Hostname: page-component-cd9895bd7-gxg78 Total loading time: 0 Render date: 2024-12-26T03:54:43.520Z Has data issue: false hasContentIssue false

The Priority of Privacy for Medical Information

Published online by Cambridge University Press:  13 January 2009

Judith Wagner DeCew
Affiliation:
Philosophy, Clark University

Extract

Individuals care about and guard their privacy intensely in many areas. With respect to patient medical records, people are exceedingly concerned about privacy protection, because they recognize that health care generates the most sensitive sorts of personal information. In an age of advancing technology, with the switch from paper medical files to massive computer databases, privacy protection for medical information poses a dramatic challenge. Given high-speed computers and Internet capabilities, as well as other advanced communications technologies, the potential for abuse is much greater than ever before. At every stage in the process of collection and storage, dangers can arise, including entry errors, improper access, exploitation, and unauthorized disclosure. Secondary use and aggregation of data are all far easier, faster, and less expensive, and thus pose additional threats to an individual's control over the disposition of medical information.

Type
Research Article
Copyright
Copyright © Social Philosophy and Policy Foundation 2000

Access options

Get access to the full version of this content by using one of the access options below. (Log in options will check for institutional or personal access. Content may require purchase if you do not have access.)

References

1 For a full defense of this view, see DeCew, Judith Wagner, In Pursuit of Privacy: Law, Ethics, and the Rise of Technology (Ithaca, NY: Cornell University Press, 1997).Google Scholar

2 Rigby, Michael, Hamilton, Ian, and Draper, Ronald, “Finding Ethical Principles and Practical Guidelines for the Controlled Flow of Patient Data” (paper presented at an international conference on “Electronic Patient Records in Medical Practice,” Rotterdam, The Netherlands, 10 7, 1998).Google Scholar

3 Westin, Alan et al. , “Health Care Information Privacy: A Survey of the Public and Leaders” (survey conducted for Equifax, Inc., 1993), 23Google Scholar, cited in Gostin, Lawrence O., “Health Information Privacy,” Cornell Law Review 80, no. 3 (03 1995): 454.Google ScholarPubMed

4 Gostin, , “Health Information Privacy,” 464–65, footnotes omitted.Google Scholar

5 Ibid., 464.

6 Gostin, Lawrence O., Lazzarini, Zita, Neslund, Verla S., and Osterholm, Michael T., “The Public Health Information Infrastructure: A National Review of the Law on Health Information Privacy,” Journal of the American Medical Association 275, no. 24 (06 26, 1996): 1921.Google ScholarPubMed

7 See Moor, James, “Towards a Theory of Privacy in the Information Age,” Computers and Society 27, no. 3 (09 1997): 2732CrossRefGoogle Scholar; and Culver, Charles, Moor, James, Duerfeldt, William, Kapp, Marshall, and Sullivan, Mark, “Privacy,” Professional Ethics 3, nos. 3 and 4 (Fall/Winter 1994): 425CrossRefGoogle Scholar, for descriptions of the problems and for some general guidelines for establishing privacy protection guidelines.

8 In Griswold v. Connecticut, 381 U.S. 479 (1965)Google Scholar, the Supreme Court first announced and recognized a constitutional right to privacy when it overturned the convictions of the director of Planned Parenthood in Connecticut and a physician from Yale Medical School who violated a statute that banned the disbursement of contraceptive-related information, instruction, and medical advice to married persons. This privacy right, in some ways distinct from informational-privacy protection in tort and Fourth Amendment law, has since been invoked in a variety of other cases concerning decisions about marriage, family, and lifestyle. For example, it was cited in Loving v. Virginia, 388 U.S. 1 (1967)Google Scholar, as a justification for overturning a Virginia statute that banned interracial marriage; in Stanley v. Georgia, 394 U.S. 557 (1969)Google Scholar, as a major reason for allowing the possession of obscene matter in one's home; in Eisenstadt v. Baird, 405 U.S. 438 (1972)Google Scholar, as a justification to allow the distribution of contraceptives; and in Roe v. Wade, 410 U.S. 113 (1973)Google Scholar, as a reason to permit abortions at some points during a pregnancy.

9 See DeCew, , In Pursuit of Privacy, 151–52.Google Scholar

10 Markoff, John, “Europe's Plans to Protect Privacy Worry Business,” New York Times, 04 11, 1991, A1Google Scholar; and Tye, Larry, “EC May Force New Look at Privacy,” Boston Globe, 09 7, 1993, 10.Google Scholar An excellent summary of the European approach is supplied in Schwartz, Paul M., “European Data Protection Law and Restrictions on International Data Flows,” Iowa Law Review 80, no. 3 (03 1995): 471–96.Google Scholar On the domestic approaches in Germany and Sweden, see Bennett, Colin J., Regulating Privacy: Data Protection and Public Policy in Europe and the United States (Ithaca, NY: Cornell University Press, 1992).Google Scholar See also Franklin, Charles E. H., ed., Business Guide to Privacy and Data Protection Legislation (Dordrecht, Netherlands: Kluwer Law International, 1996)Google Scholar, where the Council of Europe's guidelines, the guidelines of the Organisation for Economic Cooperation and Development (OECD), and the laws of several European nations are summarized and explained, with relevant portions translated.

11 Tye, Larry, “No Private Lives: German System Puts a Lid on Data,” Boston Globe, 07 7, 1993, 1.Google Scholar

12 Ibid., 10.

13 Woodward, Beverly, “Intrusion in the Name of ‘Simplification,’” Washington Post, 08 15, 1996, A19Google Scholar; and “Medical Identifier Hearings to Begin,” Boston Globe, 07 20, 1998, A5.Google Scholar

14 Palmer, Louise D., “States Urged to Use Names in HIV Reports,” Boston Globe, 07 19, 1998, A1.Google Scholar

15 Foreman, Judy, “Your Health History — Up for Grabs?” Boston Globe, 07 20, 1998, C1.Google Scholar

16 Gostin, Lawrence O., “Making Tradeoffs Between the Collective Good of Human Health and the Individual Good of Personal Privacy” (paper presented at an international conference on “Electronic Patient Records in Medical Practice,” Rotterdam, The Netherlands, 10 6, 1998).Google Scholar

17 Gostin, , “Health Information Privacy,” 515–16.Google Scholar

18 Magaziner, Ira, remarks made at conference, “ACM Policy '98,” Washington D.C., 05 10–12, 1998.Google Scholar

19 Palmer, , “States Urged to Use Names in HIV Reports,” 1.Google Scholar

20 Detmer, Don E. and Steen, Elaine B., “Shoring Up Protection of Personal Health Data,” Issues in Science and Technology 12, no. 4 (Summer 1996): 76.Google ScholarPubMed

21 Rotenberg, Marc, e-mail correspondence with author, 1998.Google Scholar

22 DeCew, , In Pursuit of Privacy, 159–60.Google Scholar

23 The term “dynamic negotiation” was introduced by Ross E. Mitchell and first appeared in Mitchell, Ross E. and DeCew, Judith Wagner, “Dynamic Negotiation in the Privacy Wars,” Technology Review 97, no. 8 (11/12 1994): 7071.Google Scholar

24 Such governmental regulation would be unnecessary if the telephone corporations implemented and enforced the system described here. Thus far, there has been no such corporate coordination or cooperation.

25 With traditional mail, people have always had the right, and the ability, to send anon ymous correspondence. Delivery of the envelope requires neither that the letter be signed nor that a return address be provided. On the receiving end, people similarly have the right to discard anonymous mail without opening it. If the principles of dynamic negotiation were applied to electronic mail, senders of e-mail would have the option to identify or not identify themselves. Recipients could reject as undeliverable any e-mail with an unidentified sender. The sender would then have the option to retransmit the message, this time with a return address. The users would negotiate among themselves.

26 Detmer, and Steen, , “Shoring Up Protection of Personal Health Data,” 74.Google Scholar

27 These principles echo the European directives. See Rigby, Michael, Hamilton, Ian, and Draper, Ronald, “Towards an Ethical Protocol in Mental Health Informatics,” in Cesnick, B., McCray, A. T., and Scherrer, J. R., eds., MEDINFO '98: Proceedings of the Ninth World Congress on Medical Informatics (Amsterdam, The Netherlands: IOS Press, 1998), 1223–27.Google Scholar

28 O'Harrow, Robert Jr., “Plans' Access to Pharmacy Data Raises Privacy Issues: Benefit Firms Delve Into Patient Records,” Washington Post, 09 27, 1998, A1.Google Scholar

29 Michael Rigby has suggested to me in correspondence that although the downloading of rich data sets of anonymous data should not be allowed, the use of such a database for public health research may be morally justifiable. This could occur if the simplicity of the data set or the large size of the study would preclude the indirect identification (or even the suspicion of such identification) of individuals in the database.

30 Barrows, Randolph C. Jr., and Clayton, Paul D., “Privacy, Confidentiality, and Electronic Medical Records,” Journal of the American Medical Informatics Association 3, no. 2 (03/04 1996): 139–48.CrossRefGoogle ScholarPubMed

31 Ibid., 146.

32 Safran, Charles, “The Introduction of EPRs in the Beth Israel Deaconess Medical Center, Boston” (paper presented at an international conference on “Electronic Patient Records in Medical Practice,” Rotterdam, The Netherlands, October 6, 1998).Google Scholar David Friedman has suggested to me that federally mandated systems have failed in the past to allow for experimentation with different solutions to problems. He urged that it would be preferable to have various systems of information control, in order to see what system is best. To the contrary, I believe we have already had years of experimenting with a patchwork of programs, and the Beth Israel system (as well as others) indicates that no self-regulating system has emerged that adequately protects patient privacy.

33 For a defense of a “restricted access” view of privacy, see Gavison, Ruth, “Privacy and the Limits of Law,” Yale Law Journal 89, no. 3 (01 1980): 421–71CrossRefGoogle Scholar; see also Moor, James, “The Ethics of Privacy Protection,” Library Trends 39, nos. 1 and 2 (Summer/Fall 1990): 6982.Google Scholar

34 See Beauchamp, Tom L. and Childress, James F., Principles of Biomedical Ethics, 3rd ed. (New York: Oxford University Press, 1989)Google Scholar, for their stress on four ethical principles, namely, respecting autonomy, beneficence, nonmaleficence, and justice (emphasis mine).

35 van der Lei, Johan, “The EPR as Catalyst for Change” (paper presented at an international conference on “Electronic Patient Records in Medical Practice,” Rotterdam, The Netherlands, 10 6, 1998).Google Scholar See also Vlug, Albert E. and van der Lei, Johan, “Postmarking Surveillance with Computer-Based Patient Records,” in Greenes, Robert A., Peterson, Hans E., and Protti, Denis J., eds., MEDINFO '95: Proceedings of the Eighth World Congress on Medical Informatics (Edmonton, Canada: IMIA, 1995), 327–30.Google Scholar

36 Rigby, , Hamilton, , and Draper, , “Towards an Ethical Protocol in Mental Health Informatics,” 1225.Google Scholar

37 I am indebted to Tom Beauchamp for emphasizing this point.

38 Detmer, and Steen, , “Shoring Up Protection of Personal Health Data,” 77.Google Scholar

39 Ibid., 78.

40 Rigby, , Hamilton, , and Draper, , “Finding Ethical Principles and Practical Guidelines for the Controlled Flow of Patient Data,” 1.Google Scholar