When privacy and the public good collide

Peter A. Setness, MD

VOL 113 / NO 5 / MAY 2003 / POSTGRADUATE MEDICINE

It is often said that knowledge equals power. If that is true, we are indeed powerful! Thanks to recent technologic advances, our ability to collect and synthesize data into usable information is greater now than at any point in history.

The right information in the right hands at the right time is a key ingredient in this power scenario and is essential to how we physicians practice medicine in the 21st century. In nonmedical areas of our life, information can alert us to dangers, prepare us for action, and perhaps even avert tragedies. However, the same information in the wrong hands can be ruinous. How we gather data and what we do with it are the subjects of great debate on several fronts.

Homeland security

As we all know, the events of September 11, 2001, set in motion a flurry of activity within the federal government aimed at enhancing its ability to protect US shores and citizens against terrorist activity. Within a mere 6 weeks of the attacks, Congress created the Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act (known by the acronym USA PATRIOT Act). President George W. Bush signed it into law on October 26, 2001. Its purpose is to deter and punish terrorist acts in the United States and around the world and to enhance law enforcement investigatory tools to that end.

This lengthy and complex piece of legislation has stirred controversy. Critics purport that the new law consolidates vast new powers in the executive branch of government and enhances its ability to conduct surveillance and gather intelligence. The American Civil Liberties Union contends that the act unnecessarily threatens the privacy of citizens and contains measures that violate their civil liberties. Hot buttons include provisions in the law that extend surveillance techniques to online communications (eg, monitoring a trail of e-mail correspondence, collecting a list of Web sites a person visits). Do these new tools invade our privacy, or do they enhance our security? Are we willing to forego a measure of our civil liberties in an effort to ensure national security? How much authority should the Department of Homeland Security be given to establish an antiterror database? These tough questions arise from an attempt to gather information as well as an understandable desire to maximize our security and lessen our risk of harm.

Public health security

A similar debate is raging on the medical front. Our technologic abilities afford us the opportunity to amass an amazing amount of patient data. This clinical information can be used to provide research statistics, to note trends in morbidity and mortality, and to improve public health in general.

The state of New York began collecting data on hospitalized patients in 1979 (1). Ten years later, the information was published in a report card that compared cardiac bypass surgery deaths by hospital and surgeon. The statistics came as a shock to the staff members of several of the hospitals that didn't score well and led to a revamping of several cardiac surgery programs throughout the state. The death rate for patients undergoing bypass surgery in New York fell 41% in 4 years (1). The state continues to publish an annual report card addressing multiple areas of medical practice.

Success stories like this one have spurred 37 states to begin collecting patient data for research purposes (1). Most states use billing records and employ various means to ensure patient confidentiality. Many states collect the data anonymously, while others link a patient's data to his or her Social Security number.

Here in Minnesota, the state health department devised the most ambitious plan to date, proposing to collect billing data on every hospitalization and, eventually, every clinic visit in the state. The data would have included a patient's name, age, sex, race, address, diagnosis, drug prescriptions, physician name, facility where care was rendered, and total charges for the care received. The proposal included plans to encrypt the information to ensure patient privacy. However, the idea met with stiff opposition from privacy advocates, citizen groups, and even some healthcare entities, and was withdrawn by the health department in late March. Stay tuned, however. The proposal may be refined and resubmitted in the future.

Opposition to the plan centered, predictably, on the collection of patient names and addresses. Most critics acknowledge that using anonymous data for research purposes is an appropriate use of information that can enhance the public good. What they don't condone is linking the billing data to patient names and addresses, even though the state promises to keep the information secure. Critics argue that the potential benefits of this type of research do not justify the risks of compromising individual rights to privacy.

Interestingly, in 2000, the RAND research group found that consumers paid little attention to the hospital and doctor report cards issued by state health departments, and even if they read the report cards, the information did not strongly influence their decision making (1).

We must ask a question similar to that raised by the homeland security issue: How much private information should we relinquish in order to maximize our "health security" and lessen our risk of harm by enhancing the public good?

"Guaranteed" confidentiality?

Is there truly a risk of compromising patient confidentiality? Our technology certainly allows us to mask and encrypt data. However, if recent headlines are any indicator, the risk of unintentional disclosure of confidential data is real. Examples of recent high-profile security lapses include:

• The theft of computer hard drives in December 2002 from the Phoenix offices of TriWest Healthcare Alliance, a managed care organization that provides services to about 1.1 million active-duty military personnel, their dependents, and retirees (2). The hard drives contained enrollee names, addresses, phone numbers, medical claims histories, and Social Security numbers.
• The accidental posting of the mental health records of 20 children on the Internet in October 2001 by a psychologist who was a fellow at the University of Minnesota (3).
• The violation of the privacy of more than 400 organ donors when their names were disclosed to transplant recipients by University of Minnesota researchers in February 2002 (3).
• The inadvertent posting of an administrator's password on the Web site of public relations and advertising firm Carmichael Lynch in June 2002 (4). The error allowed Internet users to open files on Carmichael Lynch's server and access customer databases owned by two of the company's biggest accounts, Porsche and American Standard. The password remained on the site for 6 months.

It seems that however good our intentions or sophisticated our technology, it may be an overstatement to guarantee confidentiality when gathering and manipulating large databases.

On the flip side: HIPAA

The idea of allowing government agencies and researchers to collect information traditionally considered private for the sake of enhancing the public good seems to fly in the face of the legislation we physicians have been talking about for the past several years--the Health Insurance Portability and Accountability Act (HIPAA) of 1996. HIPAA requires the US Department of Health and Human Services to issue privacy regulations that apply to both federal agencies and private entities.

How does HIPAA affect health research? HIPAA applies to any information that can be used to identify an individual, and it requires that patients give consent for use of their identifying information. Some confusion still surrounds how the privacy rule affects the collection of research data that is not "deidentified." Any person or organization garnering or releasing patient information should have a good understanding of the specific HIPAA regulations that govern the data in question, or risk substantial penalties.

A delicate balance

How do our patients feel about this furor over various uses of their private information? A 1993 survey found that 64% of patients preferred that their medical records not be used for research purposes (5). I suspect that number would be little changed today.

There are no easy answers to questions as complex as the ones mentioned here. Our extensive civil liberties help define the United States as unique among nations. The personal freedoms we enjoy are not to be taken for granted. At the same time, we have the tools to gather and manipulate personal data that may help keep us healthier, safer, and more secure. The key is to find a balance between the two.

References

1. Lerner M. Private records, public benefit. Minneapolis Star-Tribune Dec 15, 2002:A1, A7
2. Computer theft leads to search for stolen military records. Available at: http://www.usatoday.com/tech/news/2003-01-02-computers-stolen_x.shtml. Accessed Mar 10, 2003
3. HHS weakens protections. Available at: http://www.usatoday.com/news/opinion/2002/03/27/nceditf.shtml. Accessed Mar 10, 2003
4. McWilliams B. Help wanted: steal this database. Available at: http://www.wired.com/news/infostructure/0,1377,57066,00.shtml. Accessed Mar 11, 2003
5. Patients, privacy, and federal healthcare: what policy makers need to know about the HIPAA privacy rule. US Medicine Institute for Health Studies. Available at: http://www.usminstitute.org/hipaasum.shtml. Accessed Mar 11, 2003

Your comments on the subject of this editorial are welcome and may be published in Editor's Mailbox. Send by mail: Editor's Mailbox, Postgraduate Medicine, 4530 W 77th St, Minneapolis, MN 55435; fax: 952-835-3460; or e-mail: pgmletters@mcgraw-hill.com.

Please send technical questions related to the Web site to Ann Harste