Jackson Brian R, Kaplan Bonnie, Schreiber Richard, DeMuro Paul R, Nichols-Johnson Victoria, Ozeran Larry, Solomonides Anthony, Koppel Ross
University of Utah, Salt Lake City, Utah, United States.
Department of Biostatistics (Health Informatics), Bioethics Center, Information Society Project, Solomon Center for Health Law and Policy, Center for Biomedical Data Science, and Program for Biomedical Ethics, Yale University, Yale School of Public Health, New Haven, Connecticut, United States.
Appl Clin Inform. 2025 Jan;16(1):90-100. doi: 10.1055/a-2432-0329. Epub 2024 Oct 3.
This study aimed to (1) empirically investigate current practices and analyze ethical dimensions of clinical data sharing by health care organizations for uses other than treatment, payment, and operations; and (2) make recommendations to inform research and policy for health care organizations to protect patients' privacy and autonomy when sharing data with unrelated third parties.
Semistructured interviews and surveys involving 24 informatics leaders from 22 U.S. health care organizations, accompanied by thematic and ethical analyses.
We found considerable heterogeneity across organizations in policies and practices. Respondents understood "data sharing" and "research" in very different ways. Their interpretations of these terms ranged from making data available for academic and public health uses, and to health information exchanges; to selling data for corporate research; and to contracting with aggregators for future resale or use. The nine interview themes were that health care organizations: (1) share clinical data with many types of organizations, (2) have a variety of motivations for sharing data, (3) do not make data-sharing policies readily available, (4) have widely varying data-sharing approval processes, (5) most commonly rely on Health Insurance and Portability and Accountability Act (HIPAA) de-identification to protect privacy, (6) were concerned about clinical data use by electronic health record vendors, (7) lacked data-sharing transparency to the general public, (8) allowed individual patients little control over sharing of their data, and (9) had not yet changed data-sharing practices within the year following the U.S. Supreme Court 2022 decision denying rights to abortion.
Our analysis identified gaps between ethical principles and health care organizations' data-sharing policies and practices. To better align clinical data-sharing practices with patient expectations and biomedical ethical principles, we recommend updating HIPAA, including re-identification and upstream sharing restrictions in data-sharing contracts, better coordination across data-sharing approval processes, fuller transparency and opt-out options for patients, and accountability for data-sharing and consequent harms.
本研究旨在(1)实证调查当前的做法,并分析医疗保健组织出于治疗、支付和运营以外的用途进行临床数据共享的伦理层面;(2)提出建议,为医疗保健组织在与无关第三方共享数据时保护患者隐私和自主权的研究及政策提供参考。
对来自22家美国医疗保健组织的24位信息学负责人进行半结构化访谈和调查,并进行主题分析和伦理分析。
我们发现各组织在政策和做法上存在很大差异。受访者对“数据共享”和“研究”的理解大不相同。他们对这些术语的解释范围从将数据用于学术和公共卫生用途、健康信息交换,到将数据出售给企业进行研究,再到与聚合商签约以供未来转售或使用。九个访谈主题是,医疗保健组织:(1)与多种类型的组织共享临床数据,(2)共享数据有多种动机,(3)未随时提供数据共享政策,(4)数据共享审批流程差异很大,(5)最常依赖《健康保险流通与责任法案》(HIPAA)的去识别化来保护隐私,(6)担心电子健康记录供应商使用临床数据,(7)对公众缺乏数据共享透明度,(8)允许个别患者对其数据共享几乎没有控制权,(9)在美国最高法院2022年做出否认堕胎权的裁决后的一年内尚未改变数据共享做法。
我们的分析确定了伦理原则与医疗保健组织的数据共享政策和做法之间的差距。为了使临床数据共享做法更好地符合患者期望和生物医学伦理原则,我们建议更新HIPAA,包括在数据共享合同中重新识别和上游共享限制、更好地协调数据共享审批流程、提高透明度并为患者提供退出选项,以及对数据共享及其造成的损害负责。
