Health data governance.
Introducing high-value, privacy-protective health information systemsData are essential to improving health care and health system performanceReferencesHigh-value health data supporting health care management, policy and innovationKey national health and health care datasetsProgress in national dataset availability since 2011Highest coverage of the target population in the key datasets of Denmark, Finland, Sweden and IcelandAutomatic extraction of electronic data is prevalent in 13 countriesTwelve countries reported consistently coding health care data using a terminology standardRetention periods for personal health dataConcerns with the quality of the dataNational EHR PlansSix countries use all of their national health care datasets to regularly report about the quality and performance of health careFinland, Iceland, Singapore, Sweden, the United Kingdom (Scotland and Wales) have the highest proportion of key national health datasets sharing the same unique patient ID numberFinland, Iceland, the United Kingdom (England) and Singapore are regularly linking most of their national health care datasets for statistics and researchLittle change in data linkage activities since 2011National projects advancing high-value data to promote health and improve health careKey international projects to improve health care outcomes, safety and performanceKey features of high-value, privacy-protective health information systemsNotesReferencesThe legislative framework governing personal health dataData accessibility across OECD countriesLegislative frameworks for the protection of privacyPersonal health data can have inconsistent legislative protectionNational health datasets contain sensitive personal informationLegislation may permit the secondary analysis of personal health data in cases where patient consent is not possible or practicableProtection of the privacy of health care providersConsent to uses of data in the future that cannot be specified todayThe appropriateness of a more general consent question is under discussion in several countriesData sharing for the purpose of research or statisticsCountries where identifiable personal health data may be shared with conditionsCountries where identifiable data are shared with organisations legally authorised to receive itCountries with legislation that prohibits data sharing or data linkages for research and statisticsSharing and access to de-identified dataCountries where access to de-identified data may be approved for applicants from throughout the societyCountries restricting access to de-identified data from commercial sector applicantsExamples where de-identified microdata are not shared but mechanisms are available for data access for research and statisticsExamples where barriers to sharing and access have not been addressedForeign applicants for access to dataCountries that may permit the sharing of health microdata with a foreign entityEvaluating the adequacy of foreign lawsTreatment of foreign applicants by Non-European countriesData sharing challenges among national health dataset custodiansStatistical and other authorities cannot share identifiable data with health ministries — problems and solutionsNegotiating data sharing agreements among public authorities can be slow or impossibleData sharing challenges involving health care providers’ clinical data and national authoritiesElectronic clinical data treated differently under law than other personal health dataHealth care providers not required or not willing to share dataNew initiative supporting multi-country data sharing — the Farr Institute, United KingdomLegislative reforms that are needed or are underwayKey elements of legislative frameworks supporting privacy-protective uses of health dataReferencesOpen and transparent health information systemsOpen government health dataAims of open health data initiatives varyTransparency about national health datasetsSharing information with the public about approved studies involving personal health data processingTransparency about researcher access to dataPublic opinion about data usesPublic communication: Lesson’s learned from the UK Health and Social Care Information CentreStrategic plans, public consultation and the launch of care.dataCare.data: Lessons learned about transparency and public engagementApproaches to engaging with stakeholders and the public about the processing of personal health dataKey elements of data governance that promote openness and transparencyReferencesConcentrating and strengthening national health data processingConcentration of national health datasetsData linkages are concentrated in many countriesData processing centresAccreditation or certification of data processorsAccredited safe havens in ScotlandAccredited integrating authorities in AustraliaProcessing data access requests and recovering their costsCountries handling a high volume of data processing requests each yearCountries with a moderate volume of data processing requests annuallyCountries with a small volume of data processing servicesStrategies and techniques to improve timeliness and reduce costsStatistics Canada’s Social Data Record Linkage EnvironmentAutomating data linkages: HSCIC EnglandAccreditation or certification of data processors promotes both data security and access to dataReferencesFair and transparent health project approval processesProject approval processesResearch ethics committeesApproval by the Data Protection Regulator following input from research ethics boardsIndependent advisors within internal committees or governing boardsInternal decision-making process with advice from the privacy regulatorInternal decision-making processesAppeals processTransparent processes for requests to process or access personal health dataTransparent and fair project approval processes are neededReferencesDe-identifying personal health dataGap between legal requirements and data de-identification in practiceData are de-identified prior to analysis?The use of pseudonyms to replace direct identifiersCreating pseudonymsEvaluating and addressing data re-identification riskProtecting encryption algorithmsMasking indirect identifiersPublic-use microdata filesMicro-aggregate dataWeighing data de-identification techniques against dataset utility for the intended purposeConsidering the broader data security environment when deciding on deidentification methodsData de-identification practices that consider the “big picture”: data protection, security and utilityHealth data security and management practicesGuidelines and policies to protect data privacy and securityData security within data custodiansGranting staff access to dataTraining staff about their data privacy and security responsibilitiesSecuring and monitoring staff access to dataPhysical and IT security within data custodian officesExternal data security auditsExternal data processors and cloud computing servicesProtecting data during the transfer processData sharing agreements or contractsTime limits and extensionsMechanisms to assure compliance with data sharing agreementsPenalties for non-compliance with the law and data sharing agreements or contractsData breach experiencesAlternatives to transferring data to third partiesData security practices are essential to meeting legal requirements and public expectationsReferencesThe way forward for privacy-protective health information systemsProgress during the past five yearsOutlook for the next five yearsPolicy and technical obstacles to progress over the next five yearsGovernance mechanisms supporting privacy-protective monitoring and research involving personal health dataNoteReferences
