Biomedical data privacy: problems, perspectives, and recent advances

Abstract

INTRODUCTION The notion of privacy in the healthcare domain is at least as old as the ancient Greeks. Several decades ago, as electronic medical record (EMR) systems began to take hold, the necessity of patient privacy was recognized as a core principle, or even a right, that must be upheld. 2 This belief was re-enforced as computers and EMRs became more common in clinical environments. However, the arrival of ultra-cheap data collection and processing technologies is fundamentally changing the face of healthcare. The traditional boundaries of primary and tertiary care environments are breaking down and health information is increasingly collected through mobile devices, in personal domains (eg, in one’s home), and from sensors attached on or in the human body (eg, body area networks). At the same time, the detail and diversity of information collected in the context of healthcare and biomedical research is increasing at an unprecedented rate, with clinical and administrative health data being complemented with a range of *omics data, where genomics and proteomics are currently leading the charge, with other types of molecular data on the horizon. Healthcare organizations (HCOs) are adopting and adapting information technologies to support an expanding array of activities designed to derive value from these growing data archives, in terms of enhanced health outcomes. The ready availability of such large volumes of detailed data has also been accompanied by privacy invasions. Recent breach notification laws at the US federal and state levels have brought to the public’s attention the scope and frequency of these invasions. For example, there are cases of healthcare provider snooping on the medical records of famous people, family, and friends, use of personal information for identity fraud, and millions of records disclosed through lost and stolen unencrypted mobile devices. The danger is that such publicized incidents will erode patient trust over time, and lead to privacy protective behaviors. For example, between 15% and 17% of US adults have changed their behavior to protect the privacy of their health information, doing things such as: going to another doctor, paying out-of-pocket when insured to avoid disclosure, not seeking care to avoid disclosure to an employer, giving inaccurate or incomplete information on medical history, self-treating or self-medicating rather than seeing a provider, or asking a doctor not to write down the health problem or record a less serious or embarrassing condition. A survey of service members who had been on active duty found that respondents were concerned that if they received treatment for their mental health problems, it would not be kept confidential and would have a negative impact on future job assignments and career advancement. Specific vulnerable populations have reported similar privacy protective behaviors, such as adolescents, people with HIV or at high risk for HIV, women undergoing genetic testing, mental health patients, and victims of domestic violence. A survey of Californian residents found that discussing depression with their primary care physician was a barrier to 15% of the respondents because of privacy concerns. On the other hand, some legal scholars are questioning the survival of conventional privacy expectations. Privacy has conventionally been defined as an individual’s ability to control the disclosure of personal facts. 30 However, privacy is also a multi-dimensional concept 32 and any shifts in privacy expectations are not homogeneous in direction and intensity across all of these dimensions. Furthermore, advances in informatics that may be eroding individuals’ control over their information are being countered by advances in privacy enhancing technologies, as well as regulatory and policy changes that give individuals back control over their information. This special issue was established to solicit current research in privacy as it is currently understood and is being redefined for emerging biomedical systems. The selected articles consider the different dimensions of privacy, and describe some novel privacy enhancing technologies and their applications, as well as the governance, regulatory, and policy mechanisms that are being used to manage privacy risks. Privacy is a major patient, provider, regulator, and legislator concern today. There is therefore a need to address these concerns in a practical way that can be deployed in the short term. Deployment must be preceded by a convincing evidence base demonstrating the rationale, costs, and benefits of an intervention. At the same time, new theoretical models and novel approaches that still need to be evaluated and tested in the field, are also necessary to ensure that the field keeps evolving. In putting together this special issue we attempted to balance these two perspectives, with articles presenting results of immediate relevance and applicability, and material covering theoretical work that remains to be proven in practical settings. There were 53 papers submitted for consideration in this issue, of which 13 were accepted for publication, for an acceptance rate of 25%. All papers were subject to a rigorous review by at least two referees and oversight by one of the guest editors. The review process for papers authored by guest editors, as well as the editor-in-chief, was handled by an unaffiliated associate editor of the journal. In addition to peerreviewed manuscripts, two invited papers were solicited for the special issue to address the topics of privacy policy and technical data protection mechanisms. Department of Biomedical Informatics, Vanderbilt University, Nashville, Tennessee, USA Department of Electrical Engineering and Computer Science, Vanderbilt University, Nashville, Tennessee, USA Children’s Hospital of Eastern Ontario, Ottawa, Ontario, Canada Department of Paediatrics, University of Ottawa, Ottawa, Ontario, Canada CSIRO Mathematics, Informatics and Statistics, Canberra, Australian Capital Territory, Australia

DOI: 10.1136/amiajnl-2012-001509
0204020132014201520162017
Citations per Year

78 Citations

Semantic Scholar estimates that this publication has 78 citations based on the available data.

See our FAQ for additional information.

Cite this paper

@article{Malin2013BiomedicalDP, title={Biomedical data privacy: problems, perspectives, and recent advances}, author={Bradley Malin and Khaled El Emam and Christine M. O'Keefe}, journal={Journal of the American Medical Informatics Association : JAMIA}, year={2013}, volume={20 1}, pages={2-6} }