OECD Health Policy Studies O E C Health Data Governance D H e a PRIVACY, MONITORING AND RESEARCH lt h OECD Health Policy Studies P o Contents lic y Chapter 1. Introducing high-value, privacy-protective health information systems S Health Data Governance t u Chapter 2. High-value health data supporting health care management, policy and innovation d ie Chapter 3. The legislative framework governing personal health data s PRIVACY, MONITORING AND RESEARCH Chapter 4. Open and transparent health information systems Chapter 5. Concentrating and strengthening national health data processing Chapter 6. Fair and transparent health project approval processes Chapter 7. De-identifying personal health data Chapter 8. Health data security and management practices Chapter 9. The way forward for privacy-protective health information systems H e a lt h D a t a G o v e r n a n c e P R IV A C Y , M O N IT O R IN G A N D R E S E A Consult this publication on line at http://dx.doi.org/10.1787/9789264244566-en. R C H This work is published on the OECD iLibrary, which gathers all OECD books, periodicals and statistical databases. Visit www.oecd-ilibrary.org for more information. ISBN 978-92-64-24455-9 81 2015 23 1 P OECD Health Policy Studies Health Data Governance PRIVACY, MONITORING AND RESEARCH This work is published under the responsibility of the Secretary-General of the OECD. The opinions expressed and arguments employed herein do not necessarily reflect the official views of OECD member countries. This document and any map included herein are without prejudice to the status of or sovereignty over any territory, to the delimitation of international frontiers and boundaries and to the name of any territory, city or area. Please cite this publication as: OECD (2015), Health Data Governance: Privacy, Monitoring and Research, OECD Health Policy Studies, OECD Publishing, Paris. http://dx.doi.org/10.1787/9789264244566-en ISBN 978-92-64-24455-9 (print) ISBN 978-92-64-24456-6 (PDF) Series: OECD Health Policy Studies ISSN 2074-3181 (print) ISSN 2074-319X (online) The statistical data for Israel are supplied by and under the responsibility of the relevant Israeli authorities. The use of such data by the OECD is without prejudice to the status of the Golan Heights, East Jerusalem and Israeli settlements in the West Bank under the terms of international law. Photo credits: Cover © vladvm50/Fotolia.com; © VectorShots/Fotolia.com; © iStock.com/geopaul; © Zern Liew/ Shutterstock.com; Alexander Lukin/Shutterstock.com; © iStockphoto.com/GodfriedEdelman. Corrigenda to OECD publications may be found on line at: www.oecd.org/about/publishing/corrigenda.htm. © OECD 2015 You can copy, download or print OECD content for your own use, and you can include excerpts from OECD publications, databases and multimedia products in your own documents, presentations, blogs, websites and teaching materials, provided that suitable acknowledgement of OECD as source and copyright owner is given. All requests for public or commercial use and translation rights should be submitted to [email protected]. Requests for permission to photocopy portions of this material for public or commercial use shall be addressed directly to the Copyright Clearance Center (CCC) at [email protected] or the Centre français d’exploitation du droit de copie (CFC) at [email protected]. 3 FORWORD – Foreword Health data collected by national governments that can be linked and shared are a valuable resource that can be used safely to improve the health outcomes of patients and the quality and performance of the health care systems that serve them. Data allowing a comprehensive view of health care services permit uncovering medical errors, adverse drug reactions, fraud, adherence to clinical guidelines, effective treatments, optimal care paths and optimal responders to treatment. Health Ministry leadership is necessary to ensure that delivering the data to manage this important sector is at the forefront of government policy and action. Previous OECD work has found a high variability across OECD countries in data availability and use to concerns about and uncertainty about how to protect patient’s rights to privacy and to preserve the security of health data when data are shared, linked and analysed. This study supports OECD countries in developing privacy-protective uses of personal health data by examining current data availability, uses and governance practices; and identifying key data governance mechanisms that maximise benefits to patients and to societies and minimise risks to patients’ privacy and to public trust and confidence in health care providers and governments. International collaboration in this dynamic area is essential for information about best practices and lessons learned in health data governance to circulate widely; and to support movement toward common best practices so that multi-country statistical and research projects are feasible. HEALTH DATA GOVERNANCE: PRIVACY, MONITORING AND RESEARCH © OECD 2015 4 – ACKNOWLEDGEMENTS Acknowledgements This OECD study was undertaken by the OECD HCQI (Health Care Quality Indicators) Expert Group as part of the 2013/14 programme of work of the OECD Health Committee. The OECD Working Party on Security and Privacy in a Digital Economy (SPDE) provided input to the study. The authors would like to acknowledge the representatives from the countries who make up the HCQI Expert Group and the SPDE Working Party who gave generously of their time to provide input to this study; and to the experts from participating countries that provided responses to surveys and participated in case study interviews (see Annexes B and C). Particular thanks and recognition is extended to the members of the HCQI Advisory Panel of Experts on Health Information Infrastructure (APHII) for their contribution to all aspects of this study from its design and conduct, to analysis and reporting, to the development of tools and identification of key data governance mechanisms. Members of the APHII are recognised in Annex A of this report. The contributions of the staff of the OECD Secretariat, in particular Jillian Oderkirk, Niek Klazinga, Anna Irvin Sigal and Duniya Dedeyn are also acknowledged. The authors would also like to acknowledge Stefano Scarpetta, Mark Pearson and Francesca Colombo for their support and directions provided on the study. HEALTH DATA GOVERNANCE: PRIVACY, MONITORING AND RESEARCH © OECD 2015 5 TABLE OF CONTENTS – Table of contents Acronyms and abbreviations ........................................................................................................... 9 Glossary ........................................................................................................................................ 11 Executive summary ....................................................................................................................... 17 Chapter 1. Introducing high-value, privacy-protective health information systems ............. 19 Data are essential to improving health care and health system performance ........................... 21 References ................................................................................................................................ 27 Chapter 2. High-value health data supporting health care management, policy and innovation ............................................................................................................................. 29 Key national health and health care datasets ............................................................................ 32 Progress in national dataset availability since 2011 ................................................................. 35 Highest coverage of the target population in the key datasets of Denmark, Finland, Sweden and Iceland ................................................................................................................. 36 Automatic extraction of electronic data is prevalent in 13 countries ....................................... 37 Twelve countries reported consistently coding health care data using a terminology standard ................................................................................................................................ …37 Retention periods for personal health data ............................................................................... 38 Concerns with the quality of the data ....................................................................................... 39 Six countries use all of their national health care datasets to regularly report about the quality and performance of health care .................................................................................... 40 Finland, Iceland, Singapore, Sweden, the United Kingdom (Scotland and Wales) have the highest proportion of key national health datasets sharing the same unique patient ID number ................................................................................................................................ 40 Finland, Iceland, the United Kingdom (England) and Singapore are regularly linking most of their national health care datasets for statistics and research ...................................... 41 Little change in data linkage activities since 2011 ................................................................... 43 National projects advancing high-value data to promote health and improve health care ....... 44 Key international projects to improve health care outcomes, safety and performance ............ 56 Key features of high-value, privacy-protective health information systems ............................ 60 Notes ........................................................................................................................................ 61 References ................................................................................................................................ 62 Chapter 3. The legislative framework governing personal health data .................................. 65 Data accessibility across OECD countries ............................................................................... 66 Legislative frameworks for the protection of privacy .............................................................. 68 Personal health data can have inconsistent legislative protection ............................................ 72 National health datasets contain sensitive personal information ............................................. 73 Legislation may permit the secondary analysis of personal health data in cases where patient consent is not possible or practicable ................................................................ 75 Protection of the privacy of health care providers ................................................................... 77 Consent to uses of data in the future that cannot be specified today ....................................... 78 HEALTH DATA GOVERNANCE: PRIVACY, MONITORING AND RESEARCH © OECD 2015 6 – TABLE OF CONTENTS Data sharing for the purpose of research or statistics ............................................................... 81 Sharing and access to de-identified data .................................................................................. 84 Foreign applicants for access to data ....................................................................................... 87 Data sharing challenges among national health dataset custodians ......................................... 90 Legislative reforms that are needed or are underway .............................................................. 95 Key elements of legislative frameworks supporting privacy-protective uses of health data ... 97 References ................................................................................................................................ 99 Chapter 4. Open and transparent health information systems .............................................. 101 Open government health data ................................................................................................ 103 Aims of open health data initiatives vary ............................................................................... 104 Transparency about national health datasets .......................................................................... 106 Sharing information with the public about approved studies involving personal health data processing ....................................................................................................................... 107 Transparency about researcher access to data ........................................................................ 107 Public opinion about data uses ............................................................................................... 110 Public communication: Lesson’s learned from the UK Health and Social Care Information Centre ................................................................................................................. 111 Approaches to engaging with stakeholders and the public about the processing of personal health data ........................................................................................................... 114 Key elements of data governance that promote openness and transparency ......................... 114 References .............................................................................................................................. 116 Chapter 5. Concentrating and strengthening national health data processing .................... 119 Concentration of national health datasets .............................................................................. 120 Data linkages are concentrated in many countries ................................................................. 120 Data processing centres .......................................................................................................... 122 Accreditation or certification of data processors ................................................................... 123 Processing data access requests and recovering their costs ................................................... 127 Strategies and techniques to improve timeliness and reduce costs ........................................ 131 Accreditation or certification of data processors promotes both data security and access to data ................................................................................................................... 132 References .............................................................................................................................. 134 Chapter 6. Fair and transparent health project approval processes ..................................... 135 Project approval processes ..................................................................................................... 136 Research ethics committees ................................................................................................... 137 Approval by the Data Protection Regulator following input from research ethics boards .... 139 Independent advisors within internal committees or governing boards ................................. 139 Internal decision-making process with advice from the privacy regulator ............................ 140 Internal decision-making processes ....................................................................................... 141 Appeals process ...................................................................................................................... 142 Transparent processes for requests to process or access personal health data ....................... 142 Project review boards must evaluate the risks and benefits to society of a proposed use of personal health data ........................................................................................................... 143 Transparent and fair project approval processes are needed .................................................. 145 References .............................................................................................................................. 146 Chapter 7. De-identifying personal health data ...................................................................... 147 Gap between legal requirements and data de-identification in practice ................................. 149 Data are de-identified prior to analysis? ................................................................................ 150 HEALTH DATA GOVERNANCE: PRIVACY, MONITORING AND RESEARCH © OECD 2015 7 TABLE OF CONTENTS – The use of pseudonyms to replace direct identifiers .............................................................. 151 Evaluating and addressing data re-identification risk ............................................................ 152 Weighing data de-identification techniques against dataset utility for the intended purpose .... 155 Data de-identification practices that consider the “big picture”: data protection, security and utility ............................................................................................................................... 157 References .............................................................................................................................. 159 Chapter 8. Health data security and management practices ................................................. 161 Guidelines and policies to protect data privacy and security ................................................. 164 Data security within data custodians ...................................................................................... 166 External data processors and cloud computing services ........................................................ 169 Protecting data during the transfer process ............................................................................ 169 Data sharing agreements or contracts .................................................................................... 170 Mechanisms to assure compliance with data sharing agreements ......................................... 172 Penalties for non-compliance with the law and data sharing agreements or contracts .......... 173 Data breach experiences ......................................................................................................... 174 Alternatives to transferring data to third parties .................................................................... 175 Data security practices are essential to meeting legal requirements and public expectations ... 178 References .............................................................................................................................. 179 Chapter 9. The way forward for privacy-protective health information systems ................ 181 Progress during the past five years ......................................................................................... 183 Outlook for the next five years .............................................................................................. 184 Policy and technical obstacles to progress over the next five years ....................................... 185 Governance mechanisms supporting privacy-protective monitoring and research involving personal health data ................................................................................................ 186 Next steps ............................................................................................................................... 187 Note ........................................................................................................................................ 189 References .............................................................................................................................. 190 Annex A. Health Care Quality Indicators Expert Group. Advisory Panel of Experts on Health Information Infrastructure ........................................................................................................... 191 Annex B. Health Care Quality Indicators Information Infrastructure Questionnaire .................. 193 Annex C. HCQI Expert Interviews on Health Information Infrastructure ................................... 195 Tables Table 2.1. Key national health dataset availability, maturity and use ................................... 31 Table 2.2. Dataset is available at the national level ............................................................... 35 Table 2.3. Proportion of the population covered by the data ................................................. 36 Table 2.4. Number of countries reporting sources of variables within national datasets ...... 37 Table 2.5. Number of countries reporting coding clinical terminology ................................ 38 Table 2.6. Just over half of countries with national datasets are regularly linking the data to monitor quality or health system performance .................................................... 42 Table 2.7. Thirteen countries are linking data across the pathway of care ............................ 42 Table 2.8. Seven countries are linking seven or more key datasets on a regular basis for statistics or research ......................................................................................................... 43 Table 2.9. Number of countries1 reporting a data linkage project is taking place on a regular basis involving national datasets in 2011 and 2013 .......................................... 44 HEALTH DATA GOVERNANCE: PRIVACY, MONITORING AND RESEARCH © OECD 2015 8 – TABLE OF CONTENTS Table 3.1. Proportion of key national personal health datasets meeting six data accessibility factors ............................................................................................................... 68 Table 3.2. Countries reporting a national law or regulation that speaks to the protection of health information privacy and/or to the protection and use of electronic clinical records ................................................................................................................................... 71 Table 3.3. Variables considered as being among the most sensitive within national health datasets ........................................................................................................................ 74 Table 3.4. Number of custodians of national datasets ........................................................... 81 Table 4.1. Open government health data initiatives ............................................................ 104 Table 5.1. Proportion of national datasets in the custody of and linked by the same organisation .......................................................................................................... 121 Table 5.2. Number of organisations and datasets involved in linkage of key national health datasets ...................................................................................................................... 121 Table 6.1. Public communication regarding requests for access to and processing of personal health data ......................................................................................................... 143 Table 6.2. Risk-benefit evaluation tool supporting decision making about the processing of personal health data ......................................................................................................... 144 Table 7.1. Proportion of key national health datasets with five data de-identification practices ................................................................................................................................ 150 Table 8.1. Percentage of key national datasets where data security practices to protect data from re-identification were identified .......................................................................... 163 Table 9.1. Views about progress in and the future of health data use ................................. 184 Table A.1. Members of the Advisory Panel of Experts on Health Information Infrastructure ....................................................................................................................... 192 Table B.1. Countries that responded to the 2013-14 HCQI Information Infrastructure Questionnaire ........................................................................................................................ 194 Table C.1. Participants to the 2013-14 HCQI Expert Interviews on Health Information Infrastructure ........................................................................................................................ 196 Figures Figure 1.1. Data use decisions should be taken by weighing societal benefits and risks within a data governance framework that maximises benefits and minimises risks ................ 25 Figure 2.1. Key health data availability, maturity and use ....................................................... 31 Figure 3.1. Sharing and accessibility of health data for approved statistical and research uses ........................................................................................................................................ 67 HEALTH DATA GOVERNANCE: PRIVACY, MONITORING AND RESEARCH © OECD 2015