opinions on the extent to which trust is accorded to health researchers by the public. The results indicate that the public holds strong privacy concerns about how their personal health information is handled, especially uses of data not directly relevant to providing care. The survey also indicates that current laws and organizational practices may not provide adequate privacy protection for patients. Westin suggests that patient-controlled privacy policies, such as those offered through repositories of personal health records, might help with gaining traction on the issues of clinical data, privacy, and security with the public. He also recommends a scope of activities related to health privacy, patient notice, and public education on privacy and compliance as opportunities to provide evidence-based medicine (EBM).
Balancing patient privacy protections with advancing data-driven clinical research and care delivery is an ongoing challenge for many healthcare organizations. In 2003, the HIPAA Privacy Rule took effect, and early changes to the Rule permitted sharing healthcare data for restricted purposes, essentially easing some limitations on providers and health plans related to health services research. With the increased incorporation of electronic health records (EHRs) into care delivery and research, the growing volumes of valuable data for evidence-based research and care may eventually force significant changes to strike a balance between privacy and advancement. Marcy Wilder, a partner in the law firm of Hogan and Hartson, LLP, and former deputy general counsel at the Department of Health and Human Services (HHS), where she helped to develop HIPAA, comments on some important remaining legal barriers to effectively using clinical data for research. In particular, Wilder highlights the growing opportunity to address the confluence of future, unspecified research and individual rights regarding the use of individual data through policy. Also notable are her suggestions of formally reviewing HIPAA deidentification standards, safe harbor requirements, and distribution of liability burdens across covered and noncovered entities.
Providing examples of other sectors’ approach to striking a balance between privacy and security and research innovation, Elliott Maxwell, a fellow in the communications program at Johns Hopkins University and distinguished research fellow at Pennsylvania State University, discusses the notion of data openness as demonstrated through projects such as the Human Genome Project. Examples of greater openness are also prevalent in the public registration of clinical trials and open-access journals. Greater digital openness has the potential to transform the use and application of clinical data in EBM, Maxwell suggests, but it must be tempered with determinations on the appropriate level of openness for given purposes. Maxwell provides an overview of the Committee for Economic Development’s report Harnessing Openness to Transform American Health Care, including recommendations on patient consent requirements, electronic filing of device