Skip to main content
SpringerLink
Log in

Building on Principles: The Case for Comprehensive, Proportionate Governance of Data Access

  • Chapter
Book cover Medical Data Privacy Handbook

Abstract

The amount of data in the world is growing rapidly. Researchers and others see the value of these data to answer compelling questions, and sometimes this involves linking different data sets together. Good and long-standing processes for governing access to data exist, but these will be challenged with the amount and breadth of data researchers wish to use. In particular, it is increasingly clear that in this new world of data, data access governance cannot continue to rely on traditional approaches of de-identification, anonymization and individual consent. An alternative to these risk-minimization approaches is proportionate governance, a process that assesses potential risks and mitigations to those risks, including the potential public interest that is served by enabling research. We propose a flexible and adaptable proportionate governance framework that builds on existing models. Local adoption of this framework will require engagement with stakeholder to create consensus around principles, and implies broad commitment to the notion of a more open research culture.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 169.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 219.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 299.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    http://www.bclaws.ca/Recon/document/ID/freeside/96165_00

  2. 2.

    We refer to the BC Linked Health Dataset, the precursor to Population Data BC, because it was in this original form that there was an operating proportionate governance model. Population Data BC does not currently operate with such a model.

  3. 3.

    The BCLHD transitioned to Population Data BC in 2009. Population Data BC aims to build on BCLHD’s past success and is engaged in efforts to greatly expand its existing data holdings to include educational, occupational, environmental and socioeconomic information. Over time, Population Data BC aims to become the world’s most comprehensive data resource on factors that influence human health, well being and development (https://www.popdata.bc.ca/).

  4. 4.

    SHIP recently joined the Farr Institute @ Scotland with the intent to expand the expertise, infrastructure and cross-sectoral collaboration for data linkage developed by SHIP (http://www.farrinstitute.org/centre/Scotland/3_About.html).

References

  1. Anderson, N., Edwards, K.: Building a chain of trust: using policy and practice to enhance trustworthy clinical data discovery and sharing. In: Proceedings of the 2010 Workshop on Governance of Technology, Information and Policies, pp. 15–20. ACM, New York (2010)

    Google Scholar 

  2. Biesecker, L.G.: Hypothesis-generating research and predictive medicine. Genome Res. 23(7), 1051–1053 (2013)

    Article  Google Scholar 

  3. Brook, E.L., Rosman, D.L., Holman, C.D.: Public good through data linkage: measuring research outputs from the Western Australian data linkage system. Aust. N. Z. J. Public Health 32(1), 19–23 (2008)

    Article  Google Scholar 

  4. Canadian Institutes of Health Research.: CIHR best practices for protecting privacy in health research. http://cihr-irsc.gc.ca/e/46068.html (2005). Accessed 22 June 2015

  5. Canadian Institutes of Health Research.: CIHR peer review manual for grant applications. http://www.cihr-irsc.gc.ca/e/4656.html (2009). Accessed 22 June 2015

  6. Canadian Institutes of Health Research.: CIHR open operating grant program competitions - frequently asked questions (FAQ). http://www.cihr-irsc.gc.ca/e/47960.html (2014). Accessed 22 June 2015

  7. Canadian Institutes of Health Research, Natural Sciences and Engineering Research Council of Canada.: Tri-council policy statement: ethical conduct for research involving humans. http://www.ncehr-cnerh.org/english/code_2/ (2010). Accessed 22 June 2015

  8. Cate, F. H., Cullen, P. & Mayer-Schnberger, V., 2013. Data Protection Principles for the 21st Century, Oxford: Oxford Internet Institute. http://www.oii.ox.ac.uk/publications/

  9. Chamberlayne, R., Green, B., Barer, M., Hertzman, C., Lawrence, W., Sheps, S.: Creating a population-based linked health database: a new resource for health services research. Can. J. Public Health (Revue Canadienne De Sant Publique) 89(4), 270–273 (1998)

    Google Scholar 

  10. Collins, P., Slaughter, P., Roos, N., et al.: Harmonizing research and privacy: Sandars for a collaborative future. Phase II final report: privacy best practices for secondary data use (SDU). http://umanitoba.ca/faculties/health_sciences/Final_Report.pdf (2006). Accessed 22 June 2015

  11. Davidson, S., McLean, C., Treanor, S., et al.: Public acceptability of data sharing between the public, private and third sectors for research purposes. http://www.gov.scot/Publications/2013/10/1304 (2013). Accessed 22 June 2015

  12. DenHoed, A.: Give Yourself Away - The New Yorker. http://www.newyorker.com/culture/culture-desk/giving-away-personal-data-online (2014). Accessed 22 June 2015

  13. Economic and Social Research Council: Big Data Investment: Capital funding - ESRC. http://www.esrc.ac.uk/news-and-events/announcements/25683/Big_Data_Investment_Capital_funding_.aspx (2013). Accessed 22 June 2015

  14. Emam, K.E.: Methods for the de-identification of electronic health records for genomic research. Genome Med. 3, 25 (2011)

    Article  Google Scholar 

  15. Emam, K.E.: Re-identification risk assessment and anonymization process. http://www.privacy-analytics.com/de-id-university/white-papers/understanding-risk/ (2013). Accessed 22 June 2015

  16. Engle, E.: The history of the general principle of proportionality: an overview. Dartmouth Law J. 1, 11 (2012)

    Google Scholar 

  17. Enserink, B., Chin, G.: The end of privacy. Science 80(1), 490–491 (2015)

    Article  Google Scholar 

  18. Executive Office of the President.: Memorandum for the Heads of Executive Departments and Agencies 3-9-09. https://www.whitehouse.gov/the-press-office/memorandum-heads-executive-departments-and-agencies-3-9-09 (2013). Accessed 22 June 2015

  19. Faden, R., Beauchamp, T., King, N.: A History and Theory of Informed Consent. Oxford University Press, New York (1986)

    Google Scholar 

  20. Ford, D., Jones, K., Verplancke, J.P., Lyons, R., John, G., Brown, G., Brooks, C., Thompson, S., Bodger, O., Couch, T., Leake, K.: The SAIL Databank: building a national architecture for e-health research and evaluation. BMC Health Serv. Res. 9 (2009)

    Google Scholar 

  21. Fox-Brewster, T.: Londoners give up eldest children in public Wi-Fi security horror show. http://www.theguardian.com/technology/2014/sep/29/londoners-wi-fi-security-herod-clause (2014). Accessed 22 June 2015

  22. Fullerton, S., Anderson, N., Nicholas, R., Guzauskas, G., Freeman, D., Fryer-Edwards, K.: Meeting the governance challenges of next-generation biorepository research. Sci. Transl. Med. 2(15), 15cm3 (2010)

    Google Scholar 

  23. Godard, B., Schmidtke, J., Cassiman, J., Ayme, S.: Data storage and DNA banking for biomedical research: informed consent, confidentiality, quality issues, ownership, return of benefits. A professional perspective. Eur. J. Hum. Genet. 11(2), 88–122 (2003)

    Article  Google Scholar 

  24. Government of British Columbia, Ministry of Labour.: Citizens’ services and open government: data BC concept of operations. http://www.gov.bc.ca/citz/ (2012). Accessed 22 June 2015

  25. Gymrek, M., McGuire, A., Golan, D., Halperin, E., Erlich, Y.: Identifying personal genomes by surname inference. Science 339(6117), 321–324 (2013)

    Article  Google Scholar 

  26. Harmon, S., Graeme, L., Haddow, G.: Identifying personal genomes by surname inference. Sci. Public Policy 40(25), 1–9 (2013)

    Google Scholar 

  27. Hirschhorn, J., Daly, M.: Genome-wide association studies for common diseases and complex traits. Nat. Rev. Genet. 6(2), 95–108 (2005)

    Article  Google Scholar 

  28. Holman, C., Bass, A., Rosman, D., Smith, M., Semmens, J., Glasson, E., Brook, E., Trutwein, B., Rouse, I., Watson, C., de Klerk, N., Stanley, F.: A decade of data linkage in Western Australia: strategic design, applications and benefits of the WA data linkage system. Aust. Health Rev. (A Publication of the Australian Hospital Association) 32(4), 766–777 (2008)

    Google Scholar 

  29. Homer, N., Szelinger, S., Redman, M., Duggan, D., Tembe, W., Muehling, J., Pearson, J., Stephan, D., Nelson, S., Craig, D.: Resolving individuals contributing trace amounts of DNA to highly complex mixtures using high-density SNP genotyping microarrays. PLoS Genet. 4(8), e1000167 (2008)

    Article  Google Scholar 

  30. Howard, A.: Open data 500: proof that open data fuels economic activity - techrepublic. http://www.techrepublic.com/article/open-data-500-proof-that-open-data-fuels-economic-activity/ (2014). Accessed 27 Mar 2015

  31. Human Genome Organisation (HUGO), Ethics Committee.: Statement on human genomic databases. Int. J. Bioeth. 14(3–4), 207–210 (2003)

    Google Scholar 

  32. Information Governance/Information and Transparency/13630.: Protecting personal health and care information: a consultation on proposals to introduce new regulations - GOV.UK. https://www.gov.uk/government/consultations/protecting-personal-health-and-care-data (2014). Accessed 27 Mar 2015

  33. Institute on Governance.: Defining governance. http://iog.ca/defining-governance/ (2015). Accessed 27 Mar 2015

  34. Jones, K., Ford, D., Jones, C., Dsilva, R., Thompson, S., Brooks, C., Heaven, M., Thayer, D., McNerney, C., Lyons, R.: A case study of the Secure Anonymous Information Linkage (SAIL) Gateway: a privacy-protecting remote access system for health-related research and evaluation. J. Biomed. Inform. 50, 196–204 (2014)

    Article  Google Scholar 

  35. Jutte, D., Roos, L., Brownell, M.: Administrative record linkage as a tool for public health research. Annu. Rev. Public Health 32, 91–108 (2011)

    Article  Google Scholar 

  36. Kelman, C., Bass, A., Holman, C.: Research use of linked health data – a best practice protocol. Aust. N. Z. J. Public Health 26(3), 251–255 (2002)

    Article  Google Scholar 

  37. Khatri, V., Brown, C.: Designing data governance. Commun. ACM 53(1), 148–152 (2010)

    Article  Google Scholar 

  38. Kushida, C., Nichols, D., Jadrnicek, R., Miller, R., Walsh, J., Griffin, K.: Strategies for de-identification and anonymization of electronic health record data for use in multicenter research studies. Med. Care 50, 82–101 (2012)

    Article  Google Scholar 

  39. Lane, J., Schur, C.: Balancing access to health data and privacy: a review of the issues and approaches for the future. Health Serv. Res. 45(5), 1456–1467 (2010)

    Article  Google Scholar 

  40. Laney, D.: 3D data management: controlling data volume, velocity, and variety. Technical Report, META Group, Stamford. http://blogs.gartner.com/doug-laney/files/2012/01/ad949-3D-Data-Management-Controlling-Data-Volume-Velocity-and-Variety.pdf (2001)

  41. Laurie, G., Sethi, N.: Towards principles-based approaches to governance of health-related research using personal data. Eur. J. Risk Regul. 4(1), 43–57 (2013)

    Google Scholar 

  42. Lin, Z., Owen, A., Altman, R.: Genomic research and human subject privacy. Science 305(5681), 183–183 (2004)

    Article  Google Scholar 

  43. Manitoba Centre for Health Policy – University of Manitoba.: Faculty of medicine – community health sciences – Manitoba centre for health policy. http://umanitoba.ca/faculties/health_sciences/medicine/units/community_health_sciences/departmental_units/mchp/resources/access.html (2015). Accessed 27 Mar 2015

  44. Manyika, J., Chui, M., Brown, B.: Big data: the next frontier for innovation, competition, and productivity –McKinsey & Company. http://www.mckinsey.com/insights/business_technology/big_data_the_next_frontier_for_innovation (2011). Accessed 27 Mar 2015

  45. Mayer-Schonberger, V., Cukier, K.: Big Data: A Revolution that Will Transform How We Live, Work, and Think. Houghton Mifflin Harcourt, Boston (2013)

    Google Scholar 

  46. Medical Research Council.: 20 million pounds for new health informatics research institute. http://www.mrc.ac.uk/news-events/news/20-million-for-new-health-informatics-research-institute/ (2013). Accessed 30 Mar 2015

  47. MRC Success Rates.: Medical research council – our research. http://www.mrc.ac.uk/research/funded-research/success-rates/ (2015). Accessed 27 Mar 2015

  48. Narayanan, A.: No silver bullet: de-identification still does not work. https://freedom-to-tinker.com/blog/randomwalker/no-silver-bullet-de-identification-still-doesnt-work/ (2014). Accessed 27 Mar 2015

  49. NIH Success Rates.: NIH research portfolio online reporting tools (RePORT). http://report.nih.gov/success_rates/ (2015). Accessed 27 Mar 2015

  50. Nuffield Council on Bioethics.: The collection, linking and use of data in biomedical research and health care: ethical issues. http://nuffieldbioethics.org/wp-content/ (2015). Accessed 27 Mar 2015

  51. O’Doherty, K., Burgess, M., Edwards, K., Gallagher, R., Hawkins, A., Kaye, J., McCaffrey, V., Winickoff, D.: From consent to institutions: designing adaptive governance for genomic biobanks. Soc. Sci. Med. 73(3), 367–374 (2011)

    Article  Google Scholar 

  52. O’Driscoll, A., Daugelaite, J., Sleator, R.: “Big data”, Hadoop and cloud computing in genomics. J. Biomed. Inform. 46(5), 774–781 (2013)

    Google Scholar 

  53. OECD.: OECD principles and guidelines for access to research data from public funding. http://www.oecd.org/sti/sci-tech/ (2007). Accessed 27 Mar 2015

  54. OECD.: OECD guidelines on human biobanks and genetic research databases. http://www.oecd.org/sti/biotech/ (2009). Accessed 27 Mar 2015

  55. OECD.: The 2013 OECD privacy framework. www.oecd.org/sti/ieconomy/oecd_privacy_framework.pdf (2013). Accessed 27 Mar 2015

  56. OECD.: Strengthening health information infrastructure for health care quality governance: good practices, new opportunities and data privacy protection challenges. http://www.oecd-ilibrary.org/social-issues-migration-health/ (2013). Accessed 27 Mar 2015

  57. Pencarrick-Hertzman, C., Meagher, N., McGrail, K.: Privacy by design at population data BC: a case study describing the technical, administrative, and physical controls for privacy-sensitive secondary use of personal information for research in the public interest. J. Am. Med. Inform. Assoc. 20(1), 25–28 (2012)

    Article  Google Scholar 

  58. People Are Willing to give away their personal data for a Cinnamon Cookie. http://mashable.com/2014/10/01/data-for-cookies/. Accessed 27 Mar 2015

  59. Ploem, M., Essink-Bot, M., Stronks, K.: Proposed EU data protection regulation is a threat to medical research. Br. Med. J. 346, f3534 (2013)

    Article  Google Scholar 

  60. Population Health Research Network.: Our funders. http://www.phrn.org.au/about-us/phrn/funders (2011). Accessed 30 Mar 2015

  61. Research Councils UK.: RCUK common principles on data policy. http://www.rcuk.ac.uk/research/datapolicy/ (2014). Accessed 6 Mar 2015

  62. Roder, D., Fong, K., Brown, M., Zalcberg, J., Wainwright, C.: Realising opportunities for evidence-based cancer service delivery and research: linking cancer registry and administrative data in Australia. Eur. J. Cancer Care 23(6), 721–727 (2014)

    Article  Google Scholar 

  63. Rothstein, M.: Is de-identification sufficient to protect health privacy in research? Am. J. Bioeth. 10(9), 3–11 (2010)

    Article  Google Scholar 

  64. Schneeweiss, S.: Methods for developing and analyzing clinically rich data for patient-centered outcomes research: an overview. Pharmacoepidemiol. Drug Saf. 21(1), 1–5 (2012)

    Article  Google Scholar 

  65. Sethi, N.: Public acceptability of data sharing between the public, private and third sectors for research purposes. http://www.gov.scot/Publications/2013/10/1304 (2013). Accessed 27 Mar 2015

  66. Sethi, N., Laurie, G.: Delivering proportionate governance in the era of eHealth. Med. Law Int. 13(2–3), 168–204 (2013)

    Article  Google Scholar 

  67. Stanley, F.: Data for Health. Future Leaders, Sydney (2014)

    Google Scholar 

  68. Statistics Canada.: The research data centres program. http://www.statcan.gc.ca/eng/rdc/index (2009). Accessed 27 Mar 2015

  69. Stenbeck, M., Allebeck, P.: Do the planned changes to European data protection threaten or facilitate important health research? Eur. J. Public Health 21(6), 682–683 (2011)

    Article  Google Scholar 

  70. Stevens, L., Laurie, G.: The administrative data research centre Scotland: a scoping report on the legal & ethical issues arising from access & linkage of administrative data. Technical Report ID 2487971, Social Science Research Network (2014)

    Google Scholar 

  71. Suissa, S., Henry, D., Caetano, P., Dormuth, C., Ernst, P., Hemmelgarn, B., Lelorier, J., Levy, A., Martens, P., Paterson, M., Platt, R., Sketris, I., Teare, G., Canadian Network for Observational Drug Effect Studies (CNODES): CNODES.: The Canadian network for observational drug effect studies. Open Med. (A Peer-Reviewed, Independent, Open-Access Journal) 6(4), 134–140 (2012)

    Google Scholar 

  72. Sweeney, L.: Matching known patients to health records in Washington state data. CoRR abs/1307.1370 (2013). http://arxiv.org/abs/1307.1370

  73. The Academy of Medical Sciences.: A new pathway for the regulation and governance of health research. URL https://www.gov.uk/government/news/a-new-pathway-for-the-regulation-and-governance-of-health-research (2011). Accessed 27 Mar 2015

  74. The Financial Services Authority.: Principles-based regulation: focusing on the outcomes that matter (2007). https://www.fsa.gov.uk/pubs/other/principles.pdf. Accessed 27 Mar 2015

  75. The Scottish Government.: Joined-up data for better decisions: guiding principles for data linkage. http://www.gov.scot/Publications/2012/11/9015 (2012). Accessed 27 Mar 2015

  76. World Medical Association.: WMA declaration of Helsinki – ethical principles for medical research involving human subjects. http://www.wma.net/en/30publications/10policies/b3/ (2013). Accessed 27 Mar 2015

  77. Wu, X., Zhu, X., Wu, G.D., Ding, W.: Data mining with big data. IEEE Trans. Knowl. Data Eng. 26, 97–107 (2014)

    Article  Google Scholar 

Download references

Acknowledgements

We are grateful to Dawn Mooney for the figures in this chapter, to Megan Engelhardt for help with formatting, and to two anonymous reviewers whose comments greatly improved the content and presentation of the material.

Author information

Authors and Affiliations

  1. Centre for Health Services and Policy Research, School of Population and Public Health, University of British Columbia, Vancouver, BC, Canada

    Kimberlyn M. McGrail

  2. Population Data BC, University of British Columbia, Vancouver, BC, Canada

    Kimberlyn M. McGrail, Kaitlyn Gutteridge & Nancy L. Meagher

Authors
  1. Kimberlyn M. McGrail
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Kaitlyn Gutteridge
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Nancy L. Meagher
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Kimberlyn M. McGrail .

Editor information

Editors and Affiliations

  1. IBM Research - Ireland, Mulhuddart, Dublin, Ireland

    Aris Gkoulalas-Divanis

  2. Cardiff University, Cardiff, United Kingdom

    Grigorios Loukides

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this chapter

Cite this chapter

McGrail, K.M., Gutteridge, K., Meagher, N.L. (2015). Building on Principles: The Case for Comprehensive, Proportionate Governance of Data Access. In: Gkoulalas-Divanis, A., Loukides, G. (eds) Medical Data Privacy Handbook. Springer, Cham. https://doi.org/10.1007/978-3-319-23633-9_28

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-23633-9_28

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-23632-2

  • Online ISBN: 978-3-319-23633-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation