Balancing access to health data and privacy: a review of the issues and approaches for the future.

BACKGROUND There has been a dramatic increase in the types of microdata, and this holds great promise for health services research. However, legislative efforts to protect individual privacy have reduced the flow of health care data for research purposes and increased costs and delays, affecting the quality of analysis. AIM This paper provides an overview of the challenges raised by concerns about data confidentiality in the context of health services research, the current methodologies used to ensure data security, and a description of one successful approach to balancing access and privacy. Materials and Methods. We analyze the issues of access and privacy using a conceptual framework based on balancing the risk of reidentification with the utility associated with data analysis. The guiding principle should be to generate released data that are as close to the maximum acceptable risk as possible. HIPAA and other privacy measures can perhaps be seen as having had the effect of lowering the "maximum acceptable risk" level and rendering some data unreleasable. RESULTS We discuss the levels of risk and utility associated with different types of data used in health services research and the ability to link data from multiple sources as well as current models of data sharing and their limitations. DISCUSSION One particularly compelling approach is to establish a remote access "data enclave," where statistical protections are applied to the data, technical protections ensure compliance with data-sharing requirements, and operational controls limit researchers' access to the data they need for their specific research questions. CONCLUSION We recommend reducing delays in access to data for research, increasing the use of remote access data enclaves, and disseminating knowledge and promulgating standards for best practices related to data protection.

[1]  Roberta B. Ness,et al.  Influence of the HIPAA privacy rule on health research , 2008 .

[2]  Johannes Fernandes-Huessy,et al.  Avoiding Disclosure of Individually Identifiable Health Information , 2011 .

[3]  Richard J. Lipton,et al.  Secure databases: protection against user influence , 1979, TODS.

[4]  Jolene Galegher,et al.  The Health Insurance Portability and Accountability Act Privacy Rule: A Practical Guide for Researchers , 2004, Medical care.

[5]  E. Laumann,et al.  Sexuality: measures of partnerships, practices, attitudes, and problems in the National Social Life, Health, and Aging Study. , 2009, The journals of gerontology. Series B, Psychological sciences and social sciences.

[6]  Julia Lane Optimizing the Use of Microdata , 2009, IASSIST Conference.

[7]  J. Marc Overhage,et al.  Application of Information Technology: A Context-sensitive Approach to Anonymizing Spatial Surveillance Data: Impact on Outbreak Detection , 2006, J. Am. Medical Informatics Assoc..

[8]  Ramayya Krishnan,et al.  Disclosure Limitation Methods and Information Loss for Tabular Data , 2001 .

[9]  W. Winkler Overview of Record Linkage and Current Research Directions , 2006 .

[10]  P. Doyle,et al.  Confidentiality, Disclosure and Data Access: Theory and Practical Applications for Statistical Agencies , 2001 .

[11]  Linda F. Samson,et al.  Barriers of HIPAA Regulation to Implementation of Health Services Research , 2006, Journal of Medical Systems.

[12]  C. Steiner,et al.  Sensitivity of Household Reported Medical Conditions in the Medical Expenditure Panel Survey , 2009, Medical care.

[13]  Julia Lane,et al.  Optimizing the Use of Micro-Data: An Overview of the Issues , 2005 .

[14]  P. Mohr,et al.  Using survey data to estimate prescription drug costs. , 1990, Health affairs.

[15]  Kristin A. Cook,et al.  Illuminating the Path: The Research and Development Agenda for Visual Analytics , 2005 .

[16]  Juan José SALAZAR-GONZÁLEZ,et al.  Statistical Confidentiality: Principles and Practice , 2011 .

[17]  H E Freeman,et al.  Use of telephone interviewing in health care research. , 1990, Health services research.

[18]  John M. Abowd,et al.  New Approaches to Confidentiality Protection: Synthetic Data, Remote Access and Research Data Centers , 2004, Privacy in Statistical Databases.