Managing Consent for Data Access in Shared Databases

Managing Consent for Data Access in Shared Databases
Osnat Drien, Antoine Amarilli, Yael Amsterdamer
IEEE Xplore, 22 June 2021
Abstract
Data sharing is commonplace on the cloud, in social networks and other platforms. When a peer shares data and the platform owners (or other peers) wish to use it, they need the consent of the data contributor (as per regulations such as GDPR). The standard solution is to require this consent in advance, when the data is provided to the system. However, platforms cannot always know ahead of time how they will use the data, so they often require coarse-grained and excessively broad consent. The problem is exacerbated because the data is transformed and queried internally in the platform, which makes it harder to identify whose consent is needed to use or share the query results. Motivated by this, we propose a novel framework for actively procuring consent in shared databases, focusing on the relational model and SPJU queries. The solution includes a consent model that is reminiscent of existing Access Control models, with the important distinction that the basic building blocks – consent for individual input tuples – are unknown. This yields the following problem: how to probe peers to ask for their consent regarding input tuples, in a way that determines whether there is sufficient consent to share the query output, while making as few probes as possible in expectation. We formalize the problem and analyze it for different query classes, both theoretically and experimentally.

Trust, but Verify: Informed Consent, AI Technologies, and Public Health Emergencies

Trust, but Verify: Informed Consent, AI Technologies, and Public Health Emergencies
Brian Pickering
Future Internet, 18 May 2021; 13 (132)
Open Access
Abstract
To use technology or engage with research or medical treatment typically requires user consent: agreeing to terms of use with technology or services, or providing informed consent for research participation, for clinical trials and medical intervention, or as one legal basis for processing personal data. Introducing AI technologies, where explainability and trustworthiness are focus items for both government guidelines and responsible technologists, imposes additional challenges. Understanding enough of the technology to be able to make an informed decision, or consent, is essential but involves an acceptance of uncertain outcomes. Further, the contribution of AI-enabled technologies not least during the COVID-19 pandemic raises ethical concerns about the governance associated with their development and deployment. Using three typical scenarios— contact tracing, big data analytics and research during public emergencies—this paper explores a trust-based alternative to consent. Unlike existing consent-based mechanisms, this approach sees consent as a typical behavioural response to perceived contextual characteristics. Decisions to engage derive from the assumption that all relevant stakeholders including research participants will negotiate on an ongoing basis. Accepting dynamic negotiation between the main stakeholders as proposed here introduces a specifically socio–psychological perspective into the debate about human responses to artificial intelligence. This trust-based consent process leads to a set of recommendations for the ethical use of advanced technologies as well as for the ethical review of applied research projects.

A systematic literature review of attitudes towards secondary use and sharing of health administrative and clinical trial data: a focus on consent

A systematic literature review of attitudes towards secondary use and sharing of health administrative and clinical trial data: a focus on consent
Research
Elizabeth Hutchings, Max Loomes, Phyllis Butow, Frances M. Boyle
Systematic Reviews, 4 May 2021; 10(132)
Open Access
Abstract
Background
We aimed to synthesise data on issues related to stakeholder perceptions of consent for the use of secondary data. To better understand the current literature available, we conducted a systematic literature review of healthcare consumer attitudes towards the secondary use and sharing of health administrative and clinical trial data.
Methods
EMBASE/MEDLINE, Cochrane Library, PubMed, CINAHL, Informit Health Collection, PROSPERO Database of Systematic Reviews, PsycINFO and ProQuest databases were searched. Eligible articles included those reporting qualitative or quantitative original research and published in English. No restrictions were placed on publication dates, study design or disease setting. One author screened articles for eligibility and two authors were involved in the full-text review process. Conflicts were resolved by consensus. Quality and bias were assessed using the QualSyst criteria for qualitative studies.
Results
This paper focuses on a subset of 47 articles identified from the wider search and focuses on the issue of consent. Issues related to privacy, trust and transparency, and attitudes of healthcare professionals and researchers to secondary use and sharing of data have been dealt with in previous publications. Studies included a total of 216,149 respondents. Results indicate that respondents are generally supportive of using health data for research, particularly if the data is de-identified or anonymised. The requirement by participants to obtain consent prior to the use of health data for research was not universal, nor is the requirement for this always supported by legislation. Many respondents believed that either no consent or being informed of the research, but not providing additional consent, were sufficient.
Conclusions
These results indicate that individuals should be provided with information and choice about how their health data is used and, where feasible, a mechanism to opt-out should be provided. To increase the acceptability of using health data for research, health organisations and data custodians must provide individuals with concise information about data protection mechanisms and under what circumstances their data may be used and by whom.

Informed consent for linking survey and social media data

Informed consent for linking survey and social media data
Johannes Breuer, Tarek Al Baghal, Luke Sloan, Libby Bishop, Dimitra Kondyli, Apostolos Linardis
IASSIST Quarterly, 2021; 45(1) pp 1-27
Open Access
Abstract
Linking social media data with survey data is a way to combine the unique strengths and address some of the respective limitations of these two data types. As such, linked data can be quite disclosive and potentially sensitive, it is important that researchers obtain informed consent from the individuals whose data are being linked. When formulating appropriate informed consent, there are several things that researchers need to take into account. Besides legal and ethical questions, key considerations are the differences between platforms and data types. Depending on what type of social media data is collected, how the data are collected, and from which platform(s), different points need to be addressed in the informed consent. In this paper, we present three case studies in which survey data were linked with data from 1) Twitter, 2) Facebook, and 3) LinkedIn and discuss how the specific features of the platforms and data collection methods were covered in the informed consent. We compare the key attributes of these platforms that are relevant for the formulation of informed consent and also discuss scenarios of social media data collection and linking in which obtaining informed consent is not necessary. By presenting the specific case studies as well as general considerations, this paper is meant to provide guidance on informed consent for linked survey and social media data for both researchers and archivists working with this type of data.

Rethinking Informed Consent in the Context of Big Data

Rethinking Informed Consent in the Context of Big Data
Anna Bruvere, Victor Lovic
Cambirdge Journal of Science & Policy, 2021; 2(2)
Open Access
Abstract
A widely accepted method for addressing digital privacy concerns is the use of informed consent: asking users to agree to privacy policies and consent to the use of their personal data. This approach has come under strain with the emergence of “big data” in which large datasets are collected and analysed. This paper argues that since individuals do not understand or even read the privacy policies they agree to, informed consent ultimately fails to protect privacy. Following the work of Solon Barocas and Helen Nissenbaum, this paper proposes an updated definition of informed consent and argues that the responsibility of protecting privacy should be shifted from individuals to organisations.

The use of personal health information outside the circle of care: consent preferences of patients from an academic health care institution

The use of personal health information outside the circle of care: consent preferences of patients from an academic health care institution
Research Article
Sarah Tosoni, Indu Voruganti, Katherine Lajkosz, Flavio Habal, Patricia Murphy, Rebecca K. S. Wong, Donald Willison, Carl Virtanen, Ann Heesters, Fei-Fei Liu
BMC Medical Ethics, 24 March 2011; 22(29)
Open Access
Abstract
Background
Immense volumes of personal health information (PHI) are required to realize the anticipated benefits of artificial intelligence in clinical medicine. To maintain public trust in medical research, consent policies must evolve to reflect contemporary patient preferences.
Methods
Patients were invited to complete a 27-item survey focusing on: (a) broad versus specific consent; (b) opt-in versus opt-out approaches; (c) comfort level sharing with different recipients; (d) attitudes towards commercialization; and (e) options to track PHI use and study results.
Results
222 participants were included in the analysis; 83% were comfortable sharing PHI with researchers at their own hospital, although younger patients (≤ 49 years) were more uncomfortable than older patients (50 + years; 13% versus 2% uncomfortable, p < 0.05). While 56% of patients preferred broad consent, 38% preferred specific consent; 6% preferred not sharing at all. The majority of patients (63%) preferred to be asked for permission before entry into a contact pool. Again, this trend was more pronounced for younger patients (≤ 49 years: 76%). Approximately half of patients were uncomfortable sharing PHI with commercial enterprises (51% uncomfortable, 27% comfortable, 22% neutral). Most patients preferred to track PHI usage (61%), with the highest proportion once again reported by the youngest patients (≤ 49 years: 71%). A majority of patients also wished to be notified regarding study results (70%).
Conclusions
While most patients were willing to share their PHI with researchers within their own institution, many preferred a transparent and reciprocal consent process. These data also suggest a generational shift, wherein younger patients preferred more specific consent options. Modernizing consent policies to reflect increased autonomy is crucial in fostering sustained public engagement with medical research.

A survey on the current status and future perspective of informed consent management in the MIRACUM consortium of the German Medical Informatics Initiative

A survey on the current status and future perspective of informed consent management in the MIRACUM consortium of the German Medical Informatics Initiative
Research
Christopher Hampf, Martin Bialke, Lars Geidel, Albert Vass, Thomas Bahls, Romina Blasini, Arne Blumentritt, Martin Boeker, Christian Bruns, Burkhard Jandrig, Maximilian Fünfgeld, Philipp Heinrich, Torsten Leddig, Achim Michel-Backofen, Anna Pirkl, Michael Rautenberg, Fabian Simons, Dana Stahl, Hans-Ulrich Prokosch, Wolfgang Hoffmann
Translational Medicine Communications, 8 March 2021; 6(7)
Open Access
Abstract
Background
The consent management is an essential component for supporting the implementation of consents and withdrawals and thus, the realisation of patient’s rights. In MIRACUM, one of the four consortia of the Medical Informatics Initiative (MII), ten university hospitals intend to integrate the generic Informed Consent Service® (gICS) in their Data Integration Center (DIC). To provide a tool that supports the local workflows of the MIRACUM sites, the gICS should be improved.
Methods
We used three standardised questionnaires with 46 questions to elicit requirements from the ten sites. Each site answered the questions from the current and the desired future perspective. This made it possible to understand the individual processes at each site and it was possible to identify features and improvements that were generally necessary.
Results
The results of the survey were classified according to their impact on the gICS. Feature requests of new functionalities, improvements of already implemented functionalities and conceptual support for implementing processes were identified. This is the basis for an improved gICS release to support the ten sites’ individual consent management processes.
Conclusions
A release plan for the feature requests and improvements was coordinated with all sites. All sites have confirmed that the implementation of these features and enhancements will support their software-based consent management processes.

DynamiChain: Development of Medical Blockchain Ecosystem Based on Dynamic Consent System

DynamiChain: Development of Medical Blockchain Ecosystem Based on Dynamic Consent System
Review
Tong Min Kim, Seo-Joon Lee, Dong-Jin Chang, Jawook Koo, Taenam Kim, Kun-Ho Yoon, In-Young Choi
Applied Science, 10 February 2021; 11(1612)
Open Access
Abstract
Although blockchain is acknowledged as one of the most important technologies to lead the fourth industrial revolution, major technical challenges regarding security breach and privacy issues remain. This issue is particularly sensitive in applied medical fields where personal health information is handled within the network. In addition, contemporary blockchain-converged solutions do not consider restricted medical data regulations that are still obstacles in many countries worldwide. This implies a crucial need for a system or solution that is suitable for the healthcare sector. Therefore, this article proposes the development of a dynamic consent medical blockchain system called DynamiChain, based on a ruleset management algorithm for handling health examination data. Moreover, medical blockchain-related studies were systematically reviewed to prove the novelty of DynamiChain. The proposed system was implemented in a scenario where the exercise management healthcare company provided health management services based on data obtained from the data provider’s hospital. The proposed research is envisioned to provide a widely compatible blockchain medical system that could be applied in future healthcare fields.

A Systematic Review of Blockchain for Consent Management

A Systematic Review of Blockchain for Consent Management
Review
Prasanth Varma Kakarlapudi, Qusay H. Mahmoud
Healthcare, 1 February 2021
Abstract
Blockchain technology was introduced through Bitcoin in a 2008 whitepaper by the mysterious Satoshi Nakamoto. Since its inception, it has gathered great attention because of its unique properties—immutability and decentralized authority. This technology is now being implemented in various fields such as healthcare, IoT, data management, etc., apart from cryptocurrencies. As it is a newly emerging technology, researchers and organizations face many challenges in integrating this technology into other fields. Consent management is one of the essential processes in an organization because of the ever-evolving privacy laws, which are introduced to provide more control to users over their data. This paper is a systematic review of Blockchain’s application in the field of consent and privacy data management. The review discusses the adaptation of Blockchain in healthcare, IoT, identity management, and data storage. This analysis is formed on the principles of the Preferred Reporting Items for Systematic Reviews and Meta-Analysis (PRISMA) and a process of systematic mapping review. We provide analysis of the development, challenges, and limitations of blockchain technology for consent management.

H3Africa Report on Informed Consent and Commercialisation

H3Africa Report on Informed Consent and Commercialisation
Ruth Chadwick, Patricia Marshall, Charmaine DM Royal
H3Africa Report, February 2021
Open Access
Background
…In light of the vast amount of genetic diversity in African populations, H3Africa provides an unparalleled research resource for the benefit of people in Africa and across the globe. Thus, the sharing of data is a guiding principle for H3Africa, and the translation of research findings to commercial products, resources, and services is consistent with its mission. Driven by a commitment to transparency and accountability, the H3Africa leadership convened a panel of experts (authors) to review the research ethics processes and practices being employed in the H3Africa Consortium projects with the aim of identifying gaps and making recommendations for improvements going forward with regard to commercialisation. Specifically, the panel was asked to review H3Africa consent documents and talk with key members of the Consortium, including members of the Ethics Working Group, to determine how H3Africa Consortium projects have implemented informed consent procedures for studies involving biobanking and the sharing of data and/or biospecimens…