Health Data Privacy: Why Eroding Public Trust Harms Medical Research

By Scott Kahn, Ph.D, Chief Information Officer at LunaPBC

Using Data Privacy to Empower Health Research

The importance of data security and data privacy policies have recently come under scrutiny due to revelations around Google’s Project Nightingale. The initiative with Ascension, the nation’s largest nonprofit health system, granted Google access to medical records of more than 50 million individuals in 21 states and may hinder the trajectory of health discovery by eroding “consumer” trust. 

While historically it might have been a safe harbor to stay within the letter of the law, consumer sentiment around health data privacy, control, and opportunity has shifted dramatically in the last year. The biggest challenge affecting the sharing of individual data is the establishment of trust between the individual and the researcher. Mistrust has developed as a result of the unethical and/or unconsented use of data for research purposes – like the cases of HeLa cell line creation, and the Tuskegee and Havasupai studies – and are reinforced by more recent examples –  like the study to find a gay gene and the study of extreme inheritance using the UK BioBank.  Innovations in genomics and AI benefit the population and fuel the changing needs of discovery, however, when trust and transparency are compromised, health discovery can be harmed. 

Re-establishing trust amongst individuals contributing data for research must be addressed directly through various efforts, including:

1. the transparency of data handling and data usage,

2. a measure of reciprocity in the value achieved via data usage, and

3. the ability of the individual data contributor to exert control over the use of their data throughout the research process.

Ideally, these elements contributing to the re-establishment of trust are implemented through adequate technologies, contractual arrangements with research participants, and a regulatory oversight environment that enforces accountability on the part of the data manager. 

Switching the model of control from institutions to individuals offers a solution that can empower health research that is more representative of the population(s) in need of improved and more cost-effective healthcare.  

Benefits of Establishing Trust in Research

Researchers can establish trust via the secure, seamless contribution from participants that have otherwise been grossly under-represented in medical research. For example, a recent study from the National Cancer Institute Center to Reduce Cancer Health Disparities found only one-tenth of their biorepositories specimens are from non-white patients. Despite this lack of wide-spread ethnic representation, there are several studies that signal the benefits of research including understudied populations that include the revelation of new insights on disease and therapy response. Moreover, not all of the global population is of European descent, which suggests potential benefits of expanded diversity as the field of precision medicine evolves to address the growing needs in healthcare that can benefit all people.

Additionally, a health data platform that implements privacy policies, enables individual control and prioritizes trust inverts the research paradigm, transforming the individual data contributor from research subject into a research partner. This new person-centered paradigm holds the promise of a valued community engagement that fuels richness and depth of information that is longitudinal and provides researchers the information needed to unlock discoveries necessary to prevent the onset of disease and even intervene unavoidable disease earlier. 

Preventing Misuse of Data in Research

Fortunately, the technical requirements of transparency, reciprocity, control, and privacy can be supported by modern infrastructures that have moved into the mainstream of information technology. Cloud platforms provide a level of security that can be coupled to a set of privacy policies that fully support data privacy control by individuals. Furthermore, the coupling of an immutable corporate charter to focus on data uses that directly contribute to societal benefit via health and medical research ensures that data misuse is prevented contractually. 

Holding Researchers Accountable

Several processes are still required to ensure that the use of data is restricted to research aimed at health and medical advancements. The first is the evaluation of potential researchers and their discovery aims. The second is that all operations on data are themselves available for public review and are executed in an environment that can leverage security authorizations of data contributors and data researchers alike. The final process required involves the downstream research usage of data shared that should remain under the control of the data subject rather than downloaded to a research environment beyond the control of the data subject.  It is essential that these processes support the ability of data subjects to completely erase their data to be “forgotten.” 

The continual erosion of public trust in the storage and sharing of their medical data only serves to harm medical research. It is the responsibility of the institution to implement and adhere to strict data privacy policies that recognize an individual’s right to control their data. Health research will be enhanced through more representative participation (ie, social, economic, and ethnic diversity) that in turn should empower discoveries otherwise unachievable. By establishing a direct engagement with the individuals in a study as partners, the researcher can support the individuals’ desires to have a positive societal impact through the sharing of their data.  

About Scott Kahn, Ph.D.

Scott Kahn, Ph.D. is the Chief Information Officer at LunaPBC, Board of Directors at Rady Children’s Institute for Genomic Medicine, and former Chief Information Officer and Vice President Commercial, Enterprise Informatics at Illumina. He’s integrating data privacy and security provisions that comply with GDPR and HIPAA at LunaDNA, the world’s first people-powered health database that offers shares of ownership to health data contributors.

© 2019 LunaDNA. LunaDNA and the moon logo are trademarks of LunaPBC, Inc. All other trademarks depicted herein are the property of their respective owners and there is no sponsorship, association, or affiliation between LunaPBC, Inc. and those trademark owners.