Skip to main content
SpringerLink
Log in
Book cover

Medical Data Privacy Handbook pp 639–678Cite as

Privacy Law, Data Sharing Policies, and Medical Data: A Comparative Perspective

  • Chapter

Abstract

The sharing and linking of medical data across borders is now a key enabler of new medical discoveries. Data are no longer simply collected and used at a single physical site, such as a laboratory or a research institute. Instead, communication flows between research teams within and across national borders bring together the necessary data and expertise to clarify previously unknown disease aetiologies. Integration of medical data and secure health records systems now allows clinicians to develop early treatment strategies tailored to a specific patient. As policymakers, patient advocacy groups, and biomedical researchers gravitate toward recognizing the benefits of global data sharing, they may be challenged by regulatory systems that were developed when the norm was using and sharing medical data only within a single jurisdiction. This chapter describes and compares key data privacy legal frameworks (Canada, US, UK, EU, Council of Europe, OECD) and discusses data sharing policies adopted by major biomedical research funding organisations (the NIH, Canadian Institutes of Health Research, Genome Canada, Wellcome Trust) in the context of their impact on medical data privacy. In so doing, the chapter explains not only the content, significance, and practical usefulness of these laws, regulations, and policies as they relate to medical data, but also identifies lingering barriers to global data sharing and suggests ways to overcome them while maintaining robust data privacy protection.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   169.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   219.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD   299.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. Academy of Medical Sciences: Personal data for public good: using health information in medical research. http://www.acmedsci.ac.uk/policy/policy-projects/personal-data/ (2006). Accessed 22 June 2015

  2. Agaku, I.T., Adisa, A.O., Ayo-Yusuf, O.A., Connolly, G.N.: Concern about security and privacy, and perceived control over collection and use of health information are related to withholding of health information from healthcare providers. J. Am. Med. Inform. Assoc. 21, 374–378 (2014)

    Article  Google Scholar 

  3. Arias, J.J., G, G.P.K., Campbell, E.G.: The growth and gaps of genetic data sharing policies in the united states. J. Law Biosci. 2, 56–58 (2015)

    Google Scholar 

  4. Article 29 Data Protection Working Party: Opinion 15/2011 on the definition of consent. http://ec.europa.eu/justice/policies/privacy/docs/wpdocs/2011/wp187_en.pdf (2011). Accessed 22 June 2015

  5. Article 29 Data Protection Working Party: Opinion 05/2014 on anonymisation techniques. http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2014/wp216_en.pdf (2014). Accessed 22 June 2015

  6. Article 29 Data Protection Working Party: Letter from article 29 working party to paul timmers, director of sustainable and secure society, directorate, dg connect, regarding health data in apps and devices (5 february 2015). http://ec.europa.eu/justice/data-protection/article-29/documentation/other-document/files/2015/20150205_letter_art29wp_ec_health_data_after_plenary_annex_en.pdf (2015). Accessed 22 June 2015

  7. BC IPC (British Columbia Office of the Information & Privacy Commissioner): A prescription for legislative reform: improving privacy protection in BC’s health sector. https://www.oipc.bc.ca/special-reports/1634 (2014). Accessed 22 June 2015

  8. Beyleveld, D., Townend, D., Rouille-Mirza, S., Wright, J.: The Data Protective Directive and Medical Research Across Europe. Ashgate, Aldershot (2005)

    Google Scholar 

  9. Boniface, M.A.: Privacy and Data Protection in Africa. Scholars Press, Saarbrucken (2014)

    Google Scholar 

  10. Bygrave, L.A.: Data Privacy Law: An International Perspective. Oxford University Press, Oxford (2014)

    Book  Google Scholar 

  11. Bygrave, L.A.: Information concepts in law: generic dreams and definitional daylight. Oxf. J. Leg. Stud. 35, 91–120 (2015)

    Article  Google Scholar 

  12. Canada: 1983 privacy act. http://laws-lois.justice.gc.ca/eng/acts/P-21 (1983). Accessed 22 June 2015

  13. Canada: Personal information protection and electronic documents act. http://laws-lois.justice.gc.ca/eng/acts/P-8.6 (2000). Accessed 22 June 2015

  14. Canadian Institutes of Health Research: Cihr open access policy. http://cihr-irsc.gc.ca/e/46068.html (2013). Accessed 22 June 2015

  15. Cavoukian, A., Emam, K.E.: De-identification protocols: essential for protecting privacy. http://www.privacybydesign.ca/content/uploads/2014/06/pbd-de-identifcation_essential.pdf (2014). Accessed 22 June 2015

  16. Contreras, J.L.: NIH’s genomic data sharing policy: timing and tradeoffs. Trends Genet. 31, 55–57 (2015)

    Article  Google Scholar 

  17. Council of Canadian Academies: Accessing health and health-related data in Canada. http://www.scienceadvice.ca/en/assessments/completed/health-data.aspx (2015). Accessed 22 June 2015

  18. Council of Europe: Convention for the protection of individuals with regard to automatic processing of personal data. http://conventions.coe.int/Treaty/en/Treaties/Html/108.htm (1981). Accessed 22 June 2015

  19. Council of Europe: Recommendation no. r (97) 5 of the committee of ministers to member states on the protection of medical data. http://wcd.coe.int/ViewDoc.jsp?id=571075 (1997). Accessed 22 June 2015

  20. Council of Europe: Additional protocol to the convention for the protection of individuals with regard to automatic processing of personal data regarding supervisory authorities and transborder data flows. http://conventions.coe.int/Treaty/en/Treaties/HTML/181.htm (2001). Accessed 22 June 2015

  21. Council of Europe: Consultative committee of the convention for the protection of individuals with regard to automatic processing of personal data [ets no. 108]: proposals of modernisation. http://www.coe.int/t/dghl/standardsetting/dataprotection/TPD_documents/T-PD(2012)4Rev3E%20-%20Modernisation%20of%20Convention%20108.pdf (2012). Accessed 22 June 2015

  22. DeCew, J.: In Pursuit of Privacy: Law, Ethics, and the Rise of Technology. Cornell University Press, Ithaca (1997)

    Google Scholar 

  23. Emam, K.E., Alvarez, C.: A critical appraisal of the article 29 working party opinion 05/2014 on data anonymisation techniques. Int. Data Priv. Law 5, 73–87 (2015)

    Article  Google Scholar 

  24. Emam, K.E., Jonker, E., Arbuckle, L., Malin, B.: A systematic review of re-identification attacks on health data. PLoS One 6 (2011)

    Google Scholar 

  25. European Commission: Proposal for a regulation of the european parliament and of the council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (general data protection regulation). http://ec.europa.eu/justice/data-protection/document/review2012/ com_2012_11_en.pdf (2012). Accessed 22 June 2015

    Google Scholar 

  26. European Commission: Proposal for a regulation of the european parliament and of the council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (general data protection regulation) - preparation of a general approach. http://data.consilium.europa.eu/doc/document/ST-9565-2015-INIT/en/pdf (2015). Accessed 22 June 2015

  27. European Parliament: Committee on civil liberties, justice and home affairs draft report on the proposal for a regulation of the european parliament and of the council on the protection of individual with regard to the processing of personal data and on the free movement of such data (general data protection regulation). http://www.europarl.europa.eu/meetdocs/2009_2014/documents/libe/pr/922/922387/922387en.pdf (2012). Accessed 22 June 2015

  28. European Union: Directive 95/46/ec of the european parliament and of the council of 24 october 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:31995L0046:en:HTML (1995). Accessed 22 June 2015

  29. European Union: Charter of fundamental rights of the european union. http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:C:2010:083:0389:0403:en:PDF (2010). Accessed 22 June 2015

  30. Expert Advisory Group on Data Access: Statement for EAGDA funders on re-identification. http://www.wellcome.ac.uk/stellent/groups/corporatesite/@policy_communications/documents/web_document/wtp055972.pdf (2013). Accessed 22 June 2015

  31. Genome Canada: Data release and resource sharing. http://genomecanada.ca/medias/PDF/EN/DataReleaseandResourceSharingPolicy.pdf (2008). Accessed 22 June 2015

  32. Government of Canada: Tri-agency open access policy on publications. http://www.science.gc.ca/default.asp?lang=En&n=F6765465-1 (2015). Accessed 22 June 2015

  33. Greenleaf, G.: Global data privacy laws: 89 countries, and accelerating, queen mary university of London, school of law legal studies research paper no. 98/2012. http://ssrn.com/abstract=2000034 (2012). Accessed 22 June 2015

  34. Greenleaf, G.: Asian Data Privacy Laws: Trade & Human Rights Perspectives. Oxford University Press, Oxford (2014)

    Google Scholar 

  35. Greenleaf, G.: Global data privacy laws 2015: 109 countries, with european laws now a minority. Priv. Laws Bus. Int. Rep. 133, 18–28 (2015)

    Google Scholar 

  36. Hallinan, D., Friedewald, M.: Open consent, biobanking and data protection law: can open consent be ‘informed’ under the forthcoming data protection regulation? Life Sci. Soc. Policy 11, 1 (2015)

    Article  Google Scholar 

  37. HEW (US Department of Health, Education and Welfare): Records, computers and the rights of citizens: report of the secretary’s advisory committee on automated personal data systems. http://www.justice.gov/sites/default/files/opcl/docs/rec-com-rights.pdf (1973). Accessed 22 June 2015

  38. Homer, N. et al.: Resolving individuals contributing trace amounts of DNA to highly complex mixtures using high-density snp genotyping microarrays. PLoS Genet. 4, e1000167 (2008)

    Google Scholar 

  39. ILRDP Kantor Ltd: Comparative study on different approaches to new privacy challenges, in particular in the light of technological developments. http://ec.europa.eu/justice/policies/privacy/docs/studies/new_privacy_challenges/final_report_en.pdf (2010). Accessed 22 June 2015

  40. Institute of Medicine: Beyond the HIPAA Privacy Rule: Enhancing Privacy, Improving Health Through Research. National Academies, Washington (2009)

    Google Scholar 

  41. International Conference of Data Protection and Privacy Commissioners: International standards on the protection of personal data and privacy: the madrid resolution. http://www.privacycommission.be/sites/privacycommission/files/documents/international_standards_madrid_2009.pdf (2009). Accessed 22 June 2015

  42. Kenyon, A.T., Richardson, M.: New Dimensions in Privacy: International and Comparative Perspectives. Cambridge University Press, Cambridge (2010)

    Google Scholar 

  43. Knoppers, B.M., Dove, E.S., Litton, J.E., Nietfeld, J.J.: Questioning the limits of genomic privacy. Am. J. Hum. Genet. 91, 577–578 (2012)

    Article  Google Scholar 

  44. Knoppers, B.M., Saginur, M.: The babel of genetic data terminology. Nat. Biotechnol. 23, 925–927 (2005)

    Article  Google Scholar 

  45. Kuner, C.: Transborder Data Flows and Data Privacy Law. Cambridge University Press, Oxford (2013)

    Book  Google Scholar 

  46. Laurie, G., Sethi, N.: Towards principles-based approaches to governance of health-related research using personal data. Eur. J. Risk Regul. 4, 43–57 (2013)

    Google Scholar 

  47. Lowrance, W.W.: Privacy, Confidentiality, and Health Research. Cambridge University Press, Oxford (2012)

    Book  Google Scholar 

  48. Moraia, L.B. et al.: A comparative analysis of the requirements for the use of data in biobanks based in finland, germany, the netherlands, norway and the united kingdom. Med. Law Int. 14, 187–212 (2014)

    Google Scholar 

  49. National Institutes of Health: Policy for genome-wide association studies. http://grants.nih.gov/grants/guide/notice-files/NOT-OD-07-088.html (2007). Accessed 22 June 2015

  50. National Institutes of Health: Modifications to genome-wide association studies (GWAS) data access. https://gds.nih.gov/pdf/Data%20Sharing%20Policy%20Modifications.pdf (2008). Accessed 22 June 2015

  51. National Institutes of Health: NIH genomic data sharing policy. http://gds.nih.gov/PDF/NIH_GDS_Policy.pdf (2014). Accessed 22 June 2015

  52. National Institutes of Health: Supplemental information to the national institutes of health genomic data sharing policy. http://gds.nih.gov/PDF/Supplemental_Info_GDS_Policy.pdf (2014). Accessed 22 June 2015

  53. NIH-DOE Joint Subcommittee: NIH-DOE guidelines for access to mapping and sequencing data and material resources (adopted 7 December). http://www.genome.gov/10000925 (1992). Accessed 22 June 2015

  54. Nissenbaum, H.: Privacy in Context: Technology, Policy, and the Integrity of Social Life. Stanford University Press, Stanford (2010)

    Google Scholar 

  55. Nuffield Council on Bioethics: The collection, linking and use of data in biomedical research and health care: ethical issues. http://nuffieldbioethics.org/wp-content/uploads/Biological_and_health_data_web.pdf (2015). Accessed 22 June 2015

  56. OECD: The OECD privacy framework. http://oecd.org/sti/ieconomy/oecd_privacy_framework.pdf (2013). Accessed 22 June 2015

  57. O’Neill, O.: Some limits of informed consent. J. Med. Ethics 4 (2003)

    Google Scholar 

  58. Phoenix SPI: Survey of canadians on privacy-related issues. final report. https://www.priv.gc.ca/information/por-rop/2013/por_2013_01_e.asp (2013). Accessed 22 June 2015

  59. Power, M.: The Law of Privacy. LexisNexis Canada, Markham (2013)

    Google Scholar 

  60. Smith, R., Shao, J.: Privacy and e-commerce: a consumer-centric perspective. Electron. Commer. Res. 7, 89–116 (2007)

    Article  Google Scholar 

  61. Solove, D.J., Schwartz, P.M.: Information Privacy Law, 5th edn. Wolters Kluwer, New York (2015)

    Google Scholar 

  62. Taylor, M.: Genetic Data and the Law: A Critical Perspective on Privacy Protection. Cambridge University Press, Cambridge (2012)

    Book  Google Scholar 

  63. Tene, O.: Privacy law’s midlife crisis: a critical assessment of the second wave of global privacy laws. Ohio State Law J. 74, 1217–1261 (2013)

    Google Scholar 

  64. Tzanou, M.: Data protection as a fundamental right next to privacy? ‘reconstructing’ a not so new right. Int. Data Priv. Law 3, 88–99 (2013)

    Article  Google Scholar 

  65. United Kingdom: Data protection act 1998. http://legislation.gov.uk/ukpga/1998/29 (1998). Accessed 22 June 2015

  66. United Kingdom: The data protection (processing of sensitive personal data) order 2000. http://www.legislation.gov.uk/uksi/2000/417/schedule/made (2000). Accessed 22 June 2015

  67. United Nations: General assembly resolution 2450 of 19 December 1968. Doc E/CN.4/1025 (1968)

    Google Scholar 

  68. United Nations: Points for possible inclusion in draft international standards for the protection of the rights of the individual against threats arising from the use of computerized personal data systems. Doc E/CN.4/1233 (1976)

    Google Scholar 

  69. United Nations: Guidelines concerning computerized personal data files (UN general assembly resolution 45/95 of 13 December 1990). Doc E/CN.4/1990/72 (1990)

    Google Scholar 

  70. United States: Code of federal regulations. title 45: public welfare. part 160: general administrative requirements. http://www.ecfr.gov/cgi-bin/text-idx?tpl=/ecfrbrowse/Title45/45cfr160_main_02.tpl (2014). Accessed 22 June 2015

  71. United States: Code of federal regulations. title 45: public welfare. part 164: security and privacy. http://www.ecfr.gov/cgi-bin/text-idx?tpl=/ecfrbrowse/Title45/45cfr164_main_02.tpl (2014). Accessed 22 June 2015

  72. United States Department of Commerce: Safe harbor privacy principles. http://www.export.gov/safeharbor/eu/eg_main_018475.asp (2000). Accessed 22 June 2015

  73. US Privacy Protection Study Commission: Personal privacy in an information society. US Government Printing Office, Washington (1977)

    Google Scholar 

  74. Wallace, S.E., Gaye, A., Shoush, O., Burton, P.R.: Protecting personal data in epidemiological research: DataSHIELD and UK law. Public Health Genomics 17, 149–157 (2014)

    Article  Google Scholar 

  75. Weber, R.H.: Transborder data transfers: concepts, regulatory approaches and new legislative initiatives. Int. Data Priv. Law 3, 117–130 (2013)

    Article  Google Scholar 

  76. Wellcome Trust: Policy on data management and sharing. http://www.wellcome.ac.uk/about-us/policy/policy-and-position-statements/wtx035043.htm (2010). Accessed 22 June 2015

  77. Wellcome Trust: Summary report of qualitative research into public attitudes to personal data and linking personal data. http://www.wellcome.ac.uk/About-us/Publications/Reports/Public-engagement/WTP053206.htm (2013). Accessed 22 June 2015

  78. World Health Organisation: Legal frameworks for ehealth: based on the findings of the second global survey on eHealth. http://whqlibdoc.who.int/publications/2012/9789241503143_eng.pdf (2012). Accessed 22 June 2015

  79. Younger Committee: Report of the committee on privacy. Home Office, Cmnd 5012. HMSO, London (1972)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Law, University of Edinburgh, Edinburgh, UK

    Edward S. Dove

  2. Centre of Genomics and Policy, McGill University, Montreal, H3A 0G1, Canada

    Mark Phillips

Authors
  1. Edward S. Dove
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Mark Phillips
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Edward S. Dove .

Editor information

Editors and Affiliations

  1. IBM Research - Ireland, Mulhuddart, Dublin, Ireland

    Aris Gkoulalas-Divanis

  2. Cardiff University, Cardiff, United Kingdom

    Grigorios Loukides

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this chapter

Cite this chapter

Dove, E.S., Phillips, M. (2015). Privacy Law, Data Sharing Policies, and Medical Data: A Comparative Perspective. In: Gkoulalas-Divanis, A., Loukides, G. (eds) Medical Data Privacy Handbook. Springer, Cham. https://doi.org/10.1007/978-3-319-23633-9_24

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-23633-9_24

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-23632-2

  • Online ISBN: 978-3-319-23633-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation