Protecting health information privacy in research: what's an ethics committee like yours doing in a job like this?

The Commonwealth and State legislation designed to protect the privacy of personal health information has attracted the criticism that the constraints imposed on the use of the information in research obstructs that research. A central and common feature of the legislation is the reliance upon the review by human research ethics committees of research that proposes to use personal health information for research without prior consent from those whose information it is. The origins of this reliance are explored and explained and it is suggested that this has proved to be an inappropriate policy choice. The extension of the reliance is then described and the conceptual, procedural, workload and structural consequences of requiring these voluntary committees to conform to legislative standards of review of issues of the public interest are critically examined. In recent reviews of the Commonwealth legislation, there is recognition of the underlying uncertainty as to the appropriate balance between protection of personal privacy and the promotion of beneficial research. In the further exploration of these matters that those reviews recommended, a close and critical examination of the wisdom of continuing to rely on ethics committees is needed.     

Privacy and research involving humans

Human research ethics committees in Australia are required to consider compliance with privacy law as an element of the ethics of research. Recent legislation has introduced federal private sector privacy protection, as well as privacy protection at State and Territory levels. In Victoria, which is used as an example in this article, State privacy legislation covers public sector information and health records. This article considers the implications for research involving human participants and for ethics committees of the new privacy regimes. Although privacy law is a potential barrier to research about humans, the need for exceptions has been dealt with effectively in the context of medical or health research. However, privacy law and its chilling effect could potentially be a serious impediment to some forms of non-health-related research, such as social and socio-legal research.     

Public trust and privacy in shared electronic health records

The development of information and communication technology in health care, also called eHealth, is expected to improve patient safety and facilitate more efficient use of limited resources. The introduction of electronic health records (EHRs) can make possible immediate, even automatic transfer of patient data, for health care as well as other purposes, across any kind of institutional, regional or national border. Data can thus be shared and used more effectively for quality assurance, disease surveillance, public health monitoring and research. eHealth may also facilitate patient access to health information and medical treatment, and is seen as an effective tool for patient empowerment. At the same time, eHealth solutions may jeopardize both patient safety and patients' rights, unless carefully designed and used with discretion. The success of EHR systems will depend on public trust in their compatibility with fundamental rights, such as privacy and confidentiality. Shared European EHR systems require interoperability not only with regard to technological and semantic standards, but also concerning legal, social and cultural aspects. Since the area of privacy and medical confidentiality is far from harmonized across Europe, we are faced with a diversity that will make fully shared EHR systems a considerable challenge.     

UK further education sector journey to compliance with the general data protection regulation and the data protection act 2018

The Further Education sector provides training and qualifications to 2.2million young people and adults annually and in the process collect a wealth of data which must be properly managed to ensure it is processed in a fair and transparent manner, maintaining compliance with good information governance and data protection legislation. This article shares the findings of a study which explored the content of General Data Protection Regulation action plans, first hand accounts from data practitioners and the views of students as provides embraced the new legislation.The article demonstrates how a sector which fills the void between schools and universities is unique in the challenges they face when ensuring compliance with data protection laws. These challenges include the application of legislation, noting key differences between the nations of the United Kingdom, and the moral duties placed upon the provider by parents who expect open dialogue with the education provider, consistent as happened with lower levels of education. This must be balanced with the student's right to data privacy and control over who can access their educational records .     

Barriers to the operation of mental health legislation in Australian emergency departments: a qualitative analysis

This study aimed to describe the perceived barriers faced by emergency clinicians in utilising mental health legislation in Australian hospital emergency departments. A semi-structured interview methodology was used to assess what barriers emergency department doctors and nurses perceive in the operation of mental health legislation. Key findings from the interview data were drawn in accordance with the most commonly represented themes. A total of 36 interviews were conducted with 20 members of the Australasian College for Emergency Medicine and 16 members of the College for Emergency Nursing Australasia representing the various Australian jurisdictions. Most concerning to clinicians were the effects of access block and overcrowding on the appropriate use of mental health legislation, and the substandard medical care that mental health patients received as a result of long periods in the emergency department. Many respondents were concerned about the lack of applicability of mental health legislation to the emergency department environment, variation in legislation between States and Territories causing problems for clinicians working interstate, and a lack of knowledge and training in mental health legislation. Many felt that clarification of legislative issues around duty of care and intoxicated or violent patients was required. The authors conclude that access block has detrimental effects on emergency mental health care as it does in other areas of emergency medicine. Consideration should be given to uniform national mental health legislation to better serve the needs of people with mental health emergencies.     

Autonomy and audit--striking the balance

The Data Protection Act 1998 purports to implement European legislation which aims to protect the privacy of individuals. There were such concerns about the implications of the Act for certain research and audit that it became necessary to enact further legislation to enable such essential activities to continue. Although this empowers the Secretary of State for Health to approve proposals for these purposes, there should still be a requirement that the use of identifiable personal information without consent must be justified on compelling public interest grounds. It is this that can confound those seeking to rely on such justification. There can either be too cavalier an approach to the issue, and/or there is little sense of what considerations should come into play. This paper attempts to highlight some of the difficulties that are theoretically raised by some audit activities and set out the legal framework within which they must operate. However, the key focus is on how ethical considerations might inform the public interest argument.     

National health insurance and the new health occupations: nurse practitioners and physicians' assistants

This article considers a number of issues which might arise in formulating policy for new health occupations. Its particular focus is on nurse practitioners and physicians' assistants and their treatment under potential national health insurance arrangements. The development and expansion of these occupations are described, as is the evidence on their performance with respect to the quality of medical care provided, the impact on the cost of such care, and changes in access to care. We then discuss several issues which might arise in the context of national health insurance legislation, including reimbursement rates and methods, certification and licensure, training subsidies, deployment incentives, and compatibility with an increased supply of physicians.     

Privacy and the precautionary principle

The precautionary principle – which implies that where there are threats of serious or irreversible damage, lack of full scientific certainty shall not be used as a reason for postponing protective measures – has been adopted as a standard of environmental and health protection in international and European legislation. This article offers an overview of the precautionary principle as a legal standard applicable to European privacy and data protection legislation. For this reason, it takes particularly into account the guidelines of this legislation as well as the privacy impact assessment framework, raised by the European Commission through the Recommendation on Radio-Frequency Identification applications. In brief, the article stresses the role of the precautionary principle in improving privacy protection through liability, prudence and transparency.     

Data registers in respiratory medicine: a pilot project evaluating compliance with privacy laws and the National Statement on Ethical Conduct in Research Involving Humans

This article reports on data from a small pilot survey evaluating the compliance of voluntary databases in respiratory medicine with privacy laws and the National Health and Medical Research Council's National Statement on Ethical Conduct in Research Involving Humans. The increasing complexity of privacy law, including the recent private sector amendments, creates many challenges for database administrators. The impact of privacy laws upon voluntary or non-statutory databases, and upon doctors reporting patient data to such databases, is far from straightforward. The article suggests way in which the law might be adapted in order to better facilitate the role of voluntary data registers in health research and public health surveillance, while still protecting the privacy of patient information. The article also briefly considers how database administrators might "future-proof" their existing data holdings to ensure compliance with legal and ethical standards.     

Abortion in Australia: access versus protest

Currently in Australia anti-choice protesters' right to freedom of speech and freedom to protest is privileged over a woman's right to privacy and to access a health service safely, free from harassment, intimidation and obstruction. This article considers how this situation is played out daily at one Victorian abortion-providing clinic. The Fertility Control Clinic was thrown into the spotlight after the murder of its security guard by an anti-choice crusader in July 2001. Australian common law appears not to offer women protection from anti-choice protesters. By contrast, United States and Canadian "bubble" legislation sits comfortably with key constitutional rights. It would be a useful development if Australian governments passed legislation to ensure the rights, wellbeing and safety of Australian women accessing health services. Such legislation would be another step away from the misogynistic and androcentric values once central to our legislative framework.     

网络时代的隐私权──兼论美国和欧盟网络隐私权保护规则及其对我国的启示

随着网络和信息技术的快速发展,网络上的个人隐私权正在被严重地侵害,面对这种侵害,各国都致力于建立完善的网络隐私权法律保护体系。从比较研究的角度讨论美国和欧盟的网络隐私权立法保护模式和规则,并对我国网络隐私权的保护提出立法建议。     

Internet of Things – New security and privacy challenges

The Internet of Things, an emerging global Internet-based technical architecture facilitating the exchange of goods and services in global supply chain networks has an impact on the security and privacy of the involved stakeholders. Measures ensuring the architecture's resilience to attacks, data authentication, access control and client privacy need to be established. An adequate legal framework must take the underlying technology into account and would best be established by an international legislator, which is supplemented by the private sector according to specific needs and thereby becomes easily adjustable. The contents of the respective legislation must encompass the right to information, provisions prohibiting or restricting the use of mechanisms of the Internet of Things, rules on IT-security-legislation, provisions supporting the use of mechanisms of the Internet of Things and the establishment of a task force doing research on the legal challenges of the IoT.     

Altered states: state health privacy laws and the impact of the Federal Health Privacy Rule

Although the Federal Health Privacy Rule has evened out some of the inconsistencies between states' health privacy laws, gaps in protection still remain. Furthermore, the Federal Rule contains some lax standards for the disclosure of health information. State laws can play a vital role in filling these gaps and strengthening the protections afforded health information. By enacting legislation that has higher privacy-protective standards than the Federal Health Privacy Rule, states can play three important roles. First, because they can directly regulate entities that are beyond HHS's mandate, states can afford their citizens a broader degree of privacy protection than the Federal Health Privacy Rule. Second, by having state health privacy laws, states can enforce privacy protections at the local level. Finally, action by the states can positively influence health privacy policies at the federal level by raising the standard as to what constitutes sufficient privacy protection. High privacy protections imposed by states may serve as the standard for comprehensive federal legislation, if and when Congress reconsiders the issue. So far, states' reactions to the Federal Privacy Rule have been mixed. Only time will tell whether states will assume the mantle of leadership on health privacy or relinquish their role as the primary protectors of health information.     

AIDS: the first decade.

AIDS has had a profound effect on society and the workplace and has raised legal and social problems for which society was not prepared. This article will chronicle the evolution of federal, state and local law concerning AIDS and the workplace. Although there are some clear-cut answers and guidelines that address the relationship of employer and employee to the AIDS epidemic, current legislation and enforcement of those laws does not adequately address the AIDS victim as a handicapped individual. Emphasis is also placed on the problems peculiar to the health care industry, the constitutionality of present legislation, and the AIDS victim's right to privacy versus the employer's need to know. Finally, some practical solutions and guidelines will be presented that will help the employer deal with the AIDS victim and his or her co-worker.     

The evolution of computer/privacy concerns: Access to government information held in the balance∗

Computers are a mainstay of most record systems at virtually all levels of government. The vast accumulation of personal information by governments has raised concerns about the erosion of personal privacy caused by the speed and efficiency of computers. For more than 30 years, realistic and sometimes exaggerated concerns about the proper role of computers in society have driven the public policy debate, resulting in a raft of legislation designed to protect the privacy of individuals about whom government keeps records.

But these computer /privacy concerns threaten legitimate public and media access to government records. The dangers to access were underscored by the Supreme Court in a holding that publicly available records regained privacy interests when drawn together in a centralized government computer. In other words, the form in which records were kept rather than their content could control access.

This article suggests that understanding the origin and context of the computer /privacy conflict will better prepare access proponents to deal with attempts to curtail legitimate access to government information because of privacy concerns.     

Medical Marijuana Registries: A Painful Choice?

Though the medical use of marijuana is legal in thirty-three states, it remains illegal under the federal Controlled Substances Act. Any marijuana use can subject individuals to severe criminal and civil penalties under federal law. States that condition patient access and treatment on registration in a state database impose real risks on their citizens. Although many scholars have written about the tension between federal and state treatment of marijuana, this is the first article to examine marijuana patient registry privacy and fundamental rights issues. This article first reviews the relationship between marijuana use and patient treatment, with a focus on health-care and privacy rights under state and federal law. The article then explains how marijuana registries compare to broader patient registries, such as contagious disease and other medical condition patient registries, and the unique issues presented by marijuana patient registries. It then discusses the elevated risk to constitutional, privacy, and fundamental rights that may result if states do not carefully construct marijuana registries. The article concludes by proposing principles for how both states and dispensaries should approach marijuana registries in order to provide health benefits and avoid harm to patients.     

The "GeneTrustee": a universal identification system that ensures privacy and confidentiality for human genetic databases

This article describes a generic model for access to samples and information in human genetic databases. The model utilises a "GeneTrustee", a third-party intermediary independent of the subjects and of the investigators or database custodians. The GeneTrustee model has been implemented successfully in various community genetics screening programs and has facilitated research access to genetic databases while protecting the privacy and confidentiality of research subjects. The GeneTrustee model could also be applied to various types of non-conventional genetic databases, including neonatal screening Guthrie card collections, and to forensic DNA samples.     

Rules of agency practice and procedure concerning OSHA access to employee medical records. The Occupational Safety and Health Administration of the United States Department of Labor (OSHA). Final rule

These rules of agency practice and procedure, promulgated today as a new 29 CFR 1913.10, govern OSHA access to personally identifiable employee medical information contained in medical records. The rules are structured to protect the substantial personal privacy interests inherent in identifiable medical records, while also permit OSHA to make beneficial use of these records for proper occupational safety and health purposes. The rules regulate the manner in which OSHA will seek access to employee medical records, and how the medical information will be protected once in the agency's possession.     

The most personal information of all: an appraisal of genetic privacy in the shadow of the Human Genome Project

The advent of genetics and genetic testing has given rise to unique problems for the family. The discovery of a predisposition to a genetic condition in one individual also reveals information about the genetic make-up and potential risks of family members. There is, therefore, potential for conflict over access to and control of such information. Traditionally the duty of confidentiality owed by a health care professional to a patient has provided an appropriate means by which personal health information has been kept secured. It is not clear, however, that the problems which surrounds genetic information in the familial milieu can be adequately dealt with using confidentiality. This article examines these problems and argues for the value of an appeal to the concept of privacy in seeking to resolve some of the more intractable issues.     

论数据使用保护的国际知识产权制度

商业组织在全球范围内使用数据获得法律保护是数据经济进一步发展的基石。对数据使用的知识产权保护意味着保护“数据”的各种外在呈现形式,尤其是数据集合。数据经营者对数据经济的贡献、数据主权和数字人权带来的现实障碍提出了迫切要求。以德国、美国和日本为代表的主要国家对数据使用保护进行的知识产权立法为数据跨境流动相关制度研究提供了基础。世界贸易组织、世界知识产权组织以及欧盟对数据使用提供了现实保护,但是现有国际法律制度无法对大量存在的非独创性数据集合提供充分保护。其原因包括各国发展水平不一致、数据主权和个人数据保护受到更多关注、国际法碎片化发展趋势等。对此,应在数据相关制度和实践中坚持促进数据使用为指导原则;在TRIPs体系内构建非独创性数据集合制度,该制度在保护数据集合专有权的同时应注重平衡个人数据保护、数据主权和公众信息获取权。立足中国参与全球数据治理现状,中国应在著作权法体系下构建非独创性数据集合有限排他权,并完善相关立法和实施以促进跨境数据流动。