TABLE 5.
Final recommendations from citizens’ juries held February 2020
| Parramatta jury | Wollongong jury |
|---|---|
| Access: Who should have access to the data? | |
| 1. We expect the following groups to have access to data: Universities, government departments, pharmaceutical companies, device manufacturers. |
1. Only government agencies (one or more) should have direct access to raw data. 2. Private industries should only have access to data once their applications for data have been approved by the independent panel. 3. Private industry should not on‐sell data to third parties. |
| NB. The jury did not provide a recommendation on individual consent as the jury saw this as unworkable given the nature of the data collection. |
Consent: Opinion was divided on this issue. 4a. People should be able to opt out of having their data shared (supported by 7 jurors). 4b. Subject to approval by the independent panel, there should be a waiver of consent for sharing data. (supported by 13 jurors) |
| Protection: Do certain types of data need more protection than others? | |
|
2. All data must be de‐identified – no name, date of birth and address. 3. Sharing data must also comply with other protection laws (eg privacy, child protection, discrimination, elderly people, refugees, etc). |
5. Raw data should be very tightly held, protected and not shared. 6. Individual‐level data should only be released for purposes that will contribute to public good. (split decision: Yes 13 No 1 Undec. 6) |
| Oversight: Who should oversee and make decisions about the sharing of data? | |
|
4. An Independent Body for Administering Data Sharing (IBADS) should oversee data sharing to manage applications to access data, linkage and provision of data, auditors, and contractual arrangements. (1 dissenting vote) 5. There should be a tiered system with controls on access, use and disclosure at different levels where IBADS decides on level of access, based on the application, including the company's prior behaviour. (split decision: Yes 14 No 2 Undec. 3) |
7. An independent trusted stakeholder panel should oversee and make decisions about sharing data. 8. The independent panel should consist of university researchers, IT and data experts, ethics and privacy experts, private industry representatives, health department representatives, and consumers and community members. 9. The independent panel should be paid, and the payments disclosed, for their contribution to the panel. 10. The application to the independent panel should include, but not be limited to, who will use the data, what data will be needed and from where, for what purpose, how it will be kept secure, how it will be analysed, how long it will be kept, and how and when it will be destroyed. |
| Purpose: Should there be particular limits on the purpose for which the data can be used? | |
|
6. Data can only be used for research and development, not for other uses. 7. A clear, articulate and enforceable definition of ‘research and development’ is needed if private industries are to access data. |
11. Data can only be used for the purposes specified in the application to access the data. (2 dissenting votes) 12. Individual‐level data should only be released for purposes that will contribute to public good. (split decision: Yes 13 No 1 Undec. 6) |
| Accountability: Should particular penalties be applied if companies break the rules or misuse the data? | |
|
8. There must be penalties for companies which violate requirements including exclusion from access to data in the future. 9. There must be penalties for government agencies, IBADS, and individuals if they are found to have done something wrong. 10. There should be a well‐resourced ombudsman to investigate complaints about private industry use of government health data. |
13. It should be a criminal offence to misuse data. 14. Companies and their directors should be held accountable for any misuse of data in their organization. 15. There should be penalties for companies, including directors, if they misuse data. These penalties should be proportionate to the seriousness of misuse. 16. Misuse of data by private industry should be publicly disclosed. |
| Costs: Who should pay the costs associated with sharing of data? | |
| 11. Private industries should pay for data access. | 17. Private industries should pay for the use of data. These payments should cover the cost of managing and accessing the data and excess funds should be reinvested in the health system. |
| Transparency: How much should the public be told about the way in which data is collected and shared? | |
| 12. There should be transparency and openness with the public when data is shared with private industries. This should include information about which companies have access to data, what data is accessed, how long data is held, security arrangements, whether information is passed on to third parties and how (split decision: Yes 14 No 1 Undec. 4). | 18. Subject to approval by the independent panel, information about studies conducted using government health data should be publicly available. |
| Reporting: Should there be a requirement that all results be released? | |
|
13. Companies should not be required to share results with the public from using government health data if it impacts on their commercial interests. (1 dissenting vote) 14. Companies should be required to report findings from their research using government health data to IBADS, regardless of outcome. (1 undecided) |
19. The results from studies conducted using government health data should be made publicly available if they are of public interest or concern. 20. Companies should be required to share their results with the independent panel, regardless of whether the results are positive or negative. |