New data protection rules threaten vital health research

A drive to safeguard privacy may hinder the use of data to treat medical problems

“If a patient consents to participation in a clinical trial, is it necessary that that patient be contacted again for further studies and again for a medical analysis of results?”
“If a patient consents to participation in a clinical trial, is it necessary that that patient be contacted again for further studies and again for a medical analysis of results?”

Patient data is like blood: life-saving and harmless to the donor when responsibly gathered.

Blood donors enter into a contract with the blood transfusion service; they give blood for the purposes of supporting the health services and saving lives. The transfusion service does not have to tell them who will receive their blood and does not have to go back and ask for permission each time their blood is used.

Patient data is a similar resource – critical to our health system, specifically to health research and the development of diagnostics and therapies. Last month in Brussels the European Council announced agreement in principle to introduce a Europe-wide general regulation on data protection; some believe it will come before the end of the year.

Much focus has fallen on the response of the big tech companies, Google, Facebook, Twitter, and how the new rules might affect their business model. Our priority in Insight Ireland is the impact on the converging areas of health research and data science.

READ MORE

Insight Ireland took part in a day of action in Brussels to influence the shape of regulation and ensure health research is not stymied. The danger is that, in the drive to protect consumers from commercial exploitation of their data, we will also protect patients from significant potential benefits of health data analysis.

Commercial data regulation is in its infancy. Clinical research, on the other hand, operates under a significant system of regulation, and the patient-researcher relationship is very different to that between, for example, social networker and tech giant.

Nothing to fear

Speaking at the day of action, cancer survivor Dr Erik Briers told of the questions he asked when diagnosed with prostate cancer. Is there a cure? Is it hereditary? What’s my prognosis? Realising the answers had come from research on human tissue and the data collected about its donor, he decided to contribute. “My prostate is somewhere in Louvain in a jar,” he said.

He gave that tissue freely along with the personal data that makes it even more valuable to the researcher. He is not worried that the tissue or the accompanying data will be abused. He has entered into a contract of trust with the researchers, in the knowledge that the appropriate safeguards are in place.

If a patient consents to participation in a clinical trial, is it necessary that that patient be contacted again for further studies and again for a medical analysis of results? If they die, must their data die with them or can it continue to inform research? Explicit consent is imperative when dealing with commercial interests in protecting personal data, but when a patient donates tissue and data for research purposes, can we infer consent for ongoing research?

Choking innovation

We must handle different types of data differently – we cannot apply universal strictures that choke off vital innovation to safeguard against privacy infringements in other areas of public life.

The convergence of data analytics and health research offers incredible potential for human health. Right now at Insight Ireland we have data scientists and physiotherapists working together to devise ways of optimising outcomes for joint replacement patients. We are taking enormous data sets, derived by physical sensors developed in our labs, to optimise orthopaedic rehabilitation programmes in our hospitals.

Our work is attracting the attention of clinicians across the world. These therapies are only available because we have access to patient information, willingly donated for research purposes. We do not have to keep returning to these patients for ongoing consents; the data was given in the spirit of supporting our continuing work in health innovation. There are also significant safeguards in place to prevent the misuse of this data. The patient is protected even in the absence of his or her specific consent. The patient has, at any time, the option to withdraw consent.

The public attitude to data protection has been heavily influenced by the Silicon Valley powerhouses and their perceived data grabs. However, we must adopt a totally different attitude to the use of data in publicly funded health research in particular, as the public and individual interests are self-evident. We hope that what emerges from Europe in the coming months will support and foster the continuing progress of this vital and exciting new field of human health research.

Prof Barry O’Sullivan is a director of the Insight Centre for Data Analytics and head of computer science at UCC