Privitar has released a new report that showcases best practices for organizations sharing health data for research purposes. It includes two case studies, providing a detailed account of the decision-making process at two leading organizations: Cambridge University Hospitals Trust and the Centre for Epidemiology Versus Arthritis at the University of Manchester.
Medical research and innovation relies on safe, timely access to health data. However, organizations holding health data can lack experience in data sharing, and may be nervous about public opinion or about legal and regulatory compliance. Recent public debate about NHS Digital’s rollout of the GP Data for Planning and Research (GPDPR) project shows that collecting and using health data can be complex and emotive.
Our report focuses on health data, but is relevant to any organization collecting and using personal and sensitive data. It describes the roles, processes and technology underpinning effective data sharing. In other words, the decisions an organization makes about who can use data, subject to what controls and for what purposes. Creating and maintaining these roles, processes and technology contribute to ‘data readiness,’ meaning that an organization is poised to reap the benefits of data.
We launched the health data sharing case studies project to help organizations to overcome uncertainty around data sharing and to improve their data readiness. The project report is based on numerous conversations with data stakeholders. It includes the two case studies and extensive analysis and commentary. We worked with a panel of four reviewers, including the Office of the National Data Guardian and the Medical Research Council, to make sure that the practices we document align with regulators’ and standard setters’ expectations.
Organizations need to balance several competing priorities when responding to requests for access to data. The list of issues to consider includes scientific value, ethics, data protection and privacy risk, public and patient perceptions, and resource constraints. Organizations also wanted to be able to take decisions quickly, to avoid delaying research, and in a consistent manner.
We found that a safe, efficient data sharing process requires:
Our team of data privacy experts is here to answer your questions and discuss how data privacy can fuel your business.