Ethical Oversight, Consent and Confidentiality

| Home | | Pharmacovigilance |

Chapter: Pharmacovigilance: Ethical Oversight, Consent and Confidentiality

We put money that we do not spend in the bank – not under the mattress or in a hole in the back yard. We are not bankers, and neither of the authors has any special expertise in economics or bank regulation.

Ethical Oversight, Consent and Confidentiality


We put money that we do not spend in the bank – not under the mattress or in a hole in the back yard. We are not bankers, and neither of the authors has any special expertise in economics or bank regulation. However, sometime early in childhood, we learned to believe that the bank would safeguard every penny, would pay a modest rate of interest and would give our money back to us on request. Eventually (maybe by watching Jimmy Stewart save the Bailey Savings and loan each Christmas), we figured out that even though we could always get our money back, it was not in the vault and that people who receive loans are being given ‘our’ money. At some level, we recognize that by collecting, protecting and circulating the money of significant numbers of people, banks provide the lifeblood of the local economy, creating and sustaining a public good while protecting the very personal financial interests of the individuals whose money is being used.

This chapter is not about the economy, but it is about something that is just as vital to our quality of life: the epidemiologic and outcomes research that anticipate and addresses public health needs, sustains quality and fuels innovation in our health care system. Information is the lifeblood of twenty-first century health care, whether the information and analyses that researchers provide clinicians and public health officials or information about individuals’ health and routine health care made available to researchers for analysis. However, few ordinary citizens are aware of the critical role played by their health information – maintained and used in confidence – for sustaining quality and innovation in our health care system and for protecting the population from public health risks such as new flu viruses, other communicable diseases, teratogens and biological weapons. In fact, far too many ordinary people have an unfounded belief that the anonymous use of information about their health and health care for these purposes is risky to them as individuals. To some extent, this fear is mirrored in the US state and federal regulations.

The US state and federal medical privacy regulations, promulgated by the Department of Health and Human Services,1 were authorized as part of the ‘adminis-trative simplification’ section of the Health Insurance Portability and Accountability Act (HIPAA).2 They establish the infrastructure for protecting individuals’ personal privacy interests in seeking medical care or health benefits while ‘banking’ their medical informa-tion to make it available for determining their course of treatment and for administration of health benefits. The regulations do not apply to researchers. Rather, the regulations restrict the conditions under which researchers may have access to medical records for epidemiology and outcomes research. Moreover, the dominant approach to individual privacy taken by this regulation (and by most state laws affecting research) is comparable with encouraging each individual to stuff money in a mattress or dig a hole and to lend very, very carefully.3 As discussed more fully below, the HIPAA medical privacy regulation also appears to be affecting interpretation of the established Common Rule4 provisions governing data research in ways that are detrimental to epidemiologic and outcomes research.

The HIPAA approach to the data-only research is a hybrid of two philosophically disparate approaches. The secondary approach, added just before the regula-tion became effective in 2003, is the ‘data use agree-ment’. As discussed more fully below, this approach has promise, but because of limitations resulting from the influence of the dominant approach, its utility for certain types of research is severely limited. The domi-nant approach is irrevocably and, we argue, mistak-enly rooted in the authorization of each individual for each research use of his or her health informa-tion.5 The same is true of the European Union’s Data Privacy Directives although the Directive arguably allows for more flexibility in implementation than the HIPAA regulations. The consent/authorization model is grounded in a system of ethics that values auton-omy over community.7 This can be seen as a natu-ral outgrowth of American individualism, but in this context, it does erect potentially significant barriers to epidemiologic research. As discussed more fully below, with respect to archival or records research, a consent-based model is entirely unsuited to protect-ing individuals’ privacy interests and has resulted in some extremely wasteful research practices that also are not privacy enhancing. This chapter reviews the roots of the current regulatory approaches and offers preliminary thoughts regarding the parameters of a model more suited to protecting the privacy interests of individuals while encouraging the secure use of medical archives and other databases in epidemiologic and outcomes research.

Contact Us, Privacy Policy, Terms and Compliant, DMCA Policy and Compliant

TH 2019 - 2022; Developed by Therithal info.