The World Health Organisation has issued what it says is the first international framework for ethical public health data collection and use.
The WHO said that there is an “imperative to conduct surveillance, analyse the data and act on the results” in a transparent, ethical and responsible way.
Public health surveillance - defined by the WHO as continuous, systematic collection and analysis of data related to public health - is a tough balancing act.
On one side of the coin there are legitimate concerns about privacy - especially when highly sensitive data such as HIV status could be re-identified, and given that geospatial mapping and social media offer up more and more data to crunch.
As the WHO puts it, surveillance that risks “stigma, discrimination or perpetuation of inequity” will generate concerns about privacy and protection among the public.
But, on the flip side, there’s a pressing need to track both occupational diseases like asthma or silicosis and national pandemics like Ebola, and mass data collection is crucial for this to work.
Nations that don’t pay attention risk losing citizens’ trust that they can handle outbreaks, while a lack of decent data makes it harder for governments and clinicians to respond to crises.
Existing guidance is fragmented and often disease-specific, and the WHO's framework aims to offer broad advice, rather than being prescriptive.
The 17 guidelines set out the various trade-offs countries must consider on health surveillance.
These include having a clear and legitimate purpose for surveillance, evaluating risks for harm to people, and ensuring there is sufficient security and protection in place.
Although it pushes de-identification and anonymisation, one guideline argues that in some cases - such as longitudinal registers or follow-up after outbreaks - might justify re-identification at a local level.
The WHO does - thankfully - point out that personally identifiable data shouldn’t be shared with “agencies that are likely to use them to take action against individuals or for uses unrelated to public health”. Sanctions that prevent inappropriate data-sharing should also be in place.
Another guideline suggests that there is an “ethical” obligation on the global community to support countries that can’t afford to.
This might not just be for technical assistance, the WHO said - some countries will need help creating a “systematic, formal ethical evaluation”.
But this doesn’t give high-income nations “licence to ignore the priorities” of those it is supporting, the WHO said.
“International humanitarian organizations have expressed deep concern that surveillance is too often driven by the security needs of high-income countries, creating ambiguities about who the chief beneficiaries of surveillance are,” the guidelines state.
Donor nations should not define what data is collected for, and local analysis should be encouraged where possible.
Paul Bernal, a privacy and IT expert at the University of East Anglia, said the guidelines were “generally very good”, but that more could have been done to address “function creep” and the role of the private sector.
“Data is likely to be collected either directly by the private sector or in collaboration with the private sector - see for example Google DeepMind - and then who has control over that data? Are companies going to do this work out of the goodness of their hearts? Almost certainly not, and the likely quid pro quo is going to be exploitation of the data gathered,” he told The Reg.
In addition to the guidelines, the WHO briefly acknowledges that new technologies - like drones or data mining tools - and outsourcing projects are changing surveillance, warning that organisations will need to proactively review the guidelines to keep up.
But Bernal said the WHO could have gone further. “This section is interesting and important, but feels a little like an 'add-on' to the main guidelines. I would have liked to see more.”
Alex McLintock, a Hadoop specialist and proponent of using big data to track public health, agreed that the guidance was “a good start”, but urged further action.
“We do need guidelines, as privacy usually trumps everything else, and this truly is a life or death problem,” he said. “The WHO document is not yet a complete set of practical rules we can follow. More work is needed.” ®