Balancing access to health data and privacy: A review of the issues and approaches for the future

Julia Lane, Claudia Schur

Research output: Contribution to journalReview article

Abstract

Background. There has been a dramatic increase in the types of microdata, and this holds great promise for health services research. However, legislative efforts to protect individual privacy have reduced the flow of health care data for research purposes and increased costs and delays, affecting the quality of analysis. Aim. This paper provides an overview of the challenges raised by concerns about data confidentiality in the context of health services research, the current methodologies used to ensure data security, and a description of one successful approach to balancing access and privacy. Materials and Methods. We analyze the issues of access and privacy using a conceptual framework based on balancing the risk of reidentification with the utility associated with data analysis. The guiding principle should be to generate released data that are as close to the maximum acceptable risk as possible. HIPAA and other privacy measures can perhaps be seen as having had the effect of lowering the "maximum acceptable risk" level and rendering some data unreleasable. Results. We discuss the levels of risk and utility associated with different types of data used in health services research and the ability to link data from multiple sources as well as current models of data sharing and their limitations. Discussion. One particularly compelling approach is to establish a remote access "data enclave," where statistical protections are applied to the data, technical protections ensure compliance with data-sharing requirements, and operational controls limit researchers' access to the data they need for their specific research questions. Conclusion. We recommend reducing delays in access to data for research, increasing the use of remote access data enclaves, and disseminating knowledge and promulgating standards for best practices related to data protection.

Original languageEnglish (US)
Pages (from-to)1456-1467
Number of pages12
JournalHealth Services Research
Volume45
Issue number5 PART 2
DOIs
StatePublished - Oct 2010

Fingerprint

Privacy
Health Services Research
Computer Security
Information Dissemination
Health
Health Insurance Portability and Accountability Act
Aptitude
Information Storage and Retrieval
Confidentiality
Practice Guidelines
Research
Research Design
Research Personnel
Costs and Cost Analysis

Keywords

  • Administrative data uses
  • confidentiality/privacy issues
  • dissemination issues
  • health policy/politics/law/regulation
  • research ethics/institutional review boards/publication

ASJC Scopus subject areas

  • Health Policy

Cite this

Balancing access to health data and privacy : A review of the issues and approaches for the future. / Lane, Julia; Schur, Claudia.

In: Health Services Research, Vol. 45, No. 5 PART 2, 10.2010, p. 1456-1467.

Research output: Contribution to journalReview article

@article{7c37613c12634769ab594eef131a5de9,
title = "Balancing access to health data and privacy: A review of the issues and approaches for the future",
abstract = "Background. There has been a dramatic increase in the types of microdata, and this holds great promise for health services research. However, legislative efforts to protect individual privacy have reduced the flow of health care data for research purposes and increased costs and delays, affecting the quality of analysis. Aim. This paper provides an overview of the challenges raised by concerns about data confidentiality in the context of health services research, the current methodologies used to ensure data security, and a description of one successful approach to balancing access and privacy. Materials and Methods. We analyze the issues of access and privacy using a conceptual framework based on balancing the risk of reidentification with the utility associated with data analysis. The guiding principle should be to generate released data that are as close to the maximum acceptable risk as possible. HIPAA and other privacy measures can perhaps be seen as having had the effect of lowering the {"}maximum acceptable risk{"} level and rendering some data unreleasable. Results. We discuss the levels of risk and utility associated with different types of data used in health services research and the ability to link data from multiple sources as well as current models of data sharing and their limitations. Discussion. One particularly compelling approach is to establish a remote access {"}data enclave,{"} where statistical protections are applied to the data, technical protections ensure compliance with data-sharing requirements, and operational controls limit researchers' access to the data they need for their specific research questions. Conclusion. We recommend reducing delays in access to data for research, increasing the use of remote access data enclaves, and disseminating knowledge and promulgating standards for best practices related to data protection.",
keywords = "Administrative data uses, confidentiality/privacy issues, dissemination issues, health policy/politics/law/regulation, research ethics/institutional review boards/publication",
author = "Julia Lane and Claudia Schur",
year = "2010",
month = "10",
doi = "10.1111/j.1475-6773.2010.01141.x",
language = "English (US)",
volume = "45",
pages = "1456--1467",
journal = "Health Services Research",
issn = "0017-9124",
publisher = "Wiley-Blackwell",
number = "5 PART 2",

}

TY - JOUR

T1 - Balancing access to health data and privacy

T2 - A review of the issues and approaches for the future

AU - Lane, Julia

AU - Schur, Claudia

PY - 2010/10

Y1 - 2010/10

N2 - Background. There has been a dramatic increase in the types of microdata, and this holds great promise for health services research. However, legislative efforts to protect individual privacy have reduced the flow of health care data for research purposes and increased costs and delays, affecting the quality of analysis. Aim. This paper provides an overview of the challenges raised by concerns about data confidentiality in the context of health services research, the current methodologies used to ensure data security, and a description of one successful approach to balancing access and privacy. Materials and Methods. We analyze the issues of access and privacy using a conceptual framework based on balancing the risk of reidentification with the utility associated with data analysis. The guiding principle should be to generate released data that are as close to the maximum acceptable risk as possible. HIPAA and other privacy measures can perhaps be seen as having had the effect of lowering the "maximum acceptable risk" level and rendering some data unreleasable. Results. We discuss the levels of risk and utility associated with different types of data used in health services research and the ability to link data from multiple sources as well as current models of data sharing and their limitations. Discussion. One particularly compelling approach is to establish a remote access "data enclave," where statistical protections are applied to the data, technical protections ensure compliance with data-sharing requirements, and operational controls limit researchers' access to the data they need for their specific research questions. Conclusion. We recommend reducing delays in access to data for research, increasing the use of remote access data enclaves, and disseminating knowledge and promulgating standards for best practices related to data protection.

AB - Background. There has been a dramatic increase in the types of microdata, and this holds great promise for health services research. However, legislative efforts to protect individual privacy have reduced the flow of health care data for research purposes and increased costs and delays, affecting the quality of analysis. Aim. This paper provides an overview of the challenges raised by concerns about data confidentiality in the context of health services research, the current methodologies used to ensure data security, and a description of one successful approach to balancing access and privacy. Materials and Methods. We analyze the issues of access and privacy using a conceptual framework based on balancing the risk of reidentification with the utility associated with data analysis. The guiding principle should be to generate released data that are as close to the maximum acceptable risk as possible. HIPAA and other privacy measures can perhaps be seen as having had the effect of lowering the "maximum acceptable risk" level and rendering some data unreleasable. Results. We discuss the levels of risk and utility associated with different types of data used in health services research and the ability to link data from multiple sources as well as current models of data sharing and their limitations. Discussion. One particularly compelling approach is to establish a remote access "data enclave," where statistical protections are applied to the data, technical protections ensure compliance with data-sharing requirements, and operational controls limit researchers' access to the data they need for their specific research questions. Conclusion. We recommend reducing delays in access to data for research, increasing the use of remote access data enclaves, and disseminating knowledge and promulgating standards for best practices related to data protection.

KW - Administrative data uses

KW - confidentiality/privacy issues

KW - dissemination issues

KW - health policy/politics/law/regulation

KW - research ethics/institutional review boards/publication

UR - http://www.scopus.com/inward/record.url?scp=77956576427&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=77956576427&partnerID=8YFLogxK

U2 - 10.1111/j.1475-6773.2010.01141.x

DO - 10.1111/j.1475-6773.2010.01141.x

M3 - Review article

C2 - 21054366

AN - SCOPUS:77956576427

VL - 45

SP - 1456

EP - 1467

JO - Health Services Research

JF - Health Services Research

SN - 0017-9124

IS - 5 PART 2

ER -