Patient Data for Clinical and Research Purposes

A medical doctor with a thriving clinical practice focusing on endocrine, sports, and obesity medicine also runs a research foundation. She conducts sufficient lab tests on sufficient numbers of patients to contribute statistically significant, and anonymizable, data to research efforts around the world. She uses an electronic health record portal for storing data collected about patients and communicating with them. She wants to leverage her online communications channels with patients to achieve consented data sharing for research purposes as well.

Authorization Problems Summary

• Patients want to be able to control and consent to the sharing of their records and lab results with third parties, and to be able to revoke their consent at any time even if a data set is already in the possession of a researcher.
• Patients want to ensure their data isn’t used for marketing purposes.
• Each individual patient’s data set must not contain personally identifiable information.
• The aggregate data set must not be shared until some threshold of deidentification is reached.
• The doctor wants to ensure that her responsibility for the data-sharing transaction is appropriately limited to her own research use of the data, with each patient taking responsibility for consent for further sharing