The increasing trend in collecting ‘real-world’ healthcare information has raised concerns about data privacy and the rules for using and protecting this data. Clearer policies are needed that allow data use but also protect the privacy of patients.
There are differences in the use and availability of health data across European countries, and in the practice and policies regarding access and use of data. In addition, data governance arrangements among the OECD (Organisation for Economic Co-operation and Development) countries are at different stages of development (Health Data Governance: Privacy, Monitoring and Research, OECD, 2015).
The OECD has identified eight key data governance mechanisms to support privacy and the protective use of data related to ‘collection, linkage and analysis’ of health data:
- coordinated development of high-value, privacy-protective health information systems that promote monitoring and improvement of healthcare quality and system performance, and research innovations for better healthcare and outcomes
- legislation that permits privacy-protective data use
- open and transparent public communication
- accreditation or certification of health data processors
- transparent and fair project approval processes
- data de-identification practices that meet legal requirements and public expectations without compromising data use
- data security practices that meet legal requirements and public expectations without compromising data use
- a process to continually assess and renew the data governance framework as new data and new risks emerge.
The Office for Health Economics (OHE) in the UK conducted a review of data governance arrangements in a number of countries. It recommended that policies need to be clearer and also that a balance needs to be struck between allowing data to be used to advance research and protecting the privacy of patients whose data are collected.