The National Institute of Health’s (NIH) revised Data Management and Sharing Policy requires a data sharing plan for all NIH-funded research, triggering compliance challenges amid quickly evolving federal, state, and international privacy standards. In a special issue of Harvard Data Science Review, Kristen Rosati published an article on adopting strategies for long-term compliance in light of changing laws.
In her article, Kristen recommended strategic, long-term data sharing solutions, including using HIPAA’s expert determination method to de-identify data to minimize potential future disconnects in data de-identification standards. Additionally, in light of concerns about whether de-identification of data is sufficient protection of privacy, and in the absence of a federal law prohibiting the re-identification of individuals in de-identified data sets, she recommends utilizing contractual controls on the use of de-identified data and restrictions on downstream disclosures of that data, as a key to good data stewardship.
The article resulted from Kristen’s presentation on “Legal Issues in Data Sharing” at last year’s National Academies of Sciences, Engineering, and Medicine “Changing the Culture of Data Management and Sharing” Virtual Workshop. In addition to presenting, Kristen served on the planning committee for the National Academies’ workshop.
A Past President of the American Health Law Association, Kristen is highly regarded as one of the nation’s leading “Big Data” and HIPAA compliance attorneys. She offers deep experience in data sharing for research and clinical integration initiatives, health information exchange, and clinical research privacy.