Litcius/Paper detail

Who owns (or controls) health data?

Scott D. Kahn, Sharon F. Terry

2024Scientific Data14 citationsDOIOpen Access PDF

Abstract

There is a decades-old practice of so-called de-identifying health data so the information could be shared openly for secondary use in research 1 . The process of deidentifying includes removing directly identifying data such as name and birthdate, and removal of indirect identifiers that in aggregate increase the risk of re-identification. As computing power has increased exponentially, so has the development of machine learning (ML) and artificial intelligence (AI) algorithms that can process collections of such de-identified data to re-identify individuals 2 , 3 , 4 , 5 , 6 , 7 , 8 , 9 , 10 , 11 , 12 , 13 . Such risks will vary with different data types making the assessment of this risk important prior to data release and making the interpretation of “de-identified” data under HIPAA more nuanced. With the risk of re-identification as a present-day reality, involving individuals in sharing their health data for research is critical, especially regarding transparency around who is performing the research and for what purpose. One powerful framework to achieve these objectives centers on rights-based data privacy regulations that assert the control of the use of data collected about an individual rests with the individual rather than with the institution that collected the data 14 .

Topics & Concepts

Transparency (behavior)Internet privacyData sharingHealth dataInformation privacyControl (management)Public relationsBusinessPolitical scienceComputer scienceLawMedicineHealth careAlternative medicinePathologyArtificial intelligencePrivacy-Preserving Technologies in DataEthics in Clinical ResearchData Analysis and Archiving