Your Health Data, Our Principles: How To Feel Confident Sharing Your Health Data For Research

LunDNATM was established by the public benefit corporation, LunaPBCTM with one powerful purpose – to put people at the center of health research. By doing so, we ensure the fairness of value distribution amongst all research participants, the advancement of science and health discovery, and the acceleration of treatments and cures to diseases. 

The first ever people-powered health data platform owned by its community of health data contributors now exists in today’s data-driven, high-tech world, but not without strict values and principles that power its mission. 

Because we believe people are at the core of driving health discoveries, we have taken considerable measures to define the relationship between individuals contributing data, companies obtaining data, and researchers utilizing data.

The following four concepts are ones we encourage you to understand before sharing your personal data to research. 

1. Transparency

Where is your data, who is using it, and how is it being used at all times? 

Transparency is open, honest communication, which lends itself to accountability and responsibility to the individual from the company or researcher. It promotes a culture of authenticity, cooperation, and trust which is essential when sharing your most personal information. 

Transparency can take many forms, from a company displaying concise, easy-to-understand policies, to regular company updates or newsletters. Transparency can also be as simple as resources on their site for an individual to find out additional information at their convenience.

Be sure to stay clear from companies who “sell” your data to third parties. 

“Third parties” is a catch-all phrase for any other company not legally affiliated with the company with whom you shared your data. Once your data is sold, you lose control of your data.

2. Control

Who really owns your data once it’s been shared? Can you access or delete your data from any platform at any given time?

Contrary to popular belief, control of your personal data is not a luxury, but rather should be an essential part of your regular data transactions. When sharing your health data to research, control can be perceived as a string tied from one end (company) to the other end (you). The string can never be split or broken, as only one copy is on the platform. Your data is never duplicated nor does it ever leave the platform. Only you can quickly and easily access your data, delete some or all of your data, and provide consent as to when it is used for research. 

Control over your data is the ease of accessibility to your data on any given platform, provided with clearly-written policies surrounding your decision to upload or delete your data, including how long each process takes.

Be cautious of companies that require you to submit written requests to delete your data, download processes that are not “push-button” on the company’s website, policies that contradict best practices, or any misleading information regarding the control of your data. 

3. Privacy and Security

Is your identity protected from data breaches and is its security the utmost priority? 

There’s no escaping the abundant news of data breaches, cyberattacks, and government surveillance that bombard our screens every day. It’s no wonder why it’s difficult to identify what companies are prioritizing the security of your most personal information. 

In truth, most companies are conducting at least the minimum amount of safeguarding of your information, but very few make it a top priority. 

A long-standing regulation in the United States, the Health Insurance Portability and Accountability Act of 1996 (HIPAA) set national standards for protecting “individually identifiable health information by three types of covered entities”. 

For simplicity sake, let’s break it down. 

First, “individually identifiable information” is defined as pieces of information that could be used individually or in minimal combinations to re-identify you. This includes your name, your address, email address, birth date, personal phone numbers, fingerprints, and much more. To be “HIPAA compliant” a company must ensure this type of information is not accessible by anyone but the individual and authorized individuals, such as your doctor or caregiver. For instance, if you share a lab test result report for research, before it can be used for research, it must be stripped of your name, the date of the test, your address and other types of information that might be on the report that could identify you. 

Second, “covered entities” is specifically defined to cover healthcare providers and other similar groups. It does not typically apply to companies performing research with your health data. The European Union (EU) has recently enacted farther reaching regulations on data privacy and security under the EU General Data Protection Regulation (GDPR) and is seen as fundamentally changing the way data is handled. Other countries are exploring similar regulations, and global companies are, in many cases, struggling to catch up to the new gold standard.

Meanwhile, companies are also focused on securing their technology platforms, whether that is a simple website or a much more extensive platform. Related buzzwords you may be familiar with include encryption, firewall, hash, private keys, etc.

Since security practices and cyberattack techniques are constantly evolving, companies need to prioritize security, ensuring they remain up-to-date with best practices and well-protected against any digital threats.

This doesn’t fully guarantee that a breach won’t happen, but extra precaution will dramatically reduce the likelihood. Often, companies aren’t able to share their security practices in detail, as that provides valuable information for a hacker to use, but there are other ways to understand the importance of security from a particular company.

Prioritized privacy and security will take the form of clear privacy and terms of use policies, two-factor authentication and other account security options, HIPAA compliance, GDPR compliance, security testing certifications, safeguards to prevent re-linking individually identifiable information to other data, and education for team members focused on privacy and security.

Look out for companies who have poorly described privacy policies, lack proper methods of authentication and account verification, and have ambiguous security statements, like “bank-level security”.  

4. Shared Value

Who benefits from your data – you, the company, or the world?

Some companies today offer you certain services in return for your data, while most companies ask you to give or sell your data for research.  Once your data is exchanged with these types of companies, you are no longer aware of its use, the purpose of its use, or any value gained from its use. Additionally, any health discovery that derives from the use of your data is rarely communicated to you.

The goal of any company driving health discovery should be to serve the greater good, including treating you fairly and ethically for your personal health data. Valuing those who made it possible to discover vital treatments and cures to conditions and diseases – to put simply – is the right thing to do.

Be cautious of monetary returns with uncertain value, including crypto or reward points, or no share valued offered where you are disintermediated from the income made from your health data.

Today we live our lives bouncing to and from the digital world and physical world. Understanding the rules of each environment, especially when it applies to your most personal and valuable information, is crucial in living a secure lifestyle. Educating yourself on your rights and the regulations of your health data can help hold companies accountable for their actions and allow you to feel confident in sharing your health data for research. 

At LunaPBC, we live and breathe by the concepts described above. They are built into our very foundation and the technology infrastructure of LunaDNA. We hold ourselves and our partners to these standards. You should too.

© 2019 LunaDNA. LunaDNA and the moon logo are trademarks of LunaPBC, Inc. All other trademarks depicted herein are the property of their respective owners and there is no sponsorship, association, or affiliation between LunaPBC, Inc. and those trademark owners.