• userPaicon

  • calendarSeptember 26, 2023

  • clock12 min read

Becoming a hero with blood or organ donation sounds familiar? What about becoming a hero with data donation? Is donating medical data or records as easy as donating blood or does it cause unusual inconveniences?

With advances in technology such as wearable health devices or electronic health records, in theory, it is quite easy to donate medical data for research or commercial purposes, while in practice, there are some matters such as confidentiality and privacy, which make the procedure of donating medical data harder and more complex.

Since nowadays medical research has become more dependent on big data, it relies mostly on data donated by patients. Research, clinical trials, preventive treatments, and therapies are often developed and improved by means of data, therefore data donation matters! However, data donation is affected by some factors. Patients decide on donating their data after taking risks and benefits into account. So far, research studies have shown that individuals agree to donate their medical data mostly because of three motivations [1, 2] such as:

  • Altruism inspires patients to help to reduce suffering of future patients. The hope that by sharing their data to advance research would help in the development of either novel therapies or improvement of current therapy standards.
  • Self-Benefit makes patients hope that scientific researchers will discover new, or an improved treatment and they will have a chance to recover by means of this novel treatment. Therefore, motivation can be associated with the self-benefit of patients.
  • Public Good: motivates patients to contribute to the research for betterment of public health. By donating their data or samples, patients help doctors and researchers to advance research. Thus, paving new ways for innovative treatments, therapies, or postulate new scientific hypothesis.

However, when it comes to donating medical data, things get more complicated than blood donation. Although these factors explained above encourage patients to donate their data, there are some factors affecting decisions of patients on medical data donation. Previous studies have identified these factors which are elaborated below[1, 2, 3, 4].

  • Trustworthiness and familiarity of the organization: When individuals decide on donating medical data, they first want to ensure that this donation will be used appropriately, whether for research or commercial use. However, due to unclear information, individuals donating their data for research purposes might have concerns that their data will be sold to a commercial company. Due to such cases, people rely more on the organization which provides the clearest information about data usage, to donate their data. As shown in previous studies, individuals were willing to donate their data with academic researchers, rather than commercial laboratories due to more trust in research institutes in terms of confidentiality and privacy of the medical data.
  • Unconsented access to data: Like trustworthiness, people are also concerned about who will have access to their medical data. The fact that people give permission to keep, access and use their medical data to an organization does not mean they give this permission to any further organization of the same or different kind. Sharing data without consent to a third-party organization, violates the right to keep medical data confidential.
  • Confidentiality matters: When it comes to medical data, people are more careful in keeping their data confidential, compared to any other data such as data shared on social media. Although data protection regulations ensure confidentiality, repeated breaches and violations of these regulations have significantly undermined public trust regarding confidentiality. For example, in the USA, over tens of millions of Americans were affected by cyberattacks and health data breaches- just in the first half of 2023. In USA medical data donation is protected through privacy regulations only, without taking consent-based donation system in account [5].

These are some of the main factors that prevent patients from donating their medical data. Patients in general feel more secure in data donation, when data collected is based on measures that ensure ownership of medical data belongs to the patient and confidentiality and privacy of the data are maintained. Different methods are already used in medical research to comply with the needs of patients. The most common methods to ensure confidentiality of medical data and ownership of medical data include different consent models and anonymization.

How to Encourage Patients to Donate Data

In the era of technology, medical data can be easily and quickly collected through electronic health records or different electronic devices such as wearable watches. On the other hand, it can also be easily accessible by unauthorized parties, i.e., health data breaches. Different methods have been developed to protect sensitive data for encouraging patients to donate their data.

Different Consent Models

One of these methods is to get consent from patients. This gives patients a chance to understand why medical data is needed, for what it will be used and who will get access to their data. However, this is not valid for all countries. For instance, China follows mandatory data donation model where medical data is collected without patient consent. Another example is the USA, where data donation is protected through privacy regulations only, without taking consent-based donation system in account [5]. Even with high privacy and security regulations tens of millions of people are affected by cyberattacks in the USA [5]. Therefore, consent of patients through a transparent approach is crucial in ensuring legal and technical safeguards. By these means, patients will have the power to decide who, when and how long will have access to their medical data, thus increasing trust in the organization collecting medical data.

Earlier studies focused on whether consent was necessary, but after the benefits of consent became highly recognizable, recent studies now focus more on the various types of consents. Within the scope of biobank research, different consent models have been proposed so far. Among them is informed consent, referring to giving consent to participate in one study using a single consent form. However, this might pose problems arising from potential secondary use of medical data in future research studies. With an effort to overcome such problems, broad or blanket consent have been proposed, referring to asking individuals to participate in unknown future research studies, by acknowledging that future research studies would be based on ethical review.

The last consent model proposed in biobank research is study-by-study consent, referring to asking individuals for consent on an ongoing basis for specific research projects. Studies show that individual preferences towards different consent models depend on value of research and trust in organization collecting medical data. A previous research study showed that after explaining individuals about the value of research and clarifying their concerns related to research participation, individuals opted for broad consent over study-by-study consent, implying that, concerns about privacy and confidentiality of medical data did not significantly affect their decisions on giving broad consent [6].

Due to its convenience and cost-effective approach, many biobank projects have adapted broad consent, such as UK Biobank, CARTaGENE (Montreal, QC, Canada), Norwegian Mother Child Cohort Study and the Norwegian HUNT study to name a few. Several biobanks like UK Biobank and the Norwegian Mother Child Cohort Study use broad consent along with regularly informing donors and related parties by means of updated websites and annual newsletters [7]. Such information strategies serve for improving trustworthiness of the organization and research study.


Secondary use of medical data is common in medical research. However, it is not always the case that consent for unexpected secondary use of data for research study has been obtained from all patients. In addition, it is not practical nor easy to obtain consent from thousands of patients for their data collected years ago. In this case, a method has been used in medical research, which is termed anonymization [8].

Secondary use of medical data poses problems regarding confidentiality of medical data. Anonymization techniques aim to hide personal information in medical data, thus ensuring data confidentiality by removing personal details from the files.

As defined in the European legislation, i.e., the General Data Protection Regulation (GDPR), anonymous information is referred to “information which does not relate to an identified or identifiable natural person or to personal data rendered anonymous in such a manner that the data subject is not or no longer identifiable” [9]. The intention of data anonymization is to eliminate the risk of re-identification, and at the same time, maintain an acceptable level of data quality to allow for a meaningful analysis to be conducted. In this way, researchers can get permission from ethical boards to share patient data without consent from patients by anonymizing medical data according to the GDPR.


In the era of technology, just like many disciplines, medical research relies mostly on big data, one way to acquire such data is via patient led data donation. Although patients are mostly encouraged to donate due to altruism, self-benefit and public good; confidentiality and privacy of medical data prevent patients/individuals from data donation, due to the sensitive nature of such data.

In medical research, different methods such as consent and anonymization have been proposed and used to ensure confidentiality, thus promoting data donation. By means of different consent models, secondary use of medical data is made possible by informing patients about the potential use of their data in the future. In cases where consent cannot be obtained, anonymization techniques have been used, including removing personal information in medical data. These techniques ensure confidentiality and privacy of medical data, and compliance with GDPR requirements.

Although there are potential risks like data breaches involved in medical data donation, in some countries like UK, Germany and the USA, national health organizations strive to overcome these disadvantages by collecting and processing data, depending on a consent-based donation system and/or in accordance with strict laws and regulations. Despite strict measures, medical data is still subjected to data breaches and cyberattacks, which cannot be prevented completely. What should not be ignored is that, everyone is aware of the fact that most of the diseases can be treated and even prevented by means of big data and AI. It is no doubt that every novelty comes with some resistance but just like organ donation, over time people will be more informed about the benefits of medical data donation and how these benefits outweigh its disadvantages.

How does PAICON ensure data security?

Data security is not just a buzzword to us, it is our guideline and deep conviction, especially when handling medical data. To meet this requirement, we operate our infrastructure in georedundant server centers with ISO 27001 certification located in Germany under German jurisdiction. With a vision towards keeping medical data confidential, we ensure collection and use of medical data in full compliance with the General Data Protection Regulation (GDPR). The US Cloud Act of 2019 which provides an additional provision for cross-border data access does not apply to us, so you can be sure your data is not accessed by a third party. To get further information about different legislations, please follow the link and look at our previous article about GDPR and US Cloud Act 


PAICON is a medical software company based in Heidelberg. PAICON was founded by doctors and researchers with the aim to provide a digitized environment that encourages entrepreneurship, global collaboration and the development of certified medical products and applications especially in the science and healthcare sector. PAICON simplifies processes and enables medical researchers to focus on our shared passion – improving people’s lives through data.

PAICON’s vision is to support the decision-making of doctors and medical researchers by combining a highly secure health-intelligence platform with comprehensive disease-specific data knowledge using artificial intelligence and machine learning techniques to create marketable certified medical products and applications. For more information, please visit:


  1. A patient’s perspective on using samples and data for research [Internet]. Medicines Discovery Catapult. 2019 [cited 2023 Aug 15]. Available from:
  2. Skatova A, Ng E, Goulding J. Data Donation: Sharing Personal Data for Public Good? [Internet]. Research Gate. 2014 [cited 2023 Aug 17]. Available from: Doi: 10.13140/2.1.2567.8405
  3. Garrison NA, Sathe NA, Antommaria AHM, Holm IA, Sanderson SC, Smith ME, et al. A systematic literature review of individuals’ perspectives on broad consent and data sharing in the United States. Genetics in Medicine [Internet]. 2016 Jul 1 [cited 2020 Aug 4];18(7):663–71. Available from:
  4. What is data donation? | Data4Life [Internet]. 2020 [cited 2023 Aug 21]. Available from:
  5. Here are the 10 biggest health data breaches in the first half of 2023 [Internet]. OncLive. 2023 [cited 2023 Aug 21]. Available from:
  6. Platt J, Bollinger J, Dvoskin R, Kardia SLR, Kaufman D. Public preferences regarding informed consent models for participation in population-based genomic research. Genetics in Medicine. 2013 May 9;16(1):11–8.
  7. Steinsbekk KS, Kåre Myskja B, Solberg B. Broad consent versus dynamic consent in biobank research: Is passive participation an ethical problem? European Journal of Human Genetics [Internet]. 2013 Jan 9;21(9):897–902. Available from:
  8. El Emam K, Rodgers S, Malin B. Anonymizing and sharing individual patient data. BMJ [Internet]. 2015 Mar 20;350(mar20 1):h1139–9. Available from:
  9. General Data Protection Regulation (GDPR) – Final text neatly arranged [Internet]. General Data Protection Regulation (GDPR). 2013. Available from:

Related Articles

bacground image
bacground image

Subscribe to our newsletter