Address correspondence to Julia Lane, Ph.D., National Science Foundation, 4201 Wilson Blvd, Arlington, VA 22230; email: firstname.lastname@example.org. Claudia Schur, Ph.D., is with the Center for Health Research and Policy, Social & Scientific Systems, Silver Spring, MD.
Balancing Access to Health Data and Privacy: A Review of the Issues and Approaches for the Future
Article first published online: 2 AUG 2010
© Health Research and Educational Trust
Health Services Research
Volume 45, Issue 5p2, pages 1456–1467, October 2010
How to Cite
Lane, J. and Schur, C. (2010), Balancing Access to Health Data and Privacy: A Review of the Issues and Approaches for the Future. Health Services Research, 45: 1456–1467. doi: 10.1111/j.1475-6773.2010.01141.x
- Issue published online: 9 SEP 2010
- Article first published online: 2 AUG 2010
- Administrative data uses;
- confidentiality/privacy issues;
- health policy/politics/law/regulation;
- research ethics/institutional review boards/publication;
- dissemination issues
Background. There has been a dramatic increase in the types of microdata, and this holds great promise for health services research. However, legislative efforts to protect individual privacy have reduced the flow of health care data for research purposes and increased costs and delays, affecting the quality of analysis.
Aim. This paper provides an overview of the challenges raised by concerns about data confidentiality in the context of health services research, the current methodologies used to ensure data security, and a description of one successful approach to balancing access and privacy.
Materials and Methods. We analyze the issues of access and privacy using a conceptual framework based on balancing the risk of reidentification with the utility associated with data analysis. The guiding principle should be to generate released data that are as close to the maximum acceptable risk as possible. HIPAA and other privacy measures can perhaps be seen as having had the effect of lowering the “maximum acceptable risk” level and rendering some data unreleasable.
Results. We discuss the levels of risk and utility associated with different types of data used in health services research and the ability to link data from multiple sources as well as current models of data sharing and their limitations.
Discussion. One particularly compelling approach is to establish a remote access “data enclave,” where statistical protections are applied to the data, technical protections ensure compliance with data-sharing requirements, and operational controls limit researchers' access to the data they need for their specific research questions.
Conclusion. We recommend reducing delays in access to data for research, increasing the use of remote access data enclaves, and disseminating knowledge and promulgating standards for best practices related to data protection.