Shadow health records meet new data privacy laws

William Nicholson Price II, Kayte Spector-Bagdady, Timo Minssen, Margot Kaminski

    14 Citations (Scopus)

    Abstract

    Large sets of health data can enable innovation and quality measurement but can also create technical challenges and privacy risks. When entities such as health plans and health care providers handle personal health information, they are often subject to data privacy regulation. But amid a flood of new forms of health data, some third parties have figured out ways to avoid some data privacy laws, developing what we call “shadow health records”—collections of health data outside the health system that provide detailed pictures of individual health—that allow both innovative research and commercial targeting despite data privacy rules. Now that space for regulatory arbitrage is changing. The long arms of Europe's new General Data Protection Regulation (GDPR) and California's new Consumer Privacy Act (CCPA) will reach shadow health records in many companies. In this article, we lay out the contours of the GDPR's and CCPA's impact on shadow health records and health data more broadly, highlight critical remaining uncertainty, and call for increased clarity from lawmakers and industry on the use of such data for research.
    Original languageEnglish
    JournalScience
    Volume363
    Issue number6426
    Pages (from-to)448-450
    ISSN0036-8075
    DOIs
    Publication statusPublished - 1 Feb 2019

    Keywords

    • Faculty of Law
    • big data
    • GDPR
    • CCPA
    • Shadow health records
    • research exemption
    • privacy

    Fingerprint

    Dive into the research topics of 'Shadow health records meet new data privacy laws'. Together they form a unique fingerprint.

    Cite this