Part of the "2016 Annual Conference: Big Data, Health Law, and Bioethics" held at Harvard Law School on May 6, 2016.
This conference aimed to: (1) identify the various ways in which law and ethics intersect with the use of big data in health care and health research, particularly in the United States; (2) understand the way U.S. law (and potentially other legal systems) currently promotes or stands as an obstacle to these potential uses; (3) determine what might be learned from the legal and ethical treatment of uses of big data in other sectors and countries; and (4) examine potential solutions (industry best practices, common law, legislative, executive, domestic and international) for better use of big data in health care and health research in the U.S.
The Petrie-Flom Center for Health Law Policy, Biotechnology, and Bioethics at Harvard Law School 2016 annual conference was organized in collaboration with the Berkman Center for Internet & Society at Harvard University and the Health Ethics and Policy Lab, University of Zurich.
Learn more at http://petrieflom.law.harvard.edu/events/details/2016-annual-conference.
MANAGING THE INFORMATION SECURITY ISSUES OF ELECTRONIC MEDICAL RECORDS
Semelhante a Laura Odwazny, 'Regulations Are Not the Barrier to Use of Big Data in Health Research: Tensions Between Privacy Lapses and “Minimal Risk”'
Semelhante a Laura Odwazny, 'Regulations Are Not the Barrier to Use of Big Data in Health Research: Tensions Between Privacy Lapses and “Minimal Risk”' (20)
Jaipur Call Girls 9257276172 Call Girl in Jaipur Rajasthan
Laura Odwazny, 'Regulations Are Not the Barrier to Use of Big Data in Health Research: Tensions Between Privacy Lapses and “Minimal Risk”'
1. The
Tension
between
Societal
Lapses
in
Protecting
the
Privacy
of
Individuals
and
the
Regulatory
Definition
of
“Minimal
Risk”
Laura
Odwazny
Office
of
the
General
Counsel,
HHS
2. Disclaimer
• This
presentation
does
not
constitute
legal
advice.
The
views
expressed
are
the
presenter’s
own,
and
do
not
bind
the
U.S.
Department
of
Health
and
Human
Services
or
its
components.
• OHRP
may
or
may
not
agree
with
some
of
my
ideas.
3. Big
data
health
research
and
privacy
• Health
data
is
presumptively
sensitive
• The
research
use
of
sensitive
information
can
impact
privacy
interests
of
individuals
• The
Federal
Common
Rule
applies
to
secondary
use
research
of
individually
identifiable
private
information
(secondary
use
=
use
of
information
already
obtained
from
the
individual
for
another
purpose)
• Big
data
health
research
does
not
involve
human
subjects
if
researchers
do
not
collect
subject
data
through
intervention
or
interaction
with
subjects,
or
obtain
individually
identifiable
private
information
4. What
risk
does
big
data
health
research
pose
to
subjects?
• Informational
risk
– Unauthorized
or
inappropriate
use/disclosure
of
information,
in
ways
harmful
to
research
subjects
(e.g.,
disclosure
of
illegal
activities,
contagious
disease,
substance
abuse,
or
chronic
illness
might
jeopardize
employment,
injure
reputation,
cause
emotional
harm)
– Correlated
with
nature
of
the
information
and
degree
of
identifiability
of
the
information
• Risk
of
dignitary
harm
– Disclosure
harmful
per
se
as
injury
to
“social
personality”
• [Others?]
5. IRB
review
of
big
data
health
research
• Anecdotal
evidence
suggests
IRBs
find
it
difficult
to
apply
Common
Rule
standards
to
big
data
health
research,
including
risk
assessment
• IRBs
may
be
uncomfortable
deeming
big
data
health
research
to
involve
minimal
risk
to
subjects
– Ability
to
protect
subjects’
privacy
via
deidentification
challenged
by
well-‐publicized
“proof
of
concept”
reidentification
projects
– No
comprehensive
extra-‐regulatory
scheme
for
protecting
privacy
interests
of
individuals
whose
health
information
may
be
used
in
big
data
research
– IRB
assessment
of
risk
varies
and
may
not
be
evidence-‐
based:
reliance
on
intuition,
familiarity,
control
(Wendler,
Hirshon,
Shah)
6. Common
Rule
definition
of
minimal
risk
• The
Common
Rule
defines
minimal
risk
as
the:
“probability
and
magnitude
of
harm
or
discomfort
anticipated
in
the
research
are
not
greater
in
and
of
themselves
than
those
ordinarily
encountered
in
daily
life
or
during
the
performance
of
routine
physical
or
psychological
examinations
or
tests”
45
CFR
46.102(i)
• “Minimal
risk”
=
threshold
determination
for
certain
Common
Rule
flexibilities,
including
waiver
of
informed
consent
7. IRB
assessment
of
minimal
risk
• The
variability
in
IRB
assessment
of
minimal
risk
is
well-‐documented.
(See
Hirshon
(2002),
Shah
(2004))
• OHRP
has
no
published
guidance
on
the
appropriate
application
of
the
definition
of
minimal
risk.
• SACHRP
has
provided
recommendations
to
the
Secretary
of
HHS
on
how
minimal
risk
should
be
assessed
– but
these
are
not
agency
guidance.
8. Key
Questions
• How
should
the
Common
Rule
minimal
risk
standard
apply
to
big
data
health
research?
– Comparison
to
“daily
life
risks”
– [Comparison
to
routine
physical
or
psychological
examinations/tests]
• How
do
the
informational
risks
and
risks
of
dignitary
harm
presented
by
daily
life
activities
inform
consideration
of
risks
of
big
data
health
research?
9. Assessing
minimal
risk
involves
comparison
• “Probability”
(likelihood)
and
“magnitude”
(level
of
severity)
of
harm
anticipated
in
research
compared
to
likelihood
of
risk
of
the
same
magnitude
posed
by
daily
life
activities
• May,
but
need
not,
be
a
1:1
comparison
of
types
of
activities
– Risks
of
research
survey
may
be
compared
with
risks
of
questionnaire
given
in
schools
– Non-‐sedation
MRI
may
not
be
a
daily
life
activity,
but
risks
still
may
fall
below
the
upper
boundary
of
probability
and
magnitude
of
risks
of
daily
life
activities
10. The
minimal
risk
threshold
• Daily
life
activities
pose
different
levels
of
risk
– there
is
a
range
of
daily
life
risks
• SACHRP
recommends
minimal
risk
threshold
is
fixed
at
upper
boundary
of
harms
and
discomforts
ordinarily
encountered,
reflecting
familiar
and
routine
background
risks
for
average
person
in
the
general
population
11. Which
comparator
risks
of
daily
life
activities
should
be
included
in
the
range?
• Risks
ordinarily
encountered
by
healthy
people
engaging
in
most
risky
daily
life
activities?
– E.g.,
free
climbing,
riding
a
motorcycle
• Socially
acceptable
risks
healthy
individuals
encounter?
– E.g.,
tackle
football
• Risks
healthy
individuals
living
in
safe
environments
generally
have
in
common?
– E.g.,
crossing
a
busy
street,
telephone
surveys,
driving
to
work
12. Conceptions
of
daily
life
risk
standard:
What
comparator
risks?
Whose
life?
• Uniform
standard
– Daily
life
risks
of
average
healthy
individuals
living
in
safe
environments
• Relative
standard
– Daily
life
risks
of
subject
population
• Modified
objective
standard
(Wendler
2004)
– Relevance,
scientific
necessity,
sufficient
benefit,
nonmaleficence
informs
whether
any
added
risks
of
the
research;
any
added
risks
evaluated
under
uniform
standard
• [Charitable
participation
standard
(Wendler
2005,
2015)
– Risks
acceptable
in
the
context
of
activities
designed
to
benefit
others]
13. Content modifiedfrom DavidStrauss
SACHRP presentation(2006)
Minimal
risk
thresholds
compared
Healthy
Subjects
Cocaine
Abusers
Cocaine
abusers
with additional
confidentiality
protections
Probability
and magnitude
of harm and
discomfort from
the research, for
the study
population
Uniform, and
modified objective
assessment of added
research risks
Relative standard
14. The
uniform
standard,
considering
risks
of
big
data
research
as
additional
to
daily
life
risks
Healthy
subjects
Subjects
with sensitive
health
condition
Subjects with
sensitive
health
condition
Content modifiedfrom DavidStrauss
SACHRP presentation(2006)
with additional
confidentiality
protections
Probability
and magnitude
of harm and
discomfort
from big data
health research,
for the study
population
Estimate of
probability and
magnitude of
the harm and
discomfort of
daily life of
average healthy
individuals
living in safe
environments=
the minimal risk
uniform threshold
15. “Background
risks”
vs.
uniform
daily
life
risks
• Under
a
uniform
standard,
elevated
contextual
background
risks
for
subjects
(e.g.,
civil
war)
should
not
affect
minimal
risk
threshold
• Question:
how
do
daily
life
risks
move
from
the
“contextual
background”
to
the
common?
• Have
informational
risks
and
risks
of
dignitary
harm
become
so
prevalent
that
they
have
transcended
the
experiences
of
the
subject
population
of
big
data
research,
and
are
best
considered
risks
of
daily
life
common
among
healthy
individuals
living
in
safe
environments?
16. Uniform
standard,
considering
risks
presented
by
big
data
research
to
be
risks
of
daily
life
(in
nature,
probability,
and
magnitude)
Healthy
Subjects
Subjects
with sensitive
health
condition
Subjects with
sensitive
health
condition
Content modifiedfrom DavidStrauss
SACHRP presentation(2006)
with additional
confidentiality
protections
Probability
and magnitude
of harm and
discomfort from
big data health
research,
for the study
population
Estimate of the
probability and
magnitude of
the harm and
discomfort of
daily life of
average healthy
individuals
living in safe
environments=
the minimal risk
threshold
17. Constraints
• General
acceptance
of
an
ethical
framework
for
assessing
what
may
be
considered
common
daily
life
risks
of
healthy
individuals
living
in
safe
environments
would
help
ensure
consistency
in
minimal
risk
determinations
• Data
on
reports
of
injury
resulting
from
daily
life
informational
risks
or
risks
of
dignitary
harm
would
be
useful
– Literature
search
– Survey
of
human
subjects
research
experts
and
ethicists
– Survey
of
investigators
and
research
subjects
18. Conclusions
• An
IRB
may
reasonably
determine
that
big
data
health
research
presents
no
more
than
minimal
risk
to
subjects
under
several
conceptions
of
the
daily
life
risks
minimal
risk
standard
• Guidance
from
Federal
agencies
could
be
helpful
• Interesting
questions
beyond
the
scope
of
this
analysis:
– When
informed
consent
for
minimal
risk
research
ought
to
be
obtained
for
ethical
considerations
– Is
there
something
particular
to
big
health
data
that
warrants
added
protections
for
its
research
use
(such
as
informed
consent)