Hostname: page-component-586b7cd67f-gb8f7 Total loading time: 0 Render date: 2024-11-30T20:37:03.420Z Has data issue: false hasContentIssue false

An Architecture for Privacy in a Networked Health Information Environment

Published online by Cambridge University Press:  01 October 2008

Extract

As we move toward the creation of a networked health information environment, the potential of privacy intrusions increases, with potentially devastating impact on quality and access to healthcare. This paper describes the risks we face and proposes a framework to minimize those risks. In particular, it proposes nine principles to protect privacy in an information age.

Type
Special Section: The Newest Frontier: Ethical Landscapes in Electronic Healthcare
Copyright
Copyright © Cambridge University Press 2008

Access options

Get access to the full version of this content by using one of the access options below. (Log in options will check for institutional or personal access. Content may require purchase if you do not have access.)

References

1 United Nations. Universal Declaration of Human Rights, Article 12. Available at http://www.nps.gov/elro/teach-er-vk/documents/udhr.htm.

2 Naser C, Alpert S. Protecting the privacy of medical records: An ethical analysis (White Paper). Lexington, MA: National Coalition for Patient Rights; 1999.

3 The EU Directive mentioned above similarly treats medical violations of privacy as particularly egregious cases.

4 See note 2, Naser, Alpert 1999.

5 Alpert SA. Protecting medical privacy: Challenges in the age of genetic information. Journal of Social Issues 2003;59(2):301–22; Goffman E. Behavior in Public Places: Notes on the Social Organization of Gatherings. New York: Free Press; 1966; Westin A. Privacy and Freedom. New York: Atheneum; 1967.

6 Goldman J. Protecting privacy to improve health care. Health Affairs 1998;17:47–60.

7 See note 6, Goldman 1998.

8 Goldman J, Hudson Z. Virtually exposed: Privacy and e-health. Health Affairs 2000;19:140–8.

9 These and more survey results can be found at the Electronic Privacy Information Center (EPIC), 27 April 2007; available at http://www.epic.org/privacy/survey/ (accessed 27 May 2008).

10 See note 5, Alpert 2003.

11 See note 6, Goldman 1998.

12 Bennett CJ. Regulating Privacy: Data Protection and Public Policy in Europe and the United States. Ithaca, NY: Cornell University Press; 1992.

13 Goldman J. Privacy and individual empowerment in the interactive age. In: Bennett C, Grant R, eds. Visions of Privacy: Policy Choices for a Digital Age. Toronto: University of Toronto Press; 1999.

14 Brandeis LD, Warren SD. The right to privacy. Harvard Law Review 1890;4:193–7.

15 See note 14, Brandeis, Warren 1890.

16 See note 5, Westin 1967.

17 The U.S. National Information Infrastructure Task Force defines the term as follows: “Information privacy is an individual's claim to control the terms under which personal information—information identifiable to an individual—is acquired, disclosed, and used.” Available at http://www.iitf.nist.gov/ipc/ipc-pubs/niiprivprin_final.html.

18 Miller A. The Assault on Privacy: Computers, Data Banks, and Dossiers. Ann Arbor: University of Michigan Press; 1971.

19 See note 5, Westin 1967.

20 See note 5, Alpert 2003.

21 See note 5, Alpert 2003.

22 See note 5, Alpert 2003.

23 Of course the illicit use of data is not particular to the networked environment. What has changed, however, is the scope of potential violations: As the network expands and as the amount of data increases, so does the possibility of confidentiality violations. In addition, a networked environment facilitates the illicit acquisition (e.g., through theft) and dissemination of data. This is in large part due to digitalization of information, which is easier to store and to steal without its original owner even noticing.

24 Health Privacy Working Group. Best Principles for Health Policy; 1999; available at http://www.healthprivacy.org/usr_doc/33807.pdf.

25 The Register; available at http://www.theregister.co.uk/2005/04/21/icam_surveillance_report/ (accessed 27 May 2008).

26 United States Senate Committee on the Judiciary, 13 Apr 2005; available at http://judiciary.senate.gov/testimony.cfm?id=1437&wit_id=4161 (accessed 27 May 2008).

27 United States Senate Committee on the Judiciary, 13 Apr 2005; available at http://judiciary.senate.gov/testimony.cfm?id=1437&wit_id=4162 (accessed 27 May 2008).

28 For a listing of recent security breaches and data violations, see Privacy Rights Clearinghouse, 20 April 2005; avaliable at http://www.privacyrights.org/ar/ChronDataBreaches.htm (accessed 27 May 2008).

29 See note 24, Health Privacy Working Group 1999.

30 In particular, we have reviewed laws in three jurisdictions: The United States, including the 1973 Fair Information Practices and the 1974 Privacy Act; the OECD, including the 1980 Guidelines on the Protection of Privacy and Transborder Flows of Personal Data; and Canada, including the 1995 Canadian Standards Association Model Code for the Protection of Personal Information. More information about these and other existing Fair Information Practices can be found at the web site for The Privacy Rights Clearinghouse, a non-profit consumer group located in California; updated Feb 2004; available at http://www.privacyrights.org/ar/fairinfo.htm (accessed 27 May 2008).

31 Any provisions for informed consent need to be drafted in such a way that ensures the sharing of information is not unduly cumbersome on data users. It is probably unrealistic to assume that patients can or should give their assent to each and every use of their medical data.

32 Valid concerns have been raised, however, that such a centralization may create additional security vulnerabilities.

33 Sometimes, it is important to recognize that the flexibility of opt-out provisions is limited by what is technologically feasible. It goes without saying that any steps or provisions taken to protect confidentiality need to take account of what is possible with our existing technology. At the same time, however, technical limitations should never be used to justify breaches of confidentiality or privacy.

34 Solove D, Hoofnagle C. A model regime of privacy protection. Public Law Research Paper No. 132. Washington, DC: George Washington University Law School; 2005; available at: http://papers.ssrn.com/sol3/papers.cfm?abstract_id=681902.

35 It is also worth noting that some observers have suggested that penalties for abuses should be strengthened in order to act as a deterrent against future abuses.