Assessing Health Data Security Risks in Global Health Partnerships: Development of a Conceptual Framework.

BACKGROUND

Health care databases contain a wealth of information that can be used to develop programs and mature health care systems. There is concern that the sensitive nature of health data (eg, ethnicity, reproductive health, sexually transmitted infections, and lifestyle information) can have significant impact on individuals if misused, particularly among vulnerable and marginalized populations. As academic institutions, nongovernmental organizations, and international agencies begin to collaborate with low- and middle-income countries to develop and deploy health information technology (HIT), it is important to understand the technical and practical security implications of these initiatives.

OBJECTIVE

Our aim is to develop a conceptual framework for risk stratification of global health data partnerships and HIT projects. In addition to identifying key conceptual domains, we map each domain to a variety of publicly available indices that could be used to inform a quantitative model.

METHODS

We conducted an overview of the literature to identify relevant publications, position statements, white papers, and reports. The research team reviewed all sources and used the framework method and conceptual framework analysis to name and categorize key concepts, integrate them into domains, and synthesize them into an overarching conceptual framework. Once key domains were identified, public international data sources were searched for relevant structured indices to generate quantitative counterparts.

RESULTS

We identified 5 key domains to inform our conceptual framework: State of HIT, Economics of Health Care, Demographics and Equity, Societal Freedom and Safety, and Partnership and Trust. Each of these domains was mapped to a number of structured indices.

CONCLUSIONS

There is a complex relationship among the legal, economic, and social domains of health care, which affects the state of HIT in low- and middle-income countries and associated data security risks. The strength of partnership and trust among collaborating organizations is an important moderating factor. Additional work is needed to formalize the assessment of partnership and trust and to develop a quantitative model of the conceptual framework that can help support organizational decision-making.