Building a Privacy, Ethics, and Data Access Framework for Real World Computerised Medical Record System Data: A Delphi Study. Contribution of the Primary Health Care Informatics Working Group
Liyanage H., Liaw ST., Di Iorio CT., Kuziemsky C., Schreiber R., Terry AL., de Lusignan S.
BACKGROUND: Privacy, ethics, and data access issues pose significant challenges to the timely delivery of health research. Whilst the fundamental drivers to ensure that data access is ethical and satisfies privacy requirements are similar, they are often dealt with in varying ways by different approval processes.OBJECTIVE: To achieve a consensus across an international panel of health care and informatics professionals on an integrated set of privacy and ethics principles that could accelerate health data access in data-driven health research projects.METHOD: A three-round consensus development process was used. In round one, we developed a baseline framework for privacy, ethics, and data access based on a review of existing literature in the health, informatics, and policy domains. This was further developed using a two-round Delphi consensus building process involving 20 experts who were members of the International Medical Informatics Association (IMIA) and European Federation of Medical Informatics (EFMI) Primary Health Care Informatics Working Groups. To achieve consensus we required an extended Delphi process.RESULTS: The first round involved feedback on and development of the baseline framework. This consisted of four components: (1) ethical principles, (2) ethical guidance questions, (3) privacy and data access principles, and (4) privacy and data access guidance questions. Round two developed consensus in key areas of the revised framework, allowing the building of a newly, more detailed and descriptive framework. In the final round panel experts expressed their opinions, either as agreements or disagreements, on the ethics and privacy statements of the framework finding some of the previous round disagreements to be surprising in view of established ethical principles.CONCLUSION: This study develops a framework for an integrated approach to ethics and privacy. Privacy breech risk should not be considered in isolation but instead balanced by potential ethical benefit.