Public health informatics relies on dealing with privacy legislation

Public health informatics relies on dealing with privacy legislation

The US Data Protection and Privacy Act (ADPPA) is widely considered the best opportunity in a generation for comprehensive federal privacy legislation. The future of population health informatics hinges on the participation of public health professionals in the debate about new privacy laws such as the ADPPA. 2017 WHO guidance on ethical issues in public health surveillance Provide excellent guidelines for identifying and communicating public health needs and priorities in proposed privacy legislation. Carefully designed protections can establish a new social contract: when an individual contributes data to help their community, that data will not be used against the individual.

First and foremost, public health stakeholders must raise their voices to ensure that any new law does not harm existing public health data flows. Second, they must ensure that any new laws provide scope for public health informatics to evolve and evolve under appropriate governance. Finally, they should seek laws that meet ethical standards for uses of public health data.

An Opportunity for Comprehensive Federal Privacy Legislation

Recently, federal privacy legislation was drafted — US Data Protection and Privacy ActIt was shown in Congress with Wide support from the House of Representatives and the Senate. However, like recent federal and state privacy bills before it, the process for drafting the ADPPA unfortunately lacks guidance from a public health community already burdened with the challenges of responding to a pandemic. Among other things, the ADPPA conspicuously lacks explicit provisions that legalize data collection or transmission for public health purposes, and may impose new legal restrictions, including restrictions on Secondary data uses for demographic data collected by nonprofits To promote the health of the population. Although proponents of public privacy legislation have rightly focused on ensuring strong protections for the use of sensitive health data in the commercial sector, the legislative process has lacked strong public health voices to help ensure that new legislative barriers to data use do not overburden public health informatics. Unintentionally .

Data privacy laws that allow the use of personal information, other than health records public health purposes necessary to enable Sharing data across sectors And the Promote the health of the population. The future of public health informatics – such as accurate public health applied to chronic, acute and infectious conditions – depends on the ability to influence and linkage Unconventional and heterogeneous data sources For public health purposes. These links require Reconciling different legal protections Applicable to different data, such as HIPAA regulated data, non-HIPAA health data (eg, mobile health apps), and adjacent health data (eg, social determinants). However, public privacy law has become increasingly fragmented, with Five states have already adopted comprehensive privacy laws, each one is different from the other. Comprehensive national privacy law, such as the ADPPA, provides an opportunity to address the challenges of sharing public health data through partial coordination between Mixture of US data privacy laws Often Prevents data integration across silos and sectors.

And the current flurry of legislative activity — at the state and federal levels — also threatens to block ways to codify principles of public health ethics into privacy legislation. But public health professionals, experts and stakeholders can still get a foot in the door to join the discussions.

Ethical framework for data protection and public health

2017 WHO guidance on ethical issues in public health surveillance Provide excellent guidelines for identifying and communicating public health needs and priorities in proposed privacy legislation. It places a moral obligation on governments to conduct public health surveillance. Thus, public health stakeholders must be vigilant so that proposed privacy legislation does not interrupt or impede existing legitimate public health data flows. The best way to protect and enable public health analytics is to Exceptions include who – which Explicitly allow reuse of protected data for public health purposes. The WHO guidelines We also emphasize the importance of the values ​​and interests of societies at all stages of public health surveillance. It is worth noting that a Survey 2020 of the US public demonstrates that the use of data to promote the health of the population is significantly more acceptable than other uses of data – such as commercial and law enforcement uses – ordinarily permitted by privacy laws. This and similar evidence can be persuasive to policy makers who are concerned with the needs and perspectives of their audience.

Good governance and policy protection barriers are central to many countries of the world WHO guidelines To ensure that public health professionals use data ethically and only for legitimate public health purposes. For example, transparency measures – like General Notice RequirementsThe decision-making power of individuals and their empowerment responsible For institutions and government agencies. Thus, public health stakeholders must ensure that new privacy laws do not overly favor public health uses and allow data to be used without them. Appropriate protections and restrictions.

Similarly, the WHO guidelines Take a strict stance on the secondary use of public health data for purposes not related to public health. Specifically, the guidelines argue that public health data should not be shared with “agencies that are likely to take action against individuals.” later-Raw vs. Wade The world, there is a growing concern and Distrust that governments will acquire and use private data against singly; For example, using data from a cycle tracking app to determine whether or not a pregnancy has occurred. To prevent law enforcement bypassing, it may be necessary to consider additional protections for data received by public health authorities. For example, there is strong protection against law enforcement uses in the legal framework of Substance use disorder treatment records. In fact, a Requested a group of 30 Senators To update HIPPA regulations to prevent such abuse. Similar and carefully designed protections in new privacy legislation could serve as the basis for a new social contract: when an individual contributes data to help their community, that data will not be used against the individual.

State business so far disappointment

Unfortunately, the The country’s comprehensive privacy laws have passed so far It did not live up to expectations regarding ethical access. As of this writing, the following countries have adopted comprehensive data privacy legislation (listed in chronological order of passage): CaliforniaAnd the VirginiaAnd the ColoradoAnd the UtahAnd the Connecticut. a final analysis California, Virginia, and Colorado laws have shown that while California and Colorado’s actions broadly support public health data practices, Virginia law risks curtailing them in important ways, and Colorado law may not meet the ethical standards for providing notice to data subjects.

There is still time for public health to come in the door

There is still time for public health to come into effect, thus entering into the debate and ensuring effective and ethical public health provisions in the new legislation. Although the ADPPA was passed by the House Energy and Commerce Committee in A The two parties voted 52 to 2 .Senator Nancy Pelosi withheld the bill from a chamber vote, citing concerns that the bill does not provide the extensive protections that California law asserts. The Federal Trade Commission also recently gave Proposed rule setting noticeand inviting the public and interested groups to comment on whether new trade regulation rules or other regulatory alternatives relating to the ways in which businesses collect, aggregate, protect, use, analyze and retain consumer data should be “implemented.”

Amid the controversy surrounding new US data protection laws, public health has greater access to critical data. But the legislative debate to date has been driven by differing views between privacy advocates and the industry about the appropriate scope of commercial data practices and about the scope of protective state laws (such as California laws) that regulate the use of commercial data. Public health perspectives were largely absent. Without public health involvement, new laws may not promote access to data for public health purposes and may actually hinder access to it.

Immediate actions of stakeholders

First and foremost, public health stakeholders must raise their voices to ensure that any new law does not harm existing public health data flows. Second, they must ensure that any new laws provide scope for public health informatics to develop – under appropriate judgment – as information technology evolves or as new resources dedicated to public health infrastructure enable public health to expand existing capabilities. One such example is the current public health Data Update Initiative. Finally, public health stakeholders must ensure that legislation respects the ethical limits placed on uses of public health data. Who is the And the others may occur.

Diary

The authors would like to thank Professor James J. Hodge Jr., Dr. Michael Morrissey, and Dr. William Sage for their thoughtful comments on this work. This work was supported in part by Texas A&M University’s T3 Program. Charles Curran is an independent consultant who advises industry members on data policy issues including consent. Relationships with industry members are only tangential to the topic of this article (encouraging public health to engage in legislative discussions regarding privacy). However, the authors note that these industry members will be subject to the rules of the ADPPA.

#Public #health #informatics #relies #dealing #privacy #legislation

Leave a Comment

Your email address will not be published. Required fields are marked *