A day or so ago the Commonwealth Privacy Commissioner (Ms Karen Curtis) published an invaluable document for all those interested in privacy and health information sharing.
The full document can be downloaded from the this page in either .pdf or MS-Word Format.
The survey questions 1500+ adults about their attitudes on a range of privacy issues and appears to have been conducted in a robust and reliable fashion statistically.
I think the most important findings from the perspective of e-Health implementation and planning are:
1. By and large most Australians trust Health Service Providers to treat their private information in a trustworthy fashion. The more educated are slightly more sceptical than the less educated.
2. Most are happy to share private health information if they see the relevance in doing so.
3. There was a very strong dislike of being required to disclose any form information that is not relevant to the transaction at hand.
4. There was a strong rejection of the use of any information (especially by business and government) for purposes other than that for which it was collected. (This bears directly on what NEHTA is planning to do with Medicare Australia's personal records)
5. “The majority (76%) of Australians believe that inclusion in the National Health Information Network should be voluntary. At 21%, the minority believes all medical records should be entered. A greater proportion (76%) believe inclusion should be voluntary (cf. 64% in 2004 and 66% in 2001). As in 2004, females (80%) were more likely than males (72%) to say this. Unlike 2004 however, there were no significant differences in attitudes between age groups.”
This seems pretty clear cut that the public rejects compulsion in the sharing of their private health information and that the view on this is strengthening over time.
6. “Respondents were then asked whether, if such a database national health information network existed, permission should be sought before releasing their de-identified information. Females (53%) were more likely than males (43%) to say that permission should be sought. “
Again – even when not identified – close to half the population do not want to share without consent.
7. Interestingly, “While opinions varied, 52% thought that health professionals should share health information, but only if relevant to the condition being treated (35%) or if the condition was serious or life threatening (17%). A third (32%) believed health professionals should share health information only with the patient’s consent. The proportion believing anything to do with a patient’s health care could be discussed between health professionals stands at 25%.”
This says to me that people are wanting more control of information sharing, even the sharing of information between relevant professionals.
8.There is a low threshold for individuals to provide false identity information when conducting internet transactions. This has the implication that if access is provided for citizens to access major identity data-bases there will be at least a significant proportion who will provide false information.
It seems to me this survey makes it clear there is an emerging sensitivity in the populace to having their personal information leave their control without their specific consent and approval. All those implementing – or planning to implement – e-Health systems should take careful note of both the absolute values of the views as well as the trends.
NEHTA especially needs to take careful note of the results of this survey. The clear preference of the community is for all interactions with e-Health systems to be on the basis in individual specific consent. Just because it is inconvenient or more expensive to grant the public what they want is no excuse. Ignoring clearly stated public opinion has a habit of rebounding on those who move in these sort of directions. NEHTA you have been warned!
BTW. Page 8 of the NEHTA Approach to Privacy document says:
“As further work on privacy and consent is conducted or finalised, additional information will be made available on the NEHTA website. The next privacy document to be published will be NEHTA’s Privacy Blueprint for the HPI and IHI (planned publication date August 2006). A Privacy Blueprint for the Shared EHR will be released in late 2006. “
It is fair to say these timelines were not met – we saw the UPI privacy draft in December 2006 (followed months later by a risible summary of the comments received – without the actual submissions) and the Privacy Blueprint for the Shared EHR is yet to see the light of day.