09 September 2011

Data mining and responsibility

Two articles on privacy, data protection and research. The 58 page 'Balancing Privacy, Autonomy, and Scientific Needs in Electronic Health Records Research' by Sharona Hoffman & Andy Podgurski argues that
The ongoing transition from paper medical files to electronic health records will provide unprecedented amounts of data for biomedical research, with the potential to catalyze significant advances in medical knowledge. But this potential can be fully realized only if the data available to researchers is representative of the patient population as a whole. Thus, allowing individual patients to exclude their health information, in keeping with traditional notions of informed consent, may compromise the research enterprise and the medical benefits it produces.

This Article analyzes the tension between realizing societal benefits from medical research and granting individual preferences for privacy. It argues for a shift in the conceptual and regulatory frameworks that govern biomedical research. When studies involve electronic record review rather than human experimentation, the traditional, autonomy-dominated model should give way to one that emphasizes the common good. In record-based studies, the limited benefits of individual informed consent come at too high a cost - difficult administrative burdens, significant expenses, and a tendency to create selection biases that distort study outcomes. Other mechanisms can better protect data subjects’ privacy and dignitary interests without compromising research opportunities.

In this Article, we formulate a novel, mufti-faceted approach to achieve these ends. This approach recognizes that technical means for achieving identity concealment and information security are necessary but not sufficient to protect patients’ medical privacy and foster public trust while facilitating research. Hence, we call for supplementing such means with (1) an oversight process that is tailored to record-based research and applies even to De-identified patient records, which are currently exempt from scrutiny, and (2) public notice and education about the nature and potential benefits of such research.
David Erdos in 'Constructing the Labyrinth: The Impact of Data Protection on the Development of 'Ethical' Regulation in Social Science' more problematically argues that -
although not drafted with such activities specifically in mind, the growth of legal initiatives protecting personal information have exerted a powerful and under-recognized impact on how social science is ‘ethically’ regulated. This impact has been both direct and indirect. At an indirect level, data protection law has encouraged the development of ‘self-regulation’ by learned societies, research institutions and funding bodies including, most importantly, the recent expansion of the remit of research ethics committees within UK universities. Additionally, interpretations of the 1984 and, even more so, 1998 Data Protection Acts has resulted in the direct imposition by Universities as data controllers of key limitations on research projects. In sum, data protection has helped fuel a radical shift away from a liberal regime based on a high valuation of individual academic autonomy to a much more constrained one where academics are both placed in a formally subordinated position vis-à-vis their institutions and subject to a labyrinth of restrictions and controls.
One response might be whether that loss of autonomy is appropriate, embodies best practice or simply reflects past indifference in the public and private sectors.