Disentangling privacy from property: toward a deeper understanding of genetic privacy

With the mapping of the human genome, genetic privacy has become a concern to many. People care about genetic privacy because genes play an important role in shaping us--our genetic information is about us, and it is deeply connected to our sense of ourselves. In addition, unwanted disclosure of our genetic information, like a great deal of other personal information, makes us vulnerable to unwanted exposure, stigmatization, and discrimination. One recent approach to protecting genetic privacy is to create property rights in genetic information. This Article argues against that approach. Privacy and property are fundamentally different concepts. At heart, the term "property" connotes control within the marketplace and over something that is disaggregated or alienable from the self. "Privacy," in contrast, connotes control over access to the self as well as things close to, intimately connected to, and about the self. Given these different meanings, a regime of property rights in genetic information would impoverish our understanding of that information, ourselves, and the relationships we hope will be built around and through its disclosure. This Article explores our interests in genetic information in order to deepen our understanding of the ongoing discourse about the distinction between property and privacy. It develops a conception of genetic privacy with a strong relational component. We ordinarily share genetic information in the context of relationships in which disclosure is important to the relationship--family, intimate, doctor-patient, researcher-participant, employer-employee, and insurer-insured relationships. Such disclosure makes us vulnerable to and dependent on the person to whom we disclose it. As a result, trust is essential to the integrity of these relationships and our sharing of genetic information. Genetic privacy can protect our vulnerability in these relationships and enhance the trust we hope to have in them. Property, in contrast, by connoting commodification, disaggregation, and arms-length dealings, can negatively affect the self and harm these relationships. This Article concludes that a deeper understanding of genetic privacy calls for remedies for privacy violations that address dignitary harm and breach of trust, as opposed to market harms, as the property model suggests.     

Privacy and research involving humans

Human research ethics committees in Australia are required to consider compliance with privacy law as an element of the ethics of research. Recent legislation has introduced federal private sector privacy protection, as well as privacy protection at State and Territory levels. In Victoria, which is used as an example in this article, State privacy legislation covers public sector information and health records. This article considers the implications for research involving human participants and for ethics committees of the new privacy regimes. Although privacy law is a potential barrier to research about humans, the need for exceptions has been dealt with effectively in the context of medical or health research. However, privacy law and its chilling effect could potentially be a serious impediment to some forms of non-health-related research, such as social and socio-legal research.     

Blood rights: the body and information privacy

Genetic and other medical technology makes blood, human tissue and other bodily samples an immediate and accessible source of comprehensive personal and health information about individuals. Yet, unlike medical records, bodily samples are not subject to effective privacy protection or other regulation to ensure that individuals have rights to control the collection, use and transfer of such samples. This article examines the existing coverage of privacy legislation, arguments in favour of baseline protection for bodily samples as sources of information and possible approaches to new regulation protecting individual privacy rights in bodily samples.     

Altered states: state health privacy laws and the impact of the Federal Health Privacy Rule

Although the Federal Health Privacy Rule has evened out some of the inconsistencies between states' health privacy laws, gaps in protection still remain. Furthermore, the Federal Rule contains some lax standards for the disclosure of health information. State laws can play a vital role in filling these gaps and strengthening the protections afforded health information. By enacting legislation that has higher privacy-protective standards than the Federal Health Privacy Rule, states can play three important roles. First, because they can directly regulate entities that are beyond HHS's mandate, states can afford their citizens a broader degree of privacy protection than the Federal Health Privacy Rule. Second, by having state health privacy laws, states can enforce privacy protections at the local level. Finally, action by the states can positively influence health privacy policies at the federal level by raising the standard as to what constitutes sufficient privacy protection. High privacy protections imposed by states may serve as the standard for comprehensive federal legislation, if and when Congress reconsiders the issue. So far, states' reactions to the Federal Privacy Rule have been mixed. Only time will tell whether states will assume the mantle of leadership on health privacy or relinquish their role as the primary protectors of health information.     

Standards for privacy of individually identifiable health information. Office of the Assistant Secretary for Planning and Evaluation, DHHS. Final rule

This rule includes standards to protect the privacy of individually identifiable health information. The rules below, which apply to health plans, health care clearinghouses, and certain health care providers, present standards with respect to the rights of individuals who are the subjects of this information, procedures for the exercise of those rights, and the authorized and required uses and disclosures of this information. The use of these standards will improve the efficiency and effectiveness of public and private health programs and health care services by providing enhanced protections for individually identifiable health information. These protections will begin to address growing public concerns that advances in electronic technology and evolution in the health care industry are resulting, or may result in, a substantial erosion of the privacy surrounding individually identifiable health information maintained by health care providers, health plans and their administrative contractors. This rule implements the privacy requirements of the Administrative Simplification subtitle of the Health Insurance Portability and Accountability Act of 1996.     

加强信访信息研究

随着医疗卫生体制改革不断向深层次推进，医患关系一直是我县人民群众关注的焦点。从目前我县医疗卫生行业状况来看，医患关系一直处在较为紧张与敏感的状态。我县卫生系统每年都有大量的信访投诉，其中蕴藏着丰富的信息资源。本文把近年我县卫生信访信息作为调研对象，从中发现我县卫生工作的盲区和弱点，进而针对性地提出防范和减少卫生信访提出针对性的建议。     

Standards for privacy of individually identifiable health information. Office of the Assistant Secretary for Planning and Evaluation, DHHS. Proposed rule

This rule proposes standards to protect the privacy of individually identifiable health information maintained or transmitted in connection with certain administrative and financial transactions. The rules proposed below, which would apply to health plans, health care clearinghouses, and certain health care providers, propose standards with respect to the rights individuals who are the subject of this information should have, procedures for the exercise of those rights, and the authorized and required uses and disclosures of this information. The use of these standards would improve the efficiency and effectiveness of public and private health programs and health care services by providing enhanced protections for individually identifiable health information. These protections would begin to address growing public concerns that advances in electronic technology in the health care industry are resulting, or may result, in a substantial erosion of the privacy surrounding individually identifiable health information maintained by health care providers, health plans and their administrative contractors. This rule would implement the privacy requirements of the Administrative Simplification subtitle of the Health Insurance Portability and Accountability Act of 1996.     

The evolution of computer/privacy concerns: Access to government information held in the balance∗

Computers are a mainstay of most record systems at virtually all levels of government. The vast accumulation of personal information by governments has raised concerns about the erosion of personal privacy caused by the speed and efficiency of computers. For more than 30 years, realistic and sometimes exaggerated concerns about the proper role of computers in society have driven the public policy debate, resulting in a raft of legislation designed to protect the privacy of individuals about whom government keeps records.

But these computer /privacy concerns threaten legitimate public and media access to government records. The dangers to access were underscored by the Supreme Court in a holding that publicly available records regained privacy interests when drawn together in a centralized government computer. In other words, the form in which records were kept rather than their content could control access.

This article suggests that understanding the origin and context of the computer /privacy conflict will better prepare access proponents to deal with attempts to curtail legitimate access to government information because of privacy concerns.     

HealthConnect and privacy: a policy conundrum

A shared electronic health record is intrinsically privacy-invasive because it creates a comprehensive record for information-sharing. The author explains the significance of information privacy and why it is that health information warrants special protection. She also provides an overview of the existing regulatory framework and an evaluation of suggested options and proposals for addressing privacy-related issues. Her analysis of suggested consent models suggests that they ultimately involve a trade-off between privacy and the broader benefits promised by HealthConnect and that obtaining the right balance is essential if HealthConnect is to achieve optimal health outcomes.     

Review of employee privacy issues: Implications for law enforcement and other public and private sector agencies

It has been predicted that the number of lawsuits filed for workplace privacy violations will increase over the next few years primarily because of advances in technological innovations and a change in how workplace privacy is defined. This could have implications for law enforcement agencies as well as other public and private sector agencies. This article examines current interpretations of workplace privacy both in the public and private sectors and how courts have traditionally ruled on various types of privacy issues.     

The retention of personal information online: A call for international regulation of privacy law

New technologies permit online businesses to reduce expenses and increase efficiency by, for example, storing information in “the cloud”, engaging in online tracking and targeted advertising, location and tracking technologies, and biometrics. However, the potential for technology to facilitate long term retention of customers' personal information raises concerns about the competing right of individuals to the privacy of their personal information. Although the European Commission has recently released a proposal for regulation to “provide a data subject with the right to be forgotten and to erasure”, neither the OECD Privacy Guidelines nor the APEC Privacy Framework includes any requirement to delete personal information. While New Zealand includes a “limited retention principle” in the Privacy Act 1993, apart from one limited exception the privacy principles cannot be enforced in court. Taking New Zealand privacy law as an example, this paper examines the issue of retention of customer data, explains why this is a serious problem and argues that although it could be addressed by appropriate amendments to domestic laws, domestic privacy legislation may not be sufficient in an online environment. In the same way as other areas of law, such as the intellectual property regime, have turned to global regulatory standards which reflect the international nature of their subject matter, international privacy regulation should be the next stage for the information privacy regime.     

论公共摄像监视——以隐私权为中心

目前，在公共空间实施摄像监视已日益普遍。如何看待公共空间中摄像头“注视”之下的个人隐私权并予以相应保护，我国现有的立法尚未予以足够关注，司法上亦采取较为保守的态度。事实上，个人身处公共空间，亦有其隐私利益存在。因为隐私并不仅仅是他人头脑中关于人们自身信息的某种缺失，而更多的是，人们对于自身信息的控制。摄像头长时间地有计划地有目的地注视，不同于路人偶然无意识的一瞥，它将使人们因此而丧失对自身信息的选择暴露权和控制权，从而导致个人在公共空间的某些隐私利益的丧失。鉴于此，我们认为有必要从立法上和司法上规范公共摄像监视行为，捍卫人们在公共空间中的必要的隐私利益，维护人们在公共空间中的个性正义。     

The most personal information of all: an appraisal of genetic privacy in the shadow of the Human Genome Project

The advent of genetics and genetic testing has given rise to unique problems for the family. The discovery of a predisposition to a genetic condition in one individual also reveals information about the genetic make-up and potential risks of family members. There is, therefore, potential for conflict over access to and control of such information. Traditionally the duty of confidentiality owed by a health care professional to a patient has provided an appropriate means by which personal health information has been kept secured. It is not clear, however, that the problems which surrounds genetic information in the familial milieu can be adequately dealt with using confidentiality. This article examines these problems and argues for the value of an appeal to the concept of privacy in seeking to resolve some of the more intractable issues.     

隐私的价值独特性:个人信息为何应受保护?

要想准确理解已经开始施行的《个人信息保护法》,就必须恰当回答“个人信息为何值得保护”的问题,而这个问题的答案经常与“隐私”的价值关联在一起。但是,对隐私的理解,主要被一种“隐私并不具备独特价值”的化约论所统治;因此,只有击败化约论,才能最终证明隐私的价值独特性,也才能最终说明隐私为何值得保护。击败隐私化约论最主要的理由是,如果认为隐私不具备价值独特性,那么对任何特定个体而言,就只能提供“我是我”的对待,而这种对待将会带来贬损、甚至否认“我是人”的结果,这将会严重损害人的尊严。     

The proposed changes to the final privacy rule suggest a disturbing reduction in an individual's ability to exercise a right to healthcare privacy

The author contends that, in eliminating HIPAA's mandatory consent requirement, which is the initial step in the patient's Patient Consent exercise of the right to health information privacy, DHHS has turned its back on privacy protection. She posits that the proposed change is the result of a disturbing focus on an elimination of the industry's administrative burdens, rather than on the protection of patient healthcare information. The article concludes that elimination of the consent requirement is a step backwards in the arena of personal privacy.     

个人健康医疗信息和隐私权保护

Personal health care and medical treatment information are both personal information which can be used as a sign to identify each individual. Such information shall be under the control of the owner. The comprehensiveness of personal health care and medical treatment information makes it more valuable than the simplex personal information. The controlling right of personal health care and medical treatment information is irretrievable once deprived. The rights of controlling, managing and using regarding personal health care and medical treatment information can be separated appropriately. The right of privacy is an independent personality right. For the protection of public interests, the right of personal privacy shall be appropriately limited. Meanwhile, the government shall be responsible for the protection of personal health care and medical treatment information. Tang Xiaotian is a professor and supervisor in charge of the development and planning division of Shanghai University of Political Science and Law, and deputy General Secretary-in-chief of the Society of Law of Shanghai, whose main studies is focused on victim science, criminal law and criminology. Till now, he has 8 monographs and over 90 articles published in academic journals.     

Profiling the mobile customer – Is industry self-regulation adequate to protect consumer privacy when behavioural advertisers target mobile phones? – Part II

Mobile customers are increasingly being tracked and profiled by behavioural advertisers to enhance delivery of personalized advertising. This type of profiling relies on automated processes that mine databases containing personally-identifying or anonymous consumer data, and it raises a host of significant concerns about privacy and data protection. This second article in a two part series on “Profiling the Mobile Customer” explores how to best protect consumers’ privacy and personal data through available mechanisms that include industry self-regulation, privacy-enhancing technologies and legislative reform.¹ It discusses how well privacy and personal data concerns related to consumer profiling are addressed by two leading industry self-regulatory codes from the UK and the U.S. that aim to establish fair information practices for behavioural advertising by their member companies. It also discusses the current limitations of using technology to protect consumers from privacy abuses related to profiling. Concluding that industry self-regulation and available privacy-enhancing technologies will not be adequate to close important privacy gaps related to consumer profiling without legislative reform, it offers suggestions for EU and U.S. regulators about how to do this.²     

浅议医患纠纷形成的背景和原因（上）

近年来,医患纠纷的出现越来越频繁,逐渐成为重要的社会问题之一。对医患纠纷发生的背景和原因进行分析梳理和归纳总结,将有助于人们进一步认识问题和寻找解决路径。医患纠纷形成的背景涉及到政府对卫生经费投入不足、医疗保险和卫生资源分配不均、卫生体制的市场化冲击、社会矛盾凸显期对医患纠纷的影响、新闻媒体对医患纠纷的关注、政府的“维稳”在医患纠纷处理中的负性作用、医学职业的高风险性、当前医务人员自我保护措施对医疗事业的影响等。医患纠纷形成的原因,则包括医疗机构的自我管理和监督、医务人员工作责任心、技术水平、服务态度、行业作风、医患沟通技巧以及患方维权过度、期望过高、诊疗不合作、另有需求等。通过讨论不难发现,医患纠纷形成的背景和原因非常复杂,一桩医患纠纷往往会由多个因素交织在一起而引发,因此医患纠纷的解决是一项具有一定难度和挑战性的社会系统工程。     

Data registers in respiratory medicine: a pilot project evaluating compliance with privacy laws and the National Statement on Ethical Conduct in Research Involving Humans

This article reports on data from a small pilot survey evaluating the compliance of voluntary databases in respiratory medicine with privacy laws and the National Health and Medical Research Council's National Statement on Ethical Conduct in Research Involving Humans. The increasing complexity of privacy law, including the recent private sector amendments, creates many challenges for database administrators. The impact of privacy laws upon voluntary or non-statutory databases, and upon doctors reporting patient data to such databases, is far from straightforward. The article suggests way in which the law might be adapted in order to better facilitate the role of voluntary data registers in health research and public health surveillance, while still protecting the privacy of patient information. The article also briefly considers how database administrators might "future-proof" their existing data holdings to ensure compliance with legal and ethical standards.     

Standards for privacy of individually identifiable health information. Final rule

The Department of Health and Human Services ("HHS' or "Department') modifies certain standards in the Rule entitled "Standards for Privacy of Individually Identifiable Health Information' ("Privacy Rule'). The Privacy Rule implements the privacy requirements of the Administrative Simplification subtitle of the Health Insurance Portability and Accountability Act of 1996. The purpose of these modifications is to maintain strong protections for the privacy of individually identifiable health information while clarifying certain of the Privacy Rule's provisions, addressing the unintended negative effects of the Privacy Rule on health care quality or access to health care, and relieving unintended administrative burdens created by the Privacy Rule.