Trustworthy shared electronic health records: recordkeeping requirements and HealthConnect

HealthConnect is a proposed national electronic health record system, centred on electronic health event summaries, that capture all health encounters of those patients and health care professionals who "opt in" to the system. This article reports on key findings of an analysis of HealthConnect's data principles, systems and business architecture, from a records continuum perspective, and from recordkeeping requirements of reliability and authenticity. It concludes that HealthConnect lacks critical recordkeeping functionality and that inadequate policy with regard to ownership, consent and privacy impacts on the business and systems architecture, and consequently its ability to deliver trustworthy records.     

HealthConnect and the duty of care: a dilemma for medical practitioners

This article asks whether medical practitioners' duty of care to their patients will encompass participation in the HealthConnect shared electronic records initiative. Medico-legal aspects of the HeathConnect scheme relating to the nature of shared electronic health record summaries (SEHRS) are examined, focusing on their function as an element of patient care and their ultimate purpose. The analysis is based on the premise that an incomplete and hence inaccurate shared electronic health record summary is clinically and legally more perilous than no record at all.     

Ethical issues in HealthConnect's shared electronic health record system

Many countries are in the process of implementing systems of shared electronic health records. This article explores some of the ethical concerns raised by Australia's proposed HealthConnect system which aims to create electronic event summaries of health information. Three areas of ethical concern relating to confidentiality, consent and the involvement of the private sector are examined. It is argued that unless the HealthConnect system is firmly grounded in policy based on ethical considerations, patients may not want to "opt in" to it.     

The need to know versus the right to know: privacy of patient medical data in an information-based society

"Whatever, in connection with my professional practice, or not in connection with it, I see or hear, in the life of men, which ought not to be spoken of abroad, I will not divulge, as reckoning that all such should be kept secret."(1) "Safeguards to privacy in individual health care information are imperative to preserve the health care delivery relationship and the integrity of the patient record."(2) As early as the fourth and fifth centuries B.C., Hippocrates contemplated the importance of medical information to the care and treatment of patients. His oath suggests that privacy of a patient's medical information creates the foundation upon which a patient reposes trust in his or her physician. While defining the earliest version of the physician-patient privilege, the oath does not envision the extent of modern day access to healthcare information. A patient's relationship with the modern healthcare delivery system often includes a team of physicians, nurses, and other clinical support personnel. This relationship extends beyond direct caregivers and may include healthcare administrators, payor organizations, and persons unfamiliar with a patient's identity, such as researchers and public health officials. Accessing a patient's medical information links these participants to the patient's healthcare delivery relationship. The Hippocratic Oath does not contemplate such broad access, nor does it contemplate the emerging privacy crisis resulting from the application of computer technology to medical record storage and retrieval. The combination of broad access, individual privacy rights, and computer technology requires a rethinking of measures designed to protect the realities of the modern medical information society.     

Protecting health information privacy in research: what's an ethics committee like yours doing in a job like this?

The Commonwealth and State legislation designed to protect the privacy of personal health information has attracted the criticism that the constraints imposed on the use of the information in research obstructs that research. A central and common feature of the legislation is the reliance upon the review by human research ethics committees of research that proposes to use personal health information for research without prior consent from those whose information it is. The origins of this reliance are explored and explained and it is suggested that this has proved to be an inappropriate policy choice. The extension of the reliance is then described and the conceptual, procedural, workload and structural consequences of requiring these voluntary committees to conform to legislative standards of review of issues of the public interest are critically examined. In recent reviews of the Commonwealth legislation, there is recognition of the underlying uncertainty as to the appropriate balance between protection of personal privacy and the promotion of beneficial research. In the further exploration of these matters that those reviews recommended, a close and critical examination of the wisdom of continuing to rely on ethics committees is needed.     

论个人信用体系建设中对隐私权的法律保护

现代社会日益发展成为信用经济社会。因此,个人信用体系建设的重要性逐渐凸显出来。个人信用体系运营围绕的核心就在于个人的信用信息,而这无时不与个人的隐私相联系,进而牵涉到个人的隐私权保护问题。针对此问题,本文从信用记录的原则、范围、使用规定及个人信用记录的维护等方面提出了在个人信用体系建设立法中对个人隐私权保护的措施。     

Electronic health record: Wiring Europe’s healthcare

The European Commission wants to boost the digital economy by enabling all Europeans to have access to online medical records anywhere in Europe by 2020. With the newly enacted Directive 2011/24/EU on patients’ rights in cross-border healthcare due for implementation by 2013, it is inevitable that a centralised European health record system will become a reality even before 2020. However, the concept of a centralised supranational central server raises concern about storing electronic medical records in a central location. The privacy threat posed by a supranational network is a key concern. Cross-border and Interoperable electronic health record systems make confidential data more easily and rapidly accessible to a wider audience and increase the risk that personal data concerning health could be accidentally exposed or easily distributed to unauthorised parties by enabling greater access to a compilation of the personal data concerning health, from different sources, and throughout a lifetime.     

Pondering personal privacy: a pragmatic approach to the Fourth Amendment protection of privacy in the information age

As technology with surveillance capacities has advanced, the debate over the rights of the citizenry to be free from governmental breaches of personal privacy has intensified. Within the United States, government actions legally challenged as intrusions into personal privacy have been analyzed under the Fourth Amendment, but Supreme Court rulings in such cases lack a clear and consistent rationale. Additionally, while more than a dozen federal privacy statutes have been enacted, each piece of legislation pertains to a specific type of information (e.g. driver’s license information, education records, and financial records). There is no overarching federal legislation which protects the individual’s private affairs from warrantless government inspection. A key issue underlying the scope of the debate and the variation in court decisions and public policies pertinent to invasions of privacy by government agencies is the lack of a clear and cogent definition of ‘privacy.’ By means of a review of the evolution of legal protections of privacy under the Fourth Amendment and a review of the evolution of technology with surveillance applications, it is suggested that there is a need for a sound operational definition of privacy. As a starting point for an informed and pragmatic dialogue on this matter, an operational definition of privacy built upon extant case and statutory law is provided.     

Altered states: state health privacy laws and the impact of the Federal Health Privacy Rule

Although the Federal Health Privacy Rule has evened out some of the inconsistencies between states' health privacy laws, gaps in protection still remain. Furthermore, the Federal Rule contains some lax standards for the disclosure of health information. State laws can play a vital role in filling these gaps and strengthening the protections afforded health information. By enacting legislation that has higher privacy-protective standards than the Federal Health Privacy Rule, states can play three important roles. First, because they can directly regulate entities that are beyond HHS's mandate, states can afford their citizens a broader degree of privacy protection than the Federal Health Privacy Rule. Second, by having state health privacy laws, states can enforce privacy protections at the local level. Finally, action by the states can positively influence health privacy policies at the federal level by raising the standard as to what constitutes sufficient privacy protection. High privacy protections imposed by states may serve as the standard for comprehensive federal legislation, if and when Congress reconsiders the issue. So far, states' reactions to the Federal Privacy Rule have been mixed. Only time will tell whether states will assume the mantle of leadership on health privacy or relinquish their role as the primary protectors of health information.     

个人健康医疗信息和隐私权保护

Personal health care and medical treatment information are both personal information which can be used as a sign to identify each individual. Such information shall be under the control of the owner. The comprehensiveness of personal health care and medical treatment information makes it more valuable than the simplex personal information. The controlling right of personal health care and medical treatment information is irretrievable once deprived. The rights of controlling, managing and using regarding personal health care and medical treatment information can be separated appropriately. The right of privacy is an independent personality right. For the protection of public interests, the right of personal privacy shall be appropriately limited. Meanwhile, the government shall be responsible for the protection of personal health care and medical treatment information. Tang Xiaotian is a professor and supervisor in charge of the development and planning division of Shanghai University of Political Science and Law, and deputy General Secretary-in-chief of the Society of Law of Shanghai, whose main studies is focused on victim science, criminal law and criminology. Till now, he has 8 monographs and over 90 articles published in academic journals.     

Privacy and research involving humans

Human research ethics committees in Australia are required to consider compliance with privacy law as an element of the ethics of research. Recent legislation has introduced federal private sector privacy protection, as well as privacy protection at State and Territory levels. In Victoria, which is used as an example in this article, State privacy legislation covers public sector information and health records. This article considers the implications for research involving human participants and for ethics committees of the new privacy regimes. Although privacy law is a potential barrier to research about humans, the need for exceptions has been dealt with effectively in the context of medical or health research. However, privacy law and its chilling effect could potentially be a serious impediment to some forms of non-health-related research, such as social and socio-legal research.     

The proposed changes to the final privacy rule suggest a disturbing reduction in an individual's ability to exercise a right to healthcare privacy

The author contends that, in eliminating HIPAA's mandatory consent requirement, which is the initial step in the patient's Patient Consent exercise of the right to health information privacy, DHHS has turned its back on privacy protection. She posits that the proposed change is the result of a disturbing focus on an elimination of the industry's administrative burdens, rather than on the protection of patient healthcare information. The article concludes that elimination of the consent requirement is a step backwards in the arena of personal privacy.     

Standards for privacy of individually identifiable health information. Office of the Assistant Secretary for Planning and Evaluation, DHHS. Final rule

This rule includes standards to protect the privacy of individually identifiable health information. The rules below, which apply to health plans, health care clearinghouses, and certain health care providers, present standards with respect to the rights of individuals who are the subjects of this information, procedures for the exercise of those rights, and the authorized and required uses and disclosures of this information. The use of these standards will improve the efficiency and effectiveness of public and private health programs and health care services by providing enhanced protections for individually identifiable health information. These protections will begin to address growing public concerns that advances in electronic technology and evolution in the health care industry are resulting, or may result in, a substantial erosion of the privacy surrounding individually identifiable health information maintained by health care providers, health plans and their administrative contractors. This rule implements the privacy requirements of the Administrative Simplification subtitle of the Health Insurance Portability and Accountability Act of 1996.     

Standards for privacy of individually identifiable health information. Office of the Assistant Secretary for Planning and Evaluation, DHHS. Proposed rule

This rule proposes standards to protect the privacy of individually identifiable health information maintained or transmitted in connection with certain administrative and financial transactions. The rules proposed below, which would apply to health plans, health care clearinghouses, and certain health care providers, propose standards with respect to the rights individuals who are the subject of this information should have, procedures for the exercise of those rights, and the authorized and required uses and disclosures of this information. The use of these standards would improve the efficiency and effectiveness of public and private health programs and health care services by providing enhanced protections for individually identifiable health information. These protections would begin to address growing public concerns that advances in electronic technology in the health care industry are resulting, or may result, in a substantial erosion of the privacy surrounding individually identifiable health information maintained by health care providers, health plans and their administrative contractors. This rule would implement the privacy requirements of the Administrative Simplification subtitle of the Health Insurance Portability and Accountability Act of 1996.     

The principle of security safeguards: Unauthorized activities

The principle of information security safeguards is a key information privacy principle contained in every privacy legislation measure, framework, and guideline. This principle requires data controllers to use an adequate level of safeguards before processing personal information. However, privacy literature neither explains what this adequate level is nor how to achieve it. Hence, a knowledge gap has been created between privacy advocates and data controllers who are responsible for providing adequate protection. This paper takes a step toward bridging this knowledge gap by presenting an analysis of how Data Protection and Privacy Commissioners have evaluated the adequacy level of security protection measures given to personal information in selected privacy invasive cases. This study addresses both security measures used to protect personal information against unauthorized activities and the use of personal information in authentication mechanisms. This analysis also lays a foundation for building a set of guidelines that can be used by data controllers for designing, implementing, and operating both technological and organizational measures used to protect personal information.     

Data integration in IoT ecosystem: Information linkage as a privacy threat

Internet of things (IoT) is changing the way data is collected and processed. The scale and variety of devices, communication networks, and protocols involved in data collection present critical challenges for data processing and analyses. Newer and more sophisticated methods for data integration and aggregation are required to enhance the value of real-time and historical IoT data. Moreover, the pervasive nature of IoT data presents a number of privacy threats because of intermediate data processing steps, including data acquisition, data aggregation, fusion and integration. User profiling and record linkage are well studied topics in online social networks (OSNs); however, these have become more critical in IoT applications where different systems share and integrate data and information. The proposed study aims to discuss the privacy threat of information linkage, technical and legal approaches to address it in a heterogeneous IoT ecosystem. The paper illustrates and explains information linkage during the process of data integration in a smart neighbourhood scenario. Through this work, the authors aim to enable a technical and legal framework to ensure stakeholders awareness and protection of subjects about privacy breaches due to information linkage.     

The NHS Information Revolution: ‘Choice of Control’ to ‘Choice’ and ‘Control’

This paper provides a novel and critical analysis of the necessary and important balance between ‘individual privacy’ and ‘collective transparency’. We suggest that the onset of the Information Revolution has created a dilemma for the National Health Service (NHS) in terms of how it addresses its obligation to use information to improve best practice in healthcare for society (‘collective transparency’) whilst also keeping sensitive personal information confidential (‘individual privacy’). There is clearly a need to consider both whether the NHS is balancing this critically important informational relationship and whether its approach is fit for purpose. We argue that the NHS's ‘proxy-individual’ information guardian role could inadvertently mask individuals' intended roles, effectively circumventing autonomy-based laws by limiting the power of individuals to be autonomous. In this article we have identified three issues – first the prevailing ‘Mindset’ (the ‘M’) of ‘privacy’, which is viewed as individualistic, resulting in an overpowering concept of confidentiality; second, the quality and control of Information (the first ‘I’); and third, the concept of innovation (the second ‘i’), which is being used as a ‘solution’ rather than a vehicle for transparency. Indeed, transparency is our target of ‘best practice,’ and we suggest that individual privacy and collective transparency are best embedded within a complementary privacy framework that offers a better fit than the current split of control between the roles of the NHS and the roles of the individual. It is suggested that when facilitated by transparency, ‘control’ and ‘privacy’ form a continuum, aligning through the desire for choice. Therefore, the choice of control could facilitate control and choice. Together, they could replace the concept of privacy by empowering ‘informed patients’ to support the NHS's ‘No decision about me, without me’ pledge.     

Blood rights: the body and information privacy

Genetic and other medical technology makes blood, human tissue and other bodily samples an immediate and accessible source of comprehensive personal and health information about individuals. Yet, unlike medical records, bodily samples are not subject to effective privacy protection or other regulation to ensure that individuals have rights to control the collection, use and transfer of such samples. This article examines the existing coverage of privacy legislation, arguments in favour of baseline protection for bodily samples as sources of information and possible approaches to new regulation protecting individual privacy rights in bodily samples.     

Britain's smart meter programme: A case study in privacy by design

Following requirements in the 1996 EU Energy Efficiency Directive, member states are developing programmes to encourage the installation of ‘smart’ power meters that record much larger quantities of data about power usage than traditional meters. These data can reveal a great deal of information about individual household activity, leading privacy regulators to call for privacy to be ‘designed in’ to these systems. The British smart metering programme has given some attention to this privacy by design process. This article assesses its effectiveness in this case, using documentary analysis, participant observation, and follow-up interviews with a range of stakeholders. It finds that decisions made early in the British programme had negative privacy impacts that have only been partially remedied by the later development of detailed rules on the processing of smart meter data by energy suppliers and distributors. The article also considers broader lessons for the privacy by design approach.     

论侵犯患者隐私权的法律责任

患者隐私权是应当受到保护的一种人格权利,但在医疗和医学教学活动中侵犯患者隐私权的事件时有发生,以至于患者和医护人员对簿公堂,因此对患者隐私权予以法律保护具有重要意义。在医疗活动和医学教学活动中,如何保护患者隐私权、在法律规定上如何将个人隐私权作为一项独立的人格权加以保护,应进行必要的思考和提出相应的对策。