We were in sunny San Diego (not) at the 55th annual DIA meeting. The catchphrase this year is “connect and ascend” and there is a great emphasis on getting together, sharing information and overcoming competitive caution to collaborate and learn from each other. Three awards have been given out for excellence (take picture from tweet or my green phone) and it is clear that, while a great deal of the attendees are from the US, the awards span the globe, with two of three awards to Chinese and Korean clinicians and organisations.
Who Owns My Health Data? So far, it’s not the Patient..
A DIAmond session at the DIA is intended to be thought-provoking and cover difficult topics applicable worldwide, and this particular session on the first day of the DIA 2019 in San Diego convention center was no exception. Four panelists presented their perspectives, each highlighting different issues.
Patient data can be bought or sold by organisations, without patients even knowing about it (let alone giving their consent) and even though this data may be anonymized, it begs the question: would patients have consented to have their data included if they knew it was for a purely commercial transaction? The latest surveys seem to indicate that data privacy issues were paramount for patients and most were concerned about this issue and were mistrustful of the way their data might be used or shared without their consent.
In addition, patients are often asked to give a blanket consent that then satisfies data collection requirements, but again, the question arises regarding how long this particular consent is valid and would patients be pleased that their data swaps hands and is used for all sorts of purposes that they are unaware of. One of the panelists who represented a patient advocacy function (and was a patient herself) had tried to challenge the sweeping nature of the consent, and was then threatened with treatment withdrawal if she persisted in challenging the standard document.
Another panelist insisted that patients were often very prepared to be altruistic with their data if it meant a better outcome for other patients; but the prevailing issue was one of trust. If patients felt that their data were likely to be abused or misused, consent was likely to be withheld or, if given, resented.
So how do we resolve these issues?
- Firstly, be respectful of the data you have. Ensure the patient (not just the patient management organization) has given proper informed consent. And don’t present privacy contracts that are long and complex to patients who are in a vulnerable position – it’s not fair to expect people who are reeling from a major unexpected health issue to be able to logically consider such a document.
- Build trust with patients by informing them where and how their data may be used. Patients should be participants and collaborators rather than “the hunted”.
- Ask them again at intervals to be sure they haven’t changed their minds.
- Provide an easy opt-out.
- Keep the whole process and the results as transparent as possible. Make sure they know who and how to ask questions that may only occur to them down the line.
Ownership of the data is still an issue, but at least patients may feel more respected in the process.