Spotlight Series – Data Ethics and Patient Advocacy Organizations: Q&A with Christopher Scalchunes of the Immune Deficiency Foundation

June 29, 2023

The conversation around patient data ethics is changing every single day.

As the stewards of the patient data ecosystem, patient advocacy organizations are coordinating disparate researcher needs to prioritize the data that supports mission-based research. Because of this important role, it’s essential for these organizations to stay on the cutting edge of the patient data, ethics and privacy landscape

The Immune Deficiency Foundation (IDF) is a nonprofit health organization that’s helping to define and advance this conversation.

Primary immunodeficiencies (PI) represent a group of more than 450 rare, chronic disorders in which part of the body’s immune system is missing or functions improperly. Since its founding in 1980, IDF has sought to improve the diagnosis, treatment, and quality of life of people affected by PI by fostering a community empowered by advocacy, education and research.

IDF has made protecting constituent data and privacy a top priority. The organization has established an encrypted email system protocol that disguises the content of any emails that contain either personal health information (PHI) or personally identifiable information (PII). IDF’s Nurse Advisory Committee has also built the organization’s Bill of Rights for individuals with PI, which aggregates complicated legal language, including medical privacy, into a single document that patients can wrap their heads around.

The Array Insights team was joined by Christopher Scalchunes, Vice President of Research at IDF, who discussed how patient advocacy organizations can lead the way in establishing a foundation for patient data ethics. Scalchunes says that IDF’s quest to protect patient data and privacy all comes back to their most valuable asset: the trust of their patient community.

“All the training, hardware, and software protections are not the cheapest or easiest route IDF could have taken,” Scalchunes said. “But it is the right route if we are to be good stewards of the data our community shares with us.”

Here is Array Insights’ Q&A Scalchunes:

What role do patient advocacy organizations play in the conversation around ethical patient data usage?

The role of a patient advocacy organization in this area is multifaceted. Each organization should play the roles of watchdog, advocate, educator, collaborator and facilitator:


A nonprofit’s role is to engage with the relevant federal and state agencies, as well as the respective lawmakers, to ensure:

  1. Rules and laws for patient data protection are enforced, while not inadvertently becoming roadblocks to good science and progress, and
  2. These laws and protections keep pace with the latest technologies and changes that may impact the ethical use of patient data.


Organizations such as IDF should also be advocating to ensure that consent language for the use of their data is plain, simple and easily understood. Working towards true informed consent means we need to move away from 15 pages of legalese and get in front of people. We need to deliver something that they read, comprehend and can use to make a truly informed decision.

Patient advocacy organizations can engage with research institutions that collect patient data and should:

  • Push to have patients represented on their review/ethics boards, making sure these organizations are transparent with the information they have and how patient data might be used;
  • Advocate for ensuring patients have access to their own data and the ability to see how and where it was used;
  • Ensure that privacy protections are appropriate; and
  • Hold these organizations accountable.

It is critical that the data collected is fair and accurate. We must work together to help reduce the biases in the collected data. Patient advocacy organizations must make sure that diversity and inclusion are not just words, but actions that are taken in the creation and use of patient data.


Nonprofit health organizations are the perfect educators for our communities. Working from our positions of trust, we inform our communities on what their rights are, how research typically works, what to expect and questions to ask prior to consenting and sharing their data.

Collaborator & Facilitator

Patient organizations are in a perfect position to help act as research collaborators and facilitators. We can help with the design of research and studies to facilitate the use of patient data, making the resulting efforts and processes more relevant and friendly to the needs of the patient.

We can help with the promotion of appropriate research, reducing the time and cost needed to complete studies. Our role includes helping with the dissemination of the results of studies done using patient data. Ethically, it is important that those who participate in research can benefit from any advances or new information regarding their condition. Organizations play a pivotal role in the explanation, dissemination and publication of research results in terms that can be understood by those who do not have a medical or scientific background.

What prompted the creation of IDF’s encrypted email system and why is it important for patients?

Since our founding in 1980, IDF has worked to earn the trust of our community. This trust is one of IDF’s biggest assets and one of which we are incredibly proud.

Our community has come to trust IDF’s educational and support resources. It is important that our community also know that they can trust IDF with the information they choose to share with us.

When HIPAA was established in 1996, there were no smartphones or wirelessly connected medical devices. Additionally, very few care providers stored electronic protected health information, and many people did not have computers or computing devices in their homes.

However, today’s communication systems allow for the sharing of personal information through various devices: laptops, tablets, and smartphones. Telehealth services occur regularly via video conference. This convenience can come at a cost: ransomware attacks and unprotected data may increase the likelihood of identity theft and financial fraud.

IDF is not a medical system or healthcare provider, nor a covered entity or business associate that would require abiding by HIPAA. However, we still take protecting data and privacy very seriously. This includes yearly HIPAA certification training for every single IDF staff member. IDF maintains physical, electronic and procedural safeguards to protect the confidentiality and security of any personally identifiable information disclosed to IDF. These types of training and protections extend to our email system and processes.

Emails are extremely vulnerable since they can be sent over unsecured Wi-Fi networks and on multiple devices. Encrypting an email involves disguising the content of email messages to protect potentially sensitive information— so that no one other than the intended recipient can read it.

Why is it important for patient advocacy groups to establish a Bill of Rights — or something similar — for their patients?

Although patients already have existing rights —such as in HIPAA and non-discrimination laws — we believe a patient “Bill of Rights” has an important educational function.

It lays out to those affected by a disease what the expected standard of care is and that they have a right to be involved in the medical decisions that impact them. Often, patients are reluctant to participate in conversations with their healthcare providers or the healthcare system. A bill of rights can take a lot of complicated legal language — that exists in multiple places — and put it together in a single document, easily understood by anyone. It can educate and empower individuals to better advocate for themselves or their loved ones.

About the Contributor

Christopher Scalchunes, MPA, is vice president of research at the Immune Deficiency Foundation, a non-profit that is dedicated to improving the diagnosis, treatment, and quality of life of people affected by primary immunodeficiency through fostering a community empowered by advocacy, education, and research. He’s been a part of IDF’s leadership team for over 16 years. Scalchunes earned his Master of Public Administration from the University of Baltimore.

If you’re looking to build a clinical data federation for your non-profit health organization, schedule a call with Array Insights.