Table 2

Strengths and limitations of proposed approaches to protect personal health data

ApproachStrengthLimitation
Consent-framework
  1. Traditionally and widely used as a tool to ensure patient autonomy and (despite its limitations) prevent exploitative practices.

  2. In common use by medical practitioners during the provision of routine healthcare, or researchers during research projects.

  3. The ethical and legal framework for consent is well established.

  4. No additional costs need to be incurred as it is already a part of patient care.

  1. It currently takes the form of lengthy and complicated consent forms that the patient may not properly read or understand. With consent needed for many actions during a medical procedure, it may sometimes be given without due consideration or out of habit.

  2. In the context of healthcare, a power differential exists between the patient and medical provider. It is therefore unclear how truly autonomous consent is.

  3. It is impossible for the patient to consent to all the possible uses of the data which might not be known at the time that it is being collected. Re-consent may not be possible if data has been anonymised or the patients might not be contactable. This may hinder medical research and the development of novel technologies.

Fiduciary obligations
  1. Instead of the onus for data protection being on patients, shifts this burden onto entities collecting, storing and using the data.

  2. Particularly useful where the ability of the patient to provide informed consent is impaired such as in the context of de-identified or anonymised data where there is a potential for a privacy violation if the data is made identifiable or is de-anonymised.

  1. It may be difficult for a data principal to detect that an entity processing their data has violated a fiduciary duty.

  2. These obligations may conflict with legally enforceable duties that corporations owe to their shareholders.

  3. Might be difficult to enforce since large quantities of data would have to be regulated. In India, it will require a strong and independent data protection authority.

Privacy by design
  1. Reduces the chance of human-induced errors by baking privacy preserving practices and features into the technical architecture.

  1. There is currently a lack of expert consensus or comprehensive guidelines from data protection authorities on the kinds of safeguards that must be incorporated in enterprise architecture for healthcare.

  2. Might increase operational costs for healthcare organisations. This would disproportionately affect smaller organisations.

  3. Has not yet been formally incorporated into the information systems of major health information technology companies or health systems of countries.

Regulation
  1. Provides clear guidelines to protect the privacy rights of people and an environment of legal and operational certainty for entities processing data.

  2. Rights can be enforced using legal mechanisms and penalties may be imposed for egregious violations of data protection obligations.

  1. Regulations may differ in different countries, increasing costs of compliance for entities operating internationally.

  2. If the regulations are too burdensome, it may limit innovation.

  3. Large costs imposed by data protection regulators may affect smaller organisations but would be insignificant for big companies like Facebook and Google.

  4. Since privacy is legally understood as an individual right, it may be difficult to protect group privacy under this framework.