In the last year, and most especially since awareness of the Human Services Access Card Project and the NEHTA IHI Project has increased, there has been a lot of legal and technical debate regarding these projects.
What seems to have been missing, for me, is a discussion of what is actually desired as the practical outcome(s) of whatever privacy regime we put in place and why each of those attributes is important. This is to forget for a moment how these outcomes are to be achieved technically but to recognise that in the design of any technical solution privacy has to be an embedded, fundamental design requirement.
My views have been formed from a range of sources, including a range of contributions to the Access Card Debate from the Privacy Commissioner and Prof. Alan Fels and his Taskforce, but I have additionally had the experience of consulting a range of interest groups in this area directly and the strength of their feelings has had a significant effect on my position. In saying this I must point out that with the exception of one or two ‘extremist privacy zealots’ who would require that a clinician were not to take any clinical notes and be subjected to a ‘brain wipe’ the moment a consultation was concluded, most groups and their representatives were balanced and totally reasonable in their concerns.
If I was to try and summarise what I have heard and continue to hear in a sentence or two it would be that people desire to have control over disclosure (to anyone) of health information they see as sensitive for what-ever reason and that if they feel they lack that control they become concerned or worse. There is also a feeling (belief) that health information – especially historical and diagnostic information – is different to financial and other private information in the sense that once disclosed it may not age or become less important over time (knowing a person’s bank balance or credit card number is likely to be only of importance for a short period of time – not so that an individual who has a genetic illness, has had a mental illness or has HIV / AIDS).
While not yet an issue of significant public concern it seems to me that, in an age where discoveries are being made daily, the control and sharing of genetic information will also become a major health information privacy concern over time.
There is also an increasingly pervasive feeling that exercise of control over one’s private information is becoming more difficult in the electronic age and that there is a reducing tendency to trust assurances as to privacy as individuals see their ‘private information’ turn up, unexpectedly, in the hands of all sorts of marketing entities and the like. Trust is also being eroded with the frequency of stories about improper access to information given in confidence to agencies such as the Australian Tax Office and CentreLink.
As yet it seems that most people are happy to share virtually all private information with the key individuals involved in their care on the general, usually unstated, proviso that they will be asked or give consent in some way and that they understand why such sharing is required. (Chronic disease advocacy groups are among those most keen for controlled but necessary information sharing). There are however some groups – especially those who could be described as having either stigmatising or embarrassing illnesses – who desire very considerable control of the use of their information at almost a ‘line by line’ level. If such groups are not provided with such control they will typically withhold information from carers, with the risk of poor or dangerous care being provided.
There is little doubt that individuals with HIV/AIDS, a history of mental illness and others are a major group of owners of multiple Medicare Cards. This permits them to receive care they may otherwise miss out on without disclosing to routine carers information they wish to keep to themselves. Just how this group will be catered for, reasonably, in the present Access Card and NEHTA proposals, is not yet clear to me.
The use of such ‘multiple identities’ is more common than is widely understood and is based on very well grounded fears of discrimination in all sorts of areas of life if some secrets are not kept. Latrobe University has, in a number of reports, highlighted the range and depth of discrimination and disadvantage suffered by many HIV/ AIDS patients.
It should also be noted that for many chronic disease groups the prospect of the use of de-identified information for purposes such as research and public health is strongly supported – just as long as there is no risk of re-identification of the information being possible.
Another poorly recognised issue on the part of city based health policy developers is the impact of even relatively innocuous unauthorised disclosure of information in smaller communities. (The ‘only gay in the village’ effect.) The impact of such disclosure can result in people needing to re-locate or worse and must be carefully addressed in any system design.
Of note also is the need to recognise that health information typically is associated with detailed demographic information (age, sex, address, date of birth etc) and that this information is true ‘grist to the mill’ for those who wish to trace people for whatever reason or who wish to steal identities.
Another issue not often discussed is the need to ensure flows of information to employers, government agencies etc is not prejudicial to gaining or retaining employment or receiving appropriate benefits and payments. Employers are certainly not equipped, in general, to understand or make sense of private health information, and should not receive it without specific consent. The same also applies to insurance companies, recognising that the citizen must understand that a failure to disclose germane information will most probably mean the coverage is void.
All in all it seems to me there is a perception emerging that control of one’s private health information is being steadily eroded and that this is not beneficial to anyone. As I have said before trust is lost if the citizen does not have the final say as to how, within reason, their private health information will be shared and used, and if that is permitted to happen E-Health will struggle to succeed in the way it should.
It is up to the proponents of the Access Card and NEHTA to ensure these ‘unexpected consequences’ of their initiatives are properly handled, that reassurances provided are indeed true and that we don’t create a class of disadvantaged and discriminated against ‘health information privacy refugees’.
David.
David - I also commend your excellent summary, and your entire blog which I have been dipping into from time to time - it is a very valuable resource. Your point about multiple identities is particularly important - bureaucrats are constantly seeking the 'holy grail' of everyone's 'true identity' when in reality many of us legitimately have more than one of equal standing - they are not just 'aliases'
ReplyDeleteNigel Waters.