Going Rogue: Mobile Research Applications and the Right to Privacy

This Article investigates whether nonsectoral state laws may serve as a viable source of privacy and security standards for mobile health research participants and other health data subjects until new federal laws are created or enforced. In particular, this Article (1) catalogues and analyzes the nonsectoral data privacy, security, and breach notification statutes of all fifty states and the District of Columbia; (2) applies these statutes to mobile-app-mediated health research conducted by independent scientists, citizen scientists, and patient researchers; and (3) proposes substantive amendments to state law that could help protect the privacy and security of all health data subjects, including mobile-app-mediated health research participants

Opportunities for information sharing: case studies

Personal information provided to government and non-government service providers is highly sensitive. Appropriate collection, management and storage of personal information are critical elements to citizen trust in the public sector. However, misconceptions about the frameworks governing sharing personal information can impact on the coordination of services, case management and policy development.   The NSW Department of Premier & Cabinet engaged the Social Policy Research Centre to develop three case studies that identified the challenges to sharing information appropriately, and the opportunities for better personal information sharing between government agencies and non-government organisations. Improved sharing of personal information in these areas can support more effective policy development, leading to improved service delivery performance and coordination.   The Social Policy Research Centre identified the legislative and policy framework for each case study, conducted qualitative research on the interpretation of this framework, and developed three case study reports

Essentially yours: the protection of human genetic information in Australia

ALRC Report 96 (tabled May 2003)  was the product of a two-year inquiry by the ALRC and the Australian Health Ethics Committee (AHEC) of the NHMRC, involving extensive research and widespread public consultation.The inquiry was the most comprehensive ever undertaken into these issues in Australia or overseas. The report covers an extensive range of activities in which genetic information plays—or soon will play—an important role. The two-volume, 1200 page report makes 144 recommendations about how Australia should deal with the ethical, legal and social implications of the New Genetics. This Report reflects the law as at 14 March 2003

Not So Private

Federal and state laws have long attempted to strike a balance between protecting patient privacy and health information confidentiality on the one hand and supporting important uses and disclosures of health information on the other. To this end, many health laws restrict the use and disclosure of identifiable health data but support the use and disclosure of de-identified data. The goal of health data de-identification is to prevent or minimize informational injuries to identifiable data subjects while allowing the production of aggregate statistics that can be used for biomedical and behavioral research, public health initiatives, informed health care decision making, and other important activities. Many federal and state laws assume that data are de-identified when direct and indirect demographic identifiers such as names, user names, email addresses, street addresses, and telephone numbers have been removed. An emerging reidentification literature shows, however, that purportedly de-identified data can—and increasingly will—be reidentified. This Article responds to this concern by presenting an original synthesis of illustrative federal and state identification and de-identification laws that expressly or potentially apply to health data; identifying significant weaknesses in these laws in light of the developing reidentification literature; proposing theoretical alternatives to outdated identification and de-identification standards, including alternatives based on the theories of evolving law, nonreidentification, non-collection, non-use, non-disclosure, and nondiscrimination; and offering specific, textual amendments to federal and state data protection laws that incorporate these theoretical alternatives

Avoiding disclosure of individually identifiable health information: a literature review

Achieving data and information dissemination without arming anyone is a central task of any entity in charge of collecting data. In this article, the authors examine the literature on data and statistical confidentiality. Rather than comparing the theoretical properties of specific methods, they emphasize the main themes that emerge from the ongoing discussion among scientists regarding how best to achieve the appropriate balance between data protection, data utility, and data dissemination. They cover the literature on de-identification and reidentification methods with emphasis on health care data. The authors also discuss the benefits and limitations for the most common access methods. Although there is abundant theoretical and empirical research, their review reveals lack of consensus on fundamental questions for empirical practice: How to assess disclosure risk, how to choose among disclosure methods, how to assess reidentification risk, and how to measure utility loss.public use files, disclosure avoidance, reidentification, de-identification, data utility

Algorithms to anonymize structured medical and healthcare data:A systematic review

Introduction: With many anonymization algorithms developed for structured medical health data (SMHD) in the last decade, our systematic review provides a comprehensive bird’s eye view of algorithms for SMHD anonymization. Methods: This systematic review was conducted according to the recommendations in the Cochrane Handbook for Reviews of Interventions and reported according to the Preferred Reporting Items for Systematic Reviews and Meta-Analyses (PRISMA). Eligible articles from the PubMed, ACM digital library, Medline, IEEE, Embase, Web of Science Collection, Scopus, ProQuest Dissertation, and Theses Global databases were identified through systematic searches. The following parameters were extracted from the eligible studies: author, year of publication, sample size, and relevant algorithms and/or software applied to anonymize SMHD, along with the summary of outcomes. Results: Among 1,804 initial hits, the present study considered 63 records including research articles, reviews, and books. Seventy five evaluated the anonymization of demographic data, 18 assessed diagnosis codes, and 3 assessed genomic data. One of the most common approaches was k-anonymity, which was utilized mainly for demographic data, often in combination with another algorithm; e.g., l-diversity. No approaches have yet been developed for protection against membership disclosure attacks on diagnosis codes. Conclusion: This study reviewed and categorized different anonymization approaches for MHD according to the anonymized data types (demographics, diagnosis codes, and genomic data). Further research is needed to develop more efficient algorithms for the anonymization of diagnosis codes and genomic data. The risk of reidentification can be minimized with adequate application of the addressed anonymization approaches. Systematic Review Registration: [http://www.crd.york.ac.uk/prospero], identifier [CRD42021228200].</p

Evaluating the Impact of Integrated Care on Service Utilization in Serious Mental Illness

Serious mental illness (SMI) affects 5% of the United States population and is associated with increased morbidity and mortality. Use of high-cost healthcare services is common, including hospitalizations and emergency department (ED) visits. Integrating behavioral and physical healthcare may improve care for consumers with SMI, but prior research findings have been mixed. This quantitative retrospective cohort study addressed the impact of integrated care on physical health and ambulatory care sensitive (ACS) utilization via a program evaluation of an integrated health clinic (IHC) at a community mental health center (CMHC). The research questions assessed whether there was a predictive relationship between IHC enrollment and physical health and ACS-specific service utilization for consumers with SMI when controlling for demographic characteristics and disease severity. Secondary administrative healthcare data, including authorization and electronic medical record data, were provided by the CMHC. Logistic regressions assessed the odds of experiencing an inpatient admission or ED visit before or after IHC enrollment; the predictive relationship between IHC enrollment and service utilization was assessed using multiple linear and Poisson regression analyses. There was no statistically significant impact of integrated care clinic enrollment on physical health or ACS-specific utilization. The sample had lower levels of physical health utilization than would have been expected. In terms of positive social change, results may help the CMHC assess the IHC program, overall clinic success, and use of data. Since policy and payment structures continue to support integrated care models, further research on different programs are encouraged, as each setting and practice pattern is unique