The law of open medical data: past application and future challenges | Journal of Law and the Biosciences | Oxford Academic

Abstract:  Since 2003, US federal funders’ scientific data-sharing policies have encouraged open sharing of weakly de-identified medical and genomic data. This sharing fueled important scientific advances but, as this article explains, was of dubious legality, and recent regulations have removed any doubt: open access to medical data is a dying concept if not already dead. The future of medical data sharing lies with controlled access data repositories, which replicate many of the scientific benefits of data sharing but provide stronger privacy and data security protections. The drawback is that meaningful data protections cost money, forcing controlled access repositories to explore new private funding models to sustain data availability over the long haul after federal funding expires. Unless carefully crafted, transactions to finance controlled access repositories (such as charging user fees or receiving discounts on cloud storage from information technology service providers) can violate federal laws this article explores. Going forward, the law of medical privacy boils down to how much privacy those who share and use our data can realistically and lawfully finance. That is how much privacy we, the public, can expect.