Understanding the Risk with Data Sharing
The growing demand to share health data brings with it growing risks. The proliferation of PHI and subsequent requests for data is pushing the boundaries of compliance as organizations try to satisfy demand. One response has been to err on the side of caution and keep data locked away. However, for those who take the road less travelled – understanding the inherent risk with data sharing is essential.
Most organizations, unfortunately, still rely on rudimentary data management approaches, such as data sharing agreements and masking. These methods fall short of emerging standards that have universally recommended the need for risk-based de-identification when sharing data for secondary purposes. The small number of organizations embracing more advanced approaches to data management is indicative of the slow pace of change in the industry, particularly when it comes to information technology.
Without a staff that is fully knowledgeable of the tools and techniques to share data safely, organizations will continue to lack confidence in their ability to protect privacy when disclosing data. This should spur organizations to reduce their reliance on ad hoc practices and seek out education and expertise on better ways to responsibly share sensitive data.
What We Know
The results of the Privacy Analytics market survey show the gap between regulatory requirements and the industry’s preparation to meet them. These findings match a Deloitte Brief on privacy and security of protected health information as well. The HITECH Act introduced a requirement for periodic audits of covered entities and business associates to check compliance with HIPAA Privacy, Security and Breach Notification Rules. The importance of ongoing risk analysis will be a central feature of these audits. A pilot audit program conducted in 2013 showed that few healthcare organizations had appropriate controls in place and that the industry needed to significantly improve its security and privacy programs. With the permanent audit program about to come into existence, the clock has run out on organizations that have delayed the implementation of rigorous, risk-based privacy protocols and practices.
Those who are in charge of storing and managing PHI know that they must understand the risk with data sharing. The responses to our market survey echo struggles to prevent patient re-identification and meet regulatory compliance. Many organizations feel unprepared to responsibly store and share data for secondary purposes, and thus, are unable to advance analytics in their organization. Those organizations that have taken steps to improve their understanding of de-identification and follow emerging standards, like the Health Information Trust Alliance (HITRUST) and PhUSE guidelines, are in an advantageous position in the emerging field of healthcare analytics. They will benefit from the ability to broadly share data with smaller risk and confidently monetize their data.
How does your organization compare? We want to know! Our second State of Data Sharing survey is now online. In only five minutes, you can contribute to a better understanding of how healthcare manages health data. Take our survey here.
- One Year In: How the Opening of Health Canada’s Portal Affects YouMay 4, 2020
- Turn Data Assets into Business Opportunity Under CCPADecember 19, 2019
- How does risk-based anonymization work?December 18, 2019
- Why should I use Expert Determination over Safe Harbor?December 18, 2019
- What do I need to know about GDPR, HIPAA and CCPA to meet our regulatory and privacy obligations?December 18, 2019
- Putting our passion into action against COVID-19April 15, 2020
- GDPR and The Future of Clinical Trials Data SharingMarch 18, 2019
- Advancing Principled Data Practices in Support of Emerging TechnologiesMarch 15, 2019
- “Zero Risk Does Not Exist”February 7, 2019
- Is Anonymization Possible with Current Technologies?January 9, 2019