Ask any group of people if they have read and understood the last terms and conditions they agreed to, and you'll be lucky if anyone puts up their hand. This is not surprising given the estimate that it would take 76 work days for someone to read the privacy policies they encounter in one year.
Somehow we have got to a situation where terms and conditions for apps, websites and online services have become so long and complicated that many people have given up the hope of understanding what is happening with their personal data. Meanwhile, news stories from around the world, including the United States, United Kingdom, Denmark and Australia, make it clear that people care about how their data are used, particularly health data which are very personal and sensitive.
It doesn't have to be this way. In our publication "Notches on the dial: a call to action to develop plain language communication with the public about users and uses of health data" in the International Journal of Population Data Science, we present a plan to work with the public on simple communications about health data.
What people care about
We're not starting from scratch. Qualitative research studies, performed by our team and others, provide information about what people care about when it comes to health data. For example, it's important that privacy is protected, that there is a public benefit and that the findings from health data research don't disadvantage any groups.
There are also published frameworks about how to provide access to sensitive health data responsibly. The Five Safes framework prompts people to think carefully about:
Safe Projects: Is there scientific merit? Is there public value?
Safe People: Who is using the data? What training do they have?
Safe Data: How potentially identifiable are the data? Is there consent? Is there legal authority for use?
Safe Settings: Where will be the data be analyzed? How will they be managed?
Safe Outputs: Is there any potential disclosure, either of individuals, families or communities?
The WHY? WHO? WHAT? HOW? questions of the One-Way Mirror Report - prepared for the Wellcome Trust, a charitable health research foundation based in the U.K. - focus on what members of the public care about when health data are used by companies.
Bringing all of this information together, our team has started to develop simple text for communicating about health data. We want to work with the public to create some standardized text that helps people understand what is happening with their health data. We also want the text to distinguish between different uses of health data to ensure that members of the public do not confuse, or group together, commercial revenue-generating uses with academic health research.
Also, noting that longer isn't always better, the short standardized text could include information about third-party uses instead of having generic references to the possibility that other organizations might use data.
For example, imagine how much easier it would be for people to understand what is happening with their data if a fictional commercial organization called ABC had text like:
Transparency and trust
But it is our view that you can't have trust without transparency, and you can't have transparency and informed consent without plain language. Our goal is to work with members of the public to co-develop simple plain language text that helps people make informed decisions about how their health data are used. This can be an important step toward deeper involvement of the public in health data rules and policies.
Authors: P. Alison Paprica - Assistant Professor, Institute for Health Policy, Management & Evaluation, University of Toronto | Kimberlyn McGrail - Professor of Health Services and Policy Research, University of British Columbia | Michael J. Schull - Professor, Department of Medicine, University of Toronto