Vahideh Zarea Gavgani,Aniseh Pourrasmi

DOI: https://doi.org/10.34172/doh.2024.19

2024-08-28

Depiction of Health

Abstract:Developments in medical data analysis bring important social benefits but also challenge privacy and other ethical values. At the same time, excessive data protection restrictions can be a serious threat to observational studies. The debate on whether data privacy or data correlation should be the core value of research policies has remained unresolved. Today, in the health care sector, which is developing rapidly, it is highly important to maintain integrity, privacy, and access to data (1). Data governance plays an important role in navigating this path, ensuring compliance with regulations, and paving the way for improved patient outcomes. Data governance in the field of health care is an organized and standardized method for managing, analyzing, and sharing medical data in an ethical and transparent manner, all of which align with legal and ethical standards (1, 2). Data Governance in Healthcare It covers the entire life cycle of patient information, from initial admission to long after discharge. In essence, healthcare data is a valuable asset. Effective data governance is very useful in making informed decisions and providing high-level patient care. A concrete example can be given from an article entitled "Challenges Caused by the COVID-19 Pandemic: The Long-Standing Need for Strong Data Governance", which revealed addressing aspects such as intellectual property rights, interoperability, data storage, sharing, and ensuring equitable access to healthcare resources (1). According to case reports, there are also obstacles and challenges for the management of healthcare and health data, the most important of which are mentioned below: · Privacy and data security · Compliance with regulations · Management of diverse data sources · Ensuring interoperability in different systems and data formats (2). Addressing these barriers and challenges with a comprehensive data management strategy can simplify processes and create data standards, in addition to improving data quality and access to qualitative data and strengthening collaboration between stakeholders. Therefore, in a wide treatment network with numerous electronic files, better coordination and coherence have been created, and while speeding up treatment processes, conditions will be provided for an advanced and more effective health control operation. Based on Figure 1, effective data governance in health care will have several advantages. In fact, data governance is based on a specific pattern of input and output. Data input includes data and metadata management, especially data definitions and standards, quantitative classification and data quality control. If these important factors and indicators of data and information input are done accurately and without mistakes, the result of the work, i.e., the output of data governance, will lead to the adoption of appropriate strategies to meet the demand of the industry, more effective clinical care and reliable operations in the health system (2, 4). Effective Data Governance in Healthcare Reveals Several Advantages 1- Improving patient care through interoperability: By setting standards and promoting data integration, data governance strengthens interoperability and ultimately leads to improved care coordination and comprehensive patient care. 2- Optimized services and resource efficiency: Simplifying data processes and eliminating redundant items can lead to providing optimal services and improving patient experiences. 3- Fostering innovation and research: By establishing clear data access and sharing policies, data governance supports innovation and research and enables large-scale data analysis, trend identification, and epidemiological studies. 4- Informed decision-making: Improving the quality and accuracy of data is the basis of informed decision-making and increases patient safety and care results. It also enables data-driven insights into various aspects of healthcare, including resource allocation and clinical outcomes. 5- Compliance with regulations and ethical data management: Ensuring alignment with legal requirements and the best industrial practices reduces risks and sets a standard for ethical data practices (3, 4). Creating a Comprehensive Data Governance Framework Creating a data governance framework for health care includes drawing policies, standards, roles, responsibilities, and accountability related to data. The key components of this framework include data standards and definitions, data quality management, metadata management, master data management, and data architecture (2). Implementing Data Governance: A Step-by-Step Guide 1- Define the scope: Specify the organizational structure, authorities, councils, and roles. 2- Form a governance team: Create a team that includes a chief data officer and a chief medical information officer to drive accountability. 3- Identify key metrics: Focus on data accuracy, process improvement, and efficiency. 4- Understand compliance standards: Familiarize yourself with existing regulations and policies. 5- Secure the system: Implement encryption, masking, and hashing policies for protected health information. 6- Setting user permissions: Create authentication protocols and monitor data access. 7- Educate your team: Educate your teams on adopting and following a data governance plan(2, 5). Evaluation of Data Governance Solutions When evaluating solutions, prioritize capabilities such as data classification and tagging, data search and discovery, metadata management, data provenance and traceability, data security and privacy, compliance and reporting, and integration and interoperability (4, 5). In summary, data governance is of practical importance at all levels of healthcare and health and ensures that doctors, therapists, and health care providers have access to accurate, safe, and private data of patients. This requires an effort at all organizational levels (Ministry of Health), including interdisciplinary teams of experts. This commentary provides a foundation for understanding the importance, benefits, framework components, and steps for implementing data governance in healthcare. As the healthcare landscape continues to evolve, data governance initiatives must also evolve to improve the efficiency of health system management.

Kishu Gupta,Vinaytosh Mishra,Aaisha Makkar

DOI: https://doi.org/10.1109/JBHI.2024.3467179

2024-10-06

Abstract:Healthcare has witnessed an increased digitalization in the post-COVID world. Technologies such as the medical internet of things and wearable devices are generating a plethora of data available on the cloud anytime from anywhere. This data can be analyzed using advanced artificial intelligence techniques for diagnosis, prognosis, or even treatment of disease. This advancement comes with a major risk to protecting and securing protected health information (PHI). The prevailing regulations for preserving PHI are neither comprehensive nor easy to implement. The study first identifies twenty activities crucial for privacy and security, then categorizes them into five homogeneous categories namely: $\complement_1$ (Policy and Compliance Management), $\complement_2$ (Employee Training and Awareness), $\complement_3$ (Data Protection and Privacy Control), $\complement_4$ (Monitoring and Response), and $\complement_5$ (Technology and Infrastructure Security) and prioritizes these categories to provide a framework for the implementation of privacy and security in a wise manner. The framework utilized the Delphi Method to identify activities, criteria for categorization, and prioritization. Categorization is based on the Density-Based Spatial Clustering of Applications with Noise (DBSCAN), and prioritization is performed using a Technique for Order of Preference by Similarity to the Ideal Solution (TOPSIS). The outcomes conclude that $\complement_3$ activities should be given first preference in implementation and followed by $\complement_1$ and $\complement_2$ activities. Finally, $\complement_4$ and $\complement_5$ should be implemented. The prioritized view of identified clustered healthcare activities related to security and privacy, are useful for healthcare policymakers and healthcare informatics professionals.

Cryptography and Security,Machine Learning

Vinaytosh Mishra,Kishu Gupta,Deepika Saxena,Ashutosh Kumar Singh

DOI: https://doi.org/10.1109/TCE.2024.3373912

2024-10-05

Abstract:Electronic Health Records (EHR) are crucial for the success of digital healthcare, with a focus on putting consumers at the center of this transformation. However, the digitalization of healthcare records brings along security and privacy risks for personal data. The major concern is that different countries have varying standards for the security and privacy of medical data. This paper proposed a novel and comprehensive framework to standardize these rules globally, bringing them together on a common platform. To support this proposal, the study reviews existing literature to understand the research interest in this issue. It also examines six key laws and standards related to security and privacy, identifying twenty concepts. The proposed framework utilized K-means clustering to categorize these concepts and identify five key factors. Finally, an Ordinal Priority Approach is applied to determine the preferred implementation of these factors in the context of EHRs. The proposed study provides a descriptive then prescriptive framework for the implementation of privacy and security in the context of electronic health records. Therefore, the findings of the proposed framework are useful for professionals and policymakers in improving the security and privacy associated with EHRs.

Machine Learning

Fatemeh Torabi,Emma Squires,Chris Orton,Sharon Heys,David Ford,Ronan A. Lyons,Simon Thompson

DOI: https://doi.org/10.1038/s41591-023-02686-w

IF: 82.9

2024-01-09

Nature Medicine

Abstract:A six-tiered governance framework for federated health data, with varying levels of data access and sharing, is proposed to facilitate the use of health data held within more than one secure environment, while preserving privacy.

biochemistry & molecular biology,cell biology,medicine, research & experimental

Shirin Deghati

DOI: https://doi.org/10.47672/ajdikm.2351

2024-08-27

Abstract:Purpose: The aim of the study was to assess the impact of data governance on data quality in healthcare institutions. Materials and Methods: This study adopted a desk methodology. A desk study research design is commonly known as secondary data collection. This is basically collecting data from existing resources preferably because of its low cost advantage as compared to a field research. Our current study looked into already published studies and reports as the data was easily accessed through online journals and libraries. Findings: The study found that institutions with robust data governance protocols experience fewer instances of data inconsistency and errors. This, in turn, improves the reliability of clinical decision-making processes and patient outcomes. Moreover, compliant data governance practices contribute to better data integration across various healthcare systems and departments, facilitating comprehensive patient care and longitudinal health monitoring. By promoting transparency and accountability in data management, healthcare institutions can mitigate risks associated with data breaches and ensure compliance with regulatory standards, thereby fostering trust among patients and stakeholders alike. Implications to Theory, Practice and Policy: Control theory, information theory and agency theory may be used to anchor future studies on assessing the impact of data governance on data quality in healthcare institutions. Healthcare institutions should prioritize the adoption of comprehensive data governance frameworks that integrate policy development, stakeholder engagement, and technological infrastructure. Policymakers should align regulatory frameworks with evolving data governance standards to promote interoperability and data exchange across healthcare networks.

R. Pandey,Saurabh Pandey

Abstract:— Big data is one the most promising, essential and modern computing era around the world. Big data is most commonly described as huge amount of un-structured data or we can say semi-structured data. The processing, storage, and analysis of such huge sets of data with the help of classical processing or database approaches or tools are insufficient, it requires advanced processing tools with real-time analysis. Healthcare (medical) is one of the important sector that produces big data because today, healthcare switches paper-based medical records into electronic platform to store, manage, analysis and process in the form of Electronic Medical Record (EMR) or Electronic Healthcare Record (EHR) with the help of internet..Due to vast digitization of medical big data(records) or we can say the use of technologies to transform healthcare industry into electronically available data to consumers, there are various security and privacy risks associated with the use of such technologies must be addressed in order to provide better and safe access of records online and make the system acceptable worldwide with the contribution of healthy economic growth. In this paper, we explore various security and privacy concerns surrounding medical (healthcare) big data.

Medicine,Computer Science

Farida Habib Semantha,Sami Azam,Bharanidharan Shanmugam,Kheng Cher Yeo,Abhijith Reddy Beeravolu

DOI: https://doi.org/10.1109/access.2021.3134873

IF: 3.9

2021-01-01

IEEE Access

Abstract:Privacy has become an increasingly significant apprehension in today’s rapidly changing economy primarily for personal and sensitive user data. The levels of personal data violation are increasing day by day however privacy-preserving frameworks are available. This paper conducted an in-depth analysis of contemporary frameworks to identify the key mechanisms to produce a sophisticated data privacy framework to reduce the rate of data breach particularly for the Patient Record Management System (PRMS). There are several studies available that stated healthcare data privacy, still, complete data protection solution with the application of privacy by design towards patients’ health data by ensuring privacy in each layer of the PRMS are quite limited, which is the focus of this study. PRMS manages personal and sensitive data while delivering healthcare services to the patients and as such, have also the potential to carry significant risks to the privacy of their data. A novel conceptual framework with three distinct and sequential phases is suggested in this research, each of which is defined in a distinct section. The first phase is defined as the planning to identify the key limitations of contemporary frameworks so these can be minimized to ensure privacy in each layer of data processing. The second phase incorporates the key components of data privacy to satisfy the efficiency and effectiveness of the proposed framework. Finally, the third phase is the implementation of the selected requirements of the assessment phase to prevent privacy incursion events in PRMS. The complete framework is anticipated to deliver a sophisticated resistance in contradiction to the continuous data breaches in the patients’ information domain.

computer science, information systems,telecommunications,engineering, electrical & electronic

Longzhi Yang,Jie Li,Noe Elisa,Tom Prickett,Fei Chao

DOI: https://doi.org/10.1007/s41688-019-0034-9

2019-01-01

Data-Enabled Discovery and Applications

Abstract:Big data refers to large complex structured or unstructured data sets. Big data technologies enable organisations to generate, collect, manage, analyse, and visualise big data sets, and provide insights to inform diagnosis, prediction, or other decision-making tasks. One of the critical concerns in handling big data is the adoption of appropriate big data governance frameworks to (1) curate big data in a required manner to support quality data access for effective machine learning and (2) ensure the framework regulates the storage and processing of the data from providers and users in a trustworthy way within the related regulatory frameworks (both legally and ethically). This paper proposes a framework of big data governance that guides organisations to make better data-informed business decisions within the related regularity framework, with close attention paid to data security, privacy, and accessibility. In order to demonstrate this process, the work also presents an example implementation of the framework based on the case study of big data governance in cybersecurity. This framework has the potential to guide the management of big data in different organisations for information sharing and cooperative decision-making.

Juan Espinoza,Abu Taher Sikder,James Dickhoner,Thomas Lee

DOI: https://doi.org/10.2196/25833

2021-12-08

Abstract:Background: Health care databases contain a wealth of information that can be used to develop programs and mature health care systems. There is concern that the sensitive nature of health data (eg, ethnicity, reproductive health, sexually transmitted infections, and lifestyle information) can have significant impact on individuals if misused, particularly among vulnerable and marginalized populations. As academic institutions, nongovernmental organizations, and international agencies begin to collaborate with low- and middle-income countries to develop and deploy health information technology (HIT), it is important to understand the technical and practical security implications of these initiatives. Objective: Our aim is to develop a conceptual framework for risk stratification of global health data partnerships and HIT projects. In addition to identifying key conceptual domains, we map each domain to a variety of publicly available indices that could be used to inform a quantitative model. Methods: We conducted an overview of the literature to identify relevant publications, position statements, white papers, and reports. The research team reviewed all sources and used the framework method and conceptual framework analysis to name and categorize key concepts, integrate them into domains, and synthesize them into an overarching conceptual framework. Once key domains were identified, public international data sources were searched for relevant structured indices to generate quantitative counterparts. Results: We identified 5 key domains to inform our conceptual framework: State of HIT, Economics of Health Care, Demographics and Equity, Societal Freedom and Safety, and Partnership and Trust. Each of these domains was mapped to a number of structured indices. Conclusions: There is a complex relationship among the legal, economic, and social domains of health care, which affects the state of HIT in low- and middle-income countries and associated data security risks. The strength of partnership and trust among collaborating organizations is an important moderating factor. Additional work is needed to formalize the assessment of partnership and trust and to develop a quantitative model of the conceptual framework that can help support organizational decision-making.

Somayeh Ghaffari Heshajin,Shahram Sedghi,Sirous Panahi,Amirhossein Takian

DOI: https://doi.org/10.1186/s12961-024-01193-9

2024-08-18

Health Research Policy and Systems

Abstract:As a newly emerged concept and a product of the twenty-first century, health information governance is expanding at a rapid rate. The necessity of information governance in the healthcare industry is evident, given the significance of health information and the current need to manage it. The objective of the present scoping review is to identify the dimensions and components of health information governance to discover how these factors impact the enhancement of healthcare systems and services.

health policy & services

Nomputumo L. Ngesimani,Ephias Ruhode,Patricia-Ann Harpur

DOI: https://doi.org/10.4102/sajim.v24i1.1475

2022-08-18

SA Journal of Information Management

Abstract:Background: This study aimed to investigate data governance (DG) related to challenges associated with healthcare information systems (HIS), by reviewing guidelines emerging from academic sources as part of a consolidated systematic literature review (SLR). The research contributed theoretically towards the body of knowledge, by reviewing challenges and guidelines related to DG within the healthcare environment. It contributed practically to the body of knowledge through understanding the healthcare information’s systems status. The study also contributed methodologically and significantly to SLR strategies.Objectives: The objective of this study was to understand the features of HIS; acquire information about DG success and understand the influence noted on DG.Method: The study conducted an SLR over the period 2010–2020. Literature collection was not only restricted to South African publications but was extended to international sources. This study adapted a mono method.Results: The study revealed that many organisations have realised that the only method to fix the data problem is the implementation of effective DG. With the increased adoption and rise of cloud computing, DG is gaining interest amongst specialists.Conclusion: The shift from paper-based systems led organisations to seek organisational change through digital transformation. The proper collection and utilisation of electronic healthcare record is the foundation of the digital healthcare. Many organisations value DG as a promising method of maintaining data as a valuable asset.

Amen Faridoon,M. Tahar Kechadi

DOI: https://doi.org/10.48550/arXiv.2307.06779

2023-07-13

Abstract:In today's highly connected society, we are constantly asked to provide personal information to retailers, voter surveys, medical professionals, and other data collection efforts. The collected data is stored in large data warehouses. Organisations and statistical agencies share and use this data to facilitate research in public health, economics, sociology, etc. However, this data contains sensitive information about individuals, which can result in identity theft, financial loss, stress and depression, embarrassment, abuse, etc. Therefore, one must ensure rigorous management of individuals' privacy. We propose, an advanced data privacy management architecture composed of three layers. The data management layer consists of de-identification and anonymisation, the access management layer for re-enforcing data access based on the concepts of Role-Based Access Control and the Chinese Wall Security Policy, and the roles layer for regulating different users. The proposed system architecture is validated on healthcare datasets.

Cryptography and Security

Muhammad Adnan,Ekaterina Kutafina,Oya Beyan

DOI: https://doi.org/10.3233/SHTI240403

2024-08-22

Abstract:The importance of cybersecurity in healthcare, with a focus on safeguarding sensitive patient information from unauthorized access, use, or disclosure, cannot be overstated Security breaches in this sector can have significant consequences due to the widespread use of electronic health records (EHRs) and interconnected medical devices, creating opportunities for exploitation. This work presents a first step to analyzing and organizing healthcare-specific cybersecurity problems and existing security frameworks. Special focus is put on the security risks associated with data integration centers while recognizing their role as hubs for innovation.

Sara Rosenbaum

DOI: https://doi.org/10.1111/j.1475-6773.2010.01140.x

2010-08-02

Health Services Research

Abstract:U.S. health policy is engaged in a struggle over access to health information, in particular, the conditions under which information should be accessible for research when appropriate privacy protections and security safeguards are in place. The expanded use of health information-an inevitable step in an information age-is widely considered be essential to health system reform. Models exist for the creation of data-sharing arrangements that promote proper use of information in a safe and secure environment and with attention to ethical standards. Data stewardship is a concept with deep roots in the science and practice of data collection, sharing, and analysis. Reflecting the values of fair information practice, data stewardship denotes an approach to the management of data, particularly data that can identify individuals. The concept of a data steward is intended to convey a fiduciary (or trust) level of responsibility toward the data. Data governance is the process by which responsibilities of stewardship are conceptualized and carried out. As the concept of health information data stewardship advances in a technology-enabled environment, the question is whether legal barriers to data access and use will begin to give way. One possible answer may lie in defining the public interest in certain data uses, tying provider participation in federal health programs to the release of all-payer data to recognized data stewardship entities for aggregation and management, and enabling such entities to foster and enable the creation of knowledge through research.

health care sciences & services,health policy & services

Koel Ghorai,Jan M. Smits,Pradeep Kanta Ray,Maarten Kluitman

DOI: https://doi.org/10.2139/ssrn.2683285

2015-01-01

SSRN Electronic Journal

Abstract:Online health data sharing and transfer has become easier and more efficient than ever before, but at the same time this has brought about new challenges for the privacy and protection of personal data. Transfer of sensitive health as well as personal data between organizations and countries requires high level of protection and privacy and any breach in that can result in considerable damage to an organization's reputation. In spite of existing methodologies for privacy impact assessment(PIA) for developing privacy-by-design processes, none of them combine the business as well as legal aspects for assessing the technological requirements before or during the development of privacy and security platforms. e-Authentication and e-Authorization techniques are used by various organizations to address privacy related issues. Using a combined business and legal framework in addition to existing PIAs can simplify the analysis of as-is and to-be business processes and this can be used by business or legal analysts as well as organizations to assess the privacy requirements as well as legislations before developing service-by-design platforms . In this paper we propose a unique framework that combines business and legal aspects of any health related business process pertaining to protection and privacy of sensitive data exchange. To be able to map the privacy requirements in the context of data sharing across organizations, a general conceptual framework involving a combination of business process as well as legal components has been developed. This framework provides organizations a comprehensive approach for considering legal regulations as well as factors that may affect privacy and security of sensitive data like health data in their business processes. In this paper, we have provided an example of an as-is healthcare customer registration process for German Red Cross and how the framework can be used to assess the requirements for a to-be customer registration process in the context of European privacy laws.

Behnam Kiani Kalejahi,Saeed Meshgini,Ayshan Yariyeva,Dawda Ndure,Uzeyir Maharramov,Ali Farzamnia

DOI: https://doi.org/10.48550/arXiv.1912.03848

2019-12-09

Cryptography and Security

Abstract:This paper embodies the usage of Big Data in Healthcare. It is important to note that big data in terms of Architecture and implementation might be or has already or will continue to assist the continuous growth in the field of healthcare. The main important aspects of this study are the general importance of big data in healthcare, the positives big data will help tackle and enhance in this field and not to also forget to mention the tremendous downside big data has on healthcare that is still needed to improve or putting extensive research on. We believe there is still a long way in which institutions and individuals understand the hidden truth about big data. We have highlighted the various ways one could be confidently relied on big data and on the other hand highlighted the weighted importance of big problem big data and expected solutions.

Rada Hussein,Ashley C Griffin,Adrienne Pichon,Jan Oldenburg

DOI: https://doi.org/10.1093/jamia/ocac198

2022-10-19

Journal of the American Medical Informatics Association

Abstract:Abstract With the numerous advances and broad applications of mobile health (mHealth), establishing concrete data sharing, privacy, and governance strategies at national (or regional) levels is essential to protect individual privacy and data usage. This article applies the recent Health Data Governance Principles to provide a guiding framework for low- and middle-income countries (LMICs) to create a comprehensive mHealth data governance strategy. We provide three objectives: (1) establish data rights and ownership to promote equitable benefits from health data, (2) protect people through building trust and addressing patients’ concerns, and (3) promote health value by enhancing health systems and services. We also recommend actions for realizing each objective to guide LMICs based on their unique mHealth data ecosystems. These objectives require adopting a regulatory framework for data rights and protection, building trust for data sharing, and enhancing interoperability to use new datasets in advancing healthcare services and innovation.

information science & library science,computer science, information systems, interdisciplinary applications,health care sciences & services,medical informatics

K Koel Ghorai,JM Jan Smits,Pradeep Ray,Maarten Kluitman

2015-01-01

Abstract:Online health data sharing and transfer has become easier and more efficient than ever before, but at the same time this has brought about new challenges for the privacy and protection of personal data. Transfer of sensitive health as well as personal data between organizations and countries requires high level of protection and privacyand any breach in that can result in considerable damage to an organization's reputation. In spiteof existing methodologies for privacy impact assessment(PIA) for developing privacy-by-design processes, none of them combine the business as well as legal aspects for assessing the technological requirements before or during the development of privacy and security platforms. e-Authentication and e-Authorization techniques are used by various organizations to address privacy related issues. Using a combined business and legal framework in addition to existing PIAs can simplify the analysis of as-is and to-be business processes and this can be used by business or legal analysts as well as organizations to assess the privacyrequirements as well as legislations before developing service-by-design platforms . In this paper we propose a unique framework that combines business and legal aspects of any health related business process pertaining to protection and privacy of sensitive data exchange. To be able to map the privacy requirements in the context of data sharing across organizations, a general conceptual framework involving a combination of business process as well as legal components has been developed. This framework provides organizations a comprehensive approach for considering legal regulations as well as factors that may affect privacy and security of sensitive data like health data in their business processes. In this paper, we have provided an example of an as-is healthcare customer registration process for German Red Cross and how the framework can be used to assess the requirements for a to-be customer registration processin the context of European privacy laws.

Megha M. Moncy,Sadia Afreen,Saptarshi Purkayastha

2023-11-07

Abstract:This research examines the pivotal role of human behavior in the realm of healthcare data management, situated at the confluence of technological advancements and human conduct. An in-depth analysis of security breaches in the United States from 2009 to the present elucidates the dominance of human-induced security breaches. While technological weak points are certainly a concern, our study highlights that a significant proportion of breaches are precipitated by human errors and practices, thus pinpointing a conspicuous deficiency in training, awareness, and organizational architecture. In spite of stringent federal mandates, such as the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act, breaches persist, emphasizing the indispensable role of human factors within this domain. Such oversights not only jeopardize patient data confidentiality but also undermine the foundational trust inherent in the healthcare infrastructure. By probing the socio-technical facets of healthcare security infringements, this article advocates for an integrated, dynamic, and holistic approach to healthcare data security. The findings underscore the imperative of augmenting technological defenses while concurrently elevating human conduct and institutional ethos, thereby cultivating a robust and impervious healthcare data management environment.

Computers and Society,Cryptography and Security

Nicki Tiffin,Asha George,Amnesty Elizabeth LeFevre

DOI: https://doi.org/10.1136/bmjgh-2019-001395

IF: 8.056

2019-04-01

BMJ Global Health

Abstract:Globally, the volume of private and personal digital data has massively increased, accompanied by rapid expansion in the generation and use of digital health data. These technological advances promise increased opportunity for data-driven and evidence-based health programme design, management and assessment; but also increased risk to individuals of data misuse or data breach of their sensitive personal data, especially given how easily digital data can be accessed, copied and transferred on electronic platforms if the appropriate controls are not implemented. This is particularly pertinent in low-income and middle-income countries (LMICs), where vulnerable populations are more likely to be at a disadvantage in negotiating digital privacy and confidentiality given the intersectional nature of the digital divide. The potential benefits of strengthening health systems and improving health outcomes through the digital health environment thus come with a concomitant need to implement strong data governance structures and ensure the ethical use and reuse of individuals’ data collected through digital health programmes. We present a framework for data governance to reduce the risks of health data breach or misuse in digital health programmes in LMICS. We define and describe four key domains for data governance and appropriate data stewardship, covering ethical oversight and informed consent processes, data protection through data access controls, sustainability of ethical data use and application of relevant legislation. We discuss key components of each domain with a focus on their relevance to vulnerable populations in LMICs and examples of data governance issues arising within the LMIC context.

public, environmental & occupational health