ACN - 101321555 Australasian Human Research Ethics Consultancy Services Pty Ltd (AHRECS)

Resource Library

Research Ethics MonthlyAbout Us

ResourcesPrivacy

Australasian Human Research Ethics Consultancy Services Pty Ltd (AHRECS)

Research reveals de-identified patient data can be re-identified – The Melbourne Newsroom (December 2017)0

Posted by Admin in on December 19, 2017
 

University of Melbourne researchers have found that confidential patient data can be re-identified, without decryption, prompting calls for improved and strengthened algorithms for protecting individuals’ online privacy.

A report, published today by Dr Chris Culnane, Dr Benjamin Rubinstein and Dr Vanessa Teague from the University’s School of Computing and Information Systems, outlines how de-identified historical health data from the Australian Medicare Benefits Scheme (MBS) and the Pharmaceutical Benefits Scheme (PBS) released to the public in August 2016 can be re-identified using known information about the person to find their record.

“We found that patients can be re-identified, without decryption, through a process of linking the unencrypted parts of the record with known information about the individual such as medical procedures and year of birth,” Dr Culnane said.

Read the rest of this news story

Who Owns Patient Data in Clinical Research? – CollabPx (Charlotte J. Haug | October 2017)0

Posted by Admin in on December 7, 2017
 

Q: Many people are coming to believe that active patient participation will be a key to more rapid movement forward in cancer research. Data sharing can help. But who owns the data? And what rights and responsibilities are thus conferred? Your recent NEJM article provides helpful background. Can you help us better understand?

A: Exchange of data between patients and doctors is essential for the practice of medicine – and patient data are essential for medical research and progress.

Traditionally, doctors collected patients’ health information (typically the medical history, laboratory tests, drugs prescribed, outcome of treatment, etc.) and sometimes shared that information, in confidence, with colleagues to seek advice and advance science. The medical record was the physician’s property, and still is in many countries and legislations. But do physicians own the patient data?

Read the rest of this discussion piece

Smart Cities May Be The Death of Privacy As We Know It – Futurism (Claudia Geib | November 2017)0

Posted by Admin in on December 3, 2017
 

The Rise of the Smart City

The city of Barcelona is a sensory bustle. Elaborate tiled buildings glint beneath swaying palm trees while vendors hawk their goods in Spanish and Catalan. Amid such color and sound, it would be easy to overlook the gray plastic shields that have appeared on lampposts along the city’s main drag. It’s even easier to miss what they contain: sensor boxes that collect data on everything around them.

More a tech than a human research ethics story but it’s not hard to imagine all this data being tantalising to researchers and hard for research ethics committees to ponder.

Each is equipped with its own hard drive and a wifi-enabled sensor, which tracks elements of its environment like noise and crowd levels and pollution and traffic congestion, then transmits it to a central data service via a fiberoptic cable. Fortune reports that the sensors can even monitor the number of selfies posted from the area.
.

Beneath its old-world charm, Barcelona is outfitted with new-world technology, which led digital market research firm Juniper Research to grant it the title of the world’s smartest city in 2015. But it didn’t retain that superlative for long — Singapore superseded it the following year. Around the world, city government offices are equipping their cities to collect a growing amount of data about residents and their activities. Barcelona, Boston, London, Dubai, and Hamburg have already begun the process; India has ambitious goals to revamp 100 of its cities by 2022. Singapore plans to become the world’s first “Smart Nation.”

.

Read the rest of this discussion piece

Opinion 05/2014 on Anonymisation Techniques – ARTICLE 29 DATA PROTECTION WORKING PARTY (2017)0

Posted by Admin in on November 30, 2017
 

EXECUTIVE SUMMARY

In this Opinion, the WP analyses the effectiveness and limits of existing anonymisation techniques against the EU legal background of data protection and provides recommendations to handle these techniques by taking account of the residual risk of identification inherent in
each of them.

An interesting, if a bit long and technical, discussion about the anonymization of big data. A hurried kneejerk reaction might be to stop any sharing of large datasets – a situation that wouldn’t be in the public interest. But researchers should consider and research ethics reviewers discuss – Is it necessary to share an entire case (all the variables)? How realistic/practical is it to identify individuals? Are there any risks if individuals are identified? In light of such matters can the sharing of data be ethically justified? Another reason to include a computer scientist on your research ethics committee.

The WP acknowledges the potential value of anonymisation in particular as a strategy to reap the benefits of ‘open data’ for individuals and society at large whilst mitigating the risks for the individuals concerned. However, case studies and research publications have shown how difficult it is to create a truly anonymous dataset whilst retaining as much of the underlying information as required for the task.
.

In the light of Directive 95/46/EC and other relevant EU legal instruments, anonymisation results from processing personal data in order to irreversibly prevent identification. In doing so, several elements should be taken into account by data controllers, having regard to all the means “likely reasonably” to be used for identification (either by the controller or by any third party).
.

Anonymisation constitutes a further processing of personal data; as such, it must satisfy the requirement of compatibility by having regard to the legal grounds and circumstances of the further processing. Additionally, anonymized data do fall out of the scope of data protection legislation, but data subjects may still be entitled to protection under other provisions (such as those protecting confidentiality of communications).
.

Read the full opinion paper

0