This is a response to the WMA DRAFT DECLARATION ON ETHICAL CONSIDERATIONS REGARDING HEALTH DATABASES AND BIOBANKS by the “Health data reading group” coordinated at the Department of Social Science, Health & Medicine (SSHM) at King’s College London convened by Dr Federica Lucivero (
[email protected]) and Dr Lorenzo Del Savio (
[email protected]) The Health Data Reading Group (HDRG) welcomes the WMA’s recognition that while the original Declaration of Helsinki was drafted in a context wherein physically-interventional research was the norm, much research conducted today is data-driven. The Group found, however, that in its present iteration the scope of the “WMA draft Declaration on Ethical Considerations Regarding Health Databases and Biobanks” is still unduly narrow and does not offer a significant advancement of the principles stated in the Declaration of Helsinki. We recommend that the WMA broadens the remit of this project to address the following novel aspects in the use of health data: 1. Personal data are “personal” for more than one individual. Thus “personal” and “individual” are not synonymous. This applies to both harms and benefits. In the context of data-driven medicine, this needs to be considered also in connection with data protection. 2. Personal data increasingly travel between the clinical and scientific domains and the outside. Especially in digital form, data are at a greater risk of being copied, stolen, or leaked than records in the paper age. 3. Evidence shows that health data are sometimes used by commercial companies, e.g. in the context of consumer scoring. This bears significant risks to individuals. With regard to the draft Declaration, we thus recommend the following improvements: 1. Need for further clarification of key terms and concepts It is important to clarify the nomenclature around “consent”. Our suggestion would be to contrast specific consent (i.e. consent to a specific study) with non-specific consent. The latter includes open, broad, and blanket consent. Open consent is “consent to unrestricted redisclosure of data originating from a confidential relationship, namely [...] health records, and to unrestricted disclosure of information that emerges from any future research on [...] genotype–phenotype data set, the information content of which cannot be predicted”, with no promise of anonymity. Blanket consent puts no restriction to scope and duration of consent, whereas broad consent restricts use of personal data to broad areas of research, e.g biomedical research. These definitions would add clarity as well to the contentious claim made in point 1 of the WMA Draft that the Declaration of Helsinki lays down the ethical principle of ‘obtaining informed consent [from patients/participants] for using their health data and biological material’, which inaccurately suggests that obtaining informed consent is an absolute requirement in this context (whereas forms of non-specific consent may be ethical even if some scholars do not regard them as forms of informed consent). “Health information” (point 4 WMA Draft) is defined as “information gathered by physicians or other members of the medical team”. However a key novelty of databases used for health purposes is the possibility to link them with wide ranges of databases, some of which do not originate in the clinic. In principle, no type and source of data is excluded from being used for health-related purposes, either in the clinic or for research or in the commercial domain. This makes the ethical issues outlined in the document too narrow to capture the complexity of the ethical and societal challenges involved. For example, do data collected by companies that are consequently mined for health-relevant purposes count as “health
1
databases”? What about databases including meta-data, and distributed databases? In a context of increasing portability of health information, databases themselves might host data that imported from elsewhere. At stake are the boundaries of what counts as ‘gathering’. Moreover, it is unclear how health databases and biobanks “both give rise to the same concerns about autonomy, privacy and confidentiality”. There is not enough distinction between different types of biobanks and databases; if realistic distinctions were made (or a taxonomy drawn) we could observe that different types of biobanks and health databases give rise to distinct concerns (within and between), and indeed there may be more difference than similarity. The draft Declaration focuses too narrowly on physicians at times (e.g. point 5). Many health professionals have obligations to respect the dignity and autonomy of individuals. To have a broader appeal, point 5 should be expanded to include all types of health professionals. The definition of “Biological information” in point 7 should be expanded to clarify that it can ‘provide biological information, including genetic information, about that individual and biologically connected others’, which signals that genetic information provides biological information about more than just one individual. The statement that “only health databases and biobanks that exclusively contain fully anonymised and non-identifiable data and biological database are not the subject of this Declaration” (point 8) is very unclear. First, it is also unclear what “fully anonymised” means. This is not a term widely used, and so should be defined, perhaps as a technical definition. Second, the very notion of anonymisation as something that can be secured may need to be reconsidered. Not only is the anonymity of data and information highly context dependent, but data and information that are anonymised today may no longer be anonymous in the context of tomorrow’s technologies. Data security experts are of the view that beside being highly context-dependent, the anonymity of data is also dependent on technological developments. The data contained in a database or a biobank may be fully anonymised and non-identifiable at the time it is set-up, it may not remain the case in time. This implies that the anonymity of a database or biobank needs to be regularly reconsidered. Thus there should be no exemption to the scope of the Declaration on grounds of data anonymity. Third, this exemption for anonymised and non-identifiable data gives the false and dangerous impression that if data or materials are anonymised, ethical concerns or issues disappear. It should be made clear that ethical concerns about data and biological materials continue even after data anonymisation, “full” or otherwise. It is unclear how “anonymous” data is distinguished from “anonymised” data (point 9). It appears as if these terms can be used synonymously, but we believe that anonymisation, which we take to signify a process performed on personal data (thus making the personal data no longer identifiable), is categorically distinct from anonymous data, which we take to signify a status of data, namely data that never were identifiable. This is a crucial distinction from a data protection law perspective, because it means that the processing of personal data for the purposes of achieving anonymisation (i.e., the rendering of personal data to an anonymised state) remains subject to data protection laws because prior to the completion of this process, the data are still personal. Similarly, point 9 oversimplifies the distinctions between anonymous, pseudonymous and identifiable data, as it assumes there is an easy scale on which the future utility of a dataset can be measured, so that one can always tell whether it is acceptable to use anonymous or
2
pseudonymous data. In reality, future uses of data are difficult to predict. Indeed, a strong argument can be made for never irreversibly anonymising data unless there are compelling reasons for so doing. As we note further below, points 18 and 20 use terms that need to be explained more clearly, namely ‘dedicated’ and ‘independent’ ethics committee. It is unclear whom ethics committees should be independent of, what dedication entails, and why such committees are preferable to other types. 2. Need to give an overview of status quo Broad consent is already used by many biomedical databases, as due to the very nature of a biomedical database, it is impossible to foresee all future uses. Specific consent is thus practically impossible in these situations. Point 18 is currently drafted too broadly. It should be redrafted to clarify confusing terms such as a “dedicated” ethics committee, “conditional” broad consent and “principle information” about future use. Ethical justification should be provided for its prohibition on informed healthy adults opting for truly open consent, which occurs in several well-known international research projects. Additionally, thought should be given as to how point 18 would work with current data protection frameworks in Europe that may challenge the legality of broad consent (e.g. the 1995 EU Data Protection Directive). 3. Need to address the broader challenges A broader challenge concerns the appropriate balance and relationship between rights and duties. This is seen for instance in point 13. We contest that the “rights” to privacy, confidentiality and self-determination entitle an individual to “exercise control” in all instances over the use and disclosure of information concerning themselves, especially in the case of genetic information. Should an individual have a right to control the communication of an actionable research finding to a genetic relative that may have implications for him or her? Here, the concern is that there is too much emphasis on rights (e.g., to privacy), to the detriment of duties (e.g., to communicate actionable findings that impact on the health of others). Another broader challenge is the role of consent in health databases and biobanks. Point 15 presumes consent should be the operating paradigm in all instances, and unfortunately forecloses the possibility for a system of authorization that permits the use of personal data or biospecimens in a database or biobank without consent. There are numerous successful examples of such systems. 4. Suggestions for governance The section on Governance fails to mention several critical elements, including mention of transparency; financing of databases and biobanks and the related concern of sustainability (i.e., what happens upon the termination or winding down of a database or biobank). If the individual is to be informed, there are governance issues that are associated to the need to provide up-to-date and relevant information, as these projects develop and ramify through partnerships, etc. Digital technologies can offer relatively inexpensive opportunities, in this respect, but arrangements will be project-specific and contextual evaluation should be recommended. Regarding point 18, we recommend the WMA to endorse the type of “mission statement” that Prainsack & Buyx suggest whenever broad or open consent are used. This helps to
3
address the problem that even the remit and purpose stated in the initial consent may change over time. Regarding point 24, we suggest that you add more stringency for health professionals than merely ‘making themselves aware’. Regarding point 25, it is unclear why a physician should be in charge of safeguarding a Health Database or Biobank. We recommend instead that the governance section focus on ensuring proper professional responsibility amongst those who do these jobs of management and safeguarding, regardless of their medical qualifications.
We are grateful that the WMA allowed us the opportunity to comment on this draft Declaration. Sincerely, Signatories Christine Aicardi, King’s College London (
[email protected]) Lorenzo Del Savio, Christian-Albrechts-Universität zu Kiel (
[email protected]) Edward S. Dove, University of Edinburgh (
[email protected]) Federica Lucivero, King’s College London (
[email protected]) Claire Marris, King’s College London (
[email protected]) Barbara Prainsack, King’s College London (
[email protected]) Nasra Saleem, King’s College London (
[email protected]) Niccolò Tempini, University of Exeter (
[email protected]) Mauro Turrini, Université de Paris 1 “Panthéon Sorbonne” (
[email protected])
4
