The priority of privacy for medical information

Social Philosophy and Policy

Volumn 17, Issue 2, 2000, Pages 213-233

  Decew, Judith Wagner ^a  

^a NONE

Author keywords

[No Author keywords available]

Indexed keywords

EID: 0011255775     PISSN: 02650525     EISSN: None     Source Type: Journal    
DOI: 10.1017/s026505250000217x     Document Type: Article

References (49)

1. For a full defense of this view, see Judith Wagner DeCew, In Pursuit of Privacy: Law, Ethics, and the Rise of Technology (Ithaca, NY: Cornell University Press, 1997).
2. Michael Rigby, Ian Hamilton, and Ronald Draper, "Finding Ethical Principles and Practical Guidelines for the Controlled Flow of Patient Data" (paper presented at an international conference on "Electronic Patient Records in Medical Practice," Rotterdam, The Netherlands, October 7, 1998).
3. Alan Westin et al., "Health Care Information Privacy: A Survey of the Public and Leaders" (survey conducted for Equifax, Inc., 1993), 23, cited in Lawrence O. Gostin, "Health Information Privacy," Cornell Law Review 80, no. 3 (March 1995): 454.
4. Alan Westin et al., "Health Care Information Privacy: A Survey of the Public and Leaders" (survey conducted for Equifax, Inc., 1993), 23, cited in Lawrence O. Gostin, "Health Information Privacy," Cornell Law Review 80, no. 3 (March 1995): 454.
5. Gostin, "Health Information Privacy," 464-65, footnotes omitted.
6. Ibid., 464.
7. Lawrence O. Gostin, Zita Lazzarini, Verla S. Neslund, and Michael T. Osterholm, "The Public Health Information Infrastructure: A National Review of the Law on Health Information Privacy," Journal of the American Medical Association 275, no. 24 (June 26, 1996): 1921.
8. See James Moor, "Towards a Theory of Privacy in the Information Age," Computers and Society 27, no. 3 (September 1997): 27-32; and Charles Culver, James Moor, William Duerfeldt, Marshall Kapp, and Mark Sullivan, "Privacy," Professional Ethics 3, nos. 3 and 4 (Fall/ Winter 1994): 4-25, for descriptions of the problems and for some general guidelines for establishing privacy protection guidelines.
9. See James Moor, "Towards a Theory of Privacy in the Information Age," Computers and Society 27, no. 3 (September 1997): 27-32; and Charles Culver, James Moor, William Duerfeldt, Marshall Kapp, and Mark Sullivan, "Privacy," Professional Ethics 3, nos. 3 and 4 (Fall/ Winter 1994): 4-25, for descriptions of the problems and for some general guidelines for establishing privacy protection guidelines.
10. In Griswold u. Connecticut, 381 U.S. 479 (1965), the Supreme Court first announced and recognized a constitutional right to privacy when it overturned the convictions of the director of Planned Parenthood in Connecticut and a physician from Yale Medical School who violated a statute that banned the disbursement of contraceptive-related information, instruction, and medical advice to married persons. This privacy right, in some ways distinct from informational-privacy protection in tort and Fourth Amendment law, has since been invoked in a variety of other cases concerning decisions about marriage, family, and lifestyle. For example, it was cited in Loving v. Virginia, 388 U.S. 1 (1967), as a justification for overturning a Virginia statute that banned interracial marriage; in Stanley v. Georgia, 394 U.S. 557 (1969), as a major reason for allowing the possession of obscene matter in one's home; in Eisenstadt v. Baird, 405 U.S. 438 (1972), as a justification to allow the distribution of contraceptives; and in Roe v. Wade, 410 U.S. 113 (1973), as a reason to permit abortions at some points during a pregnancy.
11. See DeCew, In Pursuit of Privacy, 151-52.
12. John Markoff, "Europe's Plans to Protect Privacy Worry Business," New York Times, April 11, 1991, A1; and Larry Tye, "EC May Force New Look at Privacy," Boston Globe, September 7, 1993, 10. An excellent summary of the European approach is supplied in Paul M. Schwartz, "European Data Protection Law and Restrictions on International Data Flows," Iowa Law Review 80, no. 3 (March 1995): 471-96. On the domestic approaches in Germany and Sweden, see Colin J. Bennett, Regulating Privacy: Data Protection and Public Policy in Europe and the United States (Ithaca, NY: Cornell University Press, 1992). See also Charles E. H. Franklin, ed., Business Guide to Privacy and Data Protection Legislation (Dordrecht, Netherlands: Kluwer Law International, 1996), where the Council of Europe's guidelines, the guidelines of the Organisation for Economic Cooperation and Development (OECD), and the laws of several European nations are summarized and explained, with relevant portions translated.
13. John Markoff, "Europe's Plans to Protect Privacy Worry Business," New York Times, April 11, 1991, A1; and Larry Tye, "EC May Force New Look at Privacy," Boston Globe, September 7, 1993, 10. An excellent summary of the European approach is supplied in Paul M. Schwartz, "European Data Protection Law and Restrictions on International Data Flows," Iowa Law Review 80, no. 3 (March 1995): 471-96. On the domestic approaches in Germany and Sweden, see Colin J. Bennett, Regulating Privacy: Data Protection and Public Policy in Europe and the United States (Ithaca, NY: Cornell University Press, 1992). See also Charles E. H. Franklin, ed., Business Guide to Privacy and Data Protection Legislation (Dordrecht, Netherlands: Kluwer Law International, 1996), where the Council of Europe's guidelines, the guidelines of the Organisation for Economic Cooperation and Development (OECD), and the laws of several European nations are summarized and explained, with relevant portions translated.
14. John Markoff, "Europe's Plans to Protect Privacy Worry Business," New York Times, April 11, 1991, A1; and Larry Tye, "EC May Force New Look at Privacy," Boston Globe, September 7, 1993, 10. An excellent summary of the European approach is supplied in Paul M. Schwartz, "European Data Protection Law and Restrictions on International Data Flows," Iowa Law Review 80, no. 3 (March 1995): 471-96. On the domestic approaches in Germany and Sweden, see Colin J. Bennett, Regulating Privacy: Data Protection and Public Policy in Europe and the United States (Ithaca, NY: Cornell University Press, 1992). See also Charles E. H. Franklin, ed., Business Guide to Privacy and Data Protection Legislation (Dordrecht, Netherlands: Kluwer Law International, 1996), where the Council of Europe's guidelines, the guidelines of the Organisation for Economic Cooperation and Development (OECD), and the laws of several European nations are summarized and explained, with relevant portions translated.
15. John Markoff, "Europe's Plans to Protect Privacy Worry Business," New York Times, April 11, 1991, A1; and Larry Tye, "EC May Force New Look at Privacy," Boston Globe, September 7, 1993, 10. An excellent summary of the European approach is supplied in Paul M. Schwartz, "European Data Protection Law and Restrictions on International Data Flows," Iowa Law Review 80, no. 3 (March 1995): 471-96. On the domestic approaches in Germany and Sweden, see Colin J. Bennett, Regulating Privacy: Data Protection and Public Policy in Europe and the United States (Ithaca, NY: Cornell University Press, 1992). See also Charles E. H. Franklin, ed., Business Guide to Privacy and Data Protection Legislation (Dordrecht, Netherlands: Kluwer Law International, 1996), where the Council of Europe's guidelines, the guidelines of the Organisation for Economic Cooperation and Development (OECD), and the laws of several European nations are summarized and explained, with relevant portions translated.
16. John Markoff, "Europe's Plans to Protect Privacy Worry Business," New York Times, April 11, 1991, A1; and Larry Tye, "EC May Force New Look at Privacy," Boston Globe, September 7, 1993, 10. An excellent summary of the European approach is supplied in Paul M. Schwartz, "European Data Protection Law and Restrictions on International Data Flows," Iowa Law Review 80, no. 3 (March 1995): 471-96. On the domestic approaches in Germany and Sweden, see Colin J. Bennett, Regulating Privacy: Data Protection and Public Policy in Europe and the United States (Ithaca, NY: Cornell University Press, 1992). See also Charles E. H. Franklin, ed., Business Guide to Privacy and Data Protection Legislation (Dordrecht, Netherlands: Kluwer Law International, 1996), where the Council of Europe's guidelines, the guidelines of the Organisation for Economic Cooperation and Development (OECD), and the laws of several European nations are summarized and explained, with relevant portions translated.
17. Larry Tye, "No Private Lives: German System Puts a Lid on Data," Boston Globe, September 7, 1993, 1.
18. Ibid., 10.
19. Beverly Woodward, "Intrusion in the Name of 'Simplification,'" Washington Post, August 15, 1996, A19; and "Medical Identifier Hearings to Begin," Boston Globe, July 20, 1998, A5.
20. Beverly Woodward, "Intrusion in the Name of 'Simplification,'" Washington Post, August 15, 1996, A19; and "Medical Identifier Hearings to Begin," Boston Globe, July 20, 1998, A5.
21. Louise D. Palmer, "States Urged to Use Names in HIV Reports," Boston Globe, July 19, 1998, A1.
22. Judy Foreman, "Your Health History - Up for Grabs?" Boston Globe, July 20, 1998, C1.
23. Lawrence O. Gostin, "Making Tradeoffs Between the Collective Good of Human Health and the Individual Good of Personal Privacy" (paper presented at an International conference on "Electronic Patient Records in Medical Practice," Rotterdam, The Netherlands, October 6, 1998).
24. Gostin, "Health Information Privacy," 515-16.
25. Ira Magaziner, remarks made at conference, "ACM Policy '98," Washington D.C., May 10-12, 1998.
26. Palmer, "States Urged to Use Names in HIV Reports," 1.
27. Don E. Detmer and Elaine B. Steen, "Shoring Up Protection of Personal Health Data," Issues in Science and Technology 12, no. 4 (Summer 1996): 76.
28. Marc Rotenberg, e-mail correspondence with author, 1998.
29. DeCew, In Pursuit of Privacy, 159-60.
30. The term "dynamic negotiation" was introduced by Ross E. Mitchell and first appeared in Ross E. Mitchell and Judith Wagner DeCew, "Dynamic Negotiation in the Privacy Wars," Technology Review 97, no. 8 (November/December 1994): 70-71.
31. Such governmental regulation would be unnecessary if the telephone corporations implemented and enforced the system described here. Thus far, there has been no such corporate coordination or cooperation.
32. With traditional mail, people have always had the right, and the ability, to send anonymous correspondence. Delivery of the envelope requires neither that the letter be signed nor that a return address be provided. On the receiving end, people similarly have the right to discard anonymous mail without opening it. If the principles of dynamic negotiation were applied to electronic mail, senders of e-mail would have the option to identify or not identify themselves. Recipients could reject as undeliverable any e-mail with an unidentified sender. The sender would then have the option to retransmit the message, this time with a return address. The users would negotiate among themselves.
33. Detmer and Steen, "Shoring Up Protection of Personal Health Data," 74.
34. These principles echo the European directives. See Michael Rigby, Ian Hamilton, and Ronald Draper, "Towards an Ethical Protocol in Mental Health Informatics," in B. Cesnick, A. T. McCray, and J. R. Scherrer, eds., MEDINFO '98: Proceedings of the Ninth World Congress on Medical Informatics (Amsterdam, The Netherlands: IOS Press, 1998), 1223-27.
35. Robert O'Harrow, Jr., "Plans' Access to Pharmacy Data Raises Privacy Issues: Benefit Firms Delve Into Patient Records," Washington Post, September 27, 1998, A1.
36. Michael Rigby has suggested to me in correspondence that although the downloading of rich data sets of anonymous data should not be allowed, the use of such a database for public health research may be morally justifiable. This could occur if the simplicity of the data set or the large size of the study would preclude the indirect identification (or even the suspicion of such identification) of individuals in the database.
37. Randolph C. Barrows, Jr., and Paul D. Clayton, "Privacy, Confidentiality, and Electronic Medical Records," Journal of the American Medical Informatics Association 3, no. 2 (March/ April 1996): 139-48.
38. Ibid., 146.
39. Charles Safran, "The Introduction of EPRs in the Beth Israel Deaconess Medical Center, Boston" (paper presented at an international conference on "Electronic Patient Records in Medical Practice," Rotterdam, The Netherlands, October 6, 1998). David Friedman has suggested to me that federally mandated systems have failed in the past to allow for experimentation with different solutions to problems. He urged that it would be preferable to have various systems of information control, in order to see what system is best. To the contrary, I believe we have already had years of experimenting with a patchwork of programs, and the Beth Israel system (as well as others) indicates that no self-regulating system has emerged that adequately protects patient privacy.
40. For a defense of a "restricted access" view of privacy, see Ruth Gavison, "Privacy and the Limits of Law," Yale Law Journal 89, no. 3 (January 1980): 421-71; see also James Moor, "The Ethics of Privacy Protection," Library Trends 39, nos. 1 and 2 (Summer/Fall 1990): 69-82.
41. For a defense of a "restricted access" view of privacy, see Ruth Gavison, "Privacy and the Limits of Law," Yale Law Journal 89, no. 3 (January 1980): 421-71; see also James Moor, "The Ethics of Privacy Protection," Library Trends 39, nos. 1 and 2 (Summer/Fall 1990): 69-82.
42. See Tom L. Beauchamp and James F. Childress, Principles of Biomedical Ethics, 3rd ed. (New York: Oxford University Press, 1989), for their stress on four ethical principles, namely, respecting autonomy, beneficence, nonmaleficence, and justice (emphasis mine).
43. Johan van der Lei, "The EPR as Catalyst for Change" (paper presented at an international conference on "Electronic Patient Records in Medical Practice," Rotterdam, The Netherlands, October 6, 1998). See also Albert E. Vlug and Johan van der Lei, "Postmarking Surveillance with Computer-Based Patient Records," in Robert A. Greenes, Hans E. Peterson, and Denis J. Protti, eds., MEDINFO '95: Proceedings of the Eighth World Congress on Medical Informatics (Edmonton, Canada: IMIA, 1995), 327-30.
44. Johan van der Lei, "The EPR as Catalyst for Change" (paper presented at an international conference on "Electronic Patient Records in Medical Practice," Rotterdam, The Netherlands, October 6, 1998). See also Albert E. Vlug and Johan van der Lei, "Postmarking Surveillance with Computer-Based Patient Records," in Robert A. Greenes, Hans E. Peterson, and Denis J. Protti, eds., MEDINFO '95: Proceedings of the Eighth World Congress on Medical Informatics (Edmonton, Canada: IMIA, 1995), 327-30.
45. Rigby, Hamilton, and Draper, "Towards an Ethical Protocol in Mental Health Informatics," 1225.
46. I am indebted to Tom Beauchamp for emphasizing this point.
47. Detmer and Steen, "Shoring Up Protection of Personal Health Data," 77.
48. Ibid., 78.
49. Rigby, Hamilton, and Draper, "Finding Ethical Principles and Practical Guidelines for the Controlled Flow of Patient Data," 1.