Understanding Data Ownership and Sharing Settings

Sponsors commonly ask, "Who owns the data in PEER?" Learn what data sharing, access, and privacy entails for both participants and portal sponsors (organizations) below. Feel free to also adapt this language for your participants, descriptions, etc.

Participants

Giving participants ownership of their data and sharing settings is an essential principle behind our PEER platform. Some participants might decide to share everything with everyone from medical records to contact information, while others might prefer to keep their data more private. In the context of PEER, “privacy” is not the same as “secrecy.” While “secrecy” refers to the sole intention of keeping information unknown to others, “privacy” reflects the trade-offs that a participant makes between choosing to keep his or her information private, versus sharing it with another person or group (“access”).

PEER enables participants to weigh and determine these trade-offs by customizing their privacy, access, and sharing settings using PEER’s PrivacyLayer®. The PrivacyLayer® features is what allows participants to determine who sees their data, and how their data is used. Furthermore, by enabling this data ownership, we at Genetic Alliance, aim to foster an environment of trust between participants sharing data and data users in PEER.

Portal Sponsors (Organizations)

Every portal sponsor, researcher, or network seeking to access and use the health data in PEER is referred to as a privacy directive. As an organization sponsoring a registry, you are responsible for two separate privacy directives: your own privacy directive, and the researchers that you recommend.

It is important to understand that portal sponsors are stewards, rather than owners, of the health data provided by participants. Although you have the ability to export the data out of PEER (contingent on participant permission), you are responsible for ensuring the protection and transparency of how the data is being used and what the data is being used for.

Therefore, we recommend all sponsors to communicate – and communicate frequently - to participants about your plans for data use, and to provide participants with a list of researchers recommended by the organization when it becomes available. Communicating and engaging participants frequently strengthens and upholds the community of trust that we aim to foster within the PEER platform.

To learn more about the importance of protecting and respecting individual health data, please read our paper on privacy, fairness, and respect for individuals.

Ways Data is Shared and Used in PEER

The main parts that make up the privacy settings are:

1. Privacy directives

2. Privacy setting options (allow, ask me, and deny)

3. Data Sharing Types

Below is a sample screenshot of the privacy settings that participants see when after they create their account, and corresponding descriptions of each component below:

Screen%20Shot%202017-12-11%20at%202.13.40%20PM.png

List of Privacy Directives

Left-hand column

Although the term 'privacy directive' is not explicitly stated in the privacy settings page for participants; the list on the left-hand column of your organization, recommended researchers, and other directives are who the participant can share data with. Sponsors are encouraged to include descriptions of each privacy directive, so that participants can learn more about each directive seeking to access their data. Participants can see more details about a directive by clicking on the blue info button to the left of the directive's name.

Types of Data Sharing

Top row

There are also 3 primary types of data sharing that can occur within PEER. The 3 primary types of data sharing are reflected in the top, grey tabs on the privacy settings page.

1. Find/Analyze

The Find/Analyze allows privacy directives to see participants’ data, but anonymously. For example, a researcher who has been given find/analyze access may see all the responses in the registry, but would not be able to identify the participant to specific responses. In other words, enabling a privacy directive to find/analyze will allow privacy directives to see participants’ responses, but without identifying or receiving the participants’ profile information.

2. Export/Link

The Export/Link enables privacy directives to export the data out of the PEER system and conduct their own analysis outside of PEER. PEER currently does not support data analysis within the platform itself, therefore, privacy directives may find it helpful to export the data for their own purposes. In addition, privacy directives may also want to export the data to make only specific parts available to other privacy directives.

3. Get Contact Information

The Get Contact Information allows privacy directives to view your contact information. The “ask me” button indicates that researchers may only contact you via the PEER messaging system, and will have to ask you via PEER for your contact information.

Participant Settings

Participants choose whether to allow or deny a privacy directive to view their information and determine how each privacy directive uses their data. Participants can also select the Ask Me button, which allows privacy directives to contact the participant via the messaging feature in PEER (rather than via the participant’s email, phone, or address listed in the participant’s account and profile).


Now that you have an understanding of how data sharing and ownership works, learn how to set your default settings in the next section.

Next_Page.png