Download PDF
Appl Clin Inform 2025; 16(01): 090-100
DOI: 10.1055/a-2432-0329
Research Article

Ethical Dimensions of Clinical Data Sharing by U.S. Health Care Organizations for Purposes beyond Direct Patient Care: Interviews with Health Care Leaders

Brian R. Jackson*
1   University of Utah, Salt Lake City, Utah, United States
,
Bonnie Kaplan*
2   Department of Biostatistics (Health Informatics), Bioethics Center, Information Society Project, Solomon Center for Health Law and Policy, Center for Biomedical Data Science, and Program for Biomedical Ethics, Yale University, Yale School of Public Health, New Haven, Connecticut, United States
,
Richard Schreiber
3   Information Services, Penn State Health, Camp Hill, Pennsylvania, United States
4   Department of Biomedical Informatics and Data Science, Johns Hopkins School of Medicine, University of Maryland Graduate School of Medicine, Baltimore, Maryland, United States
5   University of Maryland Graduate School, Clinical Informatics Master of Science Program, Baltimore, Maryland, United States
,
Paul R. DeMuro
6   Epstein Becker Green, Dallas, Texas, United States
,
Victoria Nichols-Johnson
7   Southern Illinois University School of Medicine, Springfield, Illinois, United States
,
Larry Ozeran
8   Clinical Informatics Inc., Woodland, California, United States
,
Anthony Solomonides
9   Research Institute, Endeavor Health, Evanston, Illinois, United States
,
Ross Koppel
10   Department of Biomedical Informatics, Perelman School of Medicine and The Leonard Davis Institute of Health Economics, University of Pennsylvania, Philadelphia, Pennsylvania, United States
11   Department of Biomedical Informatics, Jacobs School of Medicine, University at Buffalo, Buffalo, New York, United States
› Author Affiliations Funding None.
› Further Information
Also available at
    Permissions and Reprints

Abstract

Objectives This study aimed to (1) empirically investigate current practices and analyze ethical dimensions of clinical data sharing by health care organizations for uses other than treatment, payment, and operations; and (2) make recommendations to inform research and policy for health care organizations to protect patients' privacy and autonomy when sharing data with unrelated third parties.

Methods Semistructured interviews and surveys involving 24 informatics leaders from 22 U.S. health care organizations, accompanied by thematic and ethical analyses.

Results We found considerable heterogeneity across organizations in policies and practices. Respondents understood “data sharing” and “research” in very different ways. Their interpretations of these terms ranged from making data available for academic and public health uses, and to health information exchanges; to selling data for corporate research; and to contracting with aggregators for future resale or use. The nine interview themes were that health care organizations: (1) share clinical data with many types of organizations, (2) have a variety of motivations for sharing data, (3) do not make data-sharing policies readily available, (4) have widely varying data-sharing approval processes, (5) most commonly rely on Health Insurance and Portability and Accountability Act (HIPAA) de-identification to protect privacy, (6) were concerned about clinical data use by electronic health record vendors, (7) lacked data-sharing transparency to the general public, (8) allowed individual patients little control over sharing of their data, and (9) had not yet changed data-sharing practices within the year following the U.S. Supreme Court 2022 decision denying rights to abortion.

Conclusion Our analysis identified gaps between ethical principles and health care organizations' data-sharing policies and practices. To better align clinical data-sharing practices with patient expectations and biomedical ethical principles, we recommend updating HIPAA, including re-identification and upstream sharing restrictions in data-sharing contracts, better coordination across data-sharing approval processes, fuller transparency and opt-out options for patients, and accountability for data-sharing and consequent harms.

Keywords

health data sharing - privacy - HIPAA - personal health information - bioethics

Protection of Human and Animal Subjects

The study was performed in compliance with the World Medical Association Declaration of Helsinki on Ethical Principles for Medical Research Involving Human Subjects. The University of Utah IRB reviewed the study protocol and categorized it as exempt from U.S. federal regulations regarding human subjects research.


* These are co-first authors.




Publication History

Received: 08 May 2024

Accepted: 01 October 2024

Accepted Manuscript online:
03 October 2024

Article published online:
29 January 2025

© 2025. Thieme. All rights reserved.

Georg Thieme Verlag KG
Rüdigerstraße 14, 70469 Stuttgart, Germany

 

  • References

  • 1 Bauchner H, Golub RM, Fontanarosa PB. Data sharing: an ethical and scientific imperative. JAMA 2016; 315 (12) 1237-1239
    CrossrefPubMedSearch in Google Scholar
  • 2 Caine K, Hanania R. Patients want granular privacy control over health information in electronic medical records. J Am Med Inform Assoc 2013; 20 (01) 7-15
    CrossrefPubMedSearch in Google Scholar
  • 3 Cumyn A, Ménard J-F, Barton A, Dault R, Lévesque F, Ethier JF. Patients' and members of the public's wishes regarding transparency in the context of secondary use of health data: Scoping review. J Med Internet Res 2023; 25: e45002
    CrossrefPubMedSearch in Google Scholar
  • 4 Dobson R, Wihongi H, Whittaker R. Exploring patient perspectives on the secondary use of their personal health information: an interview study. BMC Med Inform Decis Mak 2023; 23 (01) 66
    CrossrefPubMedSearch in Google Scholar
  • 5 Geissbuhler A, Safran C, Buchan I. et al. Trustworthy reuse of health data: a transnational perspective. Int J Med Inform 2013; 82 (01) 1-9
    CrossrefPubMedSearch in Google Scholar
  • 6 Kim J, Kim H, Bell E. et al. Patent perspectives about decisions to share medical data and biospecimens for research. JAMA Netw Open 2019; 2 (08) e199550
    CrossrefPubMedSearch in Google Scholar
  • 7 Kalkman S, van Delden J, Banerjee A, Tyl B, Mostert M, van Thiel G. Patients' and public views and attitudes towards the sharing of health data for research: a narrative review of the empirical evidence. J Med Ethics 2022; 48 (01) 3-13
    CrossrefPubMedSearch in Google Scholar
  • 8 Kaplan B. How should health data be used? Privacy, secondary use, and big data sales. Camb Q Healthc Ethics 2016; 25 (02) 312-329
    CrossrefPubMedSearch in Google Scholar
  • 9 Kaplan B. Seeing through health information technology: the need for transparency in software, algorithms, data privacy, and regulation. J Law Biosci 2020; 7 (01) lsaa062
    CrossrefPubMedSearch in Google Scholar
  • 10 Morse B, Kim KK, Xu Z. et al. Patient and researcher stakeholder preferences for use of electronic health record data: a qualitative study to guide the design and development of a platform to honor patient preferences. J Am Med Inform Assoc 2023; 30 (06) 1137-1149
    CrossrefPubMedSearch in Google Scholar
  • 11 Kharlamov A, Hohmann R, Parry G. Data sharing decisions: perceptions and intentions in healthcare. Strateg Change 2023; 32 (06) 223-237
    CrossrefPubMedSearch in Google Scholar
  • 12 Cohen IG, Mello MM. Big data, big tech, and protecting patient privacy. JAMA 2019; 322 (12) 1141-1142
    CrossrefPubMedSearch in Google Scholar
  • 13 Riso B, Tupasela A, Vears DF. et al. Ethical sharing of health data in online platforms - which values should be considered?. Life Sci Soc Policy 2017; 13 (01) 12
    CrossrefPubMedSearch in Google Scholar
  • 14 Rothstein MA. Is deidentification sufficient to protect health privacy in research?. Am J Bioeth 2010; 10 (09) 3-11
    CrossrefPubMedSearch in Google Scholar
  • 15 Spector-Bagdady K, Armoundas AA, Arnaout R. et al; American Heart Association Advocacy Coordinating Committee. Principles for health information collection sharing, and use: a policy statement from the American Heart Association. Circulation 2023; 148 (13) 1061-1069
    CrossrefPubMedSearch in Google Scholar
  • 16 Cole CL, Sengupta S, Rossetti Née Collins S. et al. Ten principles for data sharing and commercialization. J Am Med Inform Assoc 2021; 28 (03) 646-649
    CrossrefPubMedSearch in Google Scholar
  • 17 Rockwern B, Johnson D, Snyder Sulmasy L. Medical Informatics Committee and Ethics, Professionalism and Human Rights Committee of the American College of Physicians. Health information privacy, protection and use in the expanding digital health ecosystem: a position paper of the American College of Physicians. Ann Intern Med 2021; 174 (07) 994-998
    CrossrefPubMedSearch in Google Scholar
  • 18 McCoy MS, Allen AL, Kopp K. et al. Ethical responsibilities for companies that process personal data. Am J Bioeth 2023; 23 (11) 11-23
    CrossrefPubMedSearch in Google Scholar
  • 19 Kaplan B, Maxwell JA. Qualitative research methods for evaluating computer information systems. In: Anderson JG, and Aydin CE. eds. Evaluating the Organizational Impact of Healthcare Information Systems. 2nd ed.. New York: Springer; 2005: 30-55
    Search in Google Scholar
  • 20 United States Department of Health, Education and Welfare (April 18, 1979).. Protection of Human Subjects; Notice of Report for Public Comment (PDF). Federal Register. Vol. 44, no. 76. pp. 23191–23197. Archived from the original (PDF) on October 17, 2011
    PubMed
  • 21 Benitez K, Malin B. Evaluating re-identification risks with respect to the HIPAA privacy rule. J Am Med Inform Assoc 2010; 17 (02) 169-177
    CrossrefPubMedSearch in Google Scholar
  • 22 Chikwetu L, Miao Y, Woldetensae MK, Bell D, Goldenholz DM, Dunn J. Does deidentification of data from wearable devices give us a false sense of security? A systematic review. Lancet Digit Health 2023; 5 (04) e239-e247
    CrossrefPubMedSearch in Google Scholar
  • 23 Dreiseitl S, Vinterbo S, Ohno-Machado L. Disambiguation data: extracting information from anonymized sources. J Am Med Inform Assoc 2002; 9 (S6): S110-S114
    CrossrefPubMedSearch in Google Scholar
  • 24 U.S. Senate Committee on Finance. Data Brokerage and Threats to U.S. Privacy and Security Written Testimony. Accessed January 5, 2024 at: https://www.finance.senate.gov/download/12072021-sherman-testimony
    PubMed
  • 25 Hall M. The DOJ is creating maps from subpoenaed cell phone data to identify rioters involved with the Capitol insurrection. Business Insider. Published March 24, 2021.. Accessed January 5, 2024 at: https://www.businessinsider.com/doj-is-mapping-cell-phone-location-data-from-capitol-rioters-2021-3
    PubMed
  • 26 Meyer M. Law, Ethics & Science of Reidentification Demonstrations. Bill of Health.. Accessed January 5, 2024 at: https://blog.petrieflom.law.harvard.edu/symposia/law-ethics-science-of-reidentification-demonstrations/
    PubMed
  • 27 Narayanan A, Shmatikov V. Robust de-anonymization of large sparse datasets. In: 2008 IEEE Symposium on Security and Privacy (Sp 2008). IEEE; 2008: 111-125
    PubMedSearch in Google Scholar
  • 28 Malin B, Sweeney L. How (not) to protect genomic data privacy in a distributed network: using trail re-identification to evaluate and design anonymity protection systems. J Biomed Inform 2004; 37 (03) 179-192
    CrossrefPubMedSearch in Google Scholar
  • 29 Rocher L, Hendrickx LM, de Montjoye YA. Estimating the success of reidentifications in incomplete datasets using generative models. Nat Commun 2019; 10: 3069
    CrossrefPubMedSearch in Google Scholar
  • 30 Ross C. How a complex web of businesses turned private health records from GE into a lucrative portrait of patients. Stat News. May 23, 2022. Accessed Jan 5, 2024 at: https://www.statnews.com/2022/05/23/hipaa-patient-ge-data-privacy-profit/
    PubMed
  • 31 Evans BJ. Big data and individual autonomy in a crowd. In: Cohen IG, Lynch HF. et al., eds. Big Data, Health Law, and Bioethics. Cambridge: Cambridge University Press; 2018: 19-29
    Search in Google Scholar
  • 32 EU General Data Protection Regulation (GDPR): Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), OJ 2016 L 119/1
    PubMed
  • 33 Cohen JK. Google, Ascension data partnership sparks federal probe. Mod Healthcare. November 13, 2019. Accessed January 5, 2024 at: https://www.modernhealthcare.com/information-technology/google-ascension-data-partnership-sparks-federal-probe
    PubMed
  • 34 Kaplan B. Selling health data: de-identification, privacy, and speech. Camb Q Healthc Ethics 2015; 24 (03) 256-271
    CrossrefPubMedSearch in Google Scholar
  • 35 Cross B. Health secrets for sale: interview with Dr. Deborah Peel. CBS News Austin, April 28, 2016.. Accessed January 5, 2024 at: https://cbsaustin.com/news/local/health-secrets-for-sale
    PubMed
  • 36 Graham M. Data for sale: trust, confidence and sharing health data with commercial companies. J Med Ethics 2023; 49 (07) 515-522
    CrossrefPubMedSearch in Google Scholar
  • 37 Skloot R. The immortal life of Henrietta Lacks. New York: Crown Publishers; 2010
    Search in Google Scholar
  • 38 Campos-Castillo C, Anthony DL. The double-edged sword of electronic health records: implications for patient disclosure. J Am Med Inform Assoc 2015; 22 (e1): e130-e140
    CrossrefPubMedSearch in Google Scholar
  • 39 Schreiber R, Koppel R, Kaplan B. What do we mean by sharing of patient data? DaSH - A data sharing hierarchy of privacy and ethical challenges. Appl Clin Inform 2024; 15: 833-841
    Thieme ConnectPubMedSearch in Google Scholar