Sage Journals: Discover world-class research

Abstract

Objective

Individuals who work on health data systems and services are uniquely positioned to understand the risks of health data collection and use. We designed and conducted a survey assessing the perceptions of those who work with health data around health data consent, sharing, and privacy practices in healthcare and clinical research.

Methods

A 43-item online survey was distributed via a market research firm to individuals (18+) who work with health data in the United States from March to April 2023. Descriptive statistics were calculated for all variables. Associations with demographic variables were assessed using Pearson's X² tests and ordinal logistic regression.

Results

Most of our respondents (61.7%) reported that they would trust people to use their health data across various sectors, but more respondents trusted those working in academic medical research (86.5%) and healthcare offices (89.9%) compared to those working in industry (68.2%). Despite this reported trust, a strong majority believed that individuals should have complete control over their health data (97.3%), specific consent should be obtained for each use of their health data (92.0%), and that there should be higher standards of consent and privacy for health records data than other types of data (93.7%).

Conclusions

Based on our findings, we might infer that people who work with health data generally trust institutions across sectors to protect their health data. However, many would prefer to have complete control over who has access to their health data and how it is used. These insights should be explored further through qualitative studies.

Keywords

Informed consent patient data privacy bioethics data sharing health research

Introduction

The utilization of large electronic health data sets has advanced rapidly over the past two decades across academic research, healthcare, and industry settings. The resulting regulatory structure prioritizes enabling free flow and aggregation of health data to improve research capacity, clinical practice, and profits over promoting the ability of individuals to control the disposition of their own health data.¹ Simultaneously, most individuals are concerned but are largely unaware of how their own data, including health data, is collected, stored, used, and shared.^1,2 This disconnect is especially concerning in the current environment where health data professionals are incentivized to identify new and unexpected uses of health data, including health data that has already been collected.³

Broad consent requires that individuals agree to the use of their de-identified data for future undefined purposes.⁴ The United States (U.S.) federal regulation known as The Common Rule, which sets requirements for clinical research involving human subjects, only requires that broad consent be collected from individuals providing health data as long as that data becomes de-identified.⁴ Institutional Review Boards (IRB) that oversee human subjects research waive consent requirements for studies that use secondary de-identified data obtained through broad consent.⁵ This framework assumes trust in research institutions to responsibly steward one's health data, which includes protecting it from malicious actors, preventing irresponsible uses, and only sharing it with equally responsible institutions. Previous qualitative work in this field has found that participants have concerns about sharing their health information with researchers and worry that other entities may have access to their data without their knowledge.^6,7

The passage of the Health Information Technology for Economic and Clinical Health Act in 2009 incentivized providers to implement electronic medical record (EMR) systems and dramatically increased the percentage of hospital systems and provider offices that utilize EMR systems.^8,9 Since then, EMR systems have become a ubiquitous component of healthcare in the U.S. Results from a 2020 survey show that patients who had privacy concerns related to EMR data were more likely to withhold information from their providers than those with no concerns.¹⁰ The shift toward electronic health data services necessitates comprehensive and clear guidelines around how healthcare organizations should collect, use, and share individual's health data.

For-profit industry is also increasingly collecting and using health data. Large companies like Meta and Google partner with healthcare organizations and use tracking technologies to collect health data that is not protected under Health Insurance Portability and Accountability Act (HIPAA).^11,12 These companies have been reluctant to share how this data is used, making it difficult for regulators to create standards of privacy, security and informed consent.¹³ Consequently, the public has concerns around sharing health data with corporations.^14,15

Considering these opaque practices and minimal regulation, it is unsurprising that the public has concerns around who has access to their health data and for what purpose.^{1,6,7,14–23} A 2022 survey of U.S. patients published in a press release by the American Medical Association reported that almost 75% of respondents are concerned about the privacy of their personal health information and that most were unaware of what companies have access to their data.¹ Furthermore, the public's reported intention to share health data for primary purposes (e.g. communications with care providers) was higher compared to secondary purposes (e.g. public health research) and that willingness to share health data for secondary purposes is influenced by profit prioritization, impact on patient care, length of time the data will be shared for, and trust in parties who can access the data.^18,19 Although the U.S. public have concerns around the privacy, security, and management of their health data, they continue to share health data electronically because they appreciate the benefits like ease of access to information and improved communication with providers.^20–23

Those who work with health data in their professions witness, or are at least familiar with, practices, risks and benefits associated with the collection, sharing, protection, and use of health data. Unlike the general population whose attitudes toward health data use have previously been studied, those who work with health data have first-hand experience navigating the world of electronic health data as both administrator and user. Therefore, their perspectives could help inform policy considerations and assess the effectiveness of ethics training curriculums for health data management. In this study, we sought to understand the perceptions of people who work with health data in the U.S. around health data privacy, sharing and consent practices.

Methods

Survey design

Survey constructs were informed by previous studies related to public attitudes around data privacy, sharing and consent,^16,17,21 and semi-structured interviews conducted in 2021 with professionals who work with health data in the U.S., such as analysts, scientists, managers, or c-suite executives. The goal of these interviews was to explore privacy, security, and other ethical concerns associated with the collection, use, and management of health data. The research team analyzed qualitative transcripts to identify themes and tensions that were not previously captured in the literature on data privacy, sharing and consent. The team used these qualitative findings to inform the design of this survey, which was intended to systematically capture the qualitative themes and tensions in a larger sample through a closed-ended survey.

The 43-item survey was developed by a team of experts in bioethics and biostatistics and was refined through iterative conversations among the study team. The survey (Supplementary File) assessed five domains: (1) personal data sharing behaviors and attitudes; (2) ethical considerations around data privacy and informed consent; (3) attitudes toward professional responsibilities around privacy and consent; (4) perspectives on institutional culture around ethics on health data in healthcare and health research; and (5) demographics. This paper, focusing on personal attitudes and behaviors of people who work with health data related to data privacy, sharing and consent practices, will discuss results related to domains one, two, and five. We will describe the results of survey domains three and four in a future publication that focuses on professional attitudes and behaviors of people who work with health data related to data privacy, sharing and consent practices.

Survey domains one, two, and five consisted of 15 closed-ended questions (including 10 demographic questions) and 13 Likert scale questions, yielding a total of 28 survey items. Respondents were given the option to select “Other” and provide a short text response for demographic questions on political party, education level, race, and gender.

Sampling strategy

The study sample was drawn from nationwide panels of demographically diverse groups through a market research firm. Panel members were eligible for recruitment if they resided in the U.S. and were over the age of 18. A screener question at the beginning of the survey was used to ensure that all respondents’ jobs required them to work with health data on a regular basis. Respondents provided their written consent to participate through the market research firm and completed the survey online through Qualtrics in exchange for points that may be used for online transactions. Incentive amounts and types differed across the panel suppliers that partner with the research firm.

To ensure that the survey was able to be completed properly, the market research firm disseminated the survey for a “soft launch” to 90 respondents. To reduce measurement error, the market research firm removed respondents who completed the survey in under 3 minutes (25% less than the median completion time for respondents included in the soft launch), indicating that they were likely unengaged.²⁴ Additionally, the firm used digital fingerprinting and encrypted survey links to ensure that only validated panelists could take the survey a single time.

Survey administration

This single-site survey was disseminated from March 22 to April 7, 2023. The sample size was selected to ensure a sufficiently low margin of error (+/-3.3%) at a 95% confidence level.^25,26

Statistical analysis

All quantitative analyses were conducted using Stata/MP 17.0 for Linux (College Station, TX). Frequencies and percentages were calculated for categorical and Likert scale questions. Associations for categorical questions were calculated using Pearson's X² tests.²⁷ Associations for Likert scale questions were calculated using ordinal logistic regression.²⁸ Percentages for four-level Likert scale questions were dichotomized in the text for easier interpretation (e.g., strongly agree and somewhat agree = agree; strongly disagree and somewhat disagree = disagree). Percentages across all levels can be found in Tables 2 and 3.

Since categories for several of the demographic responses had a small number of respondents, assumptions of the X² and ordinal logistic regression tests were not met. Therefore, for analyses of associations, we categorized those in the 65–74, 75–84, and 85+ years old age groups as 65+, removed “other” from the variable education, removed “other” from the variable political affiliation, and removed “nonbinary or 3rd gender”, “prefer not to say”, and “more than one gender” from the variable gender.

We applied Bonferroni's correction by setting the significance threshold to 0.0005 instead of the typical 0.05 to ensure that we did not make any false discoveries related to conducting over 300 hypothesis tests.^29,30 Therefore, p-values greater than or equal to 0.05 were interpreted as insignificant, p-values less than 0.05 but greater than or equal to 0.0005 were interpreted as questionable significance, and p-values less than 0.0005 were interpreted as unambiguously significant.³¹ This paper will report on results of the hypothesis tests that were unambiguously significant.

Results

Study population

Surveys were administered to over 300 unique panel suppliers; 3689 people clicked on the survey link; 2913 people passed the eligibility criteria and screener question; 1741 responses were removed from the sample because they completed the survey in under three minutes or for other reasons that would compromise data integrity; 16 responses were removed because the respondents did not complete more than 50% of the survey questions.

The final survey sample included a total of 1156 respondents who were primarily between the ages of 25–44 (60.8%), women (67.4%), non-Hispanic (84.9%), and White (71.7%). Most respondents worked in industry (54.4%), followed by the non-profit sector (24.4%). Respondents’ education levels ranged from high school to doctoral degrees, and the most reported education level was a bachelor's degree (38.2%). Respondents resided across all regions of the U.S. and reported a range of political affiliations, professional roles, and years of experience working with health data (Table 1).

Table 1.

Population characteristics.

Variable	N (%)	Missing (%)
Overall	1156
Gender		5 (0.43)
Man	362 (31.45)
Woman	776 (67.42)
Nonbinary or 3^rd gender	5 (0.43)
Prefer Not to Say	3 (0.26)
More than one gender	5 (0.43)
Ethnicity		5 (0.43)
Hispanic or Latinx	174 (15.12)
Not Hispanic or Latinx	977 (84.88)
Race*		5 (0.43)
White	825 (71.68)
Black or African American	192 (16.68)
American Indian or Alaskan Native	10 (0.87)
Asian	59 (5.13)
Other	44 (3.82)
More than 1 race	21 (1.82)
Education		5 (0.43)
High school	108 (9.38)
Some college or technical school	305 (26.50)
Bachelors	440 (38.23)
Master's degree or equivalent	213 (18.51)
Doctorate or equivalent	74 (6.43)
Other	11 (0.96)
Age		5 (0.43)
18–24	84 (7.30)
25–34	337 (29.28)
35–44	363 (31.54)
45–54	214 (18.59)
55–64	126 (10.95)
65+	27 (2.35)
Region		5 (0.43)
Midwest	288 (25.02)
Northeast	278 (24.15)
Southeast	274 (23.81)
Southwest	124 (10.77)
West	187 (16.25)
Political affiliation		5 (0.43)
Democratic	478 (41.53)
Republican	283 (24.59)
Independent	261 (22.68)
No preference	84 (7.30)
Prefer not to answer	39 (3.39)
Other	6 (0.52)
Professional role		5 (0.43)
CEO or President	99 (8.60)
Reports to CEO or President	196 (17.03)
Reports to someone who reports to CEO or President	474 (41.18)
None of the above	382 (33.19)
Sector		7 (0.61)
Government	191(16.62)
Industry	625 (54.40)
Non-profit	280 (24.37)
Academic	53 (4.61)
Years in health data		5 (0.43)
16–25	154 (13.38)
11–15	179 (15.55)
6–10	309 (26.85)
1–5	359 (31.19)
<1	66 (5.73)
25+	84 (7.30)

*Note: 31 of the 44 who responded “Other” for race wrote in responses that indicated that they identify their race as Hispanic or Latinx.

Concerns related to data privacy, sharing, and consent in healthcare and research

Half (50.0%) of respondents reported that they had a similar level of concern about who has access to their data compared to friends and family; 34.8% said they were more concerned and 15.2% said they were less concerned (Table 2).

Table 2.

Concerns related to data privacy, sharing, and consent in healthcare and research.

Question		Frequency (%)	% Comfortable	% Uncomfortable
How comfortable would you feel knowing your health data collected by your doctor's office is being used in an academic research study on cancer risks?			77.84	22.17
	Very comfortable	369 (31.95)	–	–
	Somewhat comfortable	530 (45.89)	–	–
	Somewhat uncomfortable	197 (17.06)	–	–
	Very uncomfortable	59 (5.11)	–	–
How comfortable would you be knowing that this study will be using artificial intelligence (AI) or machine learning (ML) to look for cancer risks?			79.48	20.52
	Very comfortable	366 (31.69)	–	–
	Somewhat comfortable	552 (47.79)	–	–
	Somewhat uncomfortable	180 (15.58)	–	–
	Very uncomfortable	57 (4.94)	–	–
Compared to my friends and family, I tend to be _______ concerned about who has access to my data.			–	–
	More	402 (34.81)	–	–
	Similarly	578 (50.04)	–	–
	Less	175 (15.15)	–	–

Question		Frequency (%)	% Comfortable	% Uncomfortable
My privacy concerns are about people stealing my information and using it in ways that could cause harm (ex: spying, blackmailing, framing, or impersonating).			90.83	9.17
	Strongly agree	624 (53.98)	–	–
	Somewhat agree	426 (36.85)	–	–
	Somewhat disagree	88 (7.61)	–	–
	Strongly disagree	18 (1.56)	–	–
My privacy concerns are about my financial security.			92.3	7.7
	Strongly agree	636 (55.02)	–	–
	Somewhat agree	431 (37.28)	–	–
	Somewhat disagree	79 (6.83)	–	–
	Strongly disagree	10 (0.87)	–	–
My privacy concerns are about not wanting other people to know things about me that I consider private.			89.79	10.2
	Strongly agree	577 (49.91)	–	–
	Somewhat agree	461 (39.88)	–	–
	Somewhat disagree	99 (8.56)	–	–
	Strongly disagree	19 (1.64)	–	–

Note: “% Comfortable” = % very comfortable and % somewhat comfortable. “% Uncomfortable” = % very uncomfortable and % somewhat uncomfortable. “% Agree” = % strongly agree and % somewhat agree. “% Disagree” = % strongly disagree and % somewhat disagree.

Compared to other groups, those who resided in the Southwest region of the U.S., as well as those who identified as men, Black or African American, American Indian or Alaskan Native, and Hispanic were more likely to be more concerned than their family and friends about who has access to their data (all p < 0.0001).

Most respondents agreed that to the extent that they have privacy concerns, their concerns are related to financial security (92.3%), people stealing their private information and using it in ways that could cause harm (90.8%), and not wanting other people to know their private information (89.8%). Most respondents also reported that they would be comfortable knowing that the health data collected by their doctor's office was being used in an academic research study on cancer risks (77.8%). A similar proportion reported that they would be comfortable knowing that the study would use artificial intelligence (AI) or machine learning (ML) (79.5%) (Table 2).

Compared to other groups, women were more likely to be uncomfortable knowing that their health data collected by their doctor's office is being used in an academic research study on cancer risks (p < 0.0001) and that this study was going to use AI or ML (p < 0.0001). Compared to other groups, those ages 55+ and those with 25+ years of experience in health data were more likely to be uncomfortable knowing that a study on cancer risk would be using AI or ML (p = 0.0001, p < 0.0001). Compared to other groups, those who identified as Democrats and those who had completed their master's degree were more likely to be comfortable knowing that their health data collected by their doctor's office is being used in an academic research study on cancer risks (p = 0.0001, p = 0.0003) and that this study was going to use AI or ML (p < 0.0001, p < 0.0001).

Attitudes toward trusting different sectors to protect health data

In fact, 68.2% agreed that they trust people who work with health data in for-profit industry settings to protect their health information. A higher proportion agreed that they trust academic medical researchers (86.5%) or healthcare provider offices (89.9%) with this information. 61.7% of respondents agreed that they trust people who work with health data in all three sectors (Table 3).

Table 3.

Attitudes toward trusting different industries to protect health data.

Question		Frequency (%)	% Agree	% Disagree
I trust people who work with health data in for-profit industry settings to protect my health information.			68.22	31.77
	Strongly agree	271 (23.46)	–	–
	Somewhat agree	517 (44.76)	–	–
	Somewhat disagree	269 (23.29)	–	–
	Strongly disagree	98 (8.48)	–	–
I trust people who work with health data in academic medical-research settings to protect my health information.			86.49	13.52
	Strongly agree	432 (37.44)	–	–
	Somewhat agree	566 (49.05)	–	–
	Somewhat disagree	126 (10.92)	–	–
	Strongly disagree	30 (2.60)	–	–
I trust people who work with health data in healthcare provider offices to protect my health information.			89.93	10.07
	Strongly agree	481 (41.75)	–	–
	Somewhat agree	555 (48.18)	–	–
	Somewhat disagree	93 (8.07)	–	–
	Strongly disagree	23 (2.00)	–	–
Trust across all three sectors^a			61.68	38.32

Note: “% Agree” = % strongly agree and % somewhat agree. “% Disagree” = % strongly disagree and % somewhat disagree.

Respondents who said “strongly” or “somewhat” agree to all three questions in the table were categorized as “agree” and all others were categorized as “disagree”.

Compared to other groups, women were less likely to trust people who work with health data in for-profit industry settings to protect their health information (p = 0.0002). Compared to other groups, those who identified as Republican and those who had completed high school or some college/technical school were less likely to trust people who work with health data in academic medical-research settings to protect their health information (p = 0.0001, p < 0.0001). Compared to other political parties, those who identified as Republican were less likely to trust healthcare provider offices to protect their health data (p < 0.0001).

Attitudes toward current data privacy, sharing, and consent standards in healthcare and research

Almost all respondents agreed that a person should have complete control over who has access to their individual health data (97.3%). Similarly, respondents agreed that research projects should not use a person's health data unless consent has been received for that specific project (92.0%). Additionally, respondents agreed that there should be higher standards of consent and privacy for health records data than other types of data (93.7%) (Table 4).

Table 4.

Attitudes toward current data privacy, sharing, and consent standards in healthcare and research.

Question		Frequency (%)	% Agree	% Disagree
A person should have complete control over who has access to their individual health data			97.32	2.69
	Strongly agree	855 (73.96)	–	–
	Somewhat agree	270 (23.36)	–	–
	Somewhat disagree	24 (2.08)	–	–
	Strongly disagree	7 (0.61)	–	–
Research projects should not use a person's health data unless consent has been received for that specific project.			91.96	8.05
	Strongly agree	753 (65.14)	–	–
	Somewhat agree	310 (26.82)	–	–
	Somewhat disagree	81 (7.01)	–	–
	Strongly disagree	12 (1.04)	–	–
People generally understand how data is stored, shared, and protected well enough to provide meaningful consent for their data to be collected and used.			57.88	42.13
	Strongly agree	250 (21.63)	–	–
	Somewhat agree	419 (36.25)	–	–
	Somewhat disagree	373 (32.27)	–	–
	Strongly disagree	114 (9.86)	–	–
There should be higher standards of consent and privacy for health records data than other types of data (ex: social media behaviors and purchasing history).			93.69	6.31
	Strongly agree	650 (56.23)	–	–
	Somewhat agree	433 (37.46)	–	–
	Somewhat disagree	62 (5.36)	–	–
	Strongly disagree	11 (0.95)	–	–
Can de-identified health data be both useful and have no risk for reidentification?			–	–
	Yes	917 (79.39)	–	–
	No	238 (20.61)	–	–

Note: “% Agree” = % strongly agree and % somewhat agree. “% Disagree” = % strongly disagree and % somewhat disagree.

Respondents were divided on whether people generally understand how data is stored, shared, and protected well enough to provide meaningful consent for their data to be collected and used (agreed: 57.9%, disagreed: 42.1%) (Table 4). Compared to the other groups, women, those who work in the academic sector, and those who said they report to someone who reports to the CEO were more likely to disagree that people generally understand how data is stored, shared, and protected well enough to provide meaningful consent for their data to be collected and used (p < 0.0001, p = 0.0004, and p < 0.0001).

79.4% of respondents agreed that de-identified health data can be both useful and have no risk for reidentification (Table 4). Compared to other professional roles, those who are CEOs or Presidents were more likely to agree with this statement (p < 0.0001).

Discussion

Our survey of those who work with health data in their profession found that 50.0% of respondents felt that they are similarly concerned about who has access to their data compared to their family and friends, 15.2% felt they are less concerned, and 34.8% felt they are more concerned. Most of our respondents (61.7%) also reported that they would trust people to use their health data across various sectors, but more respondents trusted those working in academic medical research and healthcare offices compared to those working in industry. Despite this reported trust, a strong majority believed that individuals should have complete control over their health data (97.3%), specific consent should be obtained for each use of their health data (92.0%), and that there should be higher standards of consent and privacy for health records data than other types of data (93.7%).

Our finding that those who work with health data had more trust in healthcare providers or academic researchers compared to those in the industry sector is supported by previous work around public attitudes toward health data privacy.^1,15 A 2015 survey study found that although half of respondents were likely to consent to both healthcare and research uses of their data, significantly fewer would consent to healthcare uses compared to research uses of their electronic health data.¹⁷ This differs from our finding that those who work with health data had more trust in health care providers offices than in academic researchers. This discrepancy may reflect the public's increasing comfort over the past several years with sharing health data electronically with their providers as EMR became more widely used and understood.

Additionally, previous qualitative studies reported patient concerns that health data shared for research purposes would be shared with other entities, especially when shared without their consent.^6,7 This is consistent with our finding that almost all participants would prefer specific over broad consent for uses of their health data. Qualitative studies have also found that research participants were concerned about their sensitive health information (e.g. chronic disease diagnoses) being shared with health insurance companies that could prevent them from obtaining affordable insurance.⁷ This aligns with our findings that data privacy concerns are related to financial security.

Those who identify as Black non-Hispanic, Hispanic, American Indian or Alaskan Native and those who had not completed a college degree have more privacy concerns than those in other groups.^1,16,18,19 These results are consistent with our findings that members of racial/ethnic minority populations and those with lower education levels had more concerns around health data privacy, sharing, and consent. However, we also found that women tended to have more concerns around who has access to their data and for what purpose. Our results also indicate that those who identified as Black or African American, American Indian or Alaskan Native, and Hispanic were more likely to report greater levels of concern about who has access to their health data compared to their family and friends. These finding emphasizes that those who work with health data regularly are more attuned to the risks involved with sharing health data electronically, especially for populations who experience disproportionally worse outcomes related to healthcare access and quality (e.g. racial/ethnic minority groups and women).³² The resulting mistrust of healthcare organizations observed among members of minority populations has been associated with underutilization of health services and, consequently, adverse health outcomes.³³ Further research is necessary to assess potential explanations for differences in data privacy perceptions, attitudes, and behaviors among these under-served groups.

Policies and strategies around data privacy, sharing, and consent should balance the need for societal benefits and organizational profit with the importance of individual autonomy. Consumer Subject Review Boards consisting of committees aimed at optimizing the ethical use of data could help organizations and institutions weigh the risks and benefits of data use decisions, especially in contexts that do not legally require IRB approval.³⁴ Tiered, Dynamic, or Meta consent models give individuals more control over how their data is protected and shared.³⁵ Visual analogs, called pictorial legal contracts, enable those with language barriers or lower literacy levels to fully comprehend data privacy agreements and informed consent forms to make an informed decision.³⁶ Finally, advanced settings on web browsers allow users to pre-select data privacy and sharing preferences for use across all websites on the browser and reduce the burden on users to read and comprehend multiple consent forms.³⁶ These mechanisms can potentially increase the public's knowledge regarding intended uses of their health data; but there should be strong evidence to support technical feasibility and improved individual control over health data before they are implemented. The effectiveness of these mechanisms must also be weighed against potential increases in costs and any impediments they might create to the acquisition of valuable research data and improved health outcomes.³⁵ The opinions of those who work with health data regularly should likely be included in these kinds of cost benefit analyses.

In January 2021, the Food and Drug Administration published an action plan for approving AI or ML software applications as medical devices and published a report in March 2024 on the proposed collaborative effort to oversee the development and use of AI software while considering data use transparency and cybersecurity concerns.³⁷ Additionally, the Federal Trade Commission amended the Health Breach Notification Rule in July 2024 to notify the public when their data collected through a health application has been included in a breach or has been disclosed without their knowledge.³⁸ In addition to these protections, organizations and institutions should be further incentivized to ethically steward health data through informed consent, by providing practical options for opting out of health data collection, and being transparent with their health data practices. These steps will likely be important for maintaining public trust and adequately respecting individual rights to privacy.

Limitations

The results of this survey must be framed in the context of their limitations. This survey instrument was not validated, but survey constructs were informed by previous studies related to public attitudes around data privacy, sharing and consent,^16,17,21 and by semi-structured interviews conducted with professionals who work with health data in the U.S. People who participate in surveys through panels provided by market research firms tend to have greater access to technology and are of higher socioeconomic status than members of the general population.³⁹ However, those in data-related professions were shown to have median salaries above the median salary across all occupations for 2022 in a study conducted by the Bureau of Labor Statistics, so the generalizability of our results isn’t likely to be impacted by this limitation.⁴⁰ Furthermore, panel surveys are susceptible to data quality concerns related to respondents’ attention level and “bots” that can be programmed to take the survey multiple times.⁴¹ To address this, we removed respondents who completed the survey significantly faster than the median completion time, the firm limited the number of surveys panelists can take in a week, and the firm used digital fingerprints to validate respondents. Lastly, the market research firm was unable to provide the number of individuals who were sent a survey invitation, so it was impossible to generate a response rate. This limits our ability to generalize our findings to the entire U.S. population of people who work with health data.

Conclusions

Individuals who work with health data are uniquely situated to understand the risks of health data collection and use, which might position them well to help inform policies around health data privacy, sharing, and consent, and potentially to help gauge the effectiveness of related ethics training. Our results indicate that this population generally trusts institutions across sectors to protect their health data. However, almost all respondents agreed that they would prefer to have complete control over who has access to their health data and how it is used. Exploring these insights further through in-depth interviews with people working in different sectors and at different professional levels could be valuable toward understanding how organizations and institutions can address existing data privacy concerns for the U.S. public. The perspectives of those who work with health data could also be useful as jurisdictions across the globe grapple with policy to balance the trade-off between enabling health data aggregation and protecting the privacy and safety of individuals.

Supplemental Material

sj-docx-1-dhj-10.1177_20552076241290964 - Supplemental material for Data professionals’ attitudes on data privacy, sharing, and consent in healthcare and research

Supplemental material, sj-docx-1-dhj-10.1177_20552076241290964 for Data professionals’ attitudes on data privacy, sharing, and consent in healthcare and research by Katya Kaplow, Max Downey, Darren Stewart, Allan B. Massie, Jennifer D. Motter, Lauren Taylor, John Massarelli, Taylor Matalon, Carolyn Sidoti, Macey L. Levan and Brendan Parent in DIGITAL HEALTH

Footnotes

Abbreviations

Author contributions

BP, LT, MLL, JM, and TM researched the literature and conceived the study. MD and CS were involved in protocol development and gaining ethical approval. BP, KK, JDM, MD, TM, LT, and JM were involved in survey development. BP, KK, and MD were involved in participant recruitment, and manuscript writing. KK, DS, JDM, and ABM were involved in data analysis. All authors reviewed and edited the manuscript and approved the final version of the manuscript.

Declaration of conflicting interests

The authors declared no potential conflicts of interest with respect to the research, authorship, and/or publication of this article.

Ethical approval

This study (s21-00785) was approved by The New York University Langone Health Institutional Review Board on November 2^nd, 2022. Respondents gave written consent via the market research firm's platform before starting the survey.

Funding

The authors disclosed receipt of the following financial support for the research, authorship, and/or publication of this article: this work was supported by the Robert Wood Johnson Foundation [78443]. The analyses described here are the responsibility of the authors alone and do not necessarily reflect the views or policies of the Robert Wood Johnson Foundation), nor does mention of trade names, commercial products or organizations imply endorsement by the Robert Wood Johnson Foundation.

Guarantor

BP.

ORCID iD

Katya Kaplow

Supplemental material

Supplemental material for this article is available online.

References

American Medical Association. Patient survey shows unresolved tension over health data privacy. Press Releases, 2022. https://www.ama-assn.org/press-center/press-releases/patient-survey-shows-unresolved-tension-over-health-data-privacy (accessed 12 January 2024).

Auxier

Rainie

Anderson

, et al. Americans and privacy: concerned, confused and feeling lack of control over their personal information. Pew Research Center: Internet, Science & Tech 2019. https://www.pewresearch.org/internet/2019/11/15/americans-and-privacy-concerned-confused-and-feeling-lack-of-control-over-their-personal-information/ (accessed 12 January 2024).

Froomkin

. Big data: destroyer of informed consent. YJOLT, 2018; 21: 27. https://repository.law.miami.edu/cgi/viewcontent.cgi?article=2010&context=fac_articles (2018, accessed 17 September 2024).

U.S. Department of Health and Human Services. Revised Common Rule Q&As. 2018. https://www.hhs.gov/ohrp/education-and-outreach/revised-common-rule/revised-common-rule-q-and-a/index.html (accessed 12 January 2024).

National Institutes of Health. HIPAA Privacy Rule and Its Impacts on Research. 2007. https://privacyruleandresearch.nih.gov/pr_08.asp (accessed 12 January 2024).

Goytia

Kastenbaum

Shelley

, et al. A tale of 2 constituencies. Med Care 2018; 56: S64–S69.

Hentschel

Hsiao

Chen

, et al. Perspectives of pregnant and breastfeeding women on participating in longitudinal mother-baby studies involving electronic health records: qualitative study. JMIR Pediatr Parent 2021; 4: e23842.

Alder

. What is the HITECH Act? 2024 Update. The HIPAA Journal, 2024. https://www.hipaajournal.com/what-is-the-hitech-act/ (accessed 8 July 2024).

Brocker

. Electronic Medical Records Systems in the US-Market Research Report (2014–2029). NAICS OD4172, IBIS World, 2024. https://www.ibisworld.com/united-states/market-research-reports/electronic-medical-records-systems-industry/ (accessed 8 July 2024).

10.

DePuccio

Di Tosto

Walker

, et al. Patients’ perceptions about medical record privacy and security: implications for withholding of information during the COVID-19 pandemic. J Gen Intern Med 2020; 35: 3122–3125.

11.

Price

Cohen

. Privacy in the age of medical big data. Nat Med 2019; 25: 37–43.

12.

Alder

. One-third of healthcare websites still use meta pixel tracking code. The HIPAA Journal, 2024. https://www.hipaajournal.com/one-third-healthcare-websites-meta-pixel-tracking-code-2024/ (accessed 17 September 2024).

13.

Donovan

. Redesigning consent: big data, bigger risks. Harvard Kennedy School Misinformation Review 2020; 1: 1. https://misinforeview.hks.harvard.edu/article/big-data-bigger-risks/ (accessed 17 September 2024).

14.

Trinidad

Platt

Kardia

SLR

. The public’s comfort with sharing health data with third-party commercial companies. Humanit Soc Sci Commun 2020; 7: 149.

15.

Shah

Coathup

Teare

, et al. Sharing data for future research engaging participants’ views about data governance beyond the original project: a DIRECT study. Genet Med 2019; 21: 1131–1138.

16.

Kaufman

Murphy-Bollinger

Scott

, et al. Public opinion about the importance of privacy in biobank research. Am J Hum Genet 2009; 85: 643–654.

17.

Kim

Joseph

Ohno-Machado

. Comparison of consumers’ views on electronic data sharing for healthcare and research. J Am Med Inform Assoc 2015; 22: 821–830.

18.

Cascini

Pantovic

Al-Ajlouni

, et al. Health data sharing attitudes towards primary and secondary use of data: a systematic review. EClinicalMedicine 2024; 71: 102551.

19.

Baines

Stevens

Austin

, et al. Patient and public willingness to share personal health data for third-party or secondary uses: systematic review. J Med Internet Res 2024; 26: e50421.

20.

Esmaeilzadeh

. Patients’ perceptions of different information exchange mechanisms: an exploratory study in the United States. Methods Inf Med 2020; 59: 162–178.

21.

Kalkman

van Delden

Banerjee

, et al. Patients’ and public views and attitudes towards the sharing of health data for research: a narrative review of the empirical evidence. J Med Ethics 2022; 48: 3–13.

22.

Ford

De Togni

Miller

. Hormonal health: period tracking apps, wellness, and self-management in the era of surveillance capitalism. Engag Sci Technol Soc 2021; 7: 48–66.

23.

Seltzer

Goldshear

Guntuku

, et al. Patients’ willingness to share digital health and non-health data for research: a cross-sectional study. BMC Med Inform Decis Mak 2019; 19: 157.

24.

Preventing bad data: how to catch survey speeders, cheaters & bots. Jibunu, 2021. https://blog.jibunu.com/preventing-bad-data-how-to-catch-survey-speeders-cheaters-bots (accessed 12 January 2024).

25.

Webster

. Margin of error guide & calculator. Qualtrics. https://www.qualtrics.com/experience-management/research/margin-of-error/ (accessed 8 July 2024).

26.

Story

Tait

. Survey research. Anesthesiology 2019; 130: 192–202.

27.

Hazra

Gogtay

. Biostatistics series module 4: comparing groups – categorical variables. Indian J Dermatol 2016; 61: 385–392.

28.

Norman

. Likert Scales, levels of measurement and the ‘laws’ of statistics. Adv Health Sci Educ Theory Pract 2010; 15: 625–632.

29.

Rice

. Mathematical statistics and data analysis. 3rd ed. Belmont, CA: Thomson Brooks/Cole, 2007.

30.

Shaffer

. Multiple hypothesis testing. Annu Rev Psychol 1995; 46: 561–584.

31.

Stewart

Kucheryavaya

Klassen

, et al. Changes in deceased donor kidney transplantation one year after KAS implementation. Am J Transplant 2016; 16: 1834–1847.

32.

Agency for Healthcare Research and Quality. Access to Healthcare and Disparities in Access. 2021 National Healthcare Quality and Disparities Report, Rockville, MD. 2021.

33.

LaVeist

Isaac

Williams

. Mistrust of health care organizations is associated with underutilization of health services. Health Serv Res 2009; 44: 2093–2105.

34.

Calo

. Consumer subject review boards: a thought experiment. Stanford Law Rev 2013; 66: 97. https://www.stanfordlawreview.org/online/privacy-and-big-data-consumer-subject-review-boards/ (accessed 17 September 2024).

35.

Wiertz

Boldt

. Evaluating models of consent in changing health research environments. Med Health Care Philos 2022; 25: 269–280.

36.

Andreotta

Kirkham

Rizzi

. AI, big data, and the future of consent. AI Soc 2022; 37: 1715–1728.

37.

Food and Drug Administration. Artificial intelligence and machine learning in software as a medical device. 2024. https://www.fda.gov/medical-devices/software-medical-device-samd/artificial-intelligence-and-machine-learning-software-medical-device (accessed 17 September 2024).

38.

Federal Trade Commission. Health Breach Notification Rule. Federal Register, 2024. https://www.federalregister.gov/documents/2024/05/30/2024-10855/health-breach-notification-rule (accessed 17 September 2024).

39.

Hays

Liu

Kapteyn

. Use of internet panels to conduct surveys. Behav Res Methods 2015; 47: 685–690.

40.

Farrell

Hussain

. Data occupations with rapid employment growth, projected 2021–31 : Career Outlook: U.S. Bureau of Labor Statistics. 2023. https://www.bls.gov/careeroutlook/2023/data-on-display/data-occupations.htm# (accessed 12 January 2024).

41.

Peer

Rothschild

Gordon

, et al. Data quality of platforms and panels for online behavioral research. Behav Res Methods 2022; 54: 1643–1662.

Supplementary Material

Please find the following supplemental material available below.

For Open Access articles published under a Creative Commons License, all supplemental material carries the same license as the article it is associated with.

For non-Open Access articles published, all supplemental material carries a non-exclusive license, and permission requests for re-use of supplemental material or any part of supplemental material shall be sent directly to the copyright owner as specified in the copyright notice associated with the article.

0.00 MB

0.35 MB

Data professionals’ attitudes on data privacy,sharing,and consent in healthcare and research

Abstract

Objective

Methods

Results

Conclusions

Keywords

Introduction

Methods

Survey design

Sampling strategy

Survey administration

Statistical analysis

Results

Study population

Concerns related to data privacy, sharing, and consent in healthcare and research

Attitudes toward trusting different sectors to protect health data

Attitudes toward current data privacy, sharing, and consent standards in healthcare and research

Discussion

Limitations

Conclusions

Supplemental Material

sj-docx-1-dhj-10.1177_20552076241290964 - Supplemental material for Data professionals’ attitudes on data privacy, sharing, and consent in healthcare and research

Footnotes

Abbreviations

Author contributions

Declaration of conflicting interests

Ethical approval

Funding

Guarantor

ORCID iD

Supplemental material

References

Supplementary Material