Embed Size (px)
Citation preview
Can We Simultaneously Support Both Privacy and Research?
1.
neither privacy nor research are stable concepts, especially right now.
“my car knows i listen to my wife’s playlist”
what happens if we import toxic ethics from tech to health?
https://xkcd.com/1390/
the funders are changing the rules
the funders are changing the rules
the funders are changing the rules
helps labs work together, when they don’t work
together.
https://www.synapse.org/#!StandaloneWiki:ResearchCommunities
AMP-ADm2ove-AD
Common MindProgenitor Cell Biology
Colorectal Cancer Subtype
TCGASynodos
PsychENCODE
Can We Simultaneously Support Both Privacy and Research?
2.
research processes can be both innovative and privacy protecting.
“Investigators will meet annually in-person with each participant to assess and record
progression … every six months, the team will conduct phone and mail surveys regarding
diagnosis, medications, and other impacts of the disease…”
high-dimensional data
62yoldMan 67yoldWoman
same medicine, different impacts
tapping number shows effects of medication and daily variation
50
75
100
125
150
date
y
−1.0
−0.5
0.0
0.5
1.0sign(delta)
sharing personal
thoughts on day-to-day
changes
what makes people feel better
Exercise Walking Sleep Work
what makes people feel worse
Lack of Sleep MoodPain
what you don’t collect is as important as what you
do collect.
unless you really need latitude and longitude, display good taste, and don’t collect it.
where i’ve been, where i’m going
3.
informed consent is an opportunity, not a burden to be endured.
how do we consent this kind of study only through a phone?
(funded by Robert Wood Johnson Foundation, 2013)
informed consent must be a true design priority, not a bureaucratic exercise.
comprehensionlanguagetimeformat
regulatoryliability
1. “technical debt” means traditional (non-mobile) consent has known problems, but hard to change.
2. signs of support for new methods of using technology as pedagogy in consent This project was supported by grant number U18HS022789 from the Agency for Healthcare Research and Quality. The content is solely the responsibility of the authors and does not necessarily represent the official views of the Agency of Healthcare Research and Quality.
1. tiered information access by participants
2. “pictorial” dominant on first information tier
3. text dominant on second information tier
4. require perfect score on short assessment
initial metaphor
45
screen structure
navigation to/from reinforces concept
study “narrative”
privacy isn’t just the elimination of risk of identification.
it’s about letting people make educated choices about the risks and benefits with
which they are comfortable.
if the pictographs teach “what we know”then we also must assess if someone
learned it!
iconographic representations of key concepts in informed consent
open source methods
design layouts
workflows
web templates and assets
4.
put the people in charge of sharing decisions.
>88,000 enrolled in Sage-supported studies since 9 March 2015
(~75% choose to share broadly)
changeable by participant
identity test
data use statement
I WILL CREDIT PARTICIPANTS
To complete this form: 1. Enter your name (see *) 2. Mark your initials on the line in the upper right corner of each box (9 times, total) 3. Sign and date
I, _____________________*, reaffirm my commitment to the Synapse Awareness and Ethics Pledge. I will adhere to the
following principles for responsible research:
__________________________ * Printed name __________________________ Signature __________________________ Date
I WILL NOT RE-IDENTIFY
___
I WILL NOT SHARE
___
I WILL NOT USE FOR ADVERTISING
___
I WILL KEEP SECURE
___ ___
I WILL PUBLISH OPEN ACCESS
___
___
I WILL PROTECT PRIVACY
I WILL REPORT ANY BREACHES
___ ___
I WILL FOLLOW THE LAW
participants and public get to see the users / uses.
5.
skate to where the puck is going.
good for teaching and assessing “what we
know” in low-risk context
EHRs and DNA are different from sensors and surveys - have to teach and assess higher risk, uncertainty, unknowables…
Identifiability Knowable harms Unknown unknowns
“KnownKnowns”
• Trolling• Doxing• Bullying file:///var/folders/9p/
bbpc5fkd6ybdzwss43hcfzsc0000gn/T/
noun_dna_77921.pngIf a bully connects your data to your name, they
might publish it.
Trolling
next
learn more
Extraction• Where does the
data come from?• Requirements
and limits of your authorization for extraction
• Do we do anything to it before transfer?
file:///var/folders/9p/bbpc5fkd6ybdzwss43hcfz
sc0000gn/T/noun_dna_77921.png
You’ll give us permission to make a copy of your EHR data, which will go
into your study data.
Permission to Copy
next
learn more
Transfer
• What state is the data in during transfer?– Anonymized– De-identified– Pseudonymized
• Where does the data travel to?
file:///var/folders/9p/bbpc5fkd6ybdzwss43hcfz
sc0000gn/T/noun_dna_77921.pngYour data will be
“encrypted” to keep it safe as it moves into the study.
Safe Transfer
next
learn more
Risks• Limitstoanonymization/de-identification/pseudonymizaiton
• Riskofsharing/discovery– “Asymptomatic”or“pre-clinical”conditions
– Non-paternity–Mentalhealth– Sexualhealth
• Risksextendtofamilymembers
file:///var/folders/9p/bbpc5fkd6ybdzwss43hcfz
sc0000gn/T/noun_dna_77921.pngBecause your data is
unique to you, it will be hard to “anonymize” it
completely.
Identity
next
learn more
Benefits
• Free(?)electroniccopyofpart/allofEMR
• Portability/continuityofcare
file:///var/folders/9p/bbpc5fkd6ybdzwss43hcfz
sc0000gn/T/noun_dna_77921.pngYou can take your data wherever you want, for whatever reasons you
want.
It’s your data
next
learn more
Issuestoconsider• RecapitulateHIPAA/GINA:– Insurance(life,longterm)andfinancialplanning
– Military– Smallcompanies
• Costofstorage/downloadofdata(ifparticipantgets/hasaccesstocopy)
file:///var/folders/9p/bbpc5fkd6ybdzwss43hcfz
sc0000gn/T/noun_dna_77921.pngEmployers and health
insurance can’t use this data to discriminate
against you.
Your rights
next
learn more
always search for inspiration.
wacky ideas
interaction required
the sorting hat• Automatic sorting, no work required
• Consent process that could “bin” participants into likely risk and consent them in specific tracks
• Suggested for projects that involve consent of known sequences for which risk could be computed (i.e. at Broad etc) but interesting conceptually - what are the bins that could be used for sorting?
ballot box• Manual selection and movement of choices
• Consent process where participant is faced with multiple statements and has to “vote” with them, with an interpretation of sorts provided at the end
• I.e. place seven statements on the screen about the study, let participant sort them into “things that make me more / less likely to want to enroll”
• I.e. ask seven binary questions about the study, display results with commentary “i think i am unlikely to be a victim of genetic discrimination”
• Suggested for projects where there isn’t a lot of real estate (mobile) but also for where there isn’t a lot of risk (perhaps not sharing broadly)
colossal cave adventure
• Interactive, quiz-based game where wrong answers receive immediate correction, has an endpoint / finish line
• Consent process where participant must “find their way” through a moderately easy puzzle
• I.e. contextualize a risk such as long-term care insurance - before “share genome” should correctly choose “i thought about long term care insurance”
• Suggested for projects where there isn’t a lot of real estate (mobile) but where there is medium risk (perhaps sharing broadly inside Sage style approaches)
kobayashi maru• From Star Trek: “The objective of the test
is not for the cadet to outfight or outplan the opponent but rather to force the cadet into a no-win situation and observe how he/she reacts.’
• Consent process where participant must engage with ambiguity of DNA risk and benefit through scripted situation(s)
• Put a set of unanswerable questions about the risks and benefits of genome research use, donation and sharing together - but make sure there are no “right” answers.
Can We Simultaneously Support Both Privacy and Research?
it’s possible. but it’s only possible if we make it part of the purpose of research.
