Advances in science, medicine and information technology (as well as hacking and piracy) have complicated the maintaining of rightful patient privacy. Sophisticated methods for securing and storing personal information, even down to an individual’s complete genetic blueprint, are fast becoming commonplace.And keeping cultural time is our oral fixation on the concept of “confidentiality.”
In line with the marked rise of stored personal information is the Obama administration’s aim to create, by sequestration, a federal patient data bank where medical records of individuals will be stored on federally funded Health Information Exchanges. At an estimated cost of 29 billion taxpayer dollars and risk to personal privacy, we must also ask at what impact to doctor-patient “confidentiality” and to the right to maintain personal privacy?
Confidentiality statements (agreements, disclaimers, codes of practice) flood our snail and e mail boxes. They invariably begin with the mantra, YOUR PRIVACY IS OUR FIRST CONCERN, and then enumerate the dozen or more ways that our personal information is not our own: our records may be handed on for billing, disease control, pharmaceutical research, demographic analysis, forensic investigations, credit reports, marketing studies, etc… data might even be sold. In no traditional sense can personal medical records be understood to be owned by the patient. The risks this poses are well known. The 2009 Report of the Council on Ethical and Judicial Affairs of the American Medical Association claimed that medical identity theft is the “fastest growing form of identity theft,” citing that security breaches are “higher than ever before” due to “complex patterns of collecting and using patient information.” Where else is a person’s identity so completely recorded?
Although for practical purposes, we have less control of our personal medical data than we do of ordinary objects of ownership, it should be the other way around. Medical data occupies a unique category of property. Although it “belongs” to a patient, its manner of belonging is more closely connected to— more intimately of— its owner than the manner of such things as clothing, housing or food. It “belongs” in the sense of constituting attributes of the owner. A hat can be separated from its wearer. But a diagnosis of manic depression, or eczema, or suicidal thoughts, or premature balding, is an inseparable (although not necessarily permanent) characteristic of a person. Moreover, a hat can be replaced if lost or mishandled. Although data can be re-collected if records are lost, the data’s content is enduring. Consequently, the norm of respect for handling the personal information of others is stricter not loser than the norm governing how we should treat the material possessions of others.
We propose that personal medical data should be treated as an aspect of personal identity. The Pontifical Academy for Life defines personal identity as follows: “the relation of an individual’s unrepeatability and essential core to his being a person (ontological level) and feeling that he is a person (psychological level).” The unique characteristics of personal identity are the unique characteristics of the person. Those characteristics can be observed, itemized and recorded, which is what’s done when personal medical data is secured. But the characteristics are still of the person. The handling of personal records will in a morally relevant sense be the handling of the person, not of course ontologically handling them, as if they were physically present to us, but conceptually handling them, in the way we “handle others” when we think or speak well or ill of them. So serious justice issues are at stake when dealing with the handling of personal medical information.
Some personal facts are, as it were, placed in the public domain by an individual’s own behavior. Clint Eastwood’s disdain for the sitting president, for example, was made public at the Republican National Convention. Other facts however are never meant to be shared beyond very limited contexts. A young professional woman suffering from dysthymia (chronic depression) may choose to share the fact with no one beyond her most intimate relations. Her doctor ipso facto becomes one of those relations in virtue of the dynamics of the doctor-patient relationship. That she shares it with her doctor, however, emphatically does not place it in the public domain, nor should a record of it ordinarily be seen by anyone’s eyes but her doctor’s (and authorized medical staff). It is her information, not the clinic’s. Its recording in electronic storage certainly does not change this. Consequently, it should be guarded with a high degree of respect. Confidentiality, properly understood, is a necessary expression of this respect.
With what degree of confidentiality should personal medical data be held? We offer the following thoughts on conceiving the norm of medical privacy. If personal information is an aspect of personal identity; and persons cannot be coerced by public authority to certain ends without a high burden of proof that such ends are in the manifest interests of the common good; and if personal information is more our own even than material possessions, and the coercive securing of our material possessions by public authority (e.g., eminent domain seizures, taxation for the funding the social safety net) requires a high evidentiary standard that such seizure is required for the common good; then it seems reasonable to conclude that anybody, including public authorities, desiring access to one’s personal medical data should be required to demonstrate that such access is in the manifest interests of the patient or the common good. The default position should be “no access” beyond one’s personal medical provider.
We do not think that the signing of “privacy policies” upon admission to clinics or hospitals ordinarily constitutes a sufficient expression of informed consent for the sharing of private information. The Pontifical Academy for Life states: “the doctor has only that power and those rights which the patient himself gives him.” We argue this includes the whole area of confidentiality. Patients therefore should be given the opportunity to explicitly consent to each and every instance of the sharing of any personalized information; they should be made known in advance what pieces of information others want access to and supplied with details about who’s requesting access and why. They should also be informed in advance that they have no obligation to grant access and their consent remains at all times revocable. Again, the default position should be “no access.” Public authorities would, of course, have the power to override confidentiality. But ordinarily they should be required legally to demonstrate that overriding confidentiality in such and such an instance is demanded necessarily by the common good. All practices of the collecting, recording, combing and transferring of a patient’s information should be transparent to the patient and his or her primary doctor.
This norm would not exclude doctors from seeking medical advice on patients from colleagues, but all identifying information on those patients should be excluded. Moreover, medical clinics may make general information available for epidemiological purposes or census data, etc., but the information they release should remain strictly anonymous.
Failure to uphold a just norm of confidentiality subjects patients to unacceptable risks of harm to personal identity.