D-PATH (Data Privacy Assessment Tool for Health) for biomedical data sharing
1 Department of Human Genetics, Faculty of Medecine and Health Sciences, McGill University, Montreal QC, Canada, Candian Center for Computational Genomics, McGill University, Montreal, Montreal QC, Canada.
2 Department of Human Genetics, Faculty of Medecine and Health Sciences, McGill University, Montreal QC, Canada, Candian Center for Computational Genomics, McGill University, Montreal, Montreal QC, Canada.
3 Department of Human Genetics, Faculty of Medecine and Health Sciences, McGill University, Montreal QC, Canada, Candian Center for Computational Genomics, McGill University, Montreal, Montreal QC, Canada.
4 Department of Human Genetics, Faculty of Medecine and Health Sciences, McGill University, Montreal QC, Canada, Candian Center for Computational Genomics, McGill University, Montreal, Montreal QC, Canada.
5 Department of Human Genetics, Faculty of Medecine and Health Sciences, McGill University, Montreal QC, Canada, Candian Center for Computational Genomics, McGill University, Montreal, Montreal QC, Canada.
6 Department of Human Genetics, Faculty of Medecine and Health Sciences, McGill University, Montreal QC, Canada, Candian Center for Computational Genomics, McGill University, Montreal, Montreal QC, Canada.
7 Department of Human Genetics, Faculty of Medecine and Health Sciences, McGill University, Montreal QC, Canada, Centre of Genomics and Policy, McGill University, Montreal, QC, Canada.
Abstract
The Data Privacy Assessment Tool for Health (D-PATH) is a proof-of-concept online tool designed to help users intending to share biomedical data identify applicable legal obligations and relevant best practices. D-PATH provides a series of simple questions to assess important aspects of the data sharing task, such as the user’s legal jurisdiction and the types of entities involved. Based on the combination of answers that the user provides, D-PATH will generate a list of privacy obligations and security-best practices, categorized into themes of 1) accountability, 2) lawfulness of storage, transfer, and protection, and 3) security and safeguards that will likely apply in the user’s scenario. Currently, the D-PATH focuses on Canadian and European privacy laws and various global best-practice policies, but there are plans to extend this in later iterations of the tool. D-PATH was developed specifically to inform users about their legal privacy obligations and best practices and was written to facilitate compliant and ethical data sharing. As a proof-of-concept, D-PATH demonstrates the potential value of a tool in simplifying and translating complex concepts into more accessible formats. Such a tool can be adapted and valuable in many different contexts, such as training core researchers in data sharing laws and practices.