Blog Post
An Interview with Andrew K. Bjerring, Expert Panel Chair for the Expert Panel on Timely Access to Health & Social Data
By: Tyler Irving
Every time you go to the doctor, get admitted to hospital or have a medical test, a record is generated. Even more data is generated by surveys and long-terms studies on smoking, exercise or other factors that affect our health. If properly assembled and de-identified, computer analysis could turn this data into valuable information for health care researchers. For example, research based on high quality data can provide key information for personal health choices, government policy making, and health system sustainability. The challenge we currently face is how to access health data while protecting privacy and maintaining public trust. This dilemma is preventing valuable information from getting to researchers in a timely way, in turn holding back potentially life-saving research.
A new report from the CCA, Accessing Health and Health-Related Data in Canada, investigates this problem. It highlights some best practices to ensure the proper balance between respecting privacy and enabling health research. Andrew K. Bjerring, Former President and CEO, CANARIE Inc., led the international expert panel that put together the report. He addresses the panel’s findings below:
Most Canadians prefer to keep their health issues private; why should they care about timely access for researchers?
First of all, Canadians should be reassured: we have a robust system of protections. There are very few cases where data provided for research purposes has been released to the public.
At the same time, I think Canadians are interested in seeing their personal data used for research that will improve the health care system. Health care innovation might be one of the most effective ways to keep our system affordable, which is something that matters to everyone. If personal health data can help do that, I think Canadians will want to see it used.
Can you give me some examples?
As a grandfather, I was interested in a recent Albertan study that followed 3,200 women and their children from pregnancy right up until school age. As you might expect, they found that socio-economic background, dietary issues or premature birth can impact the child’s development. But they also found a very positive correlation when parents made use of development and social programs at the community level.
I couldn’t help but think of my granddaughter and my daughter, who are taking every neighbourhood yoga class or group play session that they can. The data provided in that study showed that these interventions have a tremendous impact on overcoming some of the factors that negatively affect a child’s development.
Another example: as a senior citizen I was interested in a recent study which showed that Canadians over 65 are five times more likely than younger people to visit the emergency room because of adverse drug reactions. This suggests that if we focus on preventing these complications for older people — for example when multiple prescriptions interact in adverse ways — we can dramatically reduce the number of expensive emergency room visits.
In the report, you talk about an ‘asymmetry’ between the risks and reward of sharing data: can you explain that?
Data custodians —usually provincial health ministries or agencies — are very focused on ensuring that the health data in their care are kept safe. That is their job. Should there be a well-publicized data breach, there are defined sanctions for the employees, and the health minister might even pay a political price as well.
On the other hand, there’s nothing that rewards the custodian for permitting access to data in order to support a valuable research project. So there’s an asymmetry in terms of incentives: if a custodian makes data available and there’s a problem, they’re in big trouble, but if they make data available and it leads to socially beneficial research, they don’t get any special reward. As such, the system is not in balance.
There’s also the fact that privacy legislation differs across the country. Nor do those statutes define carefully enough key terms such as those relating to how likely it is that the person can be re-identified from their data even though personal identifiers have been removed. So if you’re undertaking a national research project, you need to comply with multiple privacy acts and multiple interpretations of risk. Anything that would reduce the complexity of this environment would be of great assistance.
You identified some ‘best practices’ from institutions in Canada and elsewhere. What were they?
One of them has to do with the role of research ethics boards, which must approve a project involving the use of personal health data before it can begin. In some jurisdictions, this is a multilayered process. The best jurisdictions, including some in Canada, have taken steps to streamline this process so that only one level of approval is required.
Another best practice is to keep the level of control proportional to the level of risk involved. There is always some risk that data released for research might inadvertently find its way into the public domain. But the potential harm associated with such a breach varies quite widely depending on the data. Rather than instituting the same, high level of control over all access to all data, it makes sense to vary the safeguards based on the type of data and the level of risk.
Finally, it’s worth taking a step back and looking at how the whole system functions, at all the organizations, offices and departments involved in approving research projects and providing access to health and health-related social data and at how they interact. When you look at a complex environment such as this from a system level, you quickly start to identify efficiencies. Many jurisdictions we examined had done a review and instituted changes that led to a best practice.
You talk about ‘data stewardship’ vs. ‘data custodianship’. What does that mean?
I guess one could call it a shift in values, perhaps a paradigm shift: instead of focusing only on protecting confidentiality, best practice organizations also recognize the importance of supporting research and have taken steps to build that second objective into their thinking from the ground up. They have created governance mechanisms that focus on striking an appropriate balance between access and privacy in all that they do.
What are the next steps?
Streamlining the research ethics board approvals process is one possible next step. Some provinces have already done this and they can serve as model for others that wish to make changes.
I also think it’s important for the Canadian Institutes of Health Research (CIHR) to work with their research community, for example by helping researchers design their proposals so that they can more easily pass the kind of scrutiny that offices such as those of the privacy commissioners will give to them. CIHR may also choose to use their convening power to sit down with data custodians and use our report to start a productive dialogue on how the whole community can move from a culture of caution, even mutual wariness, to a culture of trust.
Finally, I think that Canadians would welcome an opportunity to learn about how the release of personal health data for research and system innovation provides important benefits to the whole community. If given this opportunity, I suspect they will agree that even if there are some risks, they can be managed. In the end, it’s all for a good cause: improving our personal health and that of our health care system
.