Privacy Matters
Privacy Hub's monthly synthesis of the major news items
affecting and shaping health data privacy,
with expert analysis and commentary
How valuable is privacy-preserving
data sharing, really?
Experts Expound
Jonah Leshin, Head of Privacy Research at Privacy Hub by Datavant,
offers examples of ways in which privacy-preserving data sharing can provide value to patients and organizations.
Privacy-preserving exchange of health data is highly valuable for the betterment of public health. In particular, social determinants of health (SDOH) data plays a critical role in identifying the root causes that underlie disparate health outcomes across different populations. These causes can then often be addressed through public policy and programs.
To take an example, consider the issue of substance abuse. By analyzing SDOH data in combination with electronic medical records, researchers may be able to identify high-risk areas or populations for substance abuse. These might be communities with high unemployment rates, limited public transportation, or areas where access to healthcare services, including mental health and addiction services, is limited. Such findings can guide targeted interventions, such as employment initiatives, improved access to mental health services, or increased funding for local substance abuse programs.
Preserving patient privacy is of the utmost importance for such a study due to the sensitivity of the information at hand. Data sources can protect privacy by de-identifying the data prior to sharing it. De-identifying the data removes any directly identifying information and makes the risk of re-identification very small while preserving sufficient research utility. In this case, for example, a de-identified dataset may contain an anonymized patient identifier along with information like income bands and whether they had an emergency room visit in the past year.
Providers and public institutions alike are generally more comfortable sharing this data in de-identified form to protect privacy. Additionally, in the presence of recent state-level consumer data privacy laws, de-identifying SDOH data according to the standards set therein may be required in order to use the data for certain analyses.
The Last Few
Weeks in a Flash
The state consumer privacy law wave continues to accelerate with Oregon, Texas, Florida, and Delaware passing comprehensive consumer privacy bills and Nevada and Connecticut voting in favor of sending legislation to their governors for signature that would impose restrictions, among others, on the processing of consumer health data. Other governmental attempts at strengthening health data privacy include Illinois State’s announcement of its revision of abortion data collection through amendments to the Illinois Reproductive Health Act that aim to better protect patient privacy in the wake of the Dobbs decision.
A major data breach announced by HCA Healthcare, one of the nation’s largest health systems, adds to already mounting concerns about patient privacy. In addition to the incident, in which the personal information of 11 million patients was stolen by hackers, questions surrounding tracking technologies continue to draw public attention, with the Department of Health and Human Services and the Federal Trade Commission even issuing a warning for hospital systems and telehealth providers about the privacy and security risks involved with using these technologies.
Several areas of the government continue to prioritize health data privacy through a variety of different measures. After the Federal Trade Commission’s proposal to update the Health Breach Notification Rule with a focus on the digital health industry, the agency issued a policy statement in which it described concerns about fast-proliferating biometric technologies and articulated a set of compliance obligations for businesses that develop or use them. The FTC also finalized an order prohibiting online counseling service BetterHelp from sharing consumers’ health data for advertising and fining the company $7.8 million, while requiring that a San Francisco-based company that sells DNA test kits and personalized diet and exercise plans based on genetic testing pay $75,000 for improper data privacy and security practices. Meanwhile, HHS and OIG finalized a new rule that would penalize health IT companies for up to $1 million for information blocking, and twenty four Attorney Generals expressed support for making amendments to HIPAA that aim to protect patients and providers from prosecution in relation to the provision of reproductive healthcare..
But to answer your question
about privacy-preserving data sharing...
Data Sharing That Safeguards Patient Privacy Is Crucial for Future of Medicine, Says Yale Researcher
“It is the responsibility of researchers to tell ‘the truest truth,’ says Daniel Boffa, MD, professor of surgery (thoracic). The accuracy and precision of medical research depend on the data used. The medical community has increasingly recognized the importance of data sharing. . . The compilation of greater data sets allows investigators to generate a more complete picture of what is happening in patients.” Keep reading
Healthcare Data Sharing Is Essential To The Future Of Medicine
“Healthcare data coupled with [privacy] regulations enable health systems to provide consistent and stable care across a continuum of entities. On a higher level, this de-identified information often informs new therapies and adds to existing therapies to improve patient outcomes. Additionally, it can greatly fuel innovative treatments to the market by expanding and diversifying existing research databases.” Keep reading
Takeaways from Real-World Data Connect | Privacy & Data Governance Track
“Connecting de-identified real world data holds tremendous potential, but that potential can only be realized with thoughtful approaches to patient privacy. Without a careful plan for linking de-identified patient records, researchers may lose the information necessary for impactful analysis, or, on the other end of the spectrum, expose patient records to unwarranted privacy risk.” Keep reading
Best of the Rest
In an interview for the Partially Redacted: Data Privacy, Security & Compliance podcast, Future of Privacy Forum's Researcher for Health and Wellness, Jordan Wrigley, discusses the importance and complexity of privacy when using health data to “make the world a better place.”
offers a wide range of advanced technologies and solutions
to improve the quality and speed of the compliance process
Reach us at privacymatters.privacyhub@datavant.com
