Bioethics Forum Essay
Shortcomings of the Revised “Helsinki Declaration” on Ethical Use of Health Databases
Health apps, wearables, and other digital technologies that collect personal health data are profoundly changing the ways that biomedical research is conducted and the role of research participants. These technologies are challenging well-established norms, rules, and principles of medical ethics for the management of personal data in health databases and biobanks.
The World Medical Association (WMA) has sought to address these challenges by updating the Declaration of Helsinki, which provides international guidelines for biomedical research on humans. The Declaration (initially published in 1964 and amended seven times since) foregrounds informed consent as a core instrument for protecting personal autonomy. Acknowledging that new technologies are changing biomedical research, early last year the WMA developed draft guidelines on “Ethical Considerations Regarding Health Databases and Biobanks” and opened it for public consultation. Based on the comments, WMA published a revised draft Declaration last summer.
Although the revised draft succeeds in addressing a number of issues raised in the public consultation, it continues to neglect two crucial aspects of the changing landscape of health care and research, and thereby falls short of its promise to contribute to a timely and responsible set of guidelines. First, it does not account for the current expansion of the health research domain beyond its traditional limits, which increasingly includes new types of data, new actors, and new technological infrastructures. Second, it conceptualizes the role of consent in an anachronistic (i.e. paper-age) manner, which may hinder research without giving patients and participants more control in a meaningful way.
Digital health data are no longer generated in clinical settings only. They are increasingly being collected by public archives and commercial companies, as well as individuals themselves via social media, fitness trackers, remote sensors, and the Internet of things. In this context, health care professionals and medical researchers are not the only gatekeepers of health data used in health care and research, and today’s health-relevant datasets are not all stored in the digital equivalent of safe deposit boxes. For example, organizations such as 23andMe and Sage Bionetworks are compiling large databases for health research, and technology giants such as Google, Microsoft, Apple, and IBM, have recruited leading figures in biomedical research and moved decisively into the broad domain of health care.
Yet, by stating in its preamble that “in health care provision, health information is gathered by physicians or other members of the medical team,” the revised Declaration limits its remit to an unduly narrow domain of health data provenance and use. This narrow focus undermines the WMA’s goal of addressing the “multiple and indefinite uses” of health databases and biobanks. Moreover, the Declaration’s conception of what a typical health database consists of is outdated, as it appears to be a direct digital equivalent of a traditional biobank or of a locked filing cabinet.
While the focus of the Declaration on data collected by physicians is understandable from the perspective of a medical association, the expansion of the health ecosystem renders the Declaration’s recommendation unduly sterile and unfit to speak to the concerns emerging in the context of Precision Medicine and the Personal Connected Health Alliance. Such initiatives rest on the very idea that the personalization of health care will be enabled by linking data and information from various sources and places. Against this backdrop, it is also worth questioning if the gatekeeping power is not shifting from the hands of traditional medical professionals to the hands of new stakeholders, namely commercial entities who increasingly control both the technological infrastructure for storing large digital databases and the resources and expertise for analyzing them. Recognition of the expansion of the health data ecosystem is necessary if we are to address a number of novel and salient ethical issues, including:
(1) potentially all information is health information, or at least health-relevant information, and as such must be equally considered in ethical reflections regarding health data;
(2) databases and research results are becoming increasing commercialized; and
To address these novel concerns in a systematic manner, alternative governance frameworks will need to be developed. One promising direction may be to consider treating health data as something that we own and govern collectively, rather than as individual property that can be monetized or as a resource that should be placed in the public domain for the public interest. The value of solidarity can offer conceptual and practical guidance in this respect.
In addition, the creation of health data commons has been proposed. Health data commons provide a set of users with the right to use the property, but not to individually own any part of it. Users of commons collectively set the rules by which the commons is accessed and decide how the benefits generated by the commons are distributed. Embracing collective ownership as a possible choice requires that citizens (i.e. sources of data), along with other health data stakeholders, are able to control the procedures that govern the health data ecosystem.
The single most important idea for health authorities to reconsider if they want to create a space in which collective responsibility for health data, as well as health data commons, may develop is specific consent. One means of addressing this is to move from specific consent to some form of nonspecific (e.g. broad, open, and blanket) consent. While specific consent is a one-time opt-in to a specific project, nonspecific consent generally is an opt-in to the specific project at hand but also future projects in the same research area. Nonspecific consent adapts to the evolving needs of health care and research. It should be paired with a database governance model in which patients or their representatives make key decisions on behalf of the community to ensure that the data community’s expectation of appropriate data usage is warranted. Appropriate mechanisms of accountability need to be in place to ensure the trustworthiness of institutions and processes. Moreover, harm mitigation funds should help to ensure that anybody harmed by data use is not left to fend for herself.
Unfortunately, the Declaration only envisages data use without specific informed consent in cases where public interests are seen to overrule personal autonomy. This approach assumes that specific consent is the strongest protection of personal autonomy, which is not necessarily the case; collective control over data use can be an even stronger expression of personal autonomy if it leads to better protection of the interests of data subjects and if data subjects agree to this collective oversight. (Barbara Koenig called it “consent to be governed.”)
The embrace of data commons would push forward the commitment to a solidarity-based governance model that the Declaration recognizes. Numerous studies have indicated that individuals will donate their personal data if they feel they are contributing to scientific research advances, health breakthroughs, or their own personal diagnoses, whereas they will not donate if they feel their data will be used solely or unfairly for private profit.
In sum, despite making some strides in the right direction, the WMA’s Declaration is still unduly narrow in scope, and thus not able to adequately address the challenges of data use in the digital era.
The authors are with the Data and Information Technologies in Health and Medicine Lab, Department of Social Science, Health and Medicine, King’s College London.