- December 20, 2017
- Posted by: admin
- Category: Health
Privacy is about who gets access to personal information and under what circumstances. Privacy is recognized as a human right under the International Covenant on Civil and Political Rights, United Nations’ Universal Declaration of Human Rights, and several other regional and international treaties. Privacy is a fundamental aspect of human dignity and goes hand in hand with such basic values as freedom of speech and freedom of association.
Humans have understood the value of privacy for thousands of years. People built homes as a way of marking out their private spaces. However, the coming of the Information Age has created a new and more complex context than in years past. Today, nearly every country recognizes the right to privacy in their constitution. At their bare minimum, such provisions include the secrecy of communication and the inviolability of the home.
Importance of Health Privacy
Health privacy is a subset of an individual’s right to privacy and therefore a human right. A breach of this privacy could harm the person physically or psychologically. For example, what would happen if a patient’s health condition is disclosed to the general public without the patient’s express authorization? It could lead to embarrassment, discrimination and stigmatization.
Privacy is crucial in ensuring quality and effective healthcare services. If patients doubt the confidentiality of their health data, they’ll be forced to choose between complete disclosure to their doctor and holding back to avoid the shame of a privacy breach. Without open communication, patients will make it harder for doctors to make an accurate diagnosis. The end result is longer and more expensive treatment regime.
That people could stop seeking care because they’re worried about what the hospital will do with their data is something that must be avoided at all costs.
Technologies Impacting Health Privacy
Over the years, a number of specific technologies have elicited growing concern over the state of health data privacy. These include:
- Identification Systems – Identity cards equipped with microprocessor and magnetic stripe technologies have found widespread use by companies and governments. Biometrics are fast replacing card-based authentication systems. When used in the healthcare industry, both card and biometric systems lead to the extraction and aggregation of large amounts of personal information.
- Electronic Communication – In years past, law enforcement surveillance primarily involved wiretapping fax, telex and telephone communications. With the advent of the worldwide web, interception of internet and email communication is of even greater importance. Whereas, healthcare facilities don’t participate in such state surveillance, they will regularly engage with email communication with their clients where sensitive information may be discussed deliberately or inadvertently.
- Video Surveillance – Hospital security surveillance leads to the collection of patient movement information via CCTV cameras. CCTV has evolved from grainy black and white images to clear colored videos where it’s easy to make out individual features. The leak of such videos would infringe on the individual’s right to health privacy by showing not just the hospital they attend but also revealing the type of doctor they see.
Conflict of Interest in Health Privacy
Health privacy sits at the meeting point of three fundamental interests: individual rights, private business interests and public health. In many instances, the three interests are aligned. However, politics and business competition sometimes lead to a clash and seeming contradiction between the compliance of these interests.
Privacy in healthcare hasn’t always been well defined or consistently enforced thanks to the competing interests of population management and the multibillion dollar medical data industry that largely operates hidden from public view. The healthcare industry therefore seeks the trust of the masses on the one hand while doing its best to leverage personal medical data to its advantage.
Security is not Synonymous with Privacy
Privacy is sometimes conflated with security by persons keen on extracting maximum advantage from the abuse or sale of personal medical data. Yet, there is a clear distinction between the two.
Security problems are caused by bugs, hacking and other unanticipated vulnerabilities in the system. Privacy problems on the other hand are almost always deliberately designed into the system. The abuse or sale of personal medical data is often done by people acting within a legal authority and uncompromised technological systems. Ergo, the misdirection of the privacy conversation to security discussions is sometimes intentional since it keeps the money coming.
The US’ Health Insurance Portability and Accountability Act (HIPAA) is one of the best examples of this misdirection in action. The aspect of HIPAA that is discussed and enforced the most is security. Conversation on how difficult it should be to access a health record is less frequently a HIPAA topic in the news nor is it a common subject of enforcement. In fact, HIPAA virtually takes away the individual’s right to control how a hospital shares their medical data.
Unlike the US, the European Union has a more aggressive approach to privacy. Perhaps due to a traumatic history over the first half of the 20th century, European regulators see privacy as a more central principle of business and societal well-being.
Is Blockchain the Answer?
The phenomenal growth of blockchain technology is steadily finding its way into healthcare and is perhaps one of the solutions to the privacy headache. Much of the privacy conundrum of HIPAA and the opacity of personal health data handling is actually down to the consolidation of medical data control in the hands of giant institutions that benefited from huge Federal incentives.
Blockchain can replace institutions by bestowing trust on algorithms and record management systems that are patient-centric. Blockchain has no central authority and can protect data through private/public key access. It would provide a transparent but secure record of who has shared sensitive health data and with whom.
However, blockchain’s use of algorithmically derived pseudonyms in its distributed verification does not comply with HIPAA’s express prohibition of such pseudonyms. HIPAA’s rationale is that such pseudonyms introduce the risk of re-identification of de-identified personal health data.
One way to go around blockchain’s violation of HIPAA requirements is to combine blockchain with DDO (Dynamic Data Obscurity) in order to support non-mathematical dynamic anonymous identifiers. This will not only enable more granular privacy control but also eliminate the Mosaic Effect.
DDO can support the stratification of data disclosure. It can allow one to reveal different types and levels of information to different parties, at the same or different times and places, and for different purposes. That means health data would only be disclosed to specific persons to the degree deemed necessary.
In conclusion, health privacy is a human right. However, the technical and regulatory mechanisms necessary to make that right a reality still have significant room for improvement.