological well-being. However, there have not been many studies that have focused on the associated risk factors that could lead to these situations. This paper identifies those risks related to electronic patient data breaches by means of a grounded theory approach and develops a systemic risk management plan that enables engineering managers and risk managers to more effectively and efficiently overcome risks associated with electronic patient data. Purpose: The purpose of this paper is to identify the risks associated with electronic patient data breach using a grounded theory approach and also to recommend a set of guidelines to support a better, effective, and efficient system and thereby overcome these risks. Patients and methods: No patients were involved either to participate in this study or any of their opinions are reflected with this research.
Collapse
Affiliation(s)
- Ziniya Zahedi
- Georgetown University Law Center, Washington, DC, USA
| | - Faisal Mahmud
- Center for Learning and Teaching, Old Dominion University, Norfolk, Virginia, USA
| | - Cesar Pinto
- Engineering Management and Systems Engineering Department, Old Dominion University, Norfolk, Virginia, USA
| |
Collapse
|
6
|
Nadella S, Panchal N. HIP, HIPAA, Hooray: Responding to Negative Online Reviews. J Oral Maxillofac Surg 2023; 81:1455-1456. [PMID: 38044012 DOI: 10.1016/j.joms.2023.08.172] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [MESH Headings] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Received: 08/10/2023] [Revised: 08/22/2023] [Accepted: 08/22/2023] [Indexed: 12/05/2023]
Affiliation(s)
- Srighana Nadella
- DMD Candidate, Department of Oral and Maxillofacial Surgery, School of Dental Medicine, University of Pennsylvania, Philadelphia, PA; Master in Law Candidate, Department of Oral and Maxillofacial Surgery, Carey Law School, University of Pennsylvania, Philadelphia, PA
| | - Neeraj Panchal
- Assistant Professor and Section Chief of Oral and Maxillofacial Surgery, Department of Oral and Maxillofacial Surgery, Philadelphia Veterans Affairs Medical Center, Penn Presbyterian Medical Center, University of Pennsylvania School of Dental Medicine, Philadelphia, PA.
| |
Collapse
|
7
|
Leuchter RK, Ma S, Bell DS, Hays RD, Vidorreta FJS, Binder SL, Sarkisian CA. Embedding research study recruitment within the patient portal preCheck-in. J Am Med Inform Assoc 2023; 30:2028-2035. [PMID: 37595575 PMCID: PMC10654868 DOI: 10.1093/jamia/ocad164] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [MESH Headings] [Grants] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Received: 03/20/2023] [Accepted: 08/09/2023] [Indexed: 08/20/2023] Open
Abstract
OBJECTIVE Patient portals are increasingly used to recruit patients in research studies, but communication response rates remain low without tactics such as financial incentives or manual outreach. We evaluated a new method of study enrollment by embedding a study information sheet and HIPAA authorization form (HAF) into the patient portal preCheck-in (where patients report basic information like allergies). MATERIALS AND METHODS Eligible patients who enrolled received an after-visit patient-reported outcomes survey through the patient portal. No additional recruitment/messaging efforts were made. RESULTS A total of 386 of 843 patients completed preCheck-in, 308 of whom signed the HAF and enrolled in the study (37% enrollment rate). Of 93 patients who were eligible to receive the after-visit survey, 45 completed it (48% completion rate). CONCLUSION Enrollment and survey completion rates were higher than what is typically seen with recruitment by patient portal messaging, suggesting that preCheck-in recruitment can enhance research study recruitment and warrants further investigation.
Collapse
Affiliation(s)
- Richard K Leuchter
- Division of General Internal Medicine & Health Services Research, Department of Medicine, David Geffen School of Medicine at UCLA, Los Angeles, CA 90024, United States
| | - Suzette Ma
- UCLA Health Information Technology, UCLA Health, Los Angeles, CA 90095, United States
| | - Douglas S Bell
- Division of General Internal Medicine & Health Services Research, Department of Medicine, David Geffen School of Medicine at UCLA, Los Angeles, CA 90024, United States
- Clinical and Translational Science Institute, UCLA, Los Angeles, CA 90095, United States
| | - Ron D Hays
- Division of General Internal Medicine & Health Services Research, Department of Medicine, David Geffen School of Medicine at UCLA, Los Angeles, CA 90024, United States
- Department of Health Policy and Management, Fielding School of Public Health, UCLA, Los Angeles, CA 90095, United States
| | | | - Sandra L Binder
- Clinical and Translational Science Institute, UCLA, Los Angeles, CA 90095, United States
| | - Catherine A Sarkisian
- Division of General Internal Medicine & Health Services Research, Department of Medicine, David Geffen School of Medicine at UCLA, Los Angeles, CA 90024, United States
- VA Greater Los Angeles Healthcare System Geriatric Research Education and Clinical Center, Los Angeles, CA 90073, United States
| |
Collapse
|
8
|
Fard Bahreini A. Which information locations in covered entities under HIPAA must be secured first? A multi-criteria decision-making approach. J Healthc Risk Manag 2023; 43:27-36. [PMID: 37616038 DOI: 10.1002/jhrm.21555] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [MESH Headings] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Received: 04/27/2023] [Revised: 06/25/2023] [Accepted: 07/24/2023] [Indexed: 08/25/2023]
Abstract
Creating adequate safeguards for physical and online locations (e.g., desktop computers, network servers) where protected health information (PHI) may be breached is critical for management within entities compliant with the Health Information Portability and Accountability Act (HIPAA). With the increasing complexity of cyber breaches and budgetary issues, prioritizing which locations require the most immediate attention by top management through a data-driven model is more important than ever. Using CORAS threat modeling and five methods for multi-criteria decision-making, these locations were ranked from greatest to least risk of data breaches. Statistical methods were subsequently used for consistency and robustness checks. The findings illustrate that each type of covered entity under HIPAA must prioritize a different set of locations to safeguard first: health care providers must focus on the security of network servers, other portable electronic devices, and category of others (i.e., miscellaneous locations); health plans must focus on the security of paper and films, network servers, and others; and business associates must focus on the security of category of others, network servers, and other portable electronic devices. Combined with data on the source of the breaches (external vs. internal) and type of threats (e.g., hacking, theft), these findings provide recommendations for risk identification for privacy officers across health care.
Collapse
Affiliation(s)
- Amir Fard Bahreini
- Department of Information Technology and Supply Chain Management, College of Business and Economics, University of Wisconsin-Whitewater, Whitewater, Wisconsin, USA
| |
Collapse
|
9
|
Abstract
Genome sequencing is increasingly used in research and integrated into clinical care. In the research domain, large-scale analyses, including whole genome sequencing with variant interpretation and curation, virtually guarantee identification of variants that are pathogenic or likely pathogenic and actionable. Multiple guidelines recommend that findings associated with actionable conditions be offered to research participants in order to demonstrate respect for autonomy, reciprocity, and participant interests in health and privacy. Some recommendations go further and support offering a wider range of findings, including those that are not immediately actionable. In addition, entities covered by the US Health Insurance Portability and Accountability Act (HIPAA) may be required to provide a participant's raw genomic data on request. Despite these widely endorsed guidelines and requirements, the implementation of return of genomic results and data by researchers remains uneven. This article analyzes the ethical and legal foundations for researcher duties to offer adult participants their interpreted results and raw data as the new normal in genomic research.
Collapse
Affiliation(s)
- Susan M Wolf
- Law School and Medical School, University of Minnesota, Minneapolis, Minnesota, USA;
| | - Robert C Green
- Genomes2People Research Program, Harvard Medical School, Mass General Brigham, Broad Institute, and Ariadne Labs, Boston, Massachusetts, USA;
| |
Collapse
|
10
|
Shachar C, Cadario R, Cohen IG, Morewedge CK. HIPAA is a misunderstood and inadequate tool for protecting medical data. Nat Med 2023; 29:1900-1902. [PMID: 37237047 DOI: 10.1038/s41591-023-02355-y] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [MESH Headings] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Indexed: 05/28/2023]
Affiliation(s)
- Carmel Shachar
- Petrie-Flom Center for Health Law Policy, Biotechnology, Bioethics, Harvard Law School, Cambridge, MA, USA
| | - Romain Cadario
- Rotterdam School of Management, Erasmus University, Rotterdam, The Netherlands
| | - I Glenn Cohen
- Petrie-Flom Center for Health Law Policy, Biotechnology, Bioethics, Harvard Law School, Cambridge, MA, USA
| | | |
Collapse
|
11
|
Alexander J, Beatty A. Nonspecific deidentification of date-like text in deidentified clinical notes enables reidentification of dates. J Am Med Inform Assoc 2022; 29:1967-1971. [PMID: 36217861 PMCID: PMC9552287 DOI: 10.1093/jamia/ocac147] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [MESH Headings] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Received: 06/13/2022] [Revised: 07/19/2022] [Accepted: 08/14/2022] [Indexed: 06/16/2023] Open
Abstract
To facilitate the secondary usage of electronic health record data for research, the University of California, San Francisco (UCSF) recently implemented a clinical data warehouse including, among other data, deidentified clinical notes and reports, which are available to UCSF researchers without Institutional Review Board approval. For deidentification of these notes, most of the Health Insurance Portability and Accountability Act identifiers are redacted, but dates are transformed by shifting all dates for a patient back by the same random number of days. We describe an issue in which nonspecific (ie, excess) transformation of nondate, date-like text by this deidentification process enables reidentification of all dates, including birthdates, for certain patients. This issue undercuts the common assumption that excess deidentification is a safe tradeoff to protect patient privacy. We present this issue as a caution to other institutions that may also be considering releasing deidentified notes for research.
Collapse
Affiliation(s)
- Jes Alexander
- Department of Radiation Oncology, University of California, San Francisco, San Francisco, California, USA
| | - Alexis Beatty
- Department of Epidemiology and Biostatistics and Department of Medicine, Division of Cardiology, University of California, San Francisco, San Francisco, California, USA
| |
Collapse
|
12
|
Bowers GM, Kleinpeter ML, Rials WT. Securing Your Radiology Practice: Evidence-Based Strategies for Radiologists Compiled From 10 Years of Cyberattacks and HIPAA Breaches Involving Medical Imaging. Perspect Health Inf Manag 2022; 19:1c. [PMID: 36035332 PMCID: PMC9335165] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [What about the content of this article? (0)] [Abstract] [Key Words] [MESH Headings] [Subscribe] [Scholar Register] [Indexed: 06/15/2023]
Abstract
While there is significant literature discussing physical and cybersecurity risks around health information technology in general, the number of publications that specifically address medical imaging is much smaller, and many of these focus on the technical security requirements for the exchange of medical images over public networks rather than practical guidelines for radiologists and technicians. This study examines the US Department of Health and Human Services database of reported breaches involving medical imaging from 2010-2020, identifies the most common contributing factors to those breaches, and offers recommendations for radiology practices to prevent each, based on the National Institute of Standards and Technology (NIST) guidelines as well as measures proposed in the literature on health information technology.
Collapse
|
13
|
Pfaff ER, Girvin AT, Gabriel DL, Kostka K, Morris M, Palchuk MB, Lehmann HP, Amor B, Bissell M, Bradwell KR, Gold S, Hong SS, Loomba J, Manna A, McMurry JA, Niehaus E, Qureshi N, Walden A, Zhang XT, Zhu RL, Moffitt RA, Haendel MA, Chute CG, Adams WG, Al-Shukri S, Anzalone A, Baghal A, Bennett TD, Bernstam EV, Bernstam EV, Bissell MM, Bush B, Campion TR, Castro V, Chang J, Chaudhari DD, Chen W, Chu S, Cimino JJ, Crandall KA, Crooks M, Davies SJD, DiPalazzo J, Dorr D, Eckrich D, Eltinge SE, Fort DG, Golovko G, Gupta S, Haendel MA, Hajagos JG, Hanauer DA, Harnett BM, Horswell R, Huang N, Johnson SG, Kahn M, Khanipov K, Kieler C, Luzuriaga KRD, Maidlow S, Martinez A, Mathew J, McClay JC, McMahan G, Melancon B, Meystre S, Miele L, Morizono H, Pablo R, Patel L, Phuong J, Popham DJ, Pulgarin C, Santos C, Sarkar IN, Sazo N, Setoguchi S, Soby S, Surampalli S, Suver C, Vangala UMR, Visweswaran S, von Oehsen J, Walters KM, Wiley L, Williams DA, Zai A. Synergies between centralized and federated approaches to data quality: a report from the national COVID cohort collaborative. J Am Med Inform Assoc 2022; 29:609-618. [PMID: 34590684 PMCID: PMC8500110 DOI: 10.1093/jamia/ocab217] [Citation(s) in RCA: 29] [Impact Index Per Article: 14.5] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [MESH Headings] [Grants] [Track Full Text] [Download PDF] [Figures] [Journal Information] [Subscribe] [Scholar Register] [Received: 07/15/2021] [Revised: 08/19/2021] [Accepted: 09/23/2021] [Indexed: 02/01/2023] Open
Abstract
OBJECTIVE In response to COVID-19, the informatics community united to aggregate as much clinical data as possible to characterize this new disease and reduce its impact through collaborative analytics. The National COVID Cohort Collaborative (N3C) is now the largest publicly available HIPAA limited dataset in US history with over 6.4 million patients and is a testament to a partnership of over 100 organizations. MATERIALS AND METHODS We developed a pipeline for ingesting, harmonizing, and centralizing data from 56 contributing data partners using 4 federated Common Data Models. N3C data quality (DQ) review involves both automated and manual procedures. In the process, several DQ heuristics were discovered in our centralized context, both within the pipeline and during downstream project-based analysis. Feedback to the sites led to many local and centralized DQ improvements. RESULTS Beyond well-recognized DQ findings, we discovered 15 heuristics relating to source Common Data Model conformance, demographics, COVID tests, conditions, encounters, measurements, observations, coding completeness, and fitness for use. Of 56 sites, 37 sites (66%) demonstrated issues through these heuristics. These 37 sites demonstrated improvement after receiving feedback. DISCUSSION We encountered site-to-site differences in DQ which would have been challenging to discover using federated checks alone. We have demonstrated that centralized DQ benchmarking reveals unique opportunities for DQ improvement that will support improved research analytics locally and in aggregate. CONCLUSION By combining rapid, continual assessment of DQ with a large volume of multisite data, it is possible to support more nuanced scientific questions with the scale and rigor that they require.
Collapse
Affiliation(s)
- Emily R Pfaff
- Department of Medicine, UNC Chapel Hill School of Medicine, Chapel Hill, North Carolina, USA
| | | | - Davera L Gabriel
- Section of Biomedical Informatics and Data Science, Johns Hopkins University School of Medicine, Baltimore, Maryland, USA
| | - Kristin Kostka
- The OHDSI Center at the Roux Institute, Northeastern University, Portland, Maine, USA
| | - Michele Morris
- Department of Biomedical Informatics, University of Pittsburgh, Pittsburgh, Pennsylvania, USA
| | | | - Harold P Lehmann
- Department of Medicine, Johns Hopkins School of Medicine, Baltimore, Maryland, USA
| | | | | | | | - Sigfried Gold
- Section of Biomedical Informatics and Data Science, Johns Hopkins University School of Medicine, Baltimore, Maryland, USA
| | - Stephanie S Hong
- Section of Biomedical Informatics and Data Science, Johns Hopkins University School of Medicine, Baltimore, Maryland, USA
| | | | - Amin Manna
- Palantir Technologies, Denver, Colorado, USA
| | - Julie A McMurry
- Center for Health AI, University of Colorado Anschutz Medical Campus, Aurora, Colorado, USA
| | | | | | - Anita Walden
- Department of Medical Informatics and Clinical Epidemiology, Oregon Health & Science University, Portland, Oregon, USA
| | | | - Richard L Zhu
- Johns Hopkins University School of Medicine, Baltimore, Maryland, USA
| | - Richard A Moffitt
- Department of Biomedical Informatics, Stony Brook University, Stony Brook, New York, USA
| | - Melissa A Haendel
- University of Colorado Anschutz Medical Campus, Aurora, Colorado, USA
| | - Christopher G Chute
- Schools of Medicine, Public Health, and Nursing, Johns Hopkins University, Baltimore, Maryland, USA
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | |
Collapse
|
14
|
Liu Y, Conway D, Wan Z, Kantarcioglu M, Vorobeychik Y, Malin BA. De-identifying Socioeconomic Data at the Census Tract Level for Medical Research Through Constraint-based Clustering. AMIA Annu Symp Proc 2022; 2021:793-802. [PMID: 35309009 PMCID: PMC8861681] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [MESH Headings] [Grants] [Subscribe] [Scholar Register] [Indexed: 06/14/2023]
Abstract
Numerous studies have shown that a person's health status is closely related to their socioeconomic status. It is evident that incorporating socioeconomic data associated with a patient's geographic area of residence into clinical datasets will promote medical research. However, most socioeconomic variables are unique in combination and are affiliated with small geographical regions (e.g., census tracts) that are often associated with less than 20,000 people. Thus, sharing such tract-level data can violate the Safe Harbor implementation of de-identification under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). In this paper, we introduce a constraint-based k-means clustering approach to generate census tract-level socioeconomic data that is de-identification compliant. Our experimental analysis with data from the American Community Survey illustrates that the approach generates a protected dataset with high similarity to the unaltered values, and achieves a substantially better data utility than the HIPAA Safe Harbor recommendation of 3-digit ZIP code.
Collapse
Affiliation(s)
| | | | - Zhiyu Wan
- Vanderbilt University, Nashville, TN
| | | | | | - Bradley A Malin
- Vanderbilt University, Nashville, TN
- Vanderbilt University Medical Center, Nashville, TN
| |
Collapse
|
15
|
Abu-El-Rub N, Urbain J, Kowalski G, Osinski K, Spaniol R, Liu M, Taylor B, Waitman LR. Natural Language Processing for Enterprise-scale De-identification of Protected Health Information in Clinical Notes. AMIA Annu Symp Proc 2022; 2022:92-101. [PMID: 35854742 PMCID: PMC9285160] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [MESH Headings] [Grants] [Subscribe] [Scholar Register] [Indexed: 05/01/2023]
Abstract
Patient privacy is a major concern when allowing data sharing and the flow of health information. Hence, de-identification and anonymization techniques are used to ensure the protection of patient health information while supporting the secondary uses of data to advance the healthcare system and improve patient outcomes. Several de-identification tools have been developed for free-text, however, this research focuses on developing notes de-identification and adjudication framework that has been tested for i2b2 searches. The aim is to facilitate clinical notes research without an additional HIPAA approval process or consent by a clinician or patient especially for narrative free-text notes such as physician and nursing notes. In this paper, we build a scalable, accurate, and maintainable pipeline for notes de-identification utilizing the natural language processing and REDCap database as a method of adjudication verification. The system is deployed at an enterprise-scale where researchers can search and visualize over 45 million de-identified notes hosted in an i2b2 instance.
Collapse
Affiliation(s)
- Noor Abu-El-Rub
- Division of Medical Informatics, Department of Internal Medicine, University of Kansas Medical Center, Kansas City, Kansas
| | - Jay Urbain
- Medical College of Wisconsin, Milwaukee, Wisconsin
| | | | | | | | - Mei Liu
- Division of Medical Informatics, Department of Internal Medicine, University of Kansas Medical Center, Kansas City, Kansas
| | | | - Lemuel R Waitman
- Division of Health Management and Informatics, University of Missouri, Columbia, Missouri
| |
Collapse
|
16
|
Su J, Cao Y, Chen Y, Liu Y, Song J. Privacy protection of medical data in social network. BMC Med Inform Decis Mak 2021; 21:286. [PMID: 34663276 PMCID: PMC8524799 DOI: 10.1186/s12911-021-01645-0] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [MESH Headings] [Grants] [Track Full Text] [Download PDF] [Figures] [Journal Information] [Subscribe] [Scholar Register] [Received: 09/12/2021] [Accepted: 09/14/2021] [Indexed: 11/10/2022] Open
Abstract
BACKGROUND Protection of privacy data published in the health care field is an important research field. The Health Insurance Portability and Accountability Act (HIPAA) in the USA is the current legislation for privacy protection. However, the Institute of Medicine Committee on Health Research and the Privacy of Health Information recently concluded that HIPAA cannot adequately safeguard the privacy, while at the same time researchers cannot use the medical data for effective researches. Therefore, more effective privacy protection methods are urgently needed to ensure the security of released medical data. METHODS Privacy protection methods based on clustering are the methods and algorithms to ensure that the published data remains useful and protected. In this paper, we first analyzed the importance of the key attributes of medical data in the social network. According to the attribute function and the main objective of privacy protection, the attribute information was divided into three categories. We then proposed an algorithm based on greedy clustering to group the data points according to the attributes and the connective information of the nodes in the published social network. Finally, we analyzed the loss of information during the procedure of clustering, and evaluated the proposed approach with respect to classification accuracy and information loss rates on a medical dataset. RESULTS The associated social network of a medical dataset was analyzed for privacy preservation. We evaluated the values of generalization loss and structure loss for different values of k and a, i.e. [Formula: see text] = {3, 6, 9, 12, 15, 18, 21, 24, 27, 30}, a = {0, 0.2, 0.4, 0.6, 0.8, 1}. The experimental results in our proposed approach showed that the generalization loss approached optimal when a = 1 and k = 21, and structure loss approached optimal when a = 0.4 and k = 3. CONCLUSION We showed the importance of the attributes and the structure of the released health data in privacy preservation. Our method achieved better results of privacy preservation in social network by optimizing generalization loss and structure loss. The proposed method to evaluate loss obtained a balance between the data availability and the risk of privacy leakage.
Collapse
Affiliation(s)
- Jie Su
- School of Information Science and Engineering, University of Jinan, Jinan, 250022, China.
- Shandong Provincial Key Laboratory of Network Based Intelligent Computing, University of Jinan, Jinan, 250022, China.
| | - Yi Cao
- School of Information Science and Engineering, University of Jinan, Jinan, 250022, China
- Shandong Provincial Key Laboratory of Network Based Intelligent Computing, University of Jinan, Jinan, 250022, China
| | - Yuehui Chen
- School of Information Science and Engineering, University of Jinan, Jinan, 250022, China
- Shandong Provincial Key Laboratory of Network Based Intelligent Computing, University of Jinan, Jinan, 250022, China
| | - Yahui Liu
- School of Information Management, Beijing Information Science & Technology University, Beijing, China
| | - Jinming Song
- Department of Hematopathology and Lab Medicines, H. Lee Moffitt Cancer Center and Research Institute, Tampa, FL, 33612, USA
| |
Collapse
|
17
|
Affiliation(s)
| | - Amelia J Hood
- Johns Hopkins Berman Institute of Bioethics, Baltimore, MD
| | | |
Collapse
|
18
|
Hedegaard H, Garnett MF, Johnson RL, Thomas KE. A Revised ICD-10-CM Surveillance Case Definition for Injury-related Emergency Department Visits. Natl Health Stat Report 2021:1-8. [PMID: 34590997] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [What about the content of this article? (0)] [Abstract] [MESH Headings] [Subscribe] [Scholar Register] [Indexed: 06/13/2023]
Abstract
Background-Administrative data from medical claims are often used for injury surveillance. Effective October 1, 2015, hospitals covered by the Health Insurance Portability and Accountability Act were required to use the International Classification of Diseases, 10th Revision, Clinical Modification (ICD-10-CM) to report medical information in administrative data. In 2017, the National Center for Health Statistics (NCHS) and the National Center for Injury Prevention and Control (NCIPC) published a proposed ICD-10-CM surveillance case definition for injuryrelated emergency department (ED) visits. At the time, ICD-10-CM coded data were not available for testing. When data became available, NCHS and NCIPC collaborated with the Council of State and Territorial Epidemiologists and epidemiologists from state and local health departments to test and update the proposed definition. This report summarizes the results and presents the 2021 revised ICD-10-CM surveillance case definition.
Collapse
|
19
|
Abstract
PURPOSE OF REVIEW In the setting of the COVID-19 global pandemic, the demand for and use of telemedicine has surged in facial plastic and reconstructive surgery. This review aims to objectively review and summarize the existing evidence for the use of telemedicine within facial plastic surgery. RECENT FINDINGS Telemedicine has been successfully implemented among subsets of facial plastic surgery patients, with high patient and provider satisfaction. Although the technology to facilitate telemedicine exists and preliminary studies demonstrate promise, multiple technological, financial, and medical barriers may persist in the postpandemic era. SUMMARY Telemedicine will likely continue to grow and expand within facial plastic surgery moving forward, and we should continue to critically evaluate patient selection, access to care, and strategies for effective implementation to enhance current clinical practices.
Collapse
Affiliation(s)
- Megan V Morisada
- Department of Otolaryngology - Head and Neck Surgery, University of California Davis, Sacramento, California
| | - Travis T Tollefson
- Department of Otolaryngology - Head and Neck Surgery, University of California Davis, Sacramento, California
| | - David A Shaye
- Department of Otolaryngology - Head and Neck Surgery, Massachusetts Eye and Ear, Harvard Medical School, Boston, Massachusetts
| | - Toby O Steele
- Department of Otolaryngology - Head and Neck Surgery, University of California Davis, Sacramento, California
- Northern California Healthcare System, Sacramento, California, USA
| |
Collapse
|
20
|
Awad AJ, Walker L, Lew SM. Radiological Imaging Transmission via Smartphones by Neurosurgery Residents in the United States. World Neurosurg 2021; 154:e437-e442. [PMID: 34280543 DOI: 10.1016/j.wneu.2021.07.052] [Citation(s) in RCA: 2] [Impact Index Per Article: 0.7] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [MESH Headings] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Received: 04/29/2021] [Revised: 07/11/2021] [Accepted: 07/12/2021] [Indexed: 11/30/2022]
Abstract
BACKGROUND Neurosurgery requires the communication of radiological imaging. Smartphones are increasingly used for this purpose because of the efficiency and convenience of integrated cameras and native Multimedia Messaging Service (MMS) functionality. There is inconsistency among hospitals regarding policies addressing this use as it relates to the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule. Some hospitals offer a HIPAA-compliant secure messaging application (SMA) as a substitute. The authors hypothesized that the use of smartphones for sharing radiological imaging would be commonplace among residents. We sought to characterize usage patterns, resident awareness of policies and HIPPA, and the effectiveness of SMAs as a means of avoiding HIPAA violations. METHODS An electronic dynamic questionnaire was sent to all 116 Accreditation Council for Graduate Medical Education-accredited US neurosurgery residency program directors and coordinators to be forwarded to their residents. RESULTS A total of 100 responses were received, representing 49 residency programs. Ninety-two (92%) residents reported using MMS to transmit radiological imaging. Twenty-six (26%) reported doing so with patient identifiers. Roughly half (48%) of residents were unaware of policies regarding imaging transmission via MMS at their institutions. Among the 17 (35%) programs providing SMAs, only 3 of 27 (11%) residents in these programs did not use MMS for image transmission. CONCLUSIONS The data suggest that there is widespread resident use of MMS for image transmission, regardless of policy and the availability of alternative HIPAA-compliant applications. Knowledge of local institutional policies and HIPAA privacy rules is poor. Alternative strategies are needed to prevent HIPAA-noncompliant transmission of imaging by residents.
Collapse
Affiliation(s)
- Ahmed J Awad
- Department of Neurosurgery, Medical College of Wisconsin, Milwaukee, Wisconsin, USA
| | - Laura Walker
- Department of Neurosurgery, Medical College of Wisconsin, Milwaukee, Wisconsin, USA
| | - Sean M Lew
- Department of Neurosurgery, Medical College of Wisconsin, Milwaukee, Wisconsin, USA.
| |
Collapse
|
21
|
Affiliation(s)
- Kenneth D Mandl
- From the Computational Health Informatics Program, Boston Children's Hospital, and the Department of Biomedical Informatics, Harvard Medical School - both in Boston (K.D.M.); and the Duke Clinical Research Institute, Duke University Medical Center, Durham, NC (E.D.P.)
| | - Eric D Perakslis
- From the Computational Health Informatics Program, Boston Children's Hospital, and the Department of Biomedical Informatics, Harvard Medical School - both in Boston (K.D.M.); and the Duke Clinical Research Institute, Duke University Medical Center, Durham, NC (E.D.P.)
| |
Collapse
|
22
|
Thoral PJ, Peppink JM, Driessen RH, Sijbrands EJG, Kompanje EJO, Kaplan L, Bailey H, Kesecioglu J, Cecconi M, Churpek M, Clermont G, van der Schaar M, Ercole A, Girbes ARJ, Elbers PWG. Sharing ICU Patient Data Responsibly Under the Society of Critical Care Medicine/European Society of Intensive Care Medicine Joint Data Science Collaboration: The Amsterdam University Medical Centers Database (AmsterdamUMCdb) Example. Crit Care Med 2021; 49:e563-e577. [PMID: 33625129 PMCID: PMC8132908 DOI: 10.1097/ccm.0000000000004916] [Citation(s) in RCA: 74] [Impact Index Per Article: 24.7] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [MESH Headings] [Grants] [Track Full Text] [Download PDF] [Figures] [Journal Information] [Subscribe] [Scholar Register] [Indexed: 11/26/2022]
Abstract
OBJECTIVES Critical care medicine is a natural environment for machine learning approaches to improve outcomes for critically ill patients as admissions to ICUs generate vast amounts of data. However, technical, legal, ethical, and privacy concerns have so far limited the critical care medicine community from making these data readily available. The Society of Critical Care Medicine and the European Society of Intensive Care Medicine have identified ICU patient data sharing as one of the priorities under their Joint Data Science Collaboration. To encourage ICUs worldwide to share their patient data responsibly, we now describe the development and release of Amsterdam University Medical Centers Database (AmsterdamUMCdb), the first freely available critical care database in full compliance with privacy laws from both the United States and Europe, as an example of the feasibility of sharing complex critical care data. SETTING University hospital ICU. SUBJECTS Data from ICU patients admitted between 2003 and 2016. INTERVENTIONS We used a risk-based deidentification strategy to maintain data utility while preserving privacy. In addition, we implemented contractual and governance processes, and a communication strategy. Patient organizations, supporting hospitals, and experts on ethics and privacy audited these processes and the database. MEASUREMENTS AND MAIN RESULTS AmsterdamUMCdb contains approximately 1 billion clinical data points from 23,106 admissions of 20,109 patients. The privacy audit concluded that reidentification is not reasonably likely, and AmsterdamUMCdb can therefore be considered as anonymous information, both in the context of the U.S. Health Insurance Portability and Accountability Act and the European General Data Protection Regulation. The ethics audit concluded that responsible data sharing imposes minimal burden, whereas the potential benefit is tremendous. CONCLUSIONS Technical, legal, ethical, and privacy challenges related to responsible data sharing can be addressed using a multidisciplinary approach. A risk-based deidentification strategy, that complies with both U.S. and European privacy regulations, should be the preferred approach to releasing ICU patient data. This supports the shared Society of Critical Care Medicine and European Society of Intensive Care Medicine vision to improve critical care outcomes through scientific inquiry of vast and combined ICU datasets.
Collapse
Affiliation(s)
- Patrick J Thoral
- Department of Intensive Care Medicine, Amsterdam Medical Data Science (AMDS), Amsterdam Cardiovascular Sciences (ACS), Amsterdam Infection and Immunity Institute (AI&II), Amsterdam UMC, Vrije Universiteit, Universiteit van Amsterdam, Amsterdam, The Netherlands
| | - Jan M Peppink
- Department of Intensive Care Medicine, Amsterdam Medical Data Science (AMDS), Amsterdam Cardiovascular Sciences (ACS), Amsterdam Infection and Immunity Institute (AI&II), Amsterdam UMC, Vrije Universiteit, Universiteit van Amsterdam, Amsterdam, The Netherlands
| | - Ronald H Driessen
- Department of Intensive Care Medicine, Amsterdam Medical Data Science (AMDS), Amsterdam Cardiovascular Sciences (ACS), Amsterdam Infection and Immunity Institute (AI&II), Amsterdam UMC, Vrije Universiteit, Universiteit van Amsterdam, Amsterdam, The Netherlands
| | | | - Erwin J O Kompanje
- Department of Intensive Care Medicine, Erasmus MC, Rotterdam, The Netherlands
| | - Lewis Kaplan
- Division of Trauma, Surgical Critical Care and Emergency Surgery, Perelman School of Medicine, University of Pennsylvania, Philadelphia, PA
- Executive Committee, Society of Critical Care Medicine, Mount Prospect, IL
| | - Heatherlee Bailey
- Department of Emergency Medicine, Durham VA Medical Center, Durham, NC
- Executive Committee, Society of Critical Care Medicine, Mount Prospect, IL
| | - Jozef Kesecioglu
- Department of Intensive Care Medicine, University Medical Center Utrecht, Utrecht University, Utrecht, The Netherlands
- Executive Committee, European Society of Intensive Care Medicine, Brussels, Belgium
| | - Maurizio Cecconi
- Executive Committee, European Society of Intensive Care Medicine, Brussels, Belgium
- Department of Anaesthesia and Intensive Care, Humanitas Research Hospital, Humanitas University, Milan, Italy
| | - Matthew Churpek
- Department of Medicine, University of Wisconsin, Madison, WI
| | - Gilles Clermont
- Department of Critical Care Medicine, CRISMA Laboratory, University of Pittsburgh, Pittsburgh, PA
| | - Mihaela van der Schaar
- University of Cambridge, Cambridge, United Kingdom
- Alan Turing Institute, London, United Kingdom
| | - Ari Ercole
- Division of Anaesthesia, University of Cambridge, Cambridge, United Kingdom
- Data Science Section, European Society of Intensive Care Medicine, Brussels, Belgium
| | - Armand R J Girbes
- Department of Intensive Care Medicine, Amsterdam Medical Data Science (AMDS), Amsterdam Cardiovascular Sciences (ACS), Amsterdam Infection and Immunity Institute (AI&II), Amsterdam UMC, Vrije Universiteit, Universiteit van Amsterdam, Amsterdam, The Netherlands
- Executive Committee, European Society of Intensive Care Medicine, Brussels, Belgium
| | - Paul W G Elbers
- Department of Intensive Care Medicine, Amsterdam Medical Data Science (AMDS), Amsterdam Cardiovascular Sciences (ACS), Amsterdam Infection and Immunity Institute (AI&II), Amsterdam UMC, Vrije Universiteit, Universiteit van Amsterdam, Amsterdam, The Netherlands
- Data Science Section, European Society of Intensive Care Medicine, Brussels, Belgium
| |
Collapse
|
23
|
Abstract
While telemedicine had been utilized in varying ways over the last several years, it has dramatically accelerated in the era of the COVID-19 pandemic. In this article we describe the privacy issues, in relation to the barriers to care for health care providers and barriers to the obstetric patient, licensing and payments for telehealth services, technological issues and language barriers. While there may be barriers to the use of telehealth services this type of care is feasible and the barriers are surmountable.
Collapse
Affiliation(s)
- Hari Eswaran
- Department of Obstetrics and Gynecology, Division of Maternal-Fetal Medicine
- Institute of Digital Health and Innovation, University of Arkansas for Medical Sciences, Little Rock, Arkansas
| | - Everett F Magann
- Department of Obstetrics and Gynecology, Division of Maternal-Fetal Medicine
| |
Collapse
|
24
|
Abstract
Daniel E Ho and colleagues explore the legal implications of using artificial intelligence in the response to covid-19 and call for more robust evaluation frameworks
Collapse
Affiliation(s)
- Mark Krass
- Stanford Law School, Stanford University, Stanford, CA, USA
- Department of Political Science, Stanford University School of Humanities and Sciences, Stanford, CA, USA
| | - Peter Henderson
- Stanford Law School, Stanford University, Stanford, CA, USA
- Department of Computer Science, Stanford University School of Engineering, Stanford, CA, USA
| | - Michelle M Mello
- Stanford Law School, Stanford University, Stanford, CA, USA
- Stanford Health Policy and Department of Medicine, Stanford University School of Medicine, Stanford, CA, USA
| | - David M Studdert
- Stanford Law School, Stanford University, Stanford, CA, USA
- Stanford Health Policy and Department of Medicine, Stanford University School of Medicine, Stanford, CA, USA
| | - Daniel E Ho
- Stanford Law School, Stanford University, Stanford, CA, USA
- Department of Political Science, Stanford University School of Humanities and Sciences, Stanford, CA, USA
- Stanford Institute for Human-Centered Artificial Intelligence, Stanford, CA, USA
- Stanford Institute for Economic Policy Research, Stanford, CA, USA
| |
Collapse
|
25
|
Noblin A, Hewitt B, Moqbel M, Sittig S, Kinnerson L, Rulon V. Can caregivers trust information technology in the care of their patients? A systematic review. Inform Health Soc Care 2021; 46:29-41. [PMID: 33256469 DOI: 10.1080/17538157.2020.1834399] [Citation(s) in RCA: 1] [Impact Index Per Article: 0.3] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [MESH Headings] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Indexed: 10/22/2022]
Abstract
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) requires that healthcare providers allow patients to engage in their healthcare by allowing access to their health records. Often patients need informal caregivers including family members or others to help them with their care. This paper explores whether trust is a key factor for informal caregivers' decision to use health information technologies (HIT) including electronic health records (EHR), patient portals, mobile apps, or other devices to care for their patient. Six reviewers conducted a comprehensive search of four literature databases using terms that pertained to a caregiver and trust to investigate the role trust plays when caregivers use HIT. While trust is a key factor for the use of HIT, it the researchers only identified ten articles that met the research question thresholds. Four main topics of trust surfaced including perceived confidentiality, perceived security, technological malfunction, and trustworthiness of the information. Trust is a critical factor for informal caregivers when using HIT to assist in the care of their patient (child, loved one, parent, or acquaintance). Based on the findings, it is clear that more research on the use of HIT by caregivers is needed.
Collapse
Affiliation(s)
- Alice Noblin
- Health Management & Informatics, University of Central Florida , Orlando, FL, USA
| | - Barbara Hewitt
- Health Information Management, Texas State University , San Marcos, TX, USA
| | - Murad Moqbel
- Information Systems, University of Texas Rio Grande Valley , Brownsville, TX, USA
| | - Scott Sittig
- Information Systems and Technology, University of South Alabama , Mobile, AL, USA
| | - Lakesha Kinnerson
- Health Informatics and Information Management, Samford University , Birmingham, AL, USA
| | - Vera Rulon
- CEO of TIR, Tir Health Advisors LLC , Nyack, NY, USA
| |
Collapse
|
26
|
Theodos K, Sittig S. Health Information Privacy Laws in the Digital Age: HIPAA Doesn't Apply. Perspect Health Inf Manag 2020; 18:1l. [PMID: 33633522 PMCID: PMC7883355] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [MESH Headings] [Subscribe] [Scholar Register] [Indexed: 06/12/2023]
Abstract
The notion of health information privacy has evolved over time as the healthcare industry has embraced technology. Where once individuals were concerned about the privacy of their conversations and financial information, the digitization of health data has created new challenges for those responsible for ensuring that patient information remains secure and private. Coupled with the lack of updated, overarching legislation, a critical gap exists between advancements in technology, consumer informatics tools and privacy regulations. Almost twenty years after the HIPAA (Health Insurance Portability and Accountability Act) compliance date, the healthcare industry continues to seek solutions to privacy challenges absent formal contemporary law. Since HIPAA, a few attempts have been made to control specific aspects of health information including genetic information and use of technology however none were visionary enough to address issues seen in today's digital data focused healthcare environment. The proliferation of digital health data, trends in data use, increased use of telehealth applications due to COVID-19 pandemic and the consumer's participatory role in healthcare all create new challenges not covered by the existing legal framework. Modern efforts to address this dilemma have emerged in state and international law though the United States healthcare industry continues to operate under a law written two decades ago. As technology continues to advance at a rapid pace along with consumers playing a greater role in the management of their healthcare through digital health the privacy guidance provided by federal law must also shift to reflect the new reality.
Collapse
Affiliation(s)
| | - Scott Sittig
- is assistant professor School of Computing, University of South Alabama
| |
Collapse
|
27
|
Abstract
Policy Points Millions of life-sustaining implantable devices collect and relay massive amounts of digital health data, increasingly by using user-downloaded smartphone applications to facilitate data relay to clinicians via manufacturer servers. Our analysis of health privacy laws indicates that most US patients may have little access to their own digital health data in the United States under the Health Insurance Portability and Accountability Act Privacy Rule, whereas the EU General Data Protection Regulation and the California Consumer Privacy Act grant greater access to device-collected data. Our normative analysis argues for consistently granting patients access to the raw data collected by their implantable devices. CONTEXT Millions of life-sustaining implantable devices collect and relay massive amounts of digital health data, increasingly by using user-downloaded smartphone applications to facilitate data relay to clinicians via manufacturer servers. Whether patients have either legal or normative claims to data collected by these devices, particularly in the raw, granular format beyond that summarized in their medical records, remains incompletely explored. METHODS Using pacemakers and implantable cardioverter-defibrillators (ICDs) as a clinical model, we outline the clinical ecosystem of data collection, relay, retrieval, and documentation. We consider the legal implications of US and European privacy regulations for patient access to either summary or raw device data. Lastly, we evaluate ethical arguments for or against providing patients access to data beyond the summaries presented in medical records. FINDINGS Our analysis of applicable health privacy laws indicates that US patients may have little access to their raw data collected and held by device manufacturers in the United States under the Health Insurance Portability and Accountability Act Privacy Rule, whereas the EU General Data Protection Regulation (GDPR) grants greater access to device-collected data when the processing of personal data falls under the GDPR's territorial scope. The California Consumer Privacy Act, the "little sister" of the GDPR, also grants greater rights to California residents. By contrast, our normative analysis argues for consistently granting patients access to the raw data collected by their implantable devices. Smartphone applications are increasingly involved in the collection, relay, retrieval, and documentation of these data. Therefore, we argue that smartphone user agreements are an emerging but potentially underutilized opportunity for clarifying both legal and ethical claims for device-derived data. CONCLUSIONS Current health privacy legislation incompletely supports patients' normative claims for access to digital health data.
Collapse
Affiliation(s)
- I. GLENN COHEN
- Petrie‐Flom Center for Health Law Policy, Biotechnology, and Bioethics at Harvard Law SchoolHarvard University
| | - SARA GERKE
- Petrie‐Flom Center for Health Law Policy, Biotechnology, and Bioethics at Harvard Law SchoolHarvard University
| | - DANIEL B. KRAMER
- Richard A. and Susan F. Smith Center for Outcomes Research in Cardiology, Beth Israel Deaconess Medical CenterHarvard Medical School
| |
Collapse
|
28
|
Schmit C, Giannouchos T, Ramezani M, Zheng Q, Morrisey MA, Kum HC. US Privacy Laws Go Against Public Preferences: Impeding Public Health and Research (Preprint). J Med Internet Res 2020; 23:e25266. [PMID: 36260399 PMCID: PMC8406123 DOI: 10.2196/25266] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [MESH Headings] [Track Full Text] [Figures] [Journal Information] [Subscribe] [Scholar Register] [Received: 10/26/2020] [Revised: 12/08/2020] [Accepted: 04/30/2021] [Indexed: 12/01/2022] Open
Abstract
Background Reaping the benefits from massive volumes of data collected in all sectors to improve population health, inform personalized medicine, and transform biomedical research requires the delicate balance between the benefits and risks of using individual-level data. There is a patchwork of US data protection laws that vary depending on the type of data, who is using it, and their intended purpose. Differences in these laws challenge big data projects using data from different sources. The decisions to permit or restrict data uses are determined by elected officials; therefore, constituent input is critical to finding the right balance between individual privacy and public benefits. Objective This study explores the US public’s preferences for using identifiable data for different purposes without their consent. Methods We measured data use preferences of a nationally representative sample of 504 US adults by conducting a web-based survey in February 2020. The survey used a choice-based conjoint analysis. We selected choice-based conjoint attributes and levels based on 5 US data protection laws (Health Insurance Portability and Accountability Act, Family Educational Rights and Privacy Act, Privacy Act of 1974, Federal Trade Commission Act, and the Common Rule). There were 72 different combinations of attribute levels, representing different data use scenarios. Participants were given 12 pairs of data use scenarios and were asked to choose the scenario they were the most comfortable with. We then simulated the population preferences by using the hierarchical Bayes regression model using the ChoiceModelR package in R. Results Participants strongly preferred data reuse for public health and research than for profit-driven, marketing, or crime-detection activities. Participants also strongly preferred data use by universities or nonprofit organizations over data use by businesses and governments. Participants were fairly indifferent about the different types of data used (health, education, government, or economic data). Conclusions Our results show a notable incongruence between public preferences and current US data protection laws. Our findings appear to show that the US public favors data uses promoting social benefits over those promoting individual or organizational interests. This study provides strong support for continued efforts to provide safe access to useful data sets for research and public health. Policy makers should consider more robust public health and research data use exceptions to align laws with public preferences. In addition, policy makers who revise laws to enable data use for research and public health should consider more comprehensive protection mechanisms, including transparent use of data and accountability.
Collapse
Affiliation(s)
- Cason Schmit
- Population Informatics Lab, Department of Health Policy and Management, Texas A&M University, College Station, TX, United States
| | - Theodoros Giannouchos
- Population Informatics Lab, Department of Health Policy and Management, Texas A&M University, College Station, TX, United States
- Pharmacotherapy Outcomes Research Center, College of Pharmacy, University of Utah, Salt Lake City, UT, United States
| | - Mahin Ramezani
- Population Informatics Lab, Department of Health Policy and Management, Texas A&M University, College Station, TX, United States
| | - Qi Zheng
- Department of Epidemiology and Biostatistics, Texas A&M University, College Station, TX, United States
| | - Michael A Morrisey
- Population Informatics Lab, Department of Health Policy and Management, Texas A&M University, College Station, TX, United States
| | - Hye-Chung Kum
- Population Informatics Lab, Department of Health Policy and Management, Texas A&M University, College Station, TX, United States
| |
Collapse
|
29
|
Hui K, Gilmore CJ, Khan M. Medical Records: More Than the Health Insurance Portability and Accountability Act. J Acad Nutr Diet 2020; 121:770-772. [PMID: 32933854 DOI: 10.1016/j.jand.2020.06.022] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [MESH Headings] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Received: 06/26/2020] [Accepted: 06/26/2020] [Indexed: 11/29/2022]
Abstract
It is the responsibility of each organization, including private practice businesses, to maintain a comprehensive medical records retention policy. While registered dietitian nutritionists (RDNs) are qualified and competent business owners, navigating through the challenges of proper medical record management can be difficult without a sound policy. A comprehensive medical record retention policy consists of 4 major components: creation, utilization, maintenance, and destruction as well as a retention schedule. Successful implementation of a comprehensive medical record retention policy promotes positive clinician-patient interaction and avoidance of potential legal ramifications.
Collapse
Affiliation(s)
- Karen Hui
- Academy of Nutrition and Dietetics, Chicago, IL.
| | | | | |
Collapse
|
30
|
Gow J, Moffatt C, Blackport J. Participation in patient support forums may put rare disease patient data at risk of re-identification. Orphanet J Rare Dis 2020; 15:226. [PMID: 32867839 PMCID: PMC7457524 DOI: 10.1186/s13023-020-01497-3] [Citation(s) in RCA: 4] [Impact Index Per Article: 1.0] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [MESH Headings] [Track Full Text] [Download PDF] [Figures] [Journal Information] [Subscribe] [Scholar Register] [Received: 06/15/2020] [Accepted: 08/07/2020] [Indexed: 12/14/2022] Open
Abstract
BACKGROUND Rare disease patients often struggle to find both medical advice and emotional support for their diagnosis. Consequently, many rare disease patient support forums have appeared on hospital webpages, social media sites, and on rare disease foundation sites. However, we argue that engagement in these groups may pose a healthcare data privacy threat to many participants, since it makes a series of patient indirect identifiers 'readily available' in combination with rare disease conditions. This information produces a risk of re-identification because it may allow a motivated attacker to use the unique combination of a patient's identifiers and disease condition to re-identify them in anonymized data. RESULTS To assess this risk of re-identification, patient direct and indirect identifiers were mined from patient support forums for 80 patients across eight rare diseases. This data mining consisted of scanning patient testimonials, social media sites, and public records for the collection of identifiers linked to a rare disease patient. The number of people in the United States that may share each patient's combination of marital status, 3-digit ZIP code, age, and sex, as well as their rare disease condition, was then estimated, as such information is commonly found in health records which have undergone de-identification by HIPAA's 'Safe Harbor.' The study showed that by these estimations, nearly 75% of patients could be at high risk for re-identification in healthcare datasets in which they appear, due to their unique combination of identifiers. CONCLUSIONS The results of this study show that these rare disease patients, due to their choice to provide support for their community, are putting all their healthcare data at risk of re-identification. This paper demonstrates how simple adjustments to participation guidelines in such support forums, in combination with improved privacy measures at the organizational level, could mitigate this risk of re-identification. Additionally, this paper suggests the potential for future investigation into consideration of certain 'risky' International Classification of Diseases (ICD) codes as quasi-identifiers in de-identified datasets to further protect patients' privacy, while maintaining the utility of such rare disease support groups.
Collapse
Affiliation(s)
- James Gow
- Dartmouth College, Hanover, 03755 New Hampshire USA
- Mirador Analytics Ltd. Priorwood House, Melrose, TD6 9EF UK
| | - Colin Moffatt
- Faculty of Health and Life Sciences, de Montfort University, The Gateway, Leicester, UK
- Mirador Analytics Ltd. Priorwood House, Melrose, TD6 9EF UK
| | | |
Collapse
|
31
|
Abstract
OBJECTIVES To survey international regulatory frameworks that serve to protect privacy of personal data as a human right as well as to review the literature regarding privacy protections and data ownership in mobile health (mHealth) technologies between January 1, 2016 and June 1, 2019 in order to identify common themes. METHODS We performed a review of relevant literature available in English published between January 1, 2016 and June 1, 2019 from databases including PubMed, Google Scholar, and Web of Science, as well as relevant legislative background material. Articles out of scope (as detailed below) were eliminated. We categorized the remaining pool of articles and discrete themes were identified, specifically: concerns around data transmission and storage, including data ownership and the ability to re-identify previously de-identified data; issues with user consent (including the availability of appropriate privacy policies) and access control; and the changing culture and variable global attitudes toward privacy of health data. RESULTS Recent literature demonstrates that the security of mHealth data storage and transmission remains of wide concern, and aggregated data that were previously considered "de-identified" have now been demonstrated to be re-identifiable. Consumer-informed consent may be lacking with regard to mHealth applications due to the absence of a privacy policy and/or to text that is too complex and lengthy for most users to comprehend. The literature surveyed emphasizes improved access control strategies. This survey also illustrates a wide variety of global user perceptions regarding health data privacy. CONCLUSION The international regulatory framework that serves to protect privacy of personal data as a human right is diverse. Given the challenges legislators face to keep up with rapidly advancing technology, we introduce the concept of a "healthcare fiduciary" to serve the best interest of data subjects in the current environment.
Collapse
Affiliation(s)
- Hannah K. Galvin
- Cambridge Health Alliance, Cambridge, MA, USA
- Tufts University School of Medicine, Boston, MA, USA
| | - Paul R. DeMuro
- Chief Legal Officer Health and Wellness, Royal Palm Companies, Miami, Florida
| |
Collapse
|
32
|
Abdalla M, Abdalla M, Rudzicz F, Hirst G. Using word embeddings to improve the privacy of clinical notes. J Am Med Inform Assoc 2020; 27:901-907. [PMID: 32388549 PMCID: PMC7309261 DOI: 10.1093/jamia/ocaa038] [Citation(s) in RCA: 5] [Impact Index Per Article: 1.3] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [MESH Headings] [Grants] [Track Full Text] [Download PDF] [Figures] [Journal Information] [Subscribe] [Scholar Register] [Received: 01/24/2020] [Revised: 03/10/2020] [Accepted: 03/23/2020] [Indexed: 11/24/2022] Open
Abstract
OBJECTIVE In this work, we introduce a privacy technique for anonymizing clinical notes that guarantees all private health information is secured (including sensitive data, such as family history, that are not adequately covered by current techniques). MATERIALS AND METHODS We employ a new "random replacement" paradigm (replacing each token in clinical notes with neighboring word vectors from the embedding space) to achieve 100% recall on the removal of sensitive information, unachievable with current "search-and-secure" paradigms. We demonstrate the utility of this paradigm on multiple corpora in a diverse set of classification tasks. RESULTS We empirically evaluate the effect of our anonymization technique both on upstream and downstream natural language processing tasks to show that our perturbations, while increasing security (ie, achieving 100% recall on any dataset), do not greatly impact the results of end-to-end machine learning approaches. DISCUSSION As long as current approaches utilize precision and recall to evaluate deidentification algorithms, there will remain a risk of overlooking sensitive information. Inspired by differential privacy, we sought to make it statistically infeasible to recreate the original data, although at the cost of readability. We hope that the work will serve as a catalyst to further research into alternative deidentification methods that can address current weaknesses. CONCLUSION Our proposed technique can secure clinical texts at a low cost and extremely high recall with a readability trade-off while remaining useful for natural language processing classification tasks. We hope that our work can be used by risk-averse data holders to release clinical texts to researchers.
Collapse
Affiliation(s)
- Mohamed Abdalla
- ICES, Toronto, Canada
- The Vector Institute for Artificial Intelligence, Toronto, Canada
- Department of Computer Science, University of Toronto, Toronto, Canada
| | - Moustafa Abdalla
- Computational Statistics & Machine Learning Group, Department of Statistics, University of Oxford, Oxford, UK
- Wellcome Centre for Human Genetics, Nuffield Department of Medicine, University of Oxford, Oxford, UK
- Harvard Medical School, Harvard University, Boston, USA
| | - Frank Rudzicz
- The Vector Institute for Artificial Intelligence, Toronto, Canada
- Department of Computer Science, University of Toronto, Toronto, Canada
- International Centre for Surgical Safety, Li Ka Shing Knowledge Institute, St Michael’s Hospital, Toronto, Canada
| | - Graeme Hirst
- The Vector Institute for Artificial Intelligence, Toronto, Canada
- Department of Computer Science, University of Toronto, Toronto, Canada
| |
Collapse
|
33
|
Affiliation(s)
- Donald W Rucker
- From the Office of the National Coordinator for Health Information Technology, Department of Health and Human Services, Washington, DC
| |
Collapse
|
34
|
Affiliation(s)
- Kenneth D Mandl
- From the Computational Health Informatics Program, Boston Children's Hospital, and the Department of Biomedical Informatics, Harvard Medical School - both in Boston
| | - Isaac S Kohane
- From the Computational Health Informatics Program, Boston Children's Hospital, and the Department of Biomedical Informatics, Harvard Medical School - both in Boston
| |
Collapse
|
35
|
Abstract
This article focuses on confidentiality and capacity issues affecting patients receiving care in the emergency department. The patient-physician relationship begins with presumed confidentiality. The article also clarifies instances where a physician may be required to break confidentiality for the safety of patients or others. This article then discusses risk management issues relevant to determining a patient's capacity to accept or decline medical care in the emergency department setting. Situations pertaining to refusal of care and discharges against medical advice are examined in detail, and best practices for mitigating risk in informed consent and barriers to consent are reviewed.
Collapse
Affiliation(s)
- Joseph H Kahn
- Department of Emergency Medicine, Boston University School of Medicine, Boston Medical Center, 1 Boston Medical Center Place, Boston, MA 02118, USA.
| |
Collapse
|
36
|
Underwood PY, Wyatt KD, Greaney C, Derauf C, Uribe RA, Colaiano JM, Hellmich TR. Mobile Point-of-Care Medical Photography: Legal Considerations for Health Care Providers. J Leg Med 2020; 40:247-263. [PMID: 33137276 DOI: 10.1080/01947648.2020.1816234] [Citation(s) in RCA: 3] [Impact Index Per Article: 0.8] [Reference Citation Analysis] [What about the content of this article? (0)] [Abstract] [Key Words] [MESH Headings] [Track Full Text] [Subscribe] [Scholar Register] [Received: 12/18/2019] [Revised: 06/09/2020] [Accepted: 07/17/2020] [Indexed: 06/11/2023]
Abstract
Medical photographs have been used for decades to document clinical findings. The ease with which medical photographs can be captured and integrated into the electronic health record (EHR) has increased as digital cameras obviated the need for the film development process. Today, cameras integrated into smartphones allow for high-resolution images to be instantly uploaded and integrated into the EHR. With major EHR vendors offering mobile smartphone applications for the conduct of point-of-care medical photography, health care providers and institutions need to be aware of legal questions that arise in the conduct of medical photography. Namely, (1) what are the requirements for consent when taking medical photographs, and how may photographs be used after consent is obtained, (2) are medical photographs admissible as evidence in court, and (3) how should a provider respond to a request by a patient or parent requesting that a photograph be deleted from the medical record? Herein, we review relevant laws and legal cases in the context of accepted standards of medical practice pertaining to point-of-care medical photography. This review is intended to aid health care providers and institutions seeking to develop or revise policies regarding using a mobile application at their clinical practice.
Collapse
|
37
|
Crosby SS, Annas GJ. Cop to Cop: Negotiating Privacy and Security in the Examining Room. J Law Med Ethics 2020; 48:169-171. [PMID: 32342784 DOI: 10.1177/1073110520917006] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [MESH Headings] [Track Full Text] [Subscribe] [Scholar Register] [Indexed: 06/11/2023]
Affiliation(s)
- Sondra S Crosby
- Sondra S. Crosby, M.D., is Associate Professor at Boston University and in the Center for Health Law, Ethics & Human Rights of Boston University School of Public Health. George J. Annas, J.D., M.P.H., is Warren Distinguished Professor and Director, Center for Health Law, Ethics & Human Rights at Boston University School of Public Health
| | - George J Annas
- Sondra S. Crosby, M.D., is Associate Professor at Boston University and in the Center for Health Law, Ethics & Human Rights of Boston University School of Public Health. George J. Annas, J.D., M.P.H., is Warren Distinguished Professor and Director, Center for Health Law, Ethics & Human Rights at Boston University School of Public Health
| |
Collapse
|
38
|
Wolf SM, Ossorio PN, Berry SA, Greely HT, McGuire AL, Penny MA, Terry SF. Integrating Rules for Genomic Research, Clinical Care, Public Health Screening and DTC Testing: Creating Translational Law for Translational Genomics. J Law Med Ethics 2020; 48:69-86. [PMID: 32342790 PMCID: PMC7447150 DOI: 10.1177/1073110520916996] [Citation(s) in RCA: 10] [Impact Index Per Article: 2.5] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [MESH Headings] [Grants] [Track Full Text] [Subscribe] [Scholar Register] [Indexed: 05/27/2023]
Abstract
Human genomics is a translational field spanning research, clinical care, public health, and direct-to-consumer testing. However, law differs across these domains on issues including liability, consent, promoting quality of analysis and interpretation, and safeguarding privacy. Genomic activities crossing domains can thus encounter confusion and conflicts among these approaches. This paper suggests how to resolve these conflicts while protecting the rights and interests of individuals sequenced. Translational genomics requires this more translational approach to law.
Collapse
Affiliation(s)
- Susan M Wolf
- Susan M. Wolf, J.D., is McKnight Presidential Professor of Law, Medicine & Public Policy; Faegre Baker Daniels Professor of Law; and Professor of Medicine at the University of Minnesota. She is also Chair of the University's Consortium on Law and Values in Health, Environment & the Life Sciences. She is a Principal Investigator on an NIH-supported project on "LawSeq: Building a Sound Legal Foundation for Translating Genomics into Clinical Application" (NHGRI/NCI # R01HG008605; Wolf, Clayton, Lawrenz, PIs). Pilar N. Ossorio, Ph.D., J.D., is Professor of Law and Bioethics at the University of Wisconsin-Madison, where she is on the faculties of the Law School and the Department of Medical History and Bioethics at the Medical School. She is Ethics Scholar-in-Residence at the Morgridge Institute for Research, Co-Director of UW's Law and Neuroscience Program, a faculty member in the UW Masters in Biotechnology Studies program, and Program Faculty in the Graduate Program in Population Health. Susan A. Berry, M.D., is Division Director for Genetics and Metabolism in the Department of Pediatrics at the University of Minnesota. She is a Professor in the Departments of Pediatrics, Ophthalmology and Genetics, Cell Biology and Development. She is a member of the Minnesota Department of Health Newborn Screening Advisory Committee, a Fellow of the American Academy of Pediatrics, and a Fellow of the American College of Medical Genetics. Henry T. Greely, J.D., is the Deane F. and Kate Edelman Johnson Professor of Law and Professor, by courtesy, of Genetics at Stanford University. He chairs the California Advisory Committee on Human Stem Cell Research and the steering committee of the Stanford University Center for Biomedical Ethics, and directs the Stanford Center for Law and the Biosciences and the Stanford Program in Neuroscience and Society. Amy L. McGuire, J.D., Ph.D., is the Leon Jaworski Professor of Biomedical Ethics and Director of the Center for Medical Ethics and Health Policy at the Baylor College of Medicine. She served on the National Advisory Council for Human Genome Research 2011-15 and is immediate past-President of the Association of Bioethics Program Directors. Michelle A. Penny, Ph.D., is Head of the Translational Genome Sciences Group at Biogen. She is Co-Chair of the National Academy Roundtable on Genomics and Precision Health and the Industry Pharmacogenomics Working Group. Sharon F. Terry, M.A., is President and Chief Executive Officer of Genetic Alliance and co-founder of the Genetic Alliance Registry and Biobank. She has served in a leadership role on organizations including the Precision Medicine Initiative Cohort Advisory Panel; Cures Acceleration Network Review Board and Advisory Council, National Center for Accelerating Translation Science, NIH; National Academy Roundtable on Genomics and Precision Health; Global Alliance for Genomics and Health; and International Rare Disease Research Consortium Executive Committee. Organizations are listed here for author identification only
| | - Pilar N Ossorio
- Susan M. Wolf, J.D., is McKnight Presidential Professor of Law, Medicine & Public Policy; Faegre Baker Daniels Professor of Law; and Professor of Medicine at the University of Minnesota. She is also Chair of the University's Consortium on Law and Values in Health, Environment & the Life Sciences. She is a Principal Investigator on an NIH-supported project on "LawSeq: Building a Sound Legal Foundation for Translating Genomics into Clinical Application" (NHGRI/NCI # R01HG008605; Wolf, Clayton, Lawrenz, PIs). Pilar N. Ossorio, Ph.D., J.D., is Professor of Law and Bioethics at the University of Wisconsin-Madison, where she is on the faculties of the Law School and the Department of Medical History and Bioethics at the Medical School. She is Ethics Scholar-in-Residence at the Morgridge Institute for Research, Co-Director of UW's Law and Neuroscience Program, a faculty member in the UW Masters in Biotechnology Studies program, and Program Faculty in the Graduate Program in Population Health. Susan A. Berry, M.D., is Division Director for Genetics and Metabolism in the Department of Pediatrics at the University of Minnesota. She is a Professor in the Departments of Pediatrics, Ophthalmology and Genetics, Cell Biology and Development. She is a member of the Minnesota Department of Health Newborn Screening Advisory Committee, a Fellow of the American Academy of Pediatrics, and a Fellow of the American College of Medical Genetics. Henry T. Greely, J.D., is the Deane F. and Kate Edelman Johnson Professor of Law and Professor, by courtesy, of Genetics at Stanford University. He chairs the California Advisory Committee on Human Stem Cell Research and the steering committee of the Stanford University Center for Biomedical Ethics, and directs the Stanford Center for Law and the Biosciences and the Stanford Program in Neuroscience and Society. Amy L. McGuire, J.D., Ph.D., is the Leon Jaworski Professor of Biomedical Ethics and Director of the Center for Medical Ethics and Health Policy at the Baylor College of Medicine. She served on the National Advisory Council for Human Genome Research 2011-15 and is immediate past-President of the Association of Bioethics Program Directors. Michelle A. Penny, Ph.D., is Head of the Translational Genome Sciences Group at Biogen. She is Co-Chair of the National Academy Roundtable on Genomics and Precision Health and the Industry Pharmacogenomics Working Group. Sharon F. Terry, M.A., is President and Chief Executive Officer of Genetic Alliance and co-founder of the Genetic Alliance Registry and Biobank. She has served in a leadership role on organizations including the Precision Medicine Initiative Cohort Advisory Panel; Cures Acceleration Network Review Board and Advisory Council, National Center for Accelerating Translation Science, NIH; National Academy Roundtable on Genomics and Precision Health; Global Alliance for Genomics and Health; and International Rare Disease Research Consortium Executive Committee. Organizations are listed here for author identification only
| | - Susan A Berry
- Susan M. Wolf, J.D., is McKnight Presidential Professor of Law, Medicine & Public Policy; Faegre Baker Daniels Professor of Law; and Professor of Medicine at the University of Minnesota. She is also Chair of the University's Consortium on Law and Values in Health, Environment & the Life Sciences. She is a Principal Investigator on an NIH-supported project on "LawSeq: Building a Sound Legal Foundation for Translating Genomics into Clinical Application" (NHGRI/NCI # R01HG008605; Wolf, Clayton, Lawrenz, PIs). Pilar N. Ossorio, Ph.D., J.D., is Professor of Law and Bioethics at the University of Wisconsin-Madison, where she is on the faculties of the Law School and the Department of Medical History and Bioethics at the Medical School. She is Ethics Scholar-in-Residence at the Morgridge Institute for Research, Co-Director of UW's Law and Neuroscience Program, a faculty member in the UW Masters in Biotechnology Studies program, and Program Faculty in the Graduate Program in Population Health. Susan A. Berry, M.D., is Division Director for Genetics and Metabolism in the Department of Pediatrics at the University of Minnesota. She is a Professor in the Departments of Pediatrics, Ophthalmology and Genetics, Cell Biology and Development. She is a member of the Minnesota Department of Health Newborn Screening Advisory Committee, a Fellow of the American Academy of Pediatrics, and a Fellow of the American College of Medical Genetics. Henry T. Greely, J.D., is the Deane F. and Kate Edelman Johnson Professor of Law and Professor, by courtesy, of Genetics at Stanford University. He chairs the California Advisory Committee on Human Stem Cell Research and the steering committee of the Stanford University Center for Biomedical Ethics, and directs the Stanford Center for Law and the Biosciences and the Stanford Program in Neuroscience and Society. Amy L. McGuire, J.D., Ph.D., is the Leon Jaworski Professor of Biomedical Ethics and Director of the Center for Medical Ethics and Health Policy at the Baylor College of Medicine. She served on the National Advisory Council for Human Genome Research 2011-15 and is immediate past-President of the Association of Bioethics Program Directors. Michelle A. Penny, Ph.D., is Head of the Translational Genome Sciences Group at Biogen. She is Co-Chair of the National Academy Roundtable on Genomics and Precision Health and the Industry Pharmacogenomics Working Group. Sharon F. Terry, M.A., is President and Chief Executive Officer of Genetic Alliance and co-founder of the Genetic Alliance Registry and Biobank. She has served in a leadership role on organizations including the Precision Medicine Initiative Cohort Advisory Panel; Cures Acceleration Network Review Board and Advisory Council, National Center for Accelerating Translation Science, NIH; National Academy Roundtable on Genomics and Precision Health; Global Alliance for Genomics and Health; and International Rare Disease Research Consortium Executive Committee. Organizations are listed here for author identification only
| | - Henry T Greely
- Susan M. Wolf, J.D., is McKnight Presidential Professor of Law, Medicine & Public Policy; Faegre Baker Daniels Professor of Law; and Professor of Medicine at the University of Minnesota. She is also Chair of the University's Consortium on Law and Values in Health, Environment & the Life Sciences. She is a Principal Investigator on an NIH-supported project on "LawSeq: Building a Sound Legal Foundation for Translating Genomics into Clinical Application" (NHGRI/NCI # R01HG008605; Wolf, Clayton, Lawrenz, PIs). Pilar N. Ossorio, Ph.D., J.D., is Professor of Law and Bioethics at the University of Wisconsin-Madison, where she is on the faculties of the Law School and the Department of Medical History and Bioethics at the Medical School. She is Ethics Scholar-in-Residence at the Morgridge Institute for Research, Co-Director of UW's Law and Neuroscience Program, a faculty member in the UW Masters in Biotechnology Studies program, and Program Faculty in the Graduate Program in Population Health. Susan A. Berry, M.D., is Division Director for Genetics and Metabolism in the Department of Pediatrics at the University of Minnesota. She is a Professor in the Departments of Pediatrics, Ophthalmology and Genetics, Cell Biology and Development. She is a member of the Minnesota Department of Health Newborn Screening Advisory Committee, a Fellow of the American Academy of Pediatrics, and a Fellow of the American College of Medical Genetics. Henry T. Greely, J.D., is the Deane F. and Kate Edelman Johnson Professor of Law and Professor, by courtesy, of Genetics at Stanford University. He chairs the California Advisory Committee on Human Stem Cell Research and the steering committee of the Stanford University Center for Biomedical Ethics, and directs the Stanford Center for Law and the Biosciences and the Stanford Program in Neuroscience and Society. Amy L. McGuire, J.D., Ph.D., is the Leon Jaworski Professor of Biomedical Ethics and Director of the Center for Medical Ethics and Health Policy at the Baylor College of Medicine. She served on the National Advisory Council for Human Genome Research 2011-15 and is immediate past-President of the Association of Bioethics Program Directors. Michelle A. Penny, Ph.D., is Head of the Translational Genome Sciences Group at Biogen. She is Co-Chair of the National Academy Roundtable on Genomics and Precision Health and the Industry Pharmacogenomics Working Group. Sharon F. Terry, M.A., is President and Chief Executive Officer of Genetic Alliance and co-founder of the Genetic Alliance Registry and Biobank. She has served in a leadership role on organizations including the Precision Medicine Initiative Cohort Advisory Panel; Cures Acceleration Network Review Board and Advisory Council, National Center for Accelerating Translation Science, NIH; National Academy Roundtable on Genomics and Precision Health; Global Alliance for Genomics and Health; and International Rare Disease Research Consortium Executive Committee. Organizations are listed here for author identification only
| | - Amy L McGuire
- Susan M. Wolf, J.D., is McKnight Presidential Professor of Law, Medicine & Public Policy; Faegre Baker Daniels Professor of Law; and Professor of Medicine at the University of Minnesota. She is also Chair of the University's Consortium on Law and Values in Health, Environment & the Life Sciences. She is a Principal Investigator on an NIH-supported project on "LawSeq: Building a Sound Legal Foundation for Translating Genomics into Clinical Application" (NHGRI/NCI # R01HG008605; Wolf, Clayton, Lawrenz, PIs). Pilar N. Ossorio, Ph.D., J.D., is Professor of Law and Bioethics at the University of Wisconsin-Madison, where she is on the faculties of the Law School and the Department of Medical History and Bioethics at the Medical School. She is Ethics Scholar-in-Residence at the Morgridge Institute for Research, Co-Director of UW's Law and Neuroscience Program, a faculty member in the UW Masters in Biotechnology Studies program, and Program Faculty in the Graduate Program in Population Health. Susan A. Berry, M.D., is Division Director for Genetics and Metabolism in the Department of Pediatrics at the University of Minnesota. She is a Professor in the Departments of Pediatrics, Ophthalmology and Genetics, Cell Biology and Development. She is a member of the Minnesota Department of Health Newborn Screening Advisory Committee, a Fellow of the American Academy of Pediatrics, and a Fellow of the American College of Medical Genetics. Henry T. Greely, J.D., is the Deane F. and Kate Edelman Johnson Professor of Law and Professor, by courtesy, of Genetics at Stanford University. He chairs the California Advisory Committee on Human Stem Cell Research and the steering committee of the Stanford University Center for Biomedical Ethics, and directs the Stanford Center for Law and the Biosciences and the Stanford Program in Neuroscience and Society. Amy L. McGuire, J.D., Ph.D., is the Leon Jaworski Professor of Biomedical Ethics and Director of the Center for Medical Ethics and Health Policy at the Baylor College of Medicine. She served on the National Advisory Council for Human Genome Research 2011-15 and is immediate past-President of the Association of Bioethics Program Directors. Michelle A. Penny, Ph.D., is Head of the Translational Genome Sciences Group at Biogen. She is Co-Chair of the National Academy Roundtable on Genomics and Precision Health and the Industry Pharmacogenomics Working Group. Sharon F. Terry, M.A., is President and Chief Executive Officer of Genetic Alliance and co-founder of the Genetic Alliance Registry and Biobank. She has served in a leadership role on organizations including the Precision Medicine Initiative Cohort Advisory Panel; Cures Acceleration Network Review Board and Advisory Council, National Center for Accelerating Translation Science, NIH; National Academy Roundtable on Genomics and Precision Health; Global Alliance for Genomics and Health; and International Rare Disease Research Consortium Executive Committee. Organizations are listed here for author identification only
| | - Michelle A Penny
- Susan M. Wolf, J.D., is McKnight Presidential Professor of Law, Medicine & Public Policy; Faegre Baker Daniels Professor of Law; and Professor of Medicine at the University of Minnesota. She is also Chair of the University's Consortium on Law and Values in Health, Environment & the Life Sciences. She is a Principal Investigator on an NIH-supported project on "LawSeq: Building a Sound Legal Foundation for Translating Genomics into Clinical Application" (NHGRI/NCI # R01HG008605; Wolf, Clayton, Lawrenz, PIs). Pilar N. Ossorio, Ph.D., J.D., is Professor of Law and Bioethics at the University of Wisconsin-Madison, where she is on the faculties of the Law School and the Department of Medical History and Bioethics at the Medical School. She is Ethics Scholar-in-Residence at the Morgridge Institute for Research, Co-Director of UW's Law and Neuroscience Program, a faculty member in the UW Masters in Biotechnology Studies program, and Program Faculty in the Graduate Program in Population Health. Susan A. Berry, M.D., is Division Director for Genetics and Metabolism in the Department of Pediatrics at the University of Minnesota. She is a Professor in the Departments of Pediatrics, Ophthalmology and Genetics, Cell Biology and Development. She is a member of the Minnesota Department of Health Newborn Screening Advisory Committee, a Fellow of the American Academy of Pediatrics, and a Fellow of the American College of Medical Genetics. Henry T. Greely, J.D., is the Deane F. and Kate Edelman Johnson Professor of Law and Professor, by courtesy, of Genetics at Stanford University. He chairs the California Advisory Committee on Human Stem Cell Research and the steering committee of the Stanford University Center for Biomedical Ethics, and directs the Stanford Center for Law and the Biosciences and the Stanford Program in Neuroscience and Society. Amy L. McGuire, J.D., Ph.D., is the Leon Jaworski Professor of Biomedical Ethics and Director of the Center for Medical Ethics and Health Policy at the Baylor College of Medicine. She served on the National Advisory Council for Human Genome Research 2011-15 and is immediate past-President of the Association of Bioethics Program Directors. Michelle A. Penny, Ph.D., is Head of the Translational Genome Sciences Group at Biogen. She is Co-Chair of the National Academy Roundtable on Genomics and Precision Health and the Industry Pharmacogenomics Working Group. Sharon F. Terry, M.A., is President and Chief Executive Officer of Genetic Alliance and co-founder of the Genetic Alliance Registry and Biobank. She has served in a leadership role on organizations including the Precision Medicine Initiative Cohort Advisory Panel; Cures Acceleration Network Review Board and Advisory Council, National Center for Accelerating Translation Science, NIH; National Academy Roundtable on Genomics and Precision Health; Global Alliance for Genomics and Health; and International Rare Disease Research Consortium Executive Committee. Organizations are listed here for author identification only
| | - Sharon F Terry
- Susan M. Wolf, J.D., is McKnight Presidential Professor of Law, Medicine & Public Policy; Faegre Baker Daniels Professor of Law; and Professor of Medicine at the University of Minnesota. She is also Chair of the University's Consortium on Law and Values in Health, Environment & the Life Sciences. She is a Principal Investigator on an NIH-supported project on "LawSeq: Building a Sound Legal Foundation for Translating Genomics into Clinical Application" (NHGRI/NCI # R01HG008605; Wolf, Clayton, Lawrenz, PIs). Pilar N. Ossorio, Ph.D., J.D., is Professor of Law and Bioethics at the University of Wisconsin-Madison, where she is on the faculties of the Law School and the Department of Medical History and Bioethics at the Medical School. She is Ethics Scholar-in-Residence at the Morgridge Institute for Research, Co-Director of UW's Law and Neuroscience Program, a faculty member in the UW Masters in Biotechnology Studies program, and Program Faculty in the Graduate Program in Population Health. Susan A. Berry, M.D., is Division Director for Genetics and Metabolism in the Department of Pediatrics at the University of Minnesota. She is a Professor in the Departments of Pediatrics, Ophthalmology and Genetics, Cell Biology and Development. She is a member of the Minnesota Department of Health Newborn Screening Advisory Committee, a Fellow of the American Academy of Pediatrics, and a Fellow of the American College of Medical Genetics. Henry T. Greely, J.D., is the Deane F. and Kate Edelman Johnson Professor of Law and Professor, by courtesy, of Genetics at Stanford University. He chairs the California Advisory Committee on Human Stem Cell Research and the steering committee of the Stanford University Center for Biomedical Ethics, and directs the Stanford Center for Law and the Biosciences and the Stanford Program in Neuroscience and Society. Amy L. McGuire, J.D., Ph.D., is the Leon Jaworski Professor of Biomedical Ethics and Director of the Center for Medical Ethics and Health Policy at the Baylor College of Medicine. She served on the National Advisory Council for Human Genome Research 2011-15 and is immediate past-President of the Association of Bioethics Program Directors. Michelle A. Penny, Ph.D., is Head of the Translational Genome Sciences Group at Biogen. She is Co-Chair of the National Academy Roundtable on Genomics and Precision Health and the Industry Pharmacogenomics Working Group. Sharon F. Terry, M.A., is President and Chief Executive Officer of Genetic Alliance and co-founder of the Genetic Alliance Registry and Biobank. She has served in a leadership role on organizations including the Precision Medicine Initiative Cohort Advisory Panel; Cures Acceleration Network Review Board and Advisory Council, National Center for Accelerating Translation Science, NIH; National Academy Roundtable on Genomics and Precision Health; Global Alliance for Genomics and Health; and International Rare Disease Research Consortium Executive Committee. Organizations are listed here for author identification only
| |
Collapse
|
39
|
Abstract
The individual right of access to one's own data is a crucial privacy protection long recognized in U.S. federal privacy laws. Mobile health devices and research software used in citizen science often fall outside the HIPAA Privacy Rule, leaving participants without HIPAA's right of access to one's own data. Absent state laws requiring access, the law of contract, as reflected in end-user agreements and terms of service, governs individuals' ability to find out how much data is being stored and how it might be shared with third parties. Efforts to address this problem by establishing norms of individual access to data from mobile health research unfortunately can run afoul of the FDA's investigational device exemption requirements.
Collapse
Affiliation(s)
- Barbara J Evans
- Barbara J. Evans, Ph.D., J.D., LL.M., is the Mary Ann and Lawrence E. Faust Professor of Law, a Professor of Electrical and Computer Engineering, and the Director of the Center for Biotechnology & Law at the University of Houston
| |
Collapse
|
40
|
Abstract
Health care is transitioning from genetics to genomics, in which single-gene testing for diagnosis is being replaced by multi-gene panels, genome-wide sequencing, and other multi-genic tests for disease diagnosis, prediction, prognosis, and treatment. This health care transition is spurring a new set of increased or novel liability risks for health care providers and test laboratories. This article describes this transition in both medical care and liability, and addresses 11 areas of potential increased or novel liability risk, offering recommendations to both health care and legal actors to address and manage those liability risks.
Collapse
Affiliation(s)
- Gary Marchant
- Gary Marchant, B.SC., Ph.D., J.D., M.P.P., is Regents' Professor, Lincoln Professor of Emerging Technologies, Law & Ethics, and Faculty Director of the Center for Law, Science & Innovation at ASU. He researches, teaches and speaks about governance of a variety of emerging technologies including genomics, biotechnology, neuroscience, nanotechnology and artificial intelligence. Prior to starting at ASU in 1999, he was a partner in the Washington, DC office of Kirkland & Ellis. Mark Barnes, J.D., LL.M., is a partner in the life sciences practice at Ropes & Gray LLP; teaches health care law and the law of biomedical research at Yale Law School; and is founder and co-director of the Multi-Regional Clinical Trials Center (MRCT Center) of Harvard University and Brigham and Women's Hospital. James P. Evans, M.D., Ph.D., is a Medical Geneticist and Internist who is currently retired, but pursued a long-standing interest in genomics and its broad social implications. He is Professor Emeritus, University of North Carolina at Chapel Hill, Department of Genetics. Bonnie LeRoy, M.S., L.G.C., is a licensed genetic counselor with over 20 years of clinical experience. She developed and now directs the Graduate Program in Genetic Counseling at the University of Minnesota. She is a past president of the National Society of Genetic Counselors, the American Board of Genetic Counseling, and the Association of Genetic Counseling Program Directors. Susan M. Wolf, J.D., is McKnight Presidential Professor of Law, Medicine & Public Policy; Faegre Baker Daniels Professor of Law; Professor of Medicine; and Chair of the Consortium on Law and Values in Health, Environment & the Life Sciences at the University of Minnesota. She is a Principal Investigator on the LawSeq project funded by NIH. Institutions are listed for author identification only
| | - Mark Barnes
- Gary Marchant, B.SC., Ph.D., J.D., M.P.P., is Regents' Professor, Lincoln Professor of Emerging Technologies, Law & Ethics, and Faculty Director of the Center for Law, Science & Innovation at ASU. He researches, teaches and speaks about governance of a variety of emerging technologies including genomics, biotechnology, neuroscience, nanotechnology and artificial intelligence. Prior to starting at ASU in 1999, he was a partner in the Washington, DC office of Kirkland & Ellis. Mark Barnes, J.D., LL.M., is a partner in the life sciences practice at Ropes & Gray LLP; teaches health care law and the law of biomedical research at Yale Law School; and is founder and co-director of the Multi-Regional Clinical Trials Center (MRCT Center) of Harvard University and Brigham and Women's Hospital. James P. Evans, M.D., Ph.D., is a Medical Geneticist and Internist who is currently retired, but pursued a long-standing interest in genomics and its broad social implications. He is Professor Emeritus, University of North Carolina at Chapel Hill, Department of Genetics. Bonnie LeRoy, M.S., L.G.C., is a licensed genetic counselor with over 20 years of clinical experience. She developed and now directs the Graduate Program in Genetic Counseling at the University of Minnesota. She is a past president of the National Society of Genetic Counselors, the American Board of Genetic Counseling, and the Association of Genetic Counseling Program Directors. Susan M. Wolf, J.D., is McKnight Presidential Professor of Law, Medicine & Public Policy; Faegre Baker Daniels Professor of Law; Professor of Medicine; and Chair of the Consortium on Law and Values in Health, Environment & the Life Sciences at the University of Minnesota. She is a Principal Investigator on the LawSeq project funded by NIH. Institutions are listed for author identification only
| | - James P Evans
- Gary Marchant, B.SC., Ph.D., J.D., M.P.P., is Regents' Professor, Lincoln Professor of Emerging Technologies, Law & Ethics, and Faculty Director of the Center for Law, Science & Innovation at ASU. He researches, teaches and speaks about governance of a variety of emerging technologies including genomics, biotechnology, neuroscience, nanotechnology and artificial intelligence. Prior to starting at ASU in 1999, he was a partner in the Washington, DC office of Kirkland & Ellis. Mark Barnes, J.D., LL.M., is a partner in the life sciences practice at Ropes & Gray LLP; teaches health care law and the law of biomedical research at Yale Law School; and is founder and co-director of the Multi-Regional Clinical Trials Center (MRCT Center) of Harvard University and Brigham and Women's Hospital. James P. Evans, M.D., Ph.D., is a Medical Geneticist and Internist who is currently retired, but pursued a long-standing interest in genomics and its broad social implications. He is Professor Emeritus, University of North Carolina at Chapel Hill, Department of Genetics. Bonnie LeRoy, M.S., L.G.C., is a licensed genetic counselor with over 20 years of clinical experience. She developed and now directs the Graduate Program in Genetic Counseling at the University of Minnesota. She is a past president of the National Society of Genetic Counselors, the American Board of Genetic Counseling, and the Association of Genetic Counseling Program Directors. Susan M. Wolf, J.D., is McKnight Presidential Professor of Law, Medicine & Public Policy; Faegre Baker Daniels Professor of Law; Professor of Medicine; and Chair of the Consortium on Law and Values in Health, Environment & the Life Sciences at the University of Minnesota. She is a Principal Investigator on the LawSeq project funded by NIH. Institutions are listed for author identification only
| | - Bonnie LeRoy
- Gary Marchant, B.SC., Ph.D., J.D., M.P.P., is Regents' Professor, Lincoln Professor of Emerging Technologies, Law & Ethics, and Faculty Director of the Center for Law, Science & Innovation at ASU. He researches, teaches and speaks about governance of a variety of emerging technologies including genomics, biotechnology, neuroscience, nanotechnology and artificial intelligence. Prior to starting at ASU in 1999, he was a partner in the Washington, DC office of Kirkland & Ellis. Mark Barnes, J.D., LL.M., is a partner in the life sciences practice at Ropes & Gray LLP; teaches health care law and the law of biomedical research at Yale Law School; and is founder and co-director of the Multi-Regional Clinical Trials Center (MRCT Center) of Harvard University and Brigham and Women's Hospital. James P. Evans, M.D., Ph.D., is a Medical Geneticist and Internist who is currently retired, but pursued a long-standing interest in genomics and its broad social implications. He is Professor Emeritus, University of North Carolina at Chapel Hill, Department of Genetics. Bonnie LeRoy, M.S., L.G.C., is a licensed genetic counselor with over 20 years of clinical experience. She developed and now directs the Graduate Program in Genetic Counseling at the University of Minnesota. She is a past president of the National Society of Genetic Counselors, the American Board of Genetic Counseling, and the Association of Genetic Counseling Program Directors. Susan M. Wolf, J.D., is McKnight Presidential Professor of Law, Medicine & Public Policy; Faegre Baker Daniels Professor of Law; Professor of Medicine; and Chair of the Consortium on Law and Values in Health, Environment & the Life Sciences at the University of Minnesota. She is a Principal Investigator on the LawSeq project funded by NIH. Institutions are listed for author identification only
| | - Susan M Wolf
- Gary Marchant, B.SC., Ph.D., J.D., M.P.P., is Regents' Professor, Lincoln Professor of Emerging Technologies, Law & Ethics, and Faculty Director of the Center for Law, Science & Innovation at ASU. He researches, teaches and speaks about governance of a variety of emerging technologies including genomics, biotechnology, neuroscience, nanotechnology and artificial intelligence. Prior to starting at ASU in 1999, he was a partner in the Washington, DC office of Kirkland & Ellis. Mark Barnes, J.D., LL.M., is a partner in the life sciences practice at Ropes & Gray LLP; teaches health care law and the law of biomedical research at Yale Law School; and is founder and co-director of the Multi-Regional Clinical Trials Center (MRCT Center) of Harvard University and Brigham and Women's Hospital. James P. Evans, M.D., Ph.D., is a Medical Geneticist and Internist who is currently retired, but pursued a long-standing interest in genomics and its broad social implications. He is Professor Emeritus, University of North Carolina at Chapel Hill, Department of Genetics. Bonnie LeRoy, M.S., L.G.C., is a licensed genetic counselor with over 20 years of clinical experience. She developed and now directs the Graduate Program in Genetic Counseling at the University of Minnesota. She is a past president of the National Society of Genetic Counselors, the American Board of Genetic Counseling, and the Association of Genetic Counseling Program Directors. Susan M. Wolf, J.D., is McKnight Presidential Professor of Law, Medicine & Public Policy; Faegre Baker Daniels Professor of Law; Professor of Medicine; and Chair of the Consortium on Law and Values in Health, Environment & the Life Sciences at the University of Minnesota. She is a Principal Investigator on the LawSeq project funded by NIH. Institutions are listed for author identification only
| |
Collapse
|
41
|
Abstract
Regulatory policy for genomic testing may be subject to biases that favor reliance on existing regulatory frameworks even when those frameworks carry unintended legal consequences or may be poorly tailored to the challenges genomic testing presents. This article explores three examples drawn from genetic privacy regulation, oversight of clinical uses of genomic information, and regulation of genomic software. Overreliance on expedient regulatory approaches has a potential to undercut complete and durable solutions.
Collapse
Affiliation(s)
- Barbara J Evans
- Barbara J. Evans, J.D., Ph.D., LL.M., is Mary Ann and Lawrence E. Faust Professor of Law and Director, Center for Biotechnology & Law, University of Houston Law Center. She is also Professor of Electrical and Computer Engineering, University of Houston Cullen College of Engineering
| |
Collapse
|
42
|
Wolf LE, Hammack CM, Brown EF, Brelsford KM, Beskow LM. Protecting Participants in Genomic Research: Understanding the "Web of Protections" Afforded by Federal and State Law. J Law Med Ethics 2020; 48:126-141. [PMID: 32342774 PMCID: PMC7307001 DOI: 10.1177/1073110520917000] [Citation(s) in RCA: 3] [Impact Index Per Article: 0.8] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [MESH Headings] [Grants] [Track Full Text] [Download PDF] [Figures] [Subscribe] [Scholar Register] [Indexed: 06/11/2023]
Abstract
Researchers now commonly collect biospecimens for genomic analysis together with information from mobile devices and electronic health records. This rich combination of data creates new opportunities for understanding and addressing important health issues, but also intensifies challenges to privacy and confidentiality. Here, we elucidate the "web" of legal protections for precision medicine research by integrating findings from qualitative interviews with structured legal research and applying them to realistic research scenarios involving various privacy threats.
Collapse
Affiliation(s)
- Leslie E Wolf
- Leslie E. Wolf, J.D., M.P.H., is a Distinguished University Professor and Professor of Law at Georgia State University College of Law in Atlanta, Georgia and Director of the GSU Center for Law, Health & Society. Catherine M. Hammack, J.D., M.A., is an Associate in Health Policy and a member of the core faculty of the Center for Biomedical Ethics and Society at Vanderbilt University Medical Center in Nashville, Tennessee. Erin Fuse Brown, J.D., M.P.H., is an Associate Professor of Law at the Georgia State University College of Law in Atlanta, Georgia. Kathleen M. Brelsford, M.A., Ph.D., M.P.H., is a Research Assistant Professor in the Department of Health Policy and a member of the core faculty of the Center for Biomedical Ethics and Society at Vanderbilt University Medical Center in Nashville, Tennessee. Laura M. Beskow, M.P.H., Ph.D. is a Professor of Health Policy and the Anne Geddes Stahlman Chair in Medical Ethics in the Center for Biomedical Ethics & Society at the Vanderbilt University Medical Center in Nashville, Tennessee
| | - Catherine M Hammack
- Leslie E. Wolf, J.D., M.P.H., is a Distinguished University Professor and Professor of Law at Georgia State University College of Law in Atlanta, Georgia and Director of the GSU Center for Law, Health & Society. Catherine M. Hammack, J.D., M.A., is an Associate in Health Policy and a member of the core faculty of the Center for Biomedical Ethics and Society at Vanderbilt University Medical Center in Nashville, Tennessee. Erin Fuse Brown, J.D., M.P.H., is an Associate Professor of Law at the Georgia State University College of Law in Atlanta, Georgia. Kathleen M. Brelsford, M.A., Ph.D., M.P.H., is a Research Assistant Professor in the Department of Health Policy and a member of the core faculty of the Center for Biomedical Ethics and Society at Vanderbilt University Medical Center in Nashville, Tennessee. Laura M. Beskow, M.P.H., Ph.D. is a Professor of Health Policy and the Anne Geddes Stahlman Chair in Medical Ethics in the Center for Biomedical Ethics & Society at the Vanderbilt University Medical Center in Nashville, Tennessee
| | - Erin Fuse Brown
- Leslie E. Wolf, J.D., M.P.H., is a Distinguished University Professor and Professor of Law at Georgia State University College of Law in Atlanta, Georgia and Director of the GSU Center for Law, Health & Society. Catherine M. Hammack, J.D., M.A., is an Associate in Health Policy and a member of the core faculty of the Center for Biomedical Ethics and Society at Vanderbilt University Medical Center in Nashville, Tennessee. Erin Fuse Brown, J.D., M.P.H., is an Associate Professor of Law at the Georgia State University College of Law in Atlanta, Georgia. Kathleen M. Brelsford, M.A., Ph.D., M.P.H., is a Research Assistant Professor in the Department of Health Policy and a member of the core faculty of the Center for Biomedical Ethics and Society at Vanderbilt University Medical Center in Nashville, Tennessee. Laura M. Beskow, M.P.H., Ph.D. is a Professor of Health Policy and the Anne Geddes Stahlman Chair in Medical Ethics in the Center for Biomedical Ethics & Society at the Vanderbilt University Medical Center in Nashville, Tennessee
| | - Kathleen M Brelsford
- Leslie E. Wolf, J.D., M.P.H., is a Distinguished University Professor and Professor of Law at Georgia State University College of Law in Atlanta, Georgia and Director of the GSU Center for Law, Health & Society. Catherine M. Hammack, J.D., M.A., is an Associate in Health Policy and a member of the core faculty of the Center for Biomedical Ethics and Society at Vanderbilt University Medical Center in Nashville, Tennessee. Erin Fuse Brown, J.D., M.P.H., is an Associate Professor of Law at the Georgia State University College of Law in Atlanta, Georgia. Kathleen M. Brelsford, M.A., Ph.D., M.P.H., is a Research Assistant Professor in the Department of Health Policy and a member of the core faculty of the Center for Biomedical Ethics and Society at Vanderbilt University Medical Center in Nashville, Tennessee. Laura M. Beskow, M.P.H., Ph.D. is a Professor of Health Policy and the Anne Geddes Stahlman Chair in Medical Ethics in the Center for Biomedical Ethics & Society at the Vanderbilt University Medical Center in Nashville, Tennessee
| | - Laura M Beskow
- Leslie E. Wolf, J.D., M.P.H., is a Distinguished University Professor and Professor of Law at Georgia State University College of Law in Atlanta, Georgia and Director of the GSU Center for Law, Health & Society. Catherine M. Hammack, J.D., M.A., is an Associate in Health Policy and a member of the core faculty of the Center for Biomedical Ethics and Society at Vanderbilt University Medical Center in Nashville, Tennessee. Erin Fuse Brown, J.D., M.P.H., is an Associate Professor of Law at the Georgia State University College of Law in Atlanta, Georgia. Kathleen M. Brelsford, M.A., Ph.D., M.P.H., is a Research Assistant Professor in the Department of Health Policy and a member of the core faculty of the Center for Biomedical Ethics and Society at Vanderbilt University Medical Center in Nashville, Tennessee. Laura M. Beskow, M.P.H., Ph.D. is a Professor of Health Policy and the Anne Geddes Stahlman Chair in Medical Ethics in the Center for Biomedical Ethics & Society at the Vanderbilt University Medical Center in Nashville, Tennessee
| |
Collapse
|
43
|
Abstract
Private industry is increasingly soliciting hospitals to sell or share health data and biospecimens, but current laws offer more disclosure and consent protections for research participants than for patients receiving clinical care. Hospitals can offer more protections than required by law, however, and should move toward greater transparency with their patients about the research use of clinical health data and biospecimens to respect patients and avoid distrust.
Collapse
Affiliation(s)
- Kayte Spector-Bagdady
- Center for Bioethics and Social Sciences in Medicine, University of Michigan Medical School, Ann Arbor, MI, USA.
| |
Collapse
|
44
|
Abstract
This article examines the privacy and security issues associated with mobile application-mediated health research, concentrating in particular on research conducted or participated in by independent scientists, citizen scientists, and patient researchers. Building on other articles in this issue that examine state research laws and state data protection laws as possible sources of privacy and security protections for mobile research participants, this article focuses on the lack of application of federal standards to mobile application-mediated health research. As discussed in more detail below, the voluminous and diverse data collected by some independent scientists who use mobile applications to conduct health research may be at risk for unregulated privacy and security breaches, leading to dignitary, psychological, and economic harms for which participants have few legally enforceable rights or remedies under current federal law. Federal lawmakers may wish to consider enacting new legislation that would require otherwise unregulated health data holders to implement reasonable data privacy, security, and breach notification measures.
Collapse
Affiliation(s)
- Stacey A Tovino
- Stacey A. Tovino, J.D., Ph.D., is the Judge Jack and Lulu Lehman Professor of Law at the William S. Boyd School of Law, University of Nevada-Las Vegas
| |
Collapse
|
45
|
Affiliation(s)
- Charles G Kels
- Office of the Legal Adviser, US Department of State, Washington, DC
| |
Collapse
|
46
|
|
47
|
Omar RA. Hacking HIPAA: "Best Practices" for Avoiding Oversight in the Sale of Your Identifiable Medical Information. J Law Health 2020; 34:30-105. [PMID: 33449456] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [What about the content of this article? (0)] [Abstract] [MESH Headings] [Subscribe] [Scholar Register] [Indexed: 06/12/2023]
Abstract
In light of the confusion invited by applying the label "de-identified" to information that can be used to identify patients, it is paramount that regulators, compliance professionals, patient advocates and the general public understand the significant differences between the standards applied by HIPAA and those applied by permissive "de-identification guidelines." This Article discusses those differences in detail. The discussion proceeds in four Parts. Part II (HIPAA's Heartbeat: Why HIPAA Protects Identifiable Patient Information) examines Congress's motivations for defining individually identifiable health information broadly, which included to stop the harms patients endured prior to 1996 arising from the commercial sale of their medical records. Part III (Taking the "I" Out of Identifiable Information: HIPAA's Requirements for De-Identified Health Information) discusses HIPAA's requirements for de-identification that were never intended to create a loophole for identifiable patient information to escape HIPAA's protections. Part IV (Anatomy of a Hack: Methods for Labeling Identifiable information "De-Identified") examines the goals, methods, and results of permissive "de-identification guidelines" and compares them to HIPAA's requirements. Part V (Protecting Un-Protected Health Information) evaluates the suitability of permissive "de-identification guidelines," concluding that the vulnerabilities inherent in their current articulation render them ineffective as a data protection standard. It also discusses ways in which compliance professionals, regulators, and advocates can foster accountability and transparency in the utilization of health information that can be used to identify patients.
Collapse
|
48
|
Abstract
In the early 1970s, Congress considered enacting comprehensive privacy legislation, but it was unable to do so. In 1974, it passed the Privacy Act, applicable only to information in the possession of the federal government. In the intervening years, other information privacy laws enacted by Congress, such as the Health Insurance Portability and Accountability Act, have been weak and sector specific. With the explosion of information technology and the growing concerns about an absence of effective federal privacy laws, the legal focus has shifted to the states. Signaling a new direction in state data privacy and consumer protection law, the California Consumer Privacy Act establishes important rights and protections for California residents with regard to the collection, use, disclosure, and sale of their personal information. The CCPA is certain to spur similar legislation and to affect national and international businesses that collect data from California's residents. Understanding the new law is important for all data-driven industries, including health care.
Collapse
|
49
|
Grigsby A. 2018-2019 Southern Illinois University National Health Law Moot Court Competition. J Leg Med 2019; 39:279-298. [PMID: 31626579 DOI: 10.1080/01947648.2019.1653693] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [MESH Headings] [Track Full Text] [Subscribe] [Scholar Register] [Indexed: 06/10/2023]
Affiliation(s)
- Alyce Grigsby
- Southern Illinois University School of Law , Carbondale , IL
| |
Collapse
|
50
|
Milam S, Moorehead M. Becoming a Hybrid Entity: A Policy Option for Public Health. J Law Med Ethics 2019; 47:68-71. [PMID: 31298136 DOI: 10.1177/1073110519857321] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [MESH Headings] [Track Full Text] [Subscribe] [Scholar Register] [Indexed: 06/10/2023]
Abstract
When Congress passed HIPAA, it did not intend to constrain public health's data sharing in the same way as clinical or payers. In fact, HIPAA recognizes data sharing with public health as a matter of national priority and shields this function from its reach. However, a health department may offer services that bring it within HIPAA's purview, such as running a Children's Health Insurance Program or a laboratory that bills electronically. When this is the case, HIPAA requires all information and departments be subject to HIPAA unless the public health authority chooses to hybridize. Health departments might re-assess their coverage and elect to become a hybrid entity, thereby restricting HIPAA to only where required and removing barriers to information sharing with communities.
Collapse
Affiliation(s)
- Sallie Milam
- Sallie Milam, J.D., has practiced law for over 25 years primarily in the health, HIPAA, and general privacy areas. Since 2003, she has served as West Virginia's Chief Privacy Officer and leads the Executive Branch's Privacy Program. In her spare time, Sallie develops data sharing educational and resource materials. Sallie received her Juris Doctorate from the University of Richmond School of law in Richmond, Virginia and her Bachelor of Arts from Brigham Young University in Provo, Utah. Melissa Moorehead has over 15 years of experience in the non-profit health care and public health world as a project manager, policy analyst, evaluator, subject matter expert in health care reform, and advocate. They are currently involved in promoting community capacity to collaborate and share data across sectors in the Data Across Sectors for Health national program office of the Robert Wood Johnson Foundation, co-located at the Illinois and Michigan Public Health Institutes. Melissa received a Bachelor of Arts from the University of Michigan in Ann Arbor, Michigan
| | - Melissa Moorehead
- Sallie Milam, J.D., has practiced law for over 25 years primarily in the health, HIPAA, and general privacy areas. Since 2003, she has served as West Virginia's Chief Privacy Officer and leads the Executive Branch's Privacy Program. In her spare time, Sallie develops data sharing educational and resource materials. Sallie received her Juris Doctorate from the University of Richmond School of law in Richmond, Virginia and her Bachelor of Arts from Brigham Young University in Provo, Utah. Melissa Moorehead has over 15 years of experience in the non-profit health care and public health world as a project manager, policy analyst, evaluator, subject matter expert in health care reform, and advocate. They are currently involved in promoting community capacity to collaborate and share data across sectors in the Data Across Sectors for Health national program office of the Robert Wood Johnson Foundation, co-located at the Illinois and Michigan Public Health Institutes. Melissa received a Bachelor of Arts from the University of Michigan in Ann Arbor, Michigan
| |
Collapse
|