Privacy and Health Research. Personal-data enclaves

05/01/1997

Can and should cordons be drawn around the units of organizations that process personally identifiable data?

Most organizations that perform research on personally identifiable health data—clinical centers certainly, many academic units (such as those that perform detailed analyses of healthcare outcomes or economics), and pharmaceutical and related companies, for example—seem gradually to have come to consider themselves as being, in effect, health-data "enclaves." They transfer sensitive data rather freely within their organizations, and with other organizations under agreement, through a variety of communications conduits. Students, secretaries, data-entry clerks, and many others enter data into computers from paper records, make copies, send data around, and so on. Affiliated scientists who are not medically certified may be involved in analyzing and discussing the data. Some of those involved may legitimately be working under the supervision of a health professional; some may be bound by the terms of their employment not to reveal outside the organization personal data of which they become aware; but some may be little constrained.

Within Federal laboratories and research centers, and within most of the centers they support or regulate, data-access measures are maintained to varying degrees of strictness. Some research organizations formally authorize certain operating units, and internally certify some personnel, to work with personally identifiable data; but many organizations do not. The Clinical Center of the National Institutes of Health, for instance, specifically certifies personnel to handle patient data.

Likewise, organizations may, or may not, focus responsibility for ensuring data- confidentiality internally, and for assuring the public externally.

Organizations that perform research on personally identifiable health data can enhance confidentiality protection and security by: delimiting zones of access to personal data, formally establishing personal-data enclaves; internally training and certifying personnel to work in those enclaves; and focusing responsibilities for these matters.