Chapter 1
Introduction
Protecting the privacy of patient information is a major challenge facing the health sector. Todayâs patients expect, and are entitled by law to receive, a high standard of medical privacy. Given the complexity and function of the health system, however, it can be difficult to meet this expectation.
Healthcare is an information-rich activity, in that it involves the collection, use and disclosure of large quantities of sensitive personal data. Such information is not only required by health professionals directly involved in patient treatment, but also the many groups who indirectly contribute to the delivery of quality healthcare. Administrators, policy makers, researchers, educators, public health bodies and auditors are just some of the groups that require access to patient data to ensure that high quality, cost-effective medical treatment is delivered in a timely and appropriate manner. Making this information available, without compromising patientsâ rights, is a complex task.
How have health privacy rights evolved?
The right to personal privacy is not a new concept. It has been recognised for many years, and was even included in the 1948 United Nations Universal Declaration of Human Rights.1 Initially, however, the right to privacy was more concerned with protecting people from unwanted intrusions into their personal lives, rather than inappropriate disclosures of their personal data.
As information came to play a larger role in society, this focus began to shift. The increased use of computers in the 1970s and 1980s brought new opportunities to store and analyse large volumes of data, and prompted interest in individualsâ right to control the use and dissemination of their personal information, a right often referred to as âinformational privacyâ.2 In light of the circumstances that caused this type of privacy to be recognised, in the UK protection was originally limited to data that were stored electronically.* As many medical records still were stored in paper files, this development had only a limited effect on patient data privacy.
In many countries, various disease- or condition-specific privacy acts also provided some assurance of privacy,** although these acts had only a fairly limited impact on the overall level of protection of patient data. This was partly because the special protection was only extended to information relating to a limited number of conditions, usually those considered particularly sensitive or potentially damaging to a patientâs reputation, such as mental illness or sexually transmitted disease. In many cases, protecting patientsâ privacy was also not the sole, or even major, concern of these disease-specific acts, with mandatory reporting obligations often being imposed in addition to restrictions on disclosure.â The protection provided by disease-specific privacy legislation, therefore, was limited and piecemeal, and did little to recognise patientsâ rights to informational privacy.
For many medical records the greatest source of privacy protection continued to be doctorsâ general duty of confidentiality. This duty prevents doctors from using or disclosing confidential information obtained within the confines of the doctor-patient relationship for any purpose other than that for which it was provided. In theory, the duty of confidentiality should prevent medical information obtained for the purpose of treating a patient from being used for any secondary purpose without the patientâs permission. In practice, however, it did not always provide such a comprehensive level of protection. This was caused in part by a tendency to interpret the obligation in accordance with the paternalistic approach to medicine that prevailed at the time, which often resulted in patientsâ rights or wishes taking second place to doctorsâ professional judgement.3 It was standard practice in most institutions to use medical records for a range of secondary purposes, such as audit, research and administrative activities, without consent - either on the assumption that consent was not required (as the use posed little risk to patients) or that it could be implied from patientsâ actions. In any event, it was often very difficult for patients to monitor the way in which their medical records were used, as they did not usually have a right to verify what had been recorded about them or how it had been disclosed; often, there was not even a record of the disclosures that had been made.*
This situation has changed substantially in the last decade. Information privacy is now recognised to a greater extent than ever before - a development principally led by international initiatives. Following the adoption of data protection agreements by the Council of Europe4 and the Organisation for Economic Co-operation and Development (OECD)5 in the 1980s, in 1995 the European Community developed a new binding Directive setting out a number of data protection principles.6 The Directive required signatory countries to establish national legislation implementing its terms. In the UK, this was achieved by the enactment of the Data Protection Act 1998, which came into effect on 1 March 2000. As the Directive imposed restrictions on the transfer of personal data to countries that did not have equivalent data protection regimes, it also prompted change outside the EU.
Today, most European and other industrialised countries have established, or are moving toward, comprehensive data protection legislation.7 Although there are a number of differences, both minor and significant, between the specific legislation adopted in each country, the general approach tends to be quite similar. Most countries have established a single regime for protecting all types of personal data, whether financial, educational, social or otherwise, with only minor concessions given to the greater sensitivity of some types of data, such as that pertaining to health. The exception to this trend is the US, where medical information is protected by specific federal legislation.**
Since the 1995 EC Directive, further international agreements governing the privacy of health information have been signed.â In the UK, however, the most significant restriction on the way information is collected and managed continues to be the Data Protection Act 1998 and the various policies and guidelines that seek to implement its terms.
What information is recorded about patients?
Medical records are an important and comprehensive source of information about all aspects of an individualâs health. Traditionally, however, particularly in primary care, medical records were relatively brief documents, used mainly to refresh the doctorâs memory.8 Very detailed information was not required as doctors tended to be well-acquainted with patients and their families, often knowing more about their patientsâ medical histories than the patients themselves. In recent years, however, the nature of medical records has changed substantially.
First, there has been a significant increase in the amount and type of information included in medical records. Advances in medical knowledge and diagnostic techniques have enabled doctors to uncover much more information about individualsâ health status, all of which must be documented. In some cases, these developments have made it possible for entirely new types of information, such as genetic data, to be collected. It has also become common practice for doctors to record more non-medical information about patients, such as lifestyle choices and family history, in response to the increasing evidence of the effects of such factors on health.
There has also been a change in the manner in which information is recorded, with greater emphasis being placed on more complete, detailed and consistent documentation. This largely is attributable to the increase in the number of people involved in the care of patients, both over their lifetime and during a single care episode, which has arisen from the increased specialisation of the medical profession, the delivery of care through medical teams, and the greater mobility of society.9 (Estimates in the US suggest that 150 people will look at a patientâs medical record during a stay in hospital.)10 As a result, the primary role of medical records is no longer that of a memory aid, but a vital communication tool, needed to share detailed and varied information amongst a potentially wide range of health professionals. In addition, the increased risk of legal challenge brought about by the growing number of medical negligence claims has prompted doctors to document their findings and decisions more fully. For example, it is now standard practice for significant, negative, clinical results to be recorded explicitly, rather than to assume that they are negative by omission.
In addition to these changes there has also been an increase in the use of medical records for secondary purposes not directly connected with the provision of care.9 Doctors are now only one of the many groups of people with legitimate interests in accessing this important source of data. Identifiable patient information is used routinely for the purpose of clinical and financial audits, health service planning, resource management, authenticating health providersâ payment claims and patientsâ health insurance claims, rehabilitation and social welfare programmes, and education and training. Information from medical records is also used extensively in epidemiological and health service research, and for the purpose of disease monitoring. With the rise in personal injury, child custody and other types of litigation, it has also become increasingly common for medical records to be accessed via compulsory court processes.11 Added to this is the growing number of new users of health information, such as medical and surgical suppliers and pharmaceutical and information technology companies.8
Although the protection of medical records may not be a new issue, therefore, changes in the health industry have altered its nature and importance.
Why protect the privacy of health information?
The primary reason for respecting the privacy of health information is to protect patients from the negative effects brought about by the loss of personal privacy. Medical records contain intimate and sensitive information, which, if inappropriately used or shared, could embarrass or distress patients, and even cause them financial or other damage (see p. 23). Fearing the unwanted exposu...