"Public good": new ethics report says you shouldn't own your medical data.

Researchers argue medical data should be an opensource public good.

Diversity identity and privacy concept and personal private data symbol as diverse finger prints or ...

We are walking repositories of medical data, from our blood type to our respiratory health. While we might assume that we're also the owners of this data, a new report argues otherwise.

Published Tuesday in the journal Radiology, a team of researchers proposes a new ethical framework for clinical data in the AI era that removes ownership from both patients and physicians and instead frames clinical data as an opensource "public good" owned by no one and for the benefit of all.

This idea goes directly against traditional ethical frameworks that argue data is either owned by a patient or institution, but the authors justify this by arguing that patients and physicians have no use for data after initial care has been given. Because of this, and because the data can have identifying information removed, the authors argue that not only do patients and institutions not own the data but companies don't need to ask permission to use it either.

David Larson, the report's lead author and associate professor of radiology at Stanford University, tells Inverse that this could improve how companies are able to use medical data and in turn, improve human health at large through future innovations.

"The lack of clarity of an ethical framework is inhibiting the use of medical data for clinical research and development," says Larson. "At the same time, companies and provider organizations who may legitimately want to do the right thing are behaving in ways that some find objectionable. Much of this is due to a lack of clarity regarding what is and is not ethically appropriate. We are trying to help move the field toward agreement on a workable solution that provides appropriate respect to patients."

"The more widely the data are shared, the more rigorous the requirements"

When it comes to respecting patients, the authors write that maintaining patient privacy is still their number one priority. In order to ensure patients' identities are separate from their data Larson tells Inverse that data goes through multiple rounds of automated and manual "deidentification."

"The more widely the data are shared, the more rigorous the requirements for redundancy," says Larson. "For example, for our widely-released data sets, after applying automated de-identification software, we often have three or more individuals manually review every image before releasing."

But even so, traces of a patient's identity can remain, write the authors, or software can be used to recover hidden traces. In these cases, the authors write that the data would be removed from public use.

In addition to removing ownership of data from patients and institutions, the authors write that neither group nor AI companies would be able to profit from this data either. With one loop-hole -- Larson tells Inverse that under this framework it would be ethical for an AI company to profit from the tools it developed from the data.

"It is not appropriate for organizations to profit from the data themselves, but it is reasonable for companies to profit from the development of those tools, given the investment required to develop them," says Larson. "Making the data widely available decreases the competitive advantage of having access to the data, which decreases the commercial value of the data, which helps ensure that no entity inappropriate profits from the data."

While this loss of control over medical data might be a hard pill for some to swallow, Larson tells Inverse that patients have largely been willing to trust in the greater good of these ideas.

"In our experience, patients mainly want to makes sure medical data are not used inappropriately," says Larson. "We are advocating for clearer guidelines and stricter oversight mechanisms to make sure that everyone who has access to the data, in any form, takes upon themselves the same obligations as medical providers—that the data will only be used for beneficial purposes and will be carefully maintained and protected. We believe that this would increase overall trust in the system, helping to alleviate patients’ concerns, which are understandable."

Abstract: In this article, the authors propose an ethical framework for using and sharing clinical data for the development of artificial intelligence (AI) applications. The philosophical premise is as follows: when clinical data are used to provide care, the primary purpose for acquiring the data is fulfilled. At that point, clinical data should be treated as a form of public good, to be used for the benefit of future patients. In their 2013 article, Faden et al argued that all who participate in the health care system, including patients, have a moral obligation to contribute to improving that system. The authors extend that framework to questions surrounding the secondary use of clinical data for AI applications. Specifically, the authors propose that all individuals and entities with access to clinical data become data stewards, with fiduciary (or trust) responsibilities to patients to carefully safeguard patient privacy, and to the public to ensure that the data are made widely available for the development of knowledge and tools to benefit future patients. According to this framework, the authors maintain that it is unethical for providers to “sell” clinical data to other parties by granting access to clinical data, especially under exclusive arrangements, in exchange for monetary or in-kind payments that exceed costs. The authors also propose that patient consent is not required before the data are used for secondary purposes when obtaining such consent is prohibitively costly or burdensome, as long as mechanisms are in place to ensure that ethical standards are strictly followed. Rather than debate whether patients or provider organizations “own” the data, the authors propose that clinical data are not owned at all in the traditional sense, but rather that all who interact with or control the data have an obligation to ensure that the data are used for the benefit of future patients and society.
Related Tags