Privacy and Partnerships

Privacy and Partnerships 

How can we design our research to balance an interest in robust data collection, with a competing interest in protecting participant privacy?

1. Have we consulted with information security experts about exactly where the data will flow, from start to finish?

2. Do we have a written policy on data deidentification and participant privacy that is consistent with best practices in psychiatry and neuroscience?

3. Have we determined which third-party vendors will be required to be HIPAA compliant and sign a Business Associate Agreement (BAA)?

Resources:

Privacy and Security in Mobile Health (mHealth) Research

https://www.ncbi.nlm.nih.gov/pmc/articles/PMC4432854/

HIPAA Privacy Rule and Sharing Information Related to Mental Health

https://www.hhs.gov/sites/default/files/hipaa-privacy-rule-and-sharing-info-related-to-mental-health.pdf

Security HHS Security Rule Guidance Material

https://www.hhs.gov/hipaa/for-professionals/security/guidance/index.html

The HIPAA Privacy Rule’s Right of Access and Health Information Technology 

https://www.hhs.gov/sites/default/files/ocr/privacy/hipaa/understanding/special/healthit/eaccess.pdf

Privacy and Confidentiality of Data Privacy and Health Research in an Data-Driven World https://www.hhs.gov/ohrp/sites/default/files/report-privacy-and-health-10-31-19.pdf

Patients’ willingness to share digital health and non-health data for research: a cross-sectional study

https://onesearch.nihlibrary.ors.nih.gov/discovery/fulldisplay?vid=01NIH_INST:NIH&search_scope=NIHAll&tab=NIHCampus&docid=medline31395102&lang=en&context=PC&adaptor=Primo%20Central&query=any,contains,digital%20health%20research,AND&query=any,contains,privacy,AND&sortby=rank&mode=advanced&offset=0

Health Information Privacy in the Digital Age: Where to Focus Enforcement Efforts

https://wayback.archive-it.org/3926/20170128222911/https://www.hhs.gov/blog/2016/10/13/health-information-privacy-digital-age-where-focus-enforcement-efforts.html