Data Analytics and the GDPR: Friends or Foes?

Stalla-Bourdillon, Sophie; Knight, Alison

doi:10.5040/9781509926237.ch-011

Cited by 2 publications

(2 citation statements)

References 0 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Data Pitch provided guidance on the key legal and privacy aspects of data sharing and reusage of (closed) data for a variety of purposes that can be understood by nonlegal specialists through their key resources: The Legal and Privacy Toolkit (2017, 2018, 2019). Privacy and data protection is a key focus for the Legal and Privacy Toolkit, including (a) strategy for pseudonymization and anonymization; (b) guidance on the data spectrum; (c) high-risk processing; and (d) data flow mapping as one method which organizations sharing and/or reusing data can use, to support and demonstrate legal compliance with the GDPR and other applicable laws.…”

Section: Embedding a Dpbd Approach Within Data Trustsmentioning

confidence: 99%

Data protection by design: Building the foundations of trustworthy data sharing

et al. 2020

Self Cite

View full text Add to dashboard Cite

Data trusts have been conceived as a mechanism to enable the sharing of data across entities where other formats, such as open data or commercial agreements, are not appropriate, and make data sharing both easier and more scalable. By our definition, a data trust is a legal, technical, and organizational structure for enabling the sharing of data for a variety of purposes. The concept of the “data trust” requires further disambiguation from other facilitating structures such as data collaboratives. Irrespective of the terminology used, attempting to create trust in order to facilitate data sharing, and create benefit to individuals, groups of individuals, or society at large, requires at a minimum a process-based mechanism, that is, a workflow that should have a trustworthiness-by-design approach at its core. Data protection by design should be a key component of such an approach.

show abstract

Section: Embedding a Dpbd Approach Within Data Trustsmentioning

confidence: 99%

Data protection by design: Building the foundations of trustworthy data sharing

et al. 2020

Self Cite

View full text Add to dashboard Cite

show abstract

“…Data protection scholars and ethicists alike agree that deidentification is a spectrum and not a uniform standard ( Stalla-Bourdillon and Wu, 2019 ). Indeed, some types of inherently identifying health information (e.g., genetic data ( Homer et al, 2008 )) pose challenges to the efficacy of both the reasonability standard and prescriptive approaches to deidentification.…”

Section: Introductionmentioning

confidence: 99%

A Policy and Practice Review of Consumer Protections and Their Application to Hospital-Sourced Data Aggregation and Analytics by Third-Party Companies

Rahimzadeh

2021

Front. Big Data

View full text Add to dashboard Cite

The Office of the National Coordinator for Health Information Technology estimates that 96% of all U.S. hospitals use a basic electronic health record, but only 62% are able to exchange health information with outside providers. Barriers to information exchange across EHR systems challenge data aggregation and analysis that hospitals need to evaluate healthcare quality and safety. A growing number of hospital systems are partnering with third-party companies to provide these services. In exchange, companies reserve the rights to sell the aggregated data and analyses produced therefrom, often without the knowledge of patients from whom the data were sourced. Such partnerships fall in a regulatory grey area and raise new ethical questions about whether health, consumer, or health and consumer privacy protections apply. The current opinion probes this question in the context of consumer privacy reform in California. It analyzes protections for health information recently expanded under the California Consumer Privacy Act (“CA Privacy Act”) in 2020 and compares them to protections outlined in the Health Information Portability and Accountability Act (“Federal Privacy Rule”). Four perspectives are considered in this ethical analysis: 1) standards of data deidentification; 2) rights of patients and consumers in relation to their health information; 3) entities covered by the CA Privacy Act; 4) scope and complementarity of federal and state regulations. The opinion concludes that the CCPA is limited in its application when health information is processed by a third-party data aggregation company that is contractually designated as a business associate; when health information is deidentified; and when hospital data are sourced from publicly owned and operated hospitals. Lastly, the opinion offers practical recommendations for facilitating parity between state and federal health data privacy laws and for how a more equitable distribution of informational risks and benefits from the sale of aggregated hospital data could be fostered and presents ways both for-profit and nonprofit hospitals can sustain patient trust when negotiating partnerships with third-party data aggregation companies.

show abstract

Data Analytics and the GDPR: Friends or Foes?

Cited by 2 publications

References 0 publications

Data protection by design: Building the foundations of trustworthy data sharing

Data protection by design: Building the foundations of trustworthy data sharing

A Policy and Practice Review of Consumer Protections and Their Application to Hospital-Sourced Data Aggregation and Analytics by Third-Party Companies

Contact Info

Product

Resources

About