Who owns the data? What can be done with the data? How do we safeguard the privacy of patients?
Basic principles of privacy
Even though every country or state has their own specific privacy regulations in healthcare, there are a few basic principles at play.
Regulations typically define restrictions as to how you can handle the data. They speak of direct or indirect personal identifiable information (PII), security safeguards and patient rights. Social security numbers are directly identifiable. Patient numbers combined with surgery date and zip code, can be indirectly identifiable.
In healthcare, somebody is Responsible for the data. They decide what can or cannot be done with the data within the confines of the law. This is typically the data supplier, such as a doctor or healthcare institution, but can also be the patient.
The Responsible party can define a purpose for the data and allow a Processor to process the data on their behalf for this specific pre-defined goal. MRDM is such a Processor.
How to deal with privacy restrictions
To limit risk of privacy infringements, it is better to have less data. However, more data that results in relevant information can accelerate innovation. Is this a paradox?
It’s a matter of managing the data according to the applicable rules and regulations, using techniques and procedures that minimise the risks of undesired access to data.
At MRDM, we are specialised in data security & privacy, linking and processing personal identifiable information from healthcare institutions, patients and other data suppliers.
Read more about how we work.