Balancing Privacy, Autonomy, and Scientific Needs in Electronic Health Records Research
Keywords
De-identificationHealth Law
Human subject protections
HIPAA Security Rule
Privacy
Common good
Clinical research
Informed consent
Law
Constitutional Law
Informational risks
Electronic health records
Re-identification
HIPAA Privacy Rule
Research oversight
Human subject autonomy
Records-based research
Full record
Show full item recordOnline Access
http://scholarlycommons.law.case.edu/cgi/viewcontent.cgi?article=1004&context=faculty_publicationshttp://scholarlycommons.law.case.edu/faculty_publications/5
Abstract
The ongoing transition from paper medical files to electronic health records will provide unprecedented amounts of data for biomedical research, with the potential to catalyze significant advances in medical knowledge. But this potential can be fully realized only if the data available to researchers is representative of the patient population as a whole. Thus, allowing individual patients to exclude their health information, in keeping with traditional notions of informed consent, may compromise the research enterprise and the medical benefits it produces. This Article analyzes the tension between realizing societal benefits from medical research and granting individual preferences for privacy. It argues for a shift in the conceptual and regulatory frameworks that govern biomedical research. When studies involve electronic record review rather than human experimentation, the traditional, autonomy-dominated model should give way to one that emphasizes the common good. In record-based studies, the limited benefits of individual informed consent come at too high a cost - difficult administrative burdens, significant expenses, and a tendency to create selection biases that distort study outcomes. Other mechanisms can better protect data subjects’ privacy and dignitary interests without compromising research opportunities. In this Article, we formulate a novel, mufti-faceted approach to achieve these ends. This approach recognizes that technical means for achieving identity concealment and information security are necessary but not sufficient to protect patients’ medical privacy and foster public trust while facilitating research. Hence, we call for supplementing such means with (1) an oversight process that is tailored to record-based research and applies even to De-identified patient records, which are currently exempt from scrutiny, and (2) public notice and education about the nature and potential benefits of such research.Date
2012-01-01Type
textIdentifier
oai:scholarlycommons.law.case.edu:faculty_publications-1004http://scholarlycommons.law.case.edu/cgi/viewcontent.cgi?article=1004&context=faculty_publications
http://scholarlycommons.law.case.edu/faculty_publications/5