Today sees the publication of a report I helped to write for the Nuffield Bioethics Council on what happens to medical ethics in a world of cloud-based medical records and pervasive genomics.
As the information we gave to our doctors in private to help them treat us is now collected and treated as an industrial raw material, there has been scandal after scandal. From failures of anonymisation through unethical sales to the care.data catastrophe, things just seem to get worse. Where is it all going, and what must a medical data user do to behave ethically?
We put forward four principles. First, respect persons; do not treat their confidential data like were coal or bauxite. Second, respect established human-rights and data-protection law, rather than trying to find ways round it. Third, consult people who’ll be affected or who have morally relevant interests. And fourth, tell them what you’ve done – including errors and security breaches.
The collection, linking and use of data in biomedical research and health care: ethical issues took over a year to write. Our working group came from the medical profession, academics, insurers and drug companies. We had lots of arguments. But it taught us a lot, and we hope it will lead to a more informed debate on some very important issues. And since medicine is the canary in the mine, we hope that the privacy lessons can be of value elsewhere – from consumer data to law enforcement and human rights.
Coverage in the Guardian, the Indy, the Press Association, Science and phys.org.
A very thorough and useful report. It is clear that there are legitimate reasons to do very large scale health statistics – not least because we need to move to preventative healthcare much more aggressively and public health stats are needed to optimise advice. As well as this, there appear to be certain classes of increasing medical problems (obesity, autism, addiction) which have not yet yielded to classical medical research science, and may need large scale longitudinal studies (as the inst. of longitudinal studies did all those years and were first to infer the likely causal link from smoking to lung cancer) – None of he above requires any less vigilance about privacy or informed consent. in fact, in the reverse is the case, where the Internet and computing and storage and ease of user engagement ought to make it straightforward to scale out an ethically sound study. Proponents of Big Data+Cloud fail to understand, that there is no substitute for careful thought, properly devised protocols, and treatment of humans as, errr, people — the tech that lets dodgy multi-sided market based cloud companies make money/product out of “customers” is not pixie dust – what they do out there in social media/search/email land is not that clever, has poor quality control, doesn’t deal with false positives/negatives well etc , because it doesn’t need to, because targetted adverts and analytics are largely not life threatening, whereas getting health stuff wrong is, by definition, unhealthy.
Here’s a video of a talk I gave on the report.
And here’s a piece in The Economist about recent criminal and civil cases involving genetic privacy
And, less than four years later, we’re now seeing the use of public-domain genetic data to track violent criminals. How? Their second of third cousins may have had their DNA sequenced out of curiosity, and there’s enough of a correlation with a crime-scene sample for the sleuths to get to work.