Based on the given scenario:
Should you give the data out?
No, we should not give individual-level data such as home addresses, geolocation, and contact numbers. If we do this, we will violate the principles of information privacy, security, and least intrusive alternative, as well as accountability on ethical duties to protect confidentiality and prevent harm of individual information.
How do you not violate the General Principles of Informatics Ethics?
Principle of Information Privacy and Disposition: we must respect patients’ right to control over their own health data, identifiable data must not be shared without patients’ consent.
Principle of Security: we must ensure strong safeguards for data storage and transfer. Sharing individual-level data increases risks of misuse.
Principle of Legitimate Infringement & Least Intrusive Alternative : If data must be shared, it should be done in the least intrusive way such as providing de-identified or aggregated data.
Principle of Accountability: Any decision must be justified transparently, with documentation of why and how data is shared, and used.
If you want to provide the data, what and how will you do it?
If I want to provide the data, I will do the following in accordance with information ethics:
• Seeking for approval and transparency by informing and getting approval from the relevant officials or managers or decision makers as well as beneficiaries/data owners about data sharing and usage, before proceeding data sharing process.
• Asking for ethical approval for the research conducted from the research team to make sure the research will be conducted under the approval of ethical comitte, before research implementation.
• Data aggregation by providing geograhical level or provincial level data instead of individual level data to maintain data confidentiality.
• If individual level data need to be shared, de-identification of patients’ information by removing patients’ identifiable information such as name, address, contact numbers.
• Transparency on data use agreements by documenting how and why the data will be shared and used for the benefits of country disease control. Then, both parties must be signed and agreed accordingly to protect data security and confidentiality.