ABSTRACT
BACKGROUND: Privacy, ethics, and data access issues pose significant challenges to the timely delivery of health research. Whilst the fundamental drivers to ensure that data access is ethical and satisfies privacy requirements are similar, they are often dealt with in varying ways by different approval processes. OBJECTIVE: To achieve a consensus across an international panel of health care and informatics professionals on an integrated set of privacy and ethics principles that could accelerate health data access in data-driven health research projects. METHOD: A three-round consensus development process was used. In round one, we developed a baseline framework for privacy, ethics, and data access based on a review of existing literature in the health, informatics, and policy domains. This was further developed using a two-round Delphi consensus building process involving 20 experts who were members of the International Medical Informatics Association (IMIA) and European Federation of Medical Informatics (EFMI) Primary Health Care Informatics Working Groups. To achieve consensus we required an extended Delphi process. RESULTS: The first round involved feedback on and development of the baseline framework. This consisted of four components: (1) ethical principles, (2) ethical guidance questions, (3) privacy and data access principles, and (4) privacy and data access guidance questions. Round two developed consensus in key areas of the revised framework, allowing the building of a newly, more detailed and descriptive framework. In the final round panel experts expressed their opinions, either as agreements or disagreements, on the ethics and privacy statements of the framework finding some of the previous round disagreements to be surprising in view of established ethical principles. CONCLUSION: This study develops a framework for an integrated approach to ethics and privacy. Privacy breech risk should not be considered in isolation but instead balanced by potential ethical benefit.
Subject(s)
Confidentiality , Medical Records Systems, Computerized/ethics , Bioethics , Consensus , Delphi Technique , Humans , Medical Records Systems, Computerized/organization & administrationABSTRACT
BACKGROUND: A set of core diabetes indicators were identified in a clinical review of current evidence for the EUBIROD project. In order to allow accurate comparisons of diabetes indicators, a standardised currency for data storage and aggregation was required. We aimed to define a robust European data dictionary with appropriate clinical definitions that can be used to analyse diabetes outcomes and provide the foundation for data collection from existing electronic health records for diabetes. METHODS: Existing clinical datasets used by 15 partner institutions across Europe were collated and common data items analysed for consistency in terms of recording, data definition and units of measurement. Where necessary, data mappings and algorithms were specified in order to allow partners to meet the standard definitions. A series of descriptive elements were created to document metadata for each data item, including recording, consistency, completeness and quality. RESULTS: While datasets varied in terms of consistency, it was possible to create a common standard that could be used by all. The minimum dataset defined 53 data items that were classified according to their feasibility and validity. Mappings and standardised definitions were used to create an electronic directory for diabetes care, providing the foundation for the EUBIROD data analysis repository, also used to implement the diabetes registry and model of care for Cyprus. CONCLUSIONS: The development of data dictionaries and standards can be used to improve the quality and comparability of health information. A data dictionary has been developed to be compatible with other existing data sources for diabetes, within and beyond Europe.
Subject(s)
Clinical Audit/standards , Delivery of Health Care/standards , Diabetes Mellitus/epidemiology , Dictionaries as Topic , Europe , Humans , Reference Standards , Reproducibility of ResultsABSTRACT
The European Union (EU) Data Protection Regulation will have profound implications for public health, health services research and statistics in Europe. The EU Commission's Proposal was a breakthrough in balancing privacy rights and rights to health and healthcare. The European Parliament, however, has proposed extensive amendments. This paper reviews the amendments proposed by the European Parliament Committee on Civil Liberties, Justice and Home Affairs and their implications for health research and statistics. The amendments eliminate most innovations brought by the Proposal. Notably, derogation to the general prohibition of processing sensitive data shall be allowed for public interests such as the management of healthcare services,but not health research, monitoring, surveillance and governance. The processing of personal health data for historical, statistical or scientific purposes shall be allowed only with the consent of the data subject or if the processing serves an exceptionally high public interest, cannot be performed otherwise and is legally authorised. Research, be it academic, government,corporate or market research, falls under the same rule.The proposed amendments will make difficult or render impossible research and statistics involving the linkage and analysis of the wealth of data from clinical,administrative, insurance and survey sources, which have contributed to improving health outcomes and health systems performance and governance; and may illegitimise efforts that have been made in some European countries to enable privacy-respectful data use for research and statistical purposes. If the amendments stand as written, the right to privacy is likely to override the right to health and healthcare in Europe.
Subject(s)
Clinical Governance/legislation & jurisprudence , Computer Security/legislation & jurisprudence , Health Services Research/ethics , Health Services Research/legislation & jurisprudence , Clinical Governance/ethics , Computer Security/ethics , Europe/epidemiology , European Union/organization & administration , Humans , Public Health/statistics & numerical dataABSTRACT
OBJECTIVES: To foster the development of a privacy-protective, sustainable cross-border information system in the framework of a European public health project. MATERIALS AND METHODS: A targeted privacy impact assessment was implemented to identify the best architecture for a European information system for diabetes directly tapping into clinical registries. Four steps were used to provide input to software designers and developers: a structured literature search, analysis of data flow scenarios or options, creation of an ad hoc questionnaire and conduction of a Delphi procedure. RESULTS: The literature search identified a core set of relevant papers on privacy (n = 11). Technicians envisaged three candidate system architectures, with associated data flows, to source an information flow questionnaire that was submitted to the Delphi panel for the selection of the best architecture. A detailed scheme envisaging an "aggregation by group of patients" was finally chosen, based upon the exchange of finely tuned summary tables. CONCLUSIONS: Public health information systems should be carefully engineered only after a clear strategy for privacy protection has been planned, to avoid breaching current regulations and future concerns and to optimise the development of statistical routines. The BIRO (Best Information Through Regional Outcomes) project delivers a specific method of privacy impact assessment that can be conveniently used in similar situations across Europe.
