Griet Verhenneman

Policy recommendations for addressing privacy challenges associated with cell-based research and interventions

BackgroundThe increased use of human biological material for cell-based research and clinical interventions poses risks to the privacy of patients and donors, including the possibility of re-identification of individuals from anonymized cell lines and associated genetic data. These risks will increase as technologies and databases used for re-identification become affordable and more sophisticated. Policies that require ongoing linkage of cell lines to donors’ clinical information for research and regulatory purposes, and existing practices that limit research participants’ ability to control what is done with their genetic data, amplify the privacy concerns.DiscussionTo date, the privacy issues associated with cell-based research and interventions have not received much attention in the academic and policymaking contexts. This paper, arising out of a multi-disciplinary workshop, aims to rectify this by outlining the issues, proposing novel governance strategies and policy recommendations, and identifying areas where further evidence is required to make sound policy decisions. The authors of this paper take the position that existing rules and norms can be reasonably extended to address privacy risks in this context without compromising emerging developments in the research environment, and that exceptions from such rules should be justified using a case-by-case approach. In developing new policies, the broader framework of regulations governing cell-based research and related areas must be taken into account, as well as the views of impacted groups, including scientists, research participants and the general public.SummaryThis paper outlines deliberations at a policy development workshop focusing on privacy challenges associated with cell-based research and interventions. The paper provides an overview of these challenges, followed by a discussion of key themes and recommendations that emerged from discussions at the workshop. The paper concludes that privacy risks associated with cell-based research and interventions should be addressed through evidence-based policy reforms that account for both well-established legal and ethical norms and current knowledge about actual or anticipated harms. The authors also call for research studies that identify and address gaps in understanding of privacy risks.

Integrating Patient Consent in e-Health Access Control

Many initiatives exist that integrate e-health systems on a large scale. One of the main technical challenges is access control, although several frameworks and solutions, like XACML, are becoming standard practice. Data is no longer shared within one affinity domain but becomes ubiquitous, which results in a loss of control. As patients will be less willing to participate without additional control strategies, patient consents are introduced that allow the patients to determine precise access rules on their medical data. This paper explores the consequences of integrating consent in e-health access control. First, consent requirements are examined, after which an architecture is proposed which incorporates patient consent in the access control service of an e-health system. To validate the proposed concepts, a proof-of-concept implementation is built and evaluated.

Legal Regulation of Electronic Health Records: A Comparative Analysis of Europe and the US

This chapter critically analyses the legal and regulatory framework for electronic health records in Europe and the US. In both parts of the world, the development of electronic health records is evolving quickly. Various approaches have proven to be possible and they have resulted in different electronic health record solutions and regulatory instruments. In Europe governmental bodies have been the driving force behind the development and implementation of electronic health records. Consequently many European countries established a new legal framework simultaneously with the roll-out of government-initiated eHealth structures. In the US the driving force was—up to now—not so much the government, but rather the private sector, in particular insurance companies and healthcare organisations. This resulted in a strong focus on personal health records. In 2009 however, the US government issued the largest stimulus package ever in order to encourage the adoption of electronic health record solutions.

Disease Management. What a gold mine health data really can be

Disease management and personalised care aspire integrated, multi-disciplinary and pro-active health care systems. Through intensive data-mining and risk-assessment tailor made health programs are developed. ICT tools help patients, health care professionals, health insurers and researchers to process large amounts of personal health data and establish new connections. This may however conflict with the rights to privacy and autonomy.