Will changes in data health privacy legislation kill research as we know it?
By: Valerie Steeves
Presented on October 20, 2004, at the 2004 Annual Labelle Lectureship, Centre for Health Economics and Policy Analysis, McMaster University
When Dr. Jack Tu and his co-writers (2004) published their article in the New England Journal of Medicine on the Impracticability of Informed Consent in the Registry of Canadian Stroke Patients, they raised a number of serious concerns about the ways in which data protection laws may constrain medical research. The authors argued that informed consent led both to low participation rates and to selection biases in the registry database, and they concluded minimal-risk observational research must be exempted from privacy laws if “patients are going to receive the best possible care.” A follow-up interview with Dr. Tu published in the Medical Post made a stronger case. The headline read: “Privacy rules may threaten research: Following PIPEDA has led to biassed database for Canadian Stroke Network” (Wysong, 2004). With headlines like these, it is no surprise researchers have become increasingly wary of data protection laws.
For the purposes of this paper, I am bracketing the specific question of whether or not consent should be required for registries. Instead, I will focus on Dr. Tu’s underlying conclusion that privacy and research are involved in a zero sum game and researchers must resist data protection regulation because it will harm the research enterprise. I will suggest that the conclusion that data protection will constrain research practices is not supportable, because it is based on 6 myths:
Myth No. 1: Data protection laws restrict access to health information for research purposes.
Myth No. 2: Research is an unencumbered public good free of any private interest.
Myth No. 3: Privacy is an individual right and so must give way to research as a public good.
Myth No. 4: Observational research data collected without the patient’s knowledge and consent will lead to unbiased data.
Myth No. 5: Privacy is a road block to better health.
Myth No. 6: Deidentified health information does not pose a risk of harm to the patient.
I will examine each of these myths in turn and seek to establish a more nuanced understanding of the issues, in the hope that this will support ongoing discussions about the role data protection should play in the research enterprise.
Click here to download her paper...