J. Thomas Brown,Chao Yan,Weiyi Xia,Zhijun Yin,Zhiyu Wan,Aris Gkoulalas-Divanis,Murat Kantarcioglu,Bradley A. Malin

DOI: https://doi.org/10.48550/arXiv.2106.14649

2021-06-21

Cryptography and Security

Abstract:Supporting public health research and the public's situational awareness during a pandemic requires continuous dissemination of infectious disease surveillance data. Legislation, such as the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and recent state-level regulations, permits sharing de-identified person-level data; however, current de-identification approaches are limited. namely, they are inefficient, relying on retrospective disclosure risk assessments, and do not flex with changes in infection rates or population demographics over time. In this paper, we introduce a framework to dynamically adapt de-identification for near-real time sharing of person-level surveillance data. The framework leverages a simulation mechanism, capable of application at any geographic level, to forecast the re-identification risk of sharing the data under a wide range of generalization policies. The estimates inform weekly, prospective policy selection to maintain the proportion of records corresponding to a group size less than 11 (PK11) at or below 0.1. Fixing the policy at the start of each week facilitates timely dataset updates and supports sharing granular date information. We use August 2020 through October 2021 case data from Johns Hopkins University and the Centers for Disease Control and Prevention to demonstrate the framework's effectiveness in maintaining the PK!1 threshold of 0.01. When sharing COVID-19 county-level case data across all US counties, the framework's approach meets the threshold for 96.2% of daily data releases, while a policy based on current de-identification techniques meets the threshold for 32.3%. Periodically adapting the data publication policies preserves privacy while enhancing public health utility through timely updates and sharing epidemiologically critical features.

Brian Lee,Brandi Dupervil,Nicholas P. Deputy,Wil Duck,Stephen Soroka,Lyndsay Bottichio,Benjamin Silk,Jason Price,Patricia Sweeney,Jennifer Fuld,Todd Weber,Dan Pollock

DOI: https://doi.org/10.1177/00333549211026817

2021-01-13

Abstract:Objectives: Federal open data initiatives that promote increased sharing of federally collected data are important for transparency, data quality, trust, and relationships with the public and state, tribal, local, and territorial (STLT) partners. These initiatives advance understanding of health conditions and diseases by providing data to more researchers, scientists, and policymakers for analysis, collaboration, and valuable use outside CDC responders. This is particularly true for emerging conditions such as COVID-19 where we have much to learn and have evolving data needs. Since the beginning of the outbreak, CDC has collected person-level, de-identified data from jurisdictions and currently has over 8 million records, increasing each day. This paper describes how CDC designed and produces two de-identified public datasets from these collected data. Materials and Methods: Data elements were included based on the usefulness, public request, and privacy implications; specific field values were suppressed to reduce risk of reidentification and exposure of confidential information. Datasets were created and verified for privacy and confidentiality using data management platform analytic tools as well as R scripts. Results: Unrestricted data are available to the public through <a class="link-external link-http" href="http://Data.CDC.gov" rel="external noopener nofollow">this http URL</a> and restricted data, with additional fields, are available with a data use agreement through a private repository on <a class="link-external link-http" href="http://GitHub.com" rel="external noopener nofollow">this http URL</a>. Practice Implications: Enriched understanding of the available public data, the methods used to create these data, and the algorithms used to protect privacy of de-identified individuals allow for improved data use. Automating data generation procedures allows greater and more timely sharing of data.

Cryptography and Security,Computers and Society

Abinitha Gourabathina,Zhiyu Wan,J Thomas Brown,Chao Yan,Bradley A Malin

DOI: https://doi.org/10.1109/TNB.2023.3284092

Abstract:Sharing individual-level pandemic data is essential for accelerating the understanding of a disease. For example, COVID-19 data have been widely collected to support public health surveillance and research. In the United States, these data are typically de-identified before publication to protect the privacy of the corresponding individuals. However, current data publishing approaches for this type of data, such as those adopted by the U.S. Centers for Disease Control and Prevention (CDC), have not flexed over time to account for the dynamic nature of infection rates. Thus, the policies generated by these strategies have the potential to both raise privacy risks or overprotect the data and impair the data utility (or usability). To optimize the tradeoff between privacy risk and data utility, we introduce a game theoretic model that adaptively generates policies for the publication of individual-level COVID-19 data according to infection dynamics. We model the data publishing process as a two-player Stackelberg game between a data publisher and a data recipient and then search for the best strategy for the publisher. In this game, we consider 1) average performance of predicting future case counts; and 2) mutual information between the original data and the released data. We use COVID-19 case data from Vanderbilt University Medical Center from March 2020 to December 2021 to demonstrate the effectiveness of the new model. The results indicate that the game theoretic model outperforms all state-of-the-art baseline approaches, including those adopted by CDC, while maintaining low privacy risk. We further perform an extensive sensitivity analyses to show that our findings are robust to order-of-magnitude parameter fluctuations.

Fang Liu,Dong Wang,Tian Yan

DOI: https://doi.org/10.48550/arXiv.2106.10339

2022-09-14

Abstract:A considerable amount of various types of data have been collected during the COVID-19 pandemic, the analysis and interpretation of which have been indispensable for curbing the spread of the disease. As the pandemic moves to an endemic state, the data collected during the pandemic will continue to be rich sources for further studying and understanding the impacts of the pandemic on various aspects of our society. On the other hand, naïve release and sharing of the information can be associated with serious privacy concerns. In this study, we use three common but distinct data types collected during the pandemic (case surveillance tabular data, case location data, and contact tracing networks) to illustrate the publication and sharing of granular information and individual-level pandemic data in a privacy-preserving manner. We leverage and build upon the concept of differential privacy to generate and release privacy-preserving data for each data type. We investigate the inferential utility of privacy-preserving information through simulation studies at different levels of privacy guarantees and demonstrate the approaches in real-life data. All the approaches employed in the study are straightforward to apply. Our study generates statistical evidence on the practical feasibility of sharing pandemic data with privacy guarantees and on how to balance the statistical utility of released information during this process.

Cryptography and Security,Computers and Society

John Abowd,Lorenzo Alvisi,Cynthia Dwork,Sampath Kannan,Ashwin Machanavajjhala,Jerome Reiter

DOI: https://doi.org/10.48550/arXiv.1701.00752

2017-01-03

Computers and Society

Abstract:Government statistical agencies collect enormously valuable data on the nation's population and business activities. Wide access to these data enables evidence-based policy making, supports new research that improves society, facilitates training for students in data science, and provides resources for the public to better understand and participate in their society. These data also affect the private sector. For example, the Employment Situation in the United States, published by the Bureau of Labor Statistics, moves markets. Nonetheless, government agencies are under increasing pressure to limit access to data because of a growing understanding of the threats to data privacy and confidentiality. "De-identification" - stripping obvious identifiers like names, addresses, and identification numbers - has been found inadequate in the face of modern computational and informational resources. Unfortunately, the problem extends even to the release of aggregate data statistics. This counter-intuitive phenomenon has come to be known as the Fundamental Law of Information Recovery. It says that overly accurate estimates of too many statistics can completely destroy privacy. One may think of this as death by a thousand cuts. Every statistic computed from a data set leaks a small amount of information about each member of the data set - a tiny cut. This is true even if the exact value of the statistic is distorted a bit in order to preserve privacy. But while each statistical release is an almost harmless little cut in terms of privacy risk for any individual, the cumulative effect can be to completely compromise the privacy of some individuals.

Lucie White,Philippe van Basshuysen

DOI: https://doi.org/10.1007/s11948-021-00301-0

IF: 3.777

2021-03-29

Science and Engineering Ethics

Abstract:Abstract At the beginning of the COVID-19 pandemic, high hopes were placed on digital contact tracing. Digital contact tracing apps can now be downloaded in many countries, but as further waves of COVID-19 tear through much of the northern hemisphere, these apps are playing a less important role in interrupting chains of infection than anticipated. We argue that one of the reasons for this is that most countries have opted for decentralised apps, which cannot provide a means of rapidly informing users of likely infections while avoiding too many false positive reports. Centralised apps, in contrast, have the potential to do this. But policy making was influenced by public debates about the right app configuration, which have tended to focus heavily on privacy, and are driven by the assumption that decentralised apps are “privacy preserving by design”. We show that both types of apps are in fact vulnerable to privacy breaches, and, drawing on principles from safety engineering and risk analysis, compare the risks of centralised and decentralised systems along two dimensions, namely the probability of possible breaches and their severity. We conclude that a centralised app may in fact minimise overall ethical risk, and contend that we must reassess our approach to digital contact tracing, and should, more generally, be cautious about a myopic focus on privacy when conducting ethical assessments of data technologies.

ethics,history & philosophy of science,multidisciplinary sciences,engineering, multidisciplinary

Harrison Quick

DOI: https://doi.org/10.48550/arXiv.2103.03833

2021-03-03

Abstract:CDC WONDER is a web-based tool for the dissemination of epidemiologic data collected by the National Vital Statistics System. While CDC WONDER has built-in privacy protections, they do not satisfy formal privacy protections such as differential privacy and thus are susceptible to targeted attacks. Given the importance of making high-quality public health data publicly available while preserving the privacy of the underlying data subjects, we aim to improve the utility of a recently developed approach for generating Poisson-distributed, differentially private synthetic data by using publicly available information to truncate the range of the synthetic data. Specifically, we utilize county-level population information from the U.S. Census Bureau and national death reports produced by the CDC to inform prior distributions on county-level death rates and infer reasonable ranges for Poisson-distributed, county-level death counts. In doing so, the requirements for satisfying differential privacy for a given privacy budget can be reduced by several orders of magnitude, thereby leading to substantial improvements in utility. To illustrate our proposed approach, we consider a dataset comprised of over 26,000 cancer-related deaths from the Commonwealth of Pennsylvania belonging to over 47,000 combinations of cause-of-death and demographic variables such as age, race, sex, and county-of-residence and demonstrate the proposed framework's ability to preserve features such as geographic, urban/rural, and racial disparities present in the true data.

Applications,Methodology

CASON D. SCHMIT,BRIAN N. LARSON,THOMAS TANABE,MAHIN RAMEZANI,QI ZHENG,HYE‐CHUNG KUM

DOI: https://doi.org/10.1111/1468-0009.12700

2024-05-15

Milbank Quarterly

Abstract:Policy Points This study examines the impact of several world‐changing events in 2020, such as the pandemic and widespread racism protests, on the US population's comfort with the use of identifiable data for public health. Before the 2020 election, there was no significant difference between Democrats and Republicans. However, African Americans exhibited a decrease in comfort that was different from other subgroups. Our findings suggest that the public remained supportive of public health data activities through the pandemic and the turmoil of 2020 election cycle relative to other data use. However, support among African Americans for public health data use experienced a unique decline compared to other demographic groups. Context Recent legislative privacy efforts have not included special provisions for public health data use. Although past studies documented support for public health data use, several global events in 2020 have raised awareness and concern about privacy and data use. This study aims to understand whether the events of 2020 affected US privacy preferences on secondary uses of identifiable data, focusing on public health and research uses. Methods We deployed two online surveys—in February and November 2020—on data privacy attitudes and preferences using a choice‐based–conjoint analysis. Participants received different data‐use scenario pairs—varied by the type of data, user, and purpose—and selected scenarios based on their comfort. A hierarchical Bayes regression model simulated population preferences. Findings There were 1,373 responses. There was no statistically significant difference in the population's data preferences between February and November, each showing the highest comfort with population health and research data activities and the lowest with profit‐driven activities. Most subgroups' data preferences were comparable with the population's preferences, except African Americans who showed significant decreases in comfort with population health and research. Conclusions Despite world‐changing events, including a pandemic, we found bipartisan public support for using identifiable data for public health and research. The decreasing support among African Americans could relate to the increased awareness of systemic racism, its harms, and persistent disparities. The US population's preferences support including legal provisions that permit public health and research data use in US laws, which are currently lacking specific public health use permissions.

health care sciences & services,health policy & services

V Joseph Hotz,Christopher R Bollinger,Tatiana Komarova,Charles F Manski,Robert A Moffitt,Denis Nekipelov,Aaron Sojourner,Bruce D Spencer

DOI: https://doi.org/10.1073/pnas.2104906119

2022-08-02

Abstract:The federal statistical system is experiencing competing pressures for change. On the one hand, for confidentiality reasons, much socially valuable data currently held by federal agencies is either not made available to researchers at all or only made available under onerous conditions. On the other hand, agencies which release public databases face new challenges in protecting the privacy of the subjects in those databases, which leads them to consider releasing fewer data or masking the data in ways that will reduce their accuracy. In this essay, we argue that the discussion has not given proper consideration to the reduced social benefits of data availability and their usability relative to the value of increased levels of privacy protection. A more balanced benefit-cost framework should be used to assess these trade-offs. We express concerns both with synthetic data methods for disclosure limitation, which will reduce the types of research that can be reliably conducted in unknown ways, and with differential privacy criteria that use what we argue is an inappropriate measure of disclosure risk. We recommend that the measure of disclosure risk used to assess all disclosure protection methods focus on what we believe is the risk that individuals should care about, that more study of the impact of differential privacy criteria and synthetic data methods on data usability for research be conducted before either is put into widespread use, and that more research be conducted on alternative methods of disclosure risk reduction that better balance benefits and costs.

Soo Jung Hong,Hichang Cho

DOI: https://doi.org/10.1080/10410236.2021.1981565

IF: 3.501

2021-09-24

Health Communication

Abstract:In this study, we extended and tested the privacy calculus framework in the context of a hypothetical AI-based contact-tracing technology for application during the COVID-19 pandemic that is based on the communication privacy management and contextual integrity theories. Specifically, we investigated how the perceived privacy risks and benefits of information disclosure affect the public's willingness to opt in and adopt contact-tracing technologies and how social and contextual factors influence their decision-making process. Four hundred eighteen adults in the United States participated in the study via Amazon Mechanical Turk in August 2020. A percentile bootstrap method with 5,000 resamples and bias-corrected 95% confidence intervals in structural equation modeling was used for data analysis. The participants' privacy concerns and perceived benefits significantly influenced their opt-in and adoption intentions, which suggests that the privacy calculus framework applies to the context of COVID-19 contact-tracing technologies. Perceived social, personal, and reciprocal benefits were identified as crucial mediators that link contextual variables to both opt-in and adoption intentions. Although this study was based on a hypothetical AI-based contact-tracing app, our findings provide meaningful theoretical and practical implications for future research investigating the public's technology adoption in contexts where tradeoffs between privacy risks and public health coexist.

health policy & services,communication

Hafiz Asif,Periklis A Papakonstantinou,Stephanie Shiau,Vivek Singh,Jaideep Vaidya

DOI: https://doi.org/10.1109/mis.2022.3145691

Abstract:Intelligently responding to a pandemic like Covid-19 requires sophisticated models over accurate real-time data, which is typically lacking at the start, e.g., due to deficient population testing. In such times, crowdsensing of spatially tagged disease-related symptoms provides an alternative way of acquiring real-time insights about the pandemic. Existing crowdsensing systems aggregate and release data for pre-fixed regions, e.g., counties. However, the insights obtained from such aggregates do not provide useful information about smaller regions - e.g., neighborhoods where outbreaks typically occur - and the aggregate-and-release method is vulnerable to privacy attacks. Therefore, we propose a novel differentially private method to obtain accurate insights from crowdsensed data for any number of regions specified by the users (e.g., researchers and a policy makers) without compromising privacy of the data contributors. Our approach, which has been implemented and deployed, informs the development of the future privacy-preserving intelligent systems for longitudinal and spatial data analytics.

Jingxin Lei,Ying MacNab

DOI: https://doi.org/10.1016/j.sste.2024.100658

Abstract:The gap between the reported and actual COVID-19 infection cases has been an issue of concern. Here, we present Bayesian hierarchical spatiotemporal disease mapping models for state-level predictions of COVID-19 infection risks and (under)reporting rates among people aged 65 and above during the first two years of the pandemic in the United States. With prior elicitation based on recent prevalence studies, the study suggests that the median state-level reporting rate of COVID-19 infection was 90% (interquartile range: [78%, 96%]). Our study uncovers spatiotemporal variations and dynamics in state-level infection risks and (under)reporting rates, suggesting time-varying associations between higher population density, higher percentage of minorities, and higher percentage of vaccination and increased risks of COVID-19 infection, as well as an association between more easily accessible tests and higher reporting rates. With sensitivity analyses, we highlight the impact and importance of incorporating covariates information and objective prior references for evaluating the issue of underreporting.

Na Young Ahn,Jun Eun Park,Dong Hoon Lee,Paul C. Hong

DOI: https://doi.org/10.48550/arXiv.2004.14495

2020-04-29

Computers and Society

Abstract:There has been vigorous debate on how different countries responded to the COVID-19 pandemic. To secure public safety, South Korea actively used personal information at the risk of personal privacy whereas France encouraged voluntary cooperation at the risk of public safety. In this article, after a brief comparison of contextual differences with France, we focus on South Korea's approaches to epidemiological investigations. To evaluate the issues pertaining to personal privacy and public health, we examine the usage patterns of original data, de-identification data, and encrypted data. Our specific proposal discusses the COVID index, which considers collective infection, outbreak intensity, availability of medical infrastructure, and the death rate. Finally, we summarize the findings and lessons for future research and the policy implications.

John M Abowd,Michael B Hawes

DOI: https://doi.org/10.1146/annurev-statistics-010422-034226

2022-12-28

Abstract:In an era where external data and computational capabilities far exceed statistical agencies' own resources and capabilities, they face the renewed challenge of protecting the confidentiality of underlying microdata when publishing statistics in very granular form and ensuring that these granular data are used for statistical purposes only. Conventional statistical disclosure limitation methods are too fragile to address this new challenge. This article discusses the deployment of a differential privacy framework for the 2020 US Census that was customized to protect confidentiality, particularly the most detailed geographic and demographic categories, and deliver controlled accuracy across the full geographic hierarchy.

Applications,Cryptography and Security,General Economics

Catalina M. Medina,Julia A. Palacios,Volodymyr M. Minin

2024-07-26

Abstract:The COVID-19 pandemic demonstrated that fast and accurate analysis of continually collected infectious disease surveillance data is crucial for situational awareness and policy making. Coalescent-based phylodynamic analysis can use genetic sequences of a pathogen to estimate changes in its effective population size, a measure of genetic diversity. These changes in effective population size can be connected to the changes in the number of infections in the population of interest under certain conditions. Phylodynamics is an important set of tools because its methods are often resilient to the ascertainment biases present in traditional surveillance data (e.g., preferentially testing symptomatic individuals). Unfortunately, it takes weeks or months to sequence and deposit the sampled pathogen genetic sequences into a database, making them available for such analyses. These reporting delays severely decrease precision of phylodynamic methods closer to present time, and for some models can lead to extreme biases. Here we present a method that affords reliable estimation of the effective population size trajectory closer to the time of data collection, allowing for policy decisions to be based on more recent data. Our work uses readily available historic times between sampling and sequencing for a population of interest, and incorporates this information into the sampling model to mitigate the effects of reporting delay in real-time analyses. We illustrate our methodology on simulated data and on SARS-CoV-2 sequences collected in the state of Washington in 2021.

Methodology,Populations and Evolution

Ajitesh Srivastava,Viktor K. Prasanna

DOI: https://doi.org/10.48550/arXiv.2006.02127

2020-06-03

Populations and Evolution

Abstract:Accurate forecasts for COVID-19 are necessary for better preparedness and resource management. Specifically, deciding the response over months or several months requires accurate long-term forecasts which is particularly challenging as the model errors accumulate with time. A critical factor that can hinder accurate long-term forecasts, is the number of unreported/asymptomatic cases. While there have been early serology tests to estimate this number, more tests need to be conducted for more reliable results. To identify the number of unreported/asymptomatic cases, we take an epidemiology data-driven approach. We show that we can identify lower bounds on this ratio or upper bound on actual cases as a factor of reported cases. To do so, we propose an extension of our prior heterogeneous infection rate model, incorporating unreported/asymptomatic cases. We prove that the number of unreported cases can be reliably estimated only from a certain time period of the epidemic data. In doing so, we construct an algorithm called Fixed Infection Rate method, which identifies a reliable bound on the learned ratio. We also propose two heuristics to learn this ratio and show their effectiveness on simulated data. We use our approaches to identify the upper bounds on the ratio of actual to reported cases for New York City and several US states. Our results demonstrate with high confidence that the actual number of cases cannot be more than 35 times in New York, 40 times in Illinois, 38 times in Massachusetts and 29 times in New Jersey, than the reported cases.

Fei Yu,Stephen E. Fienberg,Aleksandra Slavković,Caroline Uhler

DOI: https://doi.org/10.1016/j.jbi.2014.01.008

2014-01-21

Abstract:The protection of privacy of individual-level information in genome-wide association study (GWAS) databases has been a major concern of researchers following the publication of "an attack" on GWAS data by Homer et al. (2008) Traditional statistical methods for confidentiality and privacy protection of statistical databases do not scale well to deal with GWAS data, especially in terms of guarantees regarding protection from linkage to external information. The more recent concept of differential privacy, introduced by the cryptographic community, is an approach that provides a rigorous definition of privacy with meaningful privacy guarantees in the presence of arbitrary external information, although the guarantees may come at a serious price in terms of data utility. Building on such notions, Uhler et al. (2013) proposed new methods to release aggregate GWAS data without compromising an individual's privacy. We extend the methods developed in Uhler et al. (2013) for releasing differentially-private $\chi^2$-statistics by allowing for arbitrary number of cases and controls, and for releasing differentially-private allelic test statistics. We also provide a new interpretation by assuming the controls' data are known, which is a realistic assumption because some GWAS use publicly available data as controls. We assess the performance of the proposed methods through a risk-utility analysis on a real data set consisting of DNA samples collected by the Wellcome Trust Case Control Consortium and compare the methods with the differentially-private release mechanism proposed by Johnson and Shmatikov (2013).

Applications

Zhiyu Wan,Yevgeniy Vorobeychik,Weiyi Xia,Ellen Wright Clayton,Murat Kantarcioglu,Bradley Malin

DOI: https://doi.org/10.1016/j.ajhg.2016.12.002

2017-02-02

Abstract:Emerging scientific endeavors are creating big data repositories of data from millions of individuals. Sharing data in a privacy-respecting manner could lead to important discoveries, but high-profile demonstrations show that links between de-identified genomic data and named persons can sometimes be reestablished. Such re-identification attacks have focused on worst-case scenarios and spurred the adoption of data-sharing practices that unnecessarily impede research. To mitigate concerns, organizations have traditionally relied upon legal deterrents, like data use agreements, and are considering suppressing or adding noise to genomic variants. In this report, we use a game theoretic lens to develop more effective, quantifiable protections for genomic data sharing. This is a fundamentally different approach because it accounts for adversarial behavior and capabilities and tailors protections to anticipated recipients with reasonable resources, not adversaries with unlimited means. We demonstrate this approach via a new public resource with genomic summary data from over 8,000 individuals-the Sequence and Phenotype Integration Exchange (SPHINX)-and show that risks can be balanced against utility more effectively than with traditional approaches. We further show the generalizability of this framework by applying it to other genomic data collection and sharing endeavors. Recognizing that such models are dependent on a variety of parameters, we perform extensive sensitivity analyses to show that our findings are robust to their fluctuations.

Luca Bonomi,Marilyn Lionts,Liyue Fan

DOI: https://doi.org/10.1109/BigData59044.2023.10386571

Abstract:Effective disease surveillance systems require large-scale epidemiological data to improve health outcomes and quality of care for the general population. As data may be limited within a single site, multi-site data (e.g., from a number of local/regional health systems) need to be considered. Leveraging distributed data across multiple sites for epidemiological analysis poses significant challenges. Due to the sensitive nature of epidemiological data, it is imperative to design distributed solutions that provide strong privacy protections. Current privacy solutions often assume a central site, which is responsible for aggregating the distributed data and applying privacy protection before sharing the results (e.g., aggregation via secure primitives and differential privacy for sharing aggregate results). However, identifying such a central site may be difficult in practice and relying on a central site may introduce potential vulnerabilities (e.g., single point of failure). Furthermore, to support clinical interventions and inform policy decisions in a timely manner, epidemiological analysis need to reflect dynamic changes in the data. Yet, existing distributed privacy-protecting approaches were largely designed for static data (e.g., one-time data sharing) and cannot fulfill dynamic data requirements. In this work, we propose a privacy-protecting approach that supports the sharing of dynamic epidemiological analysis and provides strong privacy protection in a decentralized manner. We apply our solution in continuous survival analysis using the Kaplan-Meier estimation model while providing differential privacy protection. Our evaluations on a real dataset containing COVID-19 cases show that our method provides highly usable results.

Cason Schmit,Theodoros Giannouchos,Mahin Ramezani,Qi Zheng,Michael A Morrisey,Hye-Chung Kum

DOI: https://doi.org/10.2196/25266

2021-07-05

Abstract:Background: Reaping the benefits from massive volumes of data collected in all sectors to improve population health, inform personalized medicine, and transform biomedical research requires the delicate balance between the benefits and risks of using individual-level data. There is a patchwork of US data protection laws that vary depending on the type of data, who is using it, and their intended purpose. Differences in these laws challenge big data projects using data from different sources. The decisions to permit or restrict data uses are determined by elected officials; therefore, constituent input is critical to finding the right balance between individual privacy and public benefits. Objective: This study explores the US public's preferences for using identifiable data for different purposes without their consent. Methods: We measured data use preferences of a nationally representative sample of 504 US adults by conducting a web-based survey in February 2020. The survey used a choice-based conjoint analysis. We selected choice-based conjoint attributes and levels based on 5 US data protection laws (Health Insurance Portability and Accountability Act, Family Educational Rights and Privacy Act, Privacy Act of 1974, Federal Trade Commission Act, and the Common Rule). There were 72 different combinations of attribute levels, representing different data use scenarios. Participants were given 12 pairs of data use scenarios and were asked to choose the scenario they were the most comfortable with. We then simulated the population preferences by using the hierarchical Bayes regression model using the ChoiceModelR package in R. Results: Participants strongly preferred data reuse for public health and research than for profit-driven, marketing, or crime-detection activities. Participants also strongly preferred data use by universities or nonprofit organizations over data use by businesses and governments. Participants were fairly indifferent about the different types of data used (health, education, government, or economic data). Conclusions: Our results show a notable incongruence between public preferences and current US data protection laws. Our findings appear to show that the US public favors data uses promoting social benefits over those promoting individual or organizational interests. This study provides strong support for continued efforts to provide safe access to useful data sets for research and public health. Policy makers should consider more robust public health and research data use exceptions to align laws with public preferences. In addition, policy makers who revise laws to enable data use for research and public health should consider more comprehensive protection mechanisms, including transparent use of data and accountability.