Do patients mind if their healthcare data is shared? It depends

Healthcare data may be valuable to researchers and companies, but patients' comfort levels about having their data shared may depend on the purpose, a new survey suggests.

Using health data and information for research was more appropriate than for marketing regardless of whether they were asked for permission or not, most people felt.

"What we found is that consumers care a lot about how their health information is used," said Dr. David Grande, the study's lead researcher from the University of Pennsylvania Perelman School of Medicine in Philadelphia. "What's surprising is they care more about what it's being used for than whether consent was obtained."

Grande and his colleagues write in the Annals of Internal Medicine that electronic medical records increase the availability of detailed information about people's health.

The information can be used for a variety of purposes, including research, disease surveillance and measuring the quality of healthcare services. Companies also find the information to be a valuable marketing tool. For example, it can help the company understand why doctors choose one drug over another.

There have been calls to change the way patients give consent for their health data and information to be used, the researchers write. The US Department of Health and Human Services has proposed new guidelines that would relax the requirement for consent from patients when there is little risk from using the data, they add.

"I think many of these policy discussions about privacy have come from smart people sitting in a room and what they think ethically and how people ought to be protected, but we don't often go out and ask individuals how they want it to be used," Grande said in a phone interview.

For the new study, the researchers showed hypothetical scenarios to 3,064 people in the US in November and December 2012.

The hypothetical scenarios offered different accounts of health data and information being used for research or commercial purposes when consent was or was not obtained from the patient.

For example, participants were asked if it's appropriate to use the records of thousands of patients to identify those with diabetes and see which medications they're taking in an effort to improve care.

In a different scenario, participants were asked if it's appropriate for drug companies to use that information to learn what types of people use their products.

Appropriateness was rated on a scale from 1 to 10, with 1 "not at all appropriate" and 10 "very appropriate."

The lowest rating from participants - an average of 3.81 - was for using health data for marketing when consent was not obtained. The highest rating - an average of 7.06 - was for using health information for research when consent was obtained.

Overall, people rated the appropriateness of using medical information higher for research purposes whether consent was obtained or not, compared to having the information used for marketing purposes - even when permission was obtained.

In an editorial published with the study, Jeremy Simon from Columbia University in New York City wrote about a controversial study published this year in the Proceedings of the National Academy of Sciences.

The study was based on an experiment in which the social media company Facebook manipulated the experience of its users without their informed consent. Although consent is a standard best practice in research, the study was published by researchers in a peer-reviewed journal.

"The Facebook study shows a substantial gap in our protection of research participants, which can only grow as corporations gain more access to our lives and data," Simon writes. "Ultimately, the solution needs to be societal, with legal protections extended to all study participants regardless of where the researcher works."

Until that happens, he said, academic researchers and publishers should refuse to participate in studies that do not guarantee protection to participants.

Grande said people should know the information they give to healthcare providers is very safe. "That identifiable information is quite secure," he said.

Instead, he said people should be cautious about disclosing information about their health in other settings, such as for healthcare loyalty programs or surveys.