- This topic has 12 replies, 8 voices, and was last updated 5 months, 4 weeks ago by
.
-
Posts
-
-
-
As an in charge of national database of malaria (local and migrant patients), such request of data at an individual level must be faced with thorough scrutiny.
Firstly, as an in charge of database, I have the duty to protect the data collected and stored in the national database. I must respect the privacy and confidentiality of the patient’s data. Therefore, my action should be guided by patient-centered approach.
Secondly, the request of data at an individual level including their home address, geolocation, and contact number, can pose a danger towards that privacy of the local as well as migrant patients. It can lead to misuse of such information. Additionally, migrant patients are the vulnerable group members, their geolocation data should not be disclosed without strong and valid reason.
Thirdly, as an in charge of database, I believe that disclosing the data at an individual level can do more harm than good. Even though the research can lead to more insights related to disease prevention and control, I believe that disclosing and sharing geolocation and contact number of migrants as well as local patients can lead to more harm.
Fourthly, if I want to share the data at an individual level, I believe that such request should be fulfilled only when all personally identifiable variables are removed. Otherwise, I do not think such request of data should not be fulfilled.
-
I agree with the stance that sharing individual-level data, especially information like geolocation and contact details, risks to patient privacy, particularly for vulnerable groups like migrant patients. While research can be valuable, protecting patient confidentiality should remain a top priority. Data sharing should only occur after removing all identifiable information and the data cannot be re-identified.
-
-
1) Should you give the data out?
Individual-level data should not be disseminated. It contains sensitive personal information that can be used to identify patients, thereby violating their privacy rights and ethical standards without their explicit consent. The sharing of such data may also violate legal obligations under laws such as GDPR or HIPAA, thereby eroding the trust between healthcare providers and vulnerable populations.2) How do you not violate Informatics Ethics?
To uphold ethical principles, ensure informed consent is obtained before using personal data. Actions should aim to benefit the community without causing harm. Access to health data should be equitable, and transparency in data usage policies must be maintained.3) If you want to provide the data, what steps should you take?
Assess the Request: Evaluate the research team’s objectives to ensure they align with ethical standards and provide benefits to the local population.
Encourage Aggregate Data Usage: Suggest using aggregate data for valuable insights while protecting individual privacy.
Data Anonymization: If individual data is necessary, anonymize it by removing identifiable information and implementing re-identification prevention methods.
Formal Data Sharing Agreement: Create an agreement detailing data usage, sharing restrictions, responsibilities, and data protection measures.
Ethics Review: Submit the proposal to an ethics committee for evaluation.
Community Engagement: Inform stakeholders about the research and its benefits to build trust.
Data Security Measures: Establish protocols for data sharing and access.
Monitoring and Evaluation: Monitor data usage and conduct a post-study evaluation for compliance and community impact assessment.
-
-
1. Should you give the data out?
No, should not give out the detailed individual-level data as requested without taking significant precautions and following proper protocols. Sharing this information without explicit consent from the individuals involved would violate ethical principles related to data privacy and security, as outlined by the IMIA Code of Ethics and other regulations. Even though the proposed study could benefit disease prevention, individual data privacy must come first, according to ethical guidelines. Moreover, I definitely don’t have the authority to make this decision alone. It’s necessary to have a relevant committee involved to review and approve it.2. How do you not violate any of the General Principles of Informatics Ethics.
Adhere to ethical principles, respect privacy, ensure transparency with patients, and implement strong security measures. Key considerations include:
Respect for Privacy: Individuals have the right to privacy and control over their personal data. Ensure confidentiality and avoid sharing personally identifiable information (PII) unless absolutely necessary. Anonymize data whenever possible. Sharing detailed personal information (such as home addresses, geolocation, or contact numbers) without consent violates ethical principle.
Openness: Data subjects may be unaware that their information could be shared with foreign researchers, leading to transparency concerns.
Security: Sharing detailed personal data increases the risk of data breaches or misuse.
Legitimate Infringement: While the research goal is valid, the level of detail requested may exceed what is necessary.
Least Intrusive Alternative: Providing aggregate or anonymized data can meet research needs without compromising individual privacy.
Informed Consent: Ensure that individuals are fully informed about how their data will be used and that they consent to its use.
Transparency and Accountability: Be transparent about how the data will be used, and ensure that all actions comply with legal and ethical standards, maintaining accountability.3. If you want to provide the data to them, what and how will you do it?
Ethics Approval: Submit the data-sharing plan to an ethics review board for approval before proceeding. Follow ethical rules.
Obtain Informed Consent: If sharing identifiable data, secure explicit consent from individuals where possible, informing them of how their data will be used and any associated risks.
Data Minimization: Only provide the minimum data necessary for the research, avoiding excessive or sensitive personal information.
Anonymize Data: Remove personally identifiable information (names, addresses, contact numbers, geolocation). Use codes or unique identifiers Instead of personal details.
Data Security: Use secure methods (e.g., encryption) to protect the data during transfer and storage. Ensure the research team also uses strong security measures.
Data Sharing Agreement: Have the researchers sign an agreement outlining purpose, conditions and how the data will be used, measures taken to protect individual privacy, and their responsibilities. A clear statement that the data cannot be re-identified or shared with third parties without further consent.
Monitor Use: Keep detailed records of what data was shared and request regular updates on its use. Review publications to ensure no identifying information is included.-
Hello Wannisa, yes, it is our responsibility to protect PII of our health information. Even when sharing data, the data should be aggregated and anonymized. Additionally, we should follow a systematic approach like formal request, approval from ethical review boards, legal agreement with security measures. Besides, monitoring their security and preventive measures would be a great step to implement as well in order to protect shared data.
-
-
Should you give the data out?
As the person responsible for the national database that includes malaria and migrant patients’ data, I do not share any information. I must protect the data collected and stored within the database and respect the confidentiality of patients’ information. Sharing health records is not appropriate, as I am not the data owner.How do you not violate Informatics Ethics?
Make sure that users obtain accurate and reliable information, especially in health-related situations, to avoid any possible risk. Safeguard confidentiality by securing both patient and user dataIf you want to provide the data, what steps should you take?
Based on my experience and this situation, some considerations remain consistent. The research team should be asked to clarify data ownership. This data can be used to compile aggregated information while safeguarding patients’ data privacy. Moreover, shared data should be specific and exclude personally identifiable information (such as names, addresses, geolocation, and contact details), allowing us to convert unique personal identifiers. It is essential to establish a data-sharing policy agreement with the relevant department to ensure data protection and outline responsibilities when sharing data with third parties.-
Hello Aye, yes, it is our responsibility to ask for their data-sharing policies like data protection policy and their preventive measures. Additionally, converting our data so that they cannot be personally identifiable is also a great first step in data-sharing while protecting the privacy of the patient.
-
-
Case base or aggregated data can be provided based on following criteria,
1)Purpose of the study,
a. if the study is just only for cross sectional malaria epidemiology like malaria incident, treatment coverage and outcome, ABER etc. Aggregated data can only be provided.
b. If the study is controlled trails, case based data can be provided without personal identifiers like name, ID, contact, geocoordinate etc.
c. If the study is clinical trials, a strong ethical approval might be needed from local institutions like MORU, NHSO etc. Community consent is mandatory to provide the individual data.2) Ethnical approval
a. Ethical approval will be needed for the study. Case based or aggregated number can be provided based on the criteria above.
b. MOU/ agreement between researchers and data providers will be needed to minimize the mis-use of data -
Sharing the detailed data to a third party is a must “no” even if the benefits of their research outweigh the risks of privacy.
Even if providing the data to them is mandatory, first we have to rationalize the need for data in detail at an individual level for malaria disease prevention and control. Second, we have to question the accuracy of the disease trends and patterns with and without providing sensitive data, and the ability to prevent and predict from the calculated accuracy.
Nevertheless, I would anonymize data by removing personally identifiable information (PII) such as home address. I would also minimize data indicators (providing only relevant information) based on the balance between beneficence and non-maleficence for every data indicator. Instead of providing individual details, the aggregate data can be provided at the village level or township level. I would prepare and negotiate with the research team for a data use agreement (DUA) that adhered to legal and ethnic standards as well as local and cross-border regulations. In this way, we can facilitate the research by respecting the principles of privacy, autonomy, beneficence, and non-maleficence.
-
Should you give the data out?
No,I should. Sharing personal details like home addresses, contact numbers, and health status can lead to serious privacy problems. Even if the study helps public health, I must protect the privacy of the patients.How do you avoid violating the General Principles of Informatics Ethics?
Respect for Privacy: Protect patient data and keep their personal information private.
Confidentiality: Don’t share personal data without the patient’s permission.
Do No Harm: Even if the research is helpful, you must make sure you don’t harm anyone by sharing their private information.
If you want to provide the data to them, what and how will you do it?
– Share summarized or anonymous data where all personal details, like names, addresses, and phone numbers, are taken out.
– Make sure the data is fully anonymous so it can’t be traced back to any specific person.
– If detailed data is really needed, get permission from the patients before sharing their personal information.
-
You must be logged in to reply to this topic. Login here