Category: Privacy (Medical)

0

Thinking Hard About the Privacy Risks of E-Health Records Systems

835548_internet_fraud.jpgAccording to a Javelin Strategy & Research study, the incidence of identity theft jumped sharply in 2008, up 22% from the prior year. Over 9.9 million Americans fell victim to criminals who used their identifying information to borrow money, empty bank accounts, and other modes of financial impersonation. This is unsurprising news given the current state of our economy: experts predict a sharp rise in cybercrime in 2009 as financial gain from stealing data is increasingly more attractive in times of economic crisis. And if the economic downturn isn’t enough incentive, the difficulty and low incentives to catch identity thieves certainly suggests to criminals that identity theft’s benefits exceed its costs.

The surge in identity theft, and cyber crime more generally, should have us tread carefully as we move forward in digitizing health records. Electronic health records systems run a number of privacy risks and medical identity theft is surely one of them. As our unemployment rates continue to rise, so, too, will the number of uninsured Americans. In turn, we will no doubt see a continued increase in medical identity theft as people who do not qualify for coverage under Medicaid or Medicare will still need surgeries and prescription drugs. Moreover, as the ACLU recently wrote to Congress, employers who obtain medical records inappropriately might reject a job candidate who appears expensive to insure. Data brokers might buy medical and pharmaceutical records and sell them to marketers. And unscrupulous employees might snoop on the health of their colleagues. Protecting the privacy of patients is a tough, but not impossible, task. Effective solutions (which I will blog about in upcoming posts) must enlist law, technology, and social norms to protect individuals from the host of privacy problems that e-health records systems raises.

17

E-Health: Ushering Doctors Into the Twenty-First Century

161091_the_files_parted.jpgThe stimulus package will devote $20 billion to build the infrastructure of an e-health system, replacing paper records with digital ones that could be cheaply and easily stored and shared. As the New York Times aptly noted on Sunday, protecting the privacy of e-health records is both pressing and daunting. Although upcoming posts will tackle the privacy issue, a threshold discussion concerns the extent to which this proposal will change current practices and health care professionals’ readiness to digitize their work. Health care providers, on the main, are firmly rooted in twentieth-century practices. A recent New England Journal of Medicine survey of 2,700 U.S. doctors revealed that only 4% used “fully functional” e-health records systems and the remaining 96% stored their patient information in paper files. CNN Monday.com reports that only 8% of the nation’s 5,000 hospitals and 17% of its 800,000 physicians use the kind of computerized record-keeping systems that President Obama envisions for the nation. Computerworld offers more optimistic numbers, suggesting that 25% to 35% of the nation’s hospitals use, or are in the process of implementing, computerized order entry and medical record systems capable of sharing patient data among hospitals, doctors, insurance companies, and pharmacies.

Of course, getting doctors computers for their desks won’t do the job. Systems must facilitate safe information sharing. For instance, physicians and hospitals require record-keeping technology and point-of-service technologies, such as notebook tablets for data entry into e-health record systems. Thirty states have made some strides in this direction, introducing or passing legislation that calls for statewide adoption of standardized health IT systems. Massachusetts wants 14,000 private physicians’ offices to adopt e-health records systems by 2012 and its 63 hospitals by 2014. According to the Vice Chairperson of the Massachusetts e-Health Collaborative, the plan will take two to three years and cost $100,000 per physician. Private hospitals have been innovating as well: Duke has created an online medical record site accessible by patients who can share the data with whomever they chose. The CIO for Duke University Health System explains that its portal is akin to “online banking or Expedia account, which pulls information from various sources and displays it to you. You can pay your bills online, schedule appointments online.” Duke uses Google Health and Microsoft Healthvault to permit information sharing beyond its campus.

All of this suggests that health care providers have much work to do, and much money to spend, in transitioning into the e-Health Information Age. Although strong evidence suggests that the downpayment on a digitized health records system is worthwhile, potentially saving the health industry $200 billion to $300 billion a year, we need to spend the money wisely. It would be shameful if we rushed into the project, in much the same way that states acted too quickly to spend the Help America Vote Act funds and ended up buying inaccurate and unsafe electronic voting machines. Let’s be sure not to do the same here.

3

The Wild West of Genetic Testing for Consumers

As Deven blogged about yesterday, the Personal Genome Project (PGP) hopes to convince 100,000 people to post their genetic information online in an effort to widen the available data set and expertise for research. (Although the current participants in the study are entrepreneurs in the biomedical industry and academics, 5,000 other individuals have signed on to take part in it). Businesses also are getting into the act, providing information to consumers about possible medical risks encoded in their DNA for as little as $399.

Consumers should note that the emerging market for genetic information is largely unregulated. As this week’s CQ Weekly reports, the FDA usually does not review the tests for approval and has no explicit regulations on what companies can tell consumers about their likelihood of disease. Companies also are not obliged to adhere to the privacy protections of HIPAA because they fall outside the definition of health care providers, even though some say that they follow HIPAA’s privacy guidelines. Federal law prohibiting discrimination on the basis of genetic data applies only to employers and health insurers, not life insurance companies. On the state level, limited protections exist regarding the collection and use of genetic information to consumers purchasing information about their DNA. State laws regulating genetic testing typically do not apply to genetic information providers. Like federal law, they prohibit employers and insurers from discriminating against individuals on the basis of their genetic information. A number of states, however, do require explicit consent for sample storage, or demand the destruction of samples after the purpose of their collection has been achieved. But, on the main, state laws addressing DNA collection and banking activities do not generally apply to companies that sell genetic testing services directly to consumers.

In an article for the New England Journal of Medicine, Patricia Roche and George Annas explain that absent a comprehensive federal law addressing genetic privacy “those who do relinquish their DNA, assuming that they have control over its uses, may discover that they have given it all away.” As Deven warns, consumers signing up for studies or purchasing information about their genetic data may not appreciate the practical and psychological risks of disclosing genetic information, both for themselves and their families. Although Roche and Annas urge individuals to only “utilize testing services that guarantee to destroy the DNA sample on completion of the specified test,” many may not do so as the popularity of the PGP suggests.

11

Playing Fast and Loose with Genetic Information

According to the New York Times, Google co-founder Sergey Brin, in a recent blog post, shared the news that he has a gene mutation that increases his likelihood of developing Parkinson’s disease. According to Brin, studies show that his likelihood of developing the disease “in his lifetime may be 20% to 80%.”

What would possess Brin to disclose this sensitive personal information? The simple answer may lie in a crass attempt at advertising for his wife’s company, 23andMe, a biotechnology start-up that maps DNA for customers. In his blog post, Brin reported that 23andMe identified his gene mutation, a discovery that will allow him to “adjust his life to reduce” his chance of developing Parkinson’s and “support research into this disease” long before it affects him. (At a party, Brin told a New York Times reporter that he thought disclosing one’s DNA code to the public would be helpful to attract input from doctors who could suggest treatments, in a sort of open-source model). But for anyone else–a mere mortal who does not have the luxury of his wealth–such a disclosure would be foolish. Employers would no doubt view a person differently, even though the increased chance of developing the disease based on the gene mutation is so uncertain. His disclosure also sends the wrong signal to the easily influenced–one hopes that we do not see people announcing their potential diseases on Facebook or MySpace.

One More Triumph of the Individual Health Insurance Market

We already know that the individual health insurance market (which includes about 18 million Americans) does a terrific job of rescinding the policies of those who get sick, if they happen to have made a small error on their original application. Now insurers are prying into pharmaceutical records to figure out whom to deny coverage to:

An untold number of people have been rejected for medical coverage for a reason they never could have guessed: Insurance companies are using huge, commercially available prescription databases to screen out applicants based on their drug purchases.

Privacy and consumer advocates warn that the information can easily be misinterpreted or knowingly misused. At a minimum, the practice is adding another layer of anxiety to a marketplace that many consumers already find baffling. “It’s making it harder to find insurance for people,” says Jay Horowitz, an independent insurance agent . . .

I wonder if efforts to stop this would count as the type of horrible regulation that Richard Epstein and David Hyman decry? Perhaps individuals looking for insurance can take some small solace in the fact that the discrimination occurs without respect to political ideology; for example, both Elizabeth Edwards and John McCain would probably be unable to find coverage in a world dominated by individual insurance.

2

More Comments on HIV Criminalization

The video posted by Kaimi is pretty funny, but it makes the point negatively as well as positively. The negotiation is extensive, involving everything from sexual positions to meeting the parents, but there is still no mention of STDs or protection.

Matthew Weait, who has written brilliantly on the subject, made the most important point to me off line: opposition to criminalization must fundamentally reject criminal law as the appropriate lens for judging sexual behavior. He criticizes a couple of aspects of my discussion of the Swiss case:

•Continental Europe of course draws heavily (directly and indirectly) from Roman law principles, and so sees nothing strange about imposing general / positive legal obligations on people – in contrast to common law jurisdictions, where the duty relationship is (relatively) narrowly circumscribed.

•You say that “smart” sex is not a fair standard to apply to A or X … I agree, but a difficult one to argue in the courts perhaps. When it comes to the criminal use of negligence in English law (as in gross negligence manslaughter) the newly qualified driver is held to the standard of the competent and experienced one, the rooky surgeon to the surgeon who’s been doing it for twenty years. And I don’t see in principle, even though we are talking in a criminal context here, why the person upon whom the duty is seen to fall (i.e. the person with conscious knowledge that there is a higher risk of being positive, albeit no certain knowledge because no testing has happened) wouldn’t be seen as being in just the same position. It all comes down to developing strong policy argument against legal liability, I think, since the law has a habit of laying these little logical traps – once you start framing the argument within a legal framework the law has a habit of winning …

I agree, and that’s why the quest for the “right” rule suggested by Shane Hartman is legally logical but socially hopeless. When law wins, it means lawyers in the bedroom. Where’s Gunther Teubner when you need him?

1

Who is Responsible? The Criminalization of HIV Transmission

You may have thought that HIV is a disease, but we are seeing a serious resurgence of the idea that HIV transmission is a crime. Sure it is important to promote basic knowledge, safe sex, testing and care, but when people actually infect other people – so goes the argument – it’s time to call in the police. Criminalization has been an off-and=on issue in the US for twenty years, but the rest of the world seems to be seeing a new surge. Close on a dozen countries in West Africa have added new statutes on HIV exposure in the past two years, and there have been high-profile prosecutions in countries as different as Britain and Singapore. (For an excellent analysis of the British cases, see the book by Professor Mathew Weait; for for good coverage and analysis of the cases, see Edwin J. Bernard’s blog).

Over the next few weeks, I’ll be blogging on this issue as part of my participation in the international AIDS conference in Mexico City, August 2-7. I’ll be going over the arguments against criminalization and describing the activities around the issue at the conference. For now, though, I am going to show how criminalization plays out by telling you about a very interesting decision handed down last month by the Swiss Federal Court. It is, as far as I know, the first case in which a person who did not have actual knowledge of his HIV status has been found guilty of a transmission crime. Read on…

Read More

5

My New Book, Understanding Privacy

Cover 5 medium.jpgI am very happy to announce the publication of my new book, UNDERSTANDING PRIVACY (Harvard University Press, May 2008). There has been a longstanding struggle to understand what “privacy” means and why it is valuable. Professor Arthur Miller once wrote that privacy is “exasperatingly vague and evanescent.” In this book, I aim to develop a clear and accessible theory of privacy, one that will provide useful guidance for law and policy. From the book jacket:

Privacy is one of the most important concepts of our time, yet it is also one of the most elusive. As rapidly changing technology makes information more and more available, scholars, activists, and policymakers have struggled to define privacy, with many conceding that the task is virtually impossible.

In this concise and lucid book, Daniel J. Solove offers a comprehensive overview of the difficulties involved in discussions of privacy and ultimately provides a provocative resolution. He argues that no single definition can be workable, but rather that there are multiple forms of privacy, related to one another by family resemblances. His theory bridges cultural differences and addresses historical changes in views on privacy. Drawing on a broad array of interdisciplinary sources, Solove sets forth a framework for understanding privacy that provides clear, practical guidance for engaging with relevant issues.

Understanding Privacy will be an essential introduction to long-standing debates and an invaluable resource for crafting laws and policies about surveillance, data mining, identity theft, state involvement in reproductive and marital decisions, and other pressing contemporary matters concerning privacy.

Here’s a brief summary of Understanding Privacy. Chapter 1 (available on SSRN) introduces the basic ideas of the book. Chapter 2 builds upon my article Conceptualizing Privacy, 90 Cal. L. Rev. 1087 (2002), surveying and critiquing existing theories of privacy. Chapter 3 contains an extensive discussion (mostly new material) explaining why I chose the approach toward theorizing privacy that I did, and why I rejected many other potential alternatives. It examines how a theory of privacy should account for cultural and historical variation yet avoid being too local in perspective. This chapter also explores why a theory of privacy should avoid being too general or too contextual. I draw significantly from historical examples to illustrate my points. I also discuss why a theory of privacy shouldn’t focus on the nature of the information, the individual’s preferences, or reasonable expectations of privacy. Chapter 4 consists of new material discussing the value of privacy. Chapter 5 builds on my article, A Taxonomy of Privacy, 154 U. Pa. L.. Rev. 477 (2006). I’ve updated the taxonomy in the book, and I’ve added a lot of new material about how my theory of privacy interfaces not only with US law, but with the privacy law of many other countries. Finally, Chapter 6 consists of new material exploring the consequences and applications of my theory and examining the nature of privacy harms.

Understanding Privacy is much broader than The Digital Person and The Future of Reputation. Whereas these other two books examined specific privacy problems, Understanding Privacy is a general theory of privacy, and I hope it will be relevant and useful in a wide range of issues and debates.

For more information about the book, please visit its website.

Eugenics Problems, Left and Right

Michael Gerson has an interesting editorial in the Washington Post on the Eugenics Temptation–of the left. He quotes the following statement of James Watson on embryo selection:

“If you could find the gene which determines sexuality and a woman decides she doesn’t want a homosexual child, well, let her.” In the same interview, [Watson] said, “We already accept that most couples don’t want a Down child. You would have to be crazy to say you wanted one, because that child has no future.”

Gerson then quotes Yuval Levin on a tension within liberalism that I’ve noted on this blog–between egalitarianism and libertarianism:

Science looks at human beings in their animal aspects. As animals, we are not always equal. It is precisely in the ways we are not simply animals that we are equal. So science, left to itself, poses a serious challenge to egalitarianism. The left . . . .finds itself increasingly disarmed against this challenge, as it grows increasingly uncomfortable with the necessarily transcendent basis of human equality. Part of the case for egalitarianism relies on the assertion of something beyond our animal nature crudely understood, and of a standard science alone will not provide. Defending equality requires tools the left used to possess but seems to have less and less of.

Gerson, whom David Frum “ranks among the most brilliant and most influential presidential speechwriters in decades,” has put his finger on what is probably the most dangerous tension in “left” ideology today. Positional arms races for designer babies dovetail with an ethos that says that choice in reproductive matters must be absolute. As I stated five years ago in an article, egalitarian principles should check this tide.

Read More

5

Can the TB Patient Sue the CDC?

cdc1.jpgThe WSJ blog points to this interesting update about the TB patient who was quarantined for having a highly-resistant strain of TB. I blogged about the case here and here. According to the news story, times aren’t very good from Andrew Speaker, the TB patient:

At National Jewish Medical and Research Center in Denver, where he was transferred from Grady, he received hate mail and death threats from people whom he said “turned on the news and saw this greedy, self-absorbed attorney.” At a congressional hearing, a representative referred to Speaker as a “walking biological weapon.” . . . .

Speaker was released from National Jewish on July 26, his treatment successfully completed. He takes 11 pills every morning at 8 a.m., supervised by public health officials who drop by on their way to work — a standard regimen he will follow for the next two years to make sure the TB has been fully eradicated. He’s in excellent health and has gone back to his previous routines, unmasked and unquarantined.

But his personal injury law practice is floundering, and his life is far from normal. His existing clients have stuck with him, but there have been no new clients since the ordeal began. The perception that he’s a selfish jerk who thought nothing of exposing others to a deadly disease lingers.

“The CDC told everyone that I only care about myself,” he said. “They made statements they knew were wrong. They intentionally went after my family and our character.” . . . .

His father’s practice has also suffered. Theodore A. Speaker, also a lawyer, has based his practice for 25 years on referrals from providers of prepaid legal services. Speaker said those companies stopped referring clients to his father after news of his TB broke because potential clients were afraid they’d catch TB if they came to Ted Speaker’s office, which he shared with his son.

Speaker is also being sued in Canada for $1.3 million by eight passengers on his flight from Prague to Montreal for potentially exposing them to TB plus pain and suffering. The brother of one passenger is also suing.

At the end of the article is this interesting tidbit:

Does Speaker have any plans to sue the CDC?

“They’re a federal agency. They have immunity,” he said in resignation. “It’s easier to think this guy is a jerk than that a government agency got together to intentionally misinform the public. That’s much harder to believe.”

What?

According to the news reports, Speaker’s name was disclosed by government medical officials (probably CDC officials trying to cover their behinds for screwing up so badly). Medical officials have legal and ethical duties to maintain confidentiality. There’s also a potential Bivens action for a violation of the constitutional right to information privacy. See Whalen v. Roe, 429 U.S. 589 (1977). Most circuits recognize the constitutional right to information privacy, and it is violated by unjustified disclosures of personal information, especially medical data. For example, in Doe v. Borough of Barrington, 729 F. Supp. 376 (D.N.J. 1990), the court held that the police could be liable for disclosing to a person’s neighbor that the person was HIV positive. There are many other cases on point.

The short of it is that Speaker does have a case against the CDC if he can prove that CDC officials leaked his name and/or other medical information. It is clearly established that government officials have a duty of confidentiality of medical data under the constitutional right to information privacy in most circuits, so any qualified immunity claims would not bar liability (qualified immunity applies if the constitutional violation is not clearly established).

I sure think that there might be a case here.