Becoming a hero with blood or organ donation sounds familiar? What about becoming a hero with data donation? Is donating medical data or records as easy as donating blood or does it cause unusual inconveniences?
With advances in technology such as wearable health devices or electronic health records, in theory, it is quite easy to donate medical data for research or commercial purposes, while in practice, there are some matters such as confidentiality and privacy, which make the procedure of donating medical data harder and more complex.
Since nowadays medical research has become more dependent on big data, it relies mostly on data donated by patients. Research, clinical trials, preventive treatments, and therapies are often developed and improved by means of data, therefore data donation matters! However, data donation is affected by some factors. Patients decide on donating their data after taking risks and benefits into account. So far, research studies have shown that individuals agree to donate their medical data mostly because of three motivations [1, 2] such as:
However, when it comes to donating medical data, things get more complicated than blood donation. Although these factors explained above encourage patients to donate their data, there are some factors affecting decisions of patients on medical data donation. Previous studies have identified these factors which are elaborated below[1, 2, 3, 4].
These are some of the main factors that prevent patients from donating their medical data. Patients in general feel more secure in data donation, when data collected is based on measures that ensure ownership of medical data belongs to the patient and confidentiality and privacy of the data are maintained. Different methods are already used in medical research to comply with the needs of patients. The most common methods to ensure confidentiality of medical data and ownership of medical data include different consent models and anonymization.
In the era of technology, medical data can be easily and quickly collected through electronic health records or different electronic devices such as wearable watches. On the other hand, it can also be easily accessible by unauthorized parties, i.e., health data breaches. Different methods have been developed to protect sensitive data for encouraging patients to donate their data.
One of these methods is to get consent from patients. This gives patients a chance to understand why medical data is needed, for what it will be used and who will get access to their data. However, this is not valid for all countries. For instance, China follows mandatory data donation model where medical data is collected without patient consent. Another example is the USA, where data donation is protected through privacy regulations only, without taking consent-based donation system in account [5]. Even with high privacy and security regulations tens of millions of people are affected by cyberattacks in the USA [5]. Therefore, consent of patients through a transparent approach is crucial in ensuring legal and technical safeguards. By these means, patients will have the power to decide who, when and how long will have access to their medical data, thus increasing trust in the organization collecting medical data.
Earlier studies focused on whether consent was necessary, but after the benefits of consent became highly recognizable, recent studies now focus more on the various types of consents. Within the scope of biobank research, different consent models have been proposed so far. Among them is informed consent, referring to giving consent to participate in one study using a single consent form. However, this might pose problems arising from potential secondary use of medical data in future research studies. With an effort to overcome such problems, broad or blanket consent have been proposed, referring to asking individuals to participate in unknown future research studies, by acknowledging that future research studies would be based on ethical review.
The last consent model proposed in biobank research is study-by-study consent, referring to asking individuals for consent on an ongoing basis for specific research projects. Studies show that individual preferences towards different consent models depend on value of research and trust in organization collecting medical data. A previous research study showed that after explaining individuals about the value of research and clarifying their concerns related to research participation, individuals opted for broad consent over study-by-study consent, implying that, concerns about privacy and confidentiality of medical data did not significantly affect their decisions on giving broad consent [6].
Due to its convenience and cost-effective approach, many biobank projects have adapted broad consent, such as UK Biobank, CARTaGENE (Montreal, QC, Canada), Norwegian Mother Child Cohort Study and the Norwegian HUNT study to name a few. Several biobanks like UK Biobank and the Norwegian Mother Child Cohort Study use broad consent along with regularly informing donors and related parties by means of updated websites and annual newsletters [7]. Such information strategies serve for improving trustworthiness of the organization and research study.
Secondary use of medical data is common in medical research. However, it is not always the case that consent for unexpected secondary use of data for research study has been obtained from all patients. In addition, it is not practical nor easy to obtain consent from thousands of patients for their data collected years ago. In this case, a method has been used in medical research, which is termed anonymization [8].
Secondary use of medical data poses problems regarding confidentiality of medical data. Anonymization techniques aim to hide personal information in medical data, thus ensuring data confidentiality by removing personal details from the files.
As defined in the European legislation, i.e., the General Data Protection Regulation (GDPR), anonymous information is referred to “information which does not relate to an identified or identifiable natural person or to personal data rendered anonymous in such a manner that the data subject is not or no longer identifiable” [9]. The intention of data anonymization is to eliminate the risk of re-identification, and at the same time, maintain an acceptable level of data quality to allow for a meaningful analysis to be conducted. In this way, researchers can get permission from ethical boards to share patient data without consent from patients by anonymizing medical data according to the GDPR.
In the era of technology, just like many disciplines, medical research relies mostly on big data, one way to acquire such data is via patient led data donation. Although patients are mostly encouraged to donate due to altruism, self-benefit and public good; confidentiality and privacy of medical data prevent patients/individuals from data donation, due to the sensitive nature of such data.
In medical research, different methods such as consent and anonymization have been proposed and used to ensure confidentiality, thus promoting data donation. By means of different consent models, secondary use of medical data is made possible by informing patients about the potential use of their data in the future. In cases where consent cannot be obtained, anonymization techniques have been used, including removing personal information in medical data. These techniques ensure confidentiality and privacy of medical data, and compliance with GDPR requirements.
Although there are potential risks like data breaches involved in medical data donation, in some countries like UK, Germany and the USA, national health organizations strive to overcome these disadvantages by collecting and processing data, depending on a consent-based donation system and/or in accordance with strict laws and regulations. Despite strict measures, medical data is still subjected to data breaches and cyberattacks, which cannot be prevented completely. What should not be ignored is that, everyone is aware of the fact that most of the diseases can be treated and even prevented by means of big data and AI. It is no doubt that every novelty comes with some resistance but just like organ donation, over time people will be more informed about the benefits of medical data donation and how these benefits outweigh its disadvantages.
Data security is not just a buzzword to us, it is our guideline and deep conviction, especially when handling medical data. To meet this requirement, we operate our infrastructure in georedundant server centers with ISO 27001 certification located in Germany under German jurisdiction. With a vision towards keeping medical data confidential, we ensure collection and use of medical data in full compliance with the General Data Protection Regulation (GDPR). The US Cloud Act of 2019 which provides an additional provision for cross-border data access does not apply to us, so you can be sure your data is not accessed by a third party. To get further information about different legislations, please follow the link and look at our previous article about GDPR and US Cloud Act https://paicon.com/gdpr-versus-us-cloud-act/
PAICON is a medical software company based in Heidelberg. PAICON was founded by doctors and researchers with the aim to provide a digitized environment that encourages entrepreneurship, global collaboration and the development of certified medical products and applications especially in the science and healthcare sector. PAICON simplifies processes and enables medical researchers to focus on our shared passion – improving people’s lives through data.
PAICON’s vision is to support the decision-making of doctors and medical researchers by combining a highly secure health-intelligence platform with comprehensive disease-specific data knowledge using artificial intelligence and machine learning techniques to create marketable certified medical products and applications. For more information, please visit: https://paicon.com/
References