Patients whose electronic health data is used for secondary purposes aside from their own care aren't terribly concerned with the sensitivity of such information, but are interested in why the information is used, according to research published this week in JAMA Internal Medicine.
For the study, researchers from the University of Pennsylvania Perelman School of Medicine and the University of Texas Southwestern Medical Center surveyed more than 3,300 adults about their preferences about how such information is used (whether for research, quality improvement or commercial marketing); who is using it (hospitals, businesses or public health departments); and the data's sensitivity. The participants ranked their willingness to share such data in various scenarios on a scale of 1 to 10, with 1 representing a low willingness to share).
Respondents were less willing to share such information in scenarios involving marketing and quality improvement uses, and drug company and public health department users, the researchers found.
In an invited commentary about the research published in the journal, Isaac Kohane, M.D.--a professor of at Harvard Medical School and chair of the informatics program at Boston Children's Hospital--called that particular finding "remarkable."
"The most surprising finding was that the data uses that currently require the least institutional review, namely, public health and quality improvement processes, were much less favored than secondary use for biomedical research, for which institutional review board oversight is usually required," Kohane said. "Also surprising was that the sensitivity of the data, whether genomic or family history, did not affect respondents' generally favorable attitude toward the secondary use of health information for biomedical research."
Kohane added that the findings indicate that perhaps healthcare institutions are asking the wrong question when it comes to such data use.
"Rather than [asking], "Why risk alarming our patients by using their healthcare data for research?" perhaps we should be asking, "Why is our first obligation not to ensure that our patients' data are used for research as they wish and expect them to be used?" Kohane said. "Every institution must enforce strict data security and protection of patient confidentiality and patient directives, but these requirements should be no more unexpected than meticulous hand washing before examining each patient."
Several states are in the process of reviewing how information from public health agencies is used when it is sold to data miners after recent Bloomberg research found that patients could be re-identified with just a few pieces of information. With more health information than ever in digital form, various researchers have shown that "anonymous" research participants can be re-identified. Meanwhile, the U.S. Department of Health & Human Services' Office for Civil Rights has said there is no fail-safe method for de-identifying patient data.