Ethical dimensions of clinical data sharing by US healthcare organizations for purposes beyond direct patient care: Interviews with healthcare leaders.

Abstract

Empirically investigate current practices and analyze ethical dimensions of clinical data sharing by healthcare organizations for uses other than treatment, payment, and operations. Make recommendations to inform research and policy for healthcare organizations to protect patients' privacy and autonomy when sharing data with unrelated third parties. Semi-structured interviews and surveys involving 24 informatics leaders from 22 US healthcare organizations, accompanied by thematic and ethical analyses. We found considerable heterogeneity across organizations in policies and practices. Respondents understood "data sharing" and "research" in very different ways. Their interpretations of these terms ranged from making data available for academic and public health uses, and to HIEs; to selling data for corporate research, to contracting with aggregators for future resale or use. The nine interview themes were that healthcare organizations: (1) share clinical data with many types of organizations, (2) have a variety of motivations for sharing data, (3) do not make data sharing policies readily available, (4) have widely varying data sharing approval processes, (5) most commonly rely on HIPAA de-identification to protect privacy, (6) were concerned about clinical data use by electronic health record vendors, (7) lacked data sharing transparency to the general public, (8) allowed individual patients little control over sharing of their data, and (9) had not yet changed data sharing practices within the year following the US Supreme Court 2022 decision denying rights to abortion. Our analysis identified gaps between ethical principles and healthcare organizations' data sharing policies and practices. To better align clinical data sharing practices with patient expectations and biomedical ethical principles, we recommend: updating HIPAA, including re-identification and upstream sharing restrictions in data sharing contracts, better coordination across data sharing approval processes, fuller transparency and opt-out options for patients, and accountability for data sharing and consequent harms.