Research within the privacy regulations: problems and solutions for database custodians

Abstract

State and Federal legislation governing health information and privacy in Australia is complex and relatively untested, causing confusion amongst database custodians as to what conduct is required. Some database custodians believe that providing privacy will allay public anxiety and consequently support research. Others argue that data managers have become fearful of litigation and that this will restrict the access of researchers to data. Two of the significant ethical issues to be considered are the right to privacy, and whether using information poses a risk to data subjects. Data custodians have sought to address concerns about privacy in two main ways. The first is by seeking informed consent from those whose data is collected. There are significant, but not insurmountable, practical difficulties in seeking consent from large numbers of individuals. The second way of addressing privacy concerns has been through security measures which are designed to reduce risks to data subjects. These measures are often nominated as a response to privacy requirements; however, they do not necessarily offer the opportunity to consent to information disclosures. In this paper we present a review of the current literature on possible responses of database custodians to demands for increased privacy. We outline a variety of examples and responses, some of which have the effect of restricting research, while others are enabling research to proceed with greater privacy protection in place. We argue that finding ways to proceed with research while protecting privacy requires attention to a range of factors. There are challenges both in engaging populations about consent procedures, and in encouraging the use by researchers and health care professionals of technical solutions where these are available.