The role of consent for research use of health information is contentious. Most discussion has focused on when project-specific consent may be waived but, recently, a broader range of consent options has been entertained, including broad opt-in for multiple studies with restrictions and notification with opt-out. We sought to elicit public values in this matter and to work toward an agreement about a common approach to consent for use of personal information for health research through deliberative public dialogues.
We conducted seven day-long public dialogues, involving 98 participants across Canada. Immediately before and after each dialogue, participants completed a fixed-response questionnaire rating individuals' support for 3 approaches to consent in the abstract and their consent choices for 5 health research scenarios using personal information. They also rated how confident different safeguards made them feel that their information was being used responsibly.
Broad opt-in consent for use of personal information garnered the greatest support in the abstract. When presented with specific research scenarios, no one approach to consent predominated. When profit was introduced into the scenarios, consent choices shifted toward greater control over use. Despite lively and constructive dialogues, and considerable shifting in opinion at the individual level, at the end of the day, there was no substantive aggregate movement in opinion. Personal controls were among the most commonly cited approaches to improving people's confidence in the responsible use of their information for research.
Because no one approach to consent satisfied even a simple majority of dialogue participants and the importance placed on personal controls, a mechanism should be developed for documenting consent choice for different types of research, including ways for individuals to check who has accessed their medical record for purposes other than clinical care. This could be done, for example, through a web-based patient portal to their electronic health record. Researchers and policy makers should continue to engage the public to promote greater public understanding of the research process and to look for feasible alternatives to existing approaches to project-specific consent for observational research.
Cites: J Am Med Inform Assoc. 2007 Nov-Dec;14(6):706-1217712084
Cites: CMAJ. 2000 Oct 31;163(9):1146-811079059
Cites: J Law Med Ethics. 2003 Fall;31(3):429-3314626550
Cites: J Med Ethics. 2004 Feb;30(1):104-914872086
Cites: J Health Serv Res Policy. 2004 Jan;9(1):22-715006236
Cites: BMC Med Inform Decis Mak. 2007;7:2517850667
Cites: J Med Internet Res. 2005;7(4):e4716236699
Cites: Int J Med Inform. 2006 Jul;75(7):530-4116198142
The Internet provides many advantages when used for interaction and data sharing among health care providers, patients, and researchers. However, the advantages provided by the Internet come with a significantly greater element of risk to the confidentiality, integrity, and availability of information. It is therefore essential that Health Care Establishments processing and exchanging medical data use an appropriate security policy.
To develop a High Level Security Policy for the processing of medical data and their transmission through the Internet, which is a set of high-level statements intended to guide Health Care Establishment personnel who process and manage sensitive health care information.
We developed the policy based on a detailed study of the existing framework in the EU countries, USA, and Canada, and on consultations with users in the context of the Intranet Health Clinic project. More specifically, this paper has taken into account the major directives, technical reports, law, and recommendations that are related to the protection of individuals with regard to the processing of personal data, and the protection of privacy and medical data on the Internet.
We present a High Level Security Policy for Health Care Establishments, which includes a set of 7 principles and 45 guidelines detailed in this paper. The proposed principles and guidelines have been made as generic and open to specific implementations as possible, to provide for maximum flexibility and adaptability to local environments. The High Level Security Policy establishes the basic security requirements that must be addressed to use the Internet to safely transmit patient and other sensitive health care information.
The High Level Security Policy is primarily intended for large Health Care Establishments in Europe, USA, and Canada. It is clear however that the general framework presented here can only serve as reference material for developing an appropriate High Level Security Policy in a specific implementation environment. When implemented in specific environments, these principles and guidelines must also be complemented by measures, which are more specific. Even when a High Level Security Policy already exists in an institution, it is advisable that the management of the Health Care Establishment periodically revisits it to see whether it should be modified or augmented.
Cites: Med Inform Internet Med. 2000 Oct-Dec;25(4):265-7311198188
In this paper we report on findings related to treatment of patient consent in various circumstances and geographic domains; explore transfer of health data between custodians and geo-political entities; and emphasize importance of educating general public about issues related to handling health data. A specific set of questions about consent/legislation and related issues in the Canada, the USA and the EU are addressed in an attempt to answer them systematically. This comparison identifies similarities and differences along a set of dimensions.
The paper describes the security concerns related to Electronic Health Records (EHR) both in registration of data and integration of systems. A description of the current state of EHR systems in Iceland is provided, along with the Ministry of Health's future vision and plans. New legislation provides the opportunity for increased integration of EHRs and further collaboration between institutions. Integration of systems, along with greater availability and access to EHR data, requires increased security awareness since additional risks are introduced. The paper describes the core principles of information security as it applies to EHR systems and data. The concepts of confidentiality, integrity, availability, accountability and traceability are introduced and described. The paper discusses the legal requirements and importance of performing risk assessment for EHR data. Risk assessment methodology according to the ISO/IEC 27001 information security standard is described with examples on how it is applied to EHR systems.
The development of a sustainable, high-quality, affordable health care is today a high priority for many actors in the society. This is to ensure that we will continue to afford to care for the growing portion of elderly in our population. One solution is to enable the individual's power over her own health or illness, and participation in her own care. There are evidently opportunities with the rapid development of eHealth and wearable sensors. Tracking and measuring vital data can help to keep people out of the hospital. Loads of data is generated to help us understand disease, to provide us with early diagnostics and warnings. It is providing us with possibilities to collect and capture the true health status of individuals. Successful technologies demonstrate savings, acceptance among users and improved access to healthcare. But there are also challenges. Implementing new technologies in health care is difficult. Researchers from around the world are reporting on similar problems, such as reimbursement, interoperability, usability and regulatory issues. This paper will discuss a few of these implementation challenges as well as a few of the efforts in meeting them. To conclude, eHealth solutions can contribute to patient empowerment and a sustainable health care. Our assumption is however, that as long as we do not face the implementation challenges and invest in overcoming the pressing obstacles, society will not be able, or willing, to pay for the solutions.