Opt-out is the right approach for sharing your medical records with researchers

If assumed consent is informed consent, it’s individuals who benefit

Register Debate Welcome to the latest Register Debate in which writers and experts go head to head on technology topics, and you – the reader – choose the winning argument. The format is simple: we propose a motion, the arguments for the motion will run this Monday and Wednesday, and the arguments against on Tuesday and Thursday.

During the week you can cast your vote on which side you support using the poll embedded below, choosing whether you're in favour or against the motion. The final score will be announced on Friday, revealing whether the for or against argument was most popular. It's up to our writers to convince you to vote for their side.

This week’s motion is: Assumed consent is the right approach for sharing healthcare patients’ data, beyond their direct care. Or to put it another way: patient records should be shared with medical researchers on an opt-out basis.

The debate around the benefits of sharing medical data for the greater good versus individual’s expectations of confidentiality and consent, has become heated to say the least over the past year and a half. But if consent is not just assumed but informed, do we all stand to benefit? Our contributors serve up their own prescriptions, but you get to decide.

Our first contributor arguing FOR THE MOTION is Dr Katherine Hanks, a GP based in Australia.

At first glance, the idea of sharing my private health information with researchers and governments is alarming.

What if I wanted to talk to my doctor about experiencing domestic violence, or a weird discharge, or how I’m feeling hopeless and depressed? What if that very private information could be transmitted elsewhere to be used by people I don’t know for purposes I haven’t been informed of? My initial response is no thanks.

As a GP I am well versed in navigating individual health privacy considerations; it’s common for a patient to want to know what their partner told me in their consult, or for an insurance company to seek access to a patient’s whole records regardless of what is actually relevant.

Even though it is illegal and unethical for me to disclose private medical information without permission, it’s common for patients to check that I won’t tell anyone else before they disclose something they feel is private, embarrassing or shameful. We need to continue to defend doctor-patient confidentiality, because without it, patient care and outcomes will certainly suffer due to fear of who might find out what is disclosed.

However, while individual health privacy needs to be robustly defended, this does not necessarily mean that health data can’t be aggregated and securely anonymised to further medical and social research. While it would be entirely inappropriate to inform a researcher that Brian, aged 50, living in London has prostate cancer without first seeking his permission, it is both appropriate and extremely beneficial for the progress of medical research to know that 50 year old men with prostate cancer who take medication A live for longer than those on medication B.

While individual health privacy needs to be robustly defended, this does not necessarily mean that health data can’t be aggregated and securely anonymised to further medical and social research

This example highlights some of the huge benefits of health data sharing. With this information, we can ensure all prostate cancer sufferers have the best medication and stop wasting healthcare money on less effective treatments. Knowing which groups in the community are being diagnosed enables better targeting of screening programs. This is all likely to reduce death, disability and healthcare costs.

And as for assumed consent for sharing data, it’s important to remember that assumed consent is still informed consent: patients are told that they are assumed to have consented to the sharing of their data for use in metadata analysis and, should they wish to opt out, how to do so. Assuming consent does not displace personal rights, it simply creates a presumption in favour of a public good.

The solution is not to curtail health data sharing – it is to ensure layers of protection so that data is securely anonymised and only accessible by legitimate entities. Research using aggregated health data should be publicly available and subject to audits and regulatory scrutiny. If done well, this can address the need to protect privacy while not missing out on the many benefits that sharing health data can bring. The two ideals, privacy and public welfare, can coexist. There is also significant scope for commercial innovation that can ultimately drive better outcomes for patients.

The experience of COVID-19 has shown that more collectivist, “tight” societies like Singapore and others in South-East Asia have fared better than more individualistic “loose” societies like the USA and the UK.

When it comes to the pandemic, societies whose people are willing to widely participate in public health measures like social distancing and wearing masks for the collective good have better outcomes. This is a lesson that translates to health data sharing. When it comes to public health, we need to lean towards favouring collective benefits because ultimately, individuals will reap the benefits. ®

Cast your vote below. We'll close the poll on Thursday night and publish the final result on Friday. You can track the debate's progress here.

JavaScript Disabled

Please Enable JavaScript to use this feature.

Other stories you might like

  • Venezuelan cardiologist charged with designing and selling ransomware
    If his surgery was as bad as his opsec, this chap has caused a lot of trouble

    The US Attorney’s Office has charged a 55-year-old cardiologist with creating and selling ransomware and profiting from revenue-share agreements with criminals who deployed his product.

    A complaint [PDF] filed on May 16th in the US District Court, Eastern District of New York, alleges that Moises Luis Zagala Gonzalez – aka “Nosophoros,” “Aesculapius” and “Nebuchadnezzar” – created a ransomware builder known as “Thanos”, and ransomware named “Jigsaw v. 2”.

    The self-taught coder and qualified cardiologist advertised the ransomware in dark corners of the web, then licensed it ransomware to crooks for either $500 or $800 a month. He also ran an affiliate network that offered the chance to run Thanos to build custom ransomware, in return for a share of profits.

    Continue reading
  • China reveals its top five sources of online fraud
    'Brushing' tops the list, as quantity of forbidden content continue to rise

    China’s Ministry of Public Security has revealed the five most prevalent types of fraud perpetrated online or by phone.

    The e-commerce scam known as “brushing” topped the list and accounted for around a third of all internet fraud activity in China. Brushing sees victims lured into making payment for goods that may not be delivered, or are only delivered after buyers are asked to perform several other online tasks that may include downloading dodgy apps and/or establishing e-commerce profiles. Victims can find themselves being asked to pay more than the original price for goods, or denied promised rebates.

    Brushing has also seen e-commerce providers send victims small items they never ordered, using profiles victims did not create or control. Dodgy vendors use that tactic to then write themselves glowing product reviews that increase their visibility on marketplace platforms.

    Continue reading
  • Oracle really does owe HPE $3b after Supreme Court snub
    Appeal petition as doomed as the Itanic chips at the heart of decade-long drama

    The US Supreme Court on Monday declined to hear Oracle's appeal to overturn a ruling ordering the IT giant to pay $3 billion in damages for violating a decades-old contract agreement.

    In June 2011, back when HPE had not yet split from HP, the biz sued Oracle for refusing to add Itanium support to its database software. HP alleged Big Red had violated a contract agreement by not doing so, though Oracle claimed it explicitly refused requests to support Intel's Itanium processors at the time.

    A lengthy legal battle ensued. Oracle was ordered to cough up $3 billion in damages in a jury trial, and appealed the decision all the way to the highest judges in America. Now, the Supreme Court has declined its petition.

    Continue reading

Biting the hand that feeds IT © 1998–2022