Research, Digital Health Information and Promises of Privacy: Revisiting the Issue of Consent

Abstract

The obligation to maintain the privacy of patients and research participants is foundational to biomedical research. But there is growing concern about the challenges of keeping participant information private and confidential. A number of recent studies have highlighted how emerging computational strategies can be used to identify or reidentify individuals in health data repositories managed by public or private institutions. Some commentators have suggested the entire concept of privacy and anonymity is “dead”, and this raises legal and ethical questions about the consent process and safeguards relating to health privacy. Members of the public and research participants value privacy highly, and inability to ensure it could affect participation. Canadian common law and legislation require a full and comprehensive disclosure of risks during informed consent, including anything a reasonable person in the participant or patient’s position would want to know. Research ethics policies require similar disclosures, as well as full descriptions of privacy related risks and mitigation strategies at the time of consent. In addition, the right to withdraw from research gives rise to a need for ongoing consent, and material information about changes in privacy risk must be disclosed. Given the research ethics concept of “non-identifiability” is increasingly questionable, policies based around it may be rendered untenable. Indeed, the potential inability to ensure anonymity could have significant ramifications for the research enterprise.