NEHTA's Approach to Privacy V 1.0

On July 4, 2006 NEHTA released a document entitled NEHTA's Approach to Privacy V 1.0. This report can be found at the following URL:
http://www.nehta.gov.au/component/option,com_docman/task,cat_view/gid,141/Itemid,139/

In general the document provides a useful, if rather high level, introduction to the privacy issues faced by all those who plan to implement e-health in the real world. We are also told that NEHTA plans to develop Privacy Blueprints (whatever actually they are) for the Provider and Individual Identifier initiatives as well as a later one for the Shared EHR.

In response to the paper I feel the need to make one key criticism and offer a few observations on the traps and pitfalls that lie in wait.

The criticism is that talk of privacy neutrality is naïve. It is critically necessary to distinguish between conceptual privacy neutrality and practical (or privacy as it is actually implemented) neutrality. Preserving the privacy of a patient’s written record is a very different thing from preserving the privacy of a patient’s record when stored, typically with hundreds of others, in a computer system. The threats from leakage and exposure are different as are the methods of auditing access and use. These differences must be clearly recognised and effectively addressed. An example is the ease with which 10,000 records can be stolen on a USB key compared with the same ‘truck-requiring’ effort with paper records.

NEHTA rightly recognises any perceived failures to protect ‘private information’ will have severe consequences for e-health adoption and use.

The crunch will come for NEHTA in ensuring that the Common Principles for the Collection and Handling of Health Information are implemented as robustly and effectively as the public expects.

The number of recent incidents where tens of thousands or patient records have been exposed by a number of healthcare organisations in the US (including the US Department of Veteran’s Affairs), and the public concerns regarding identity theft that have emerged, shows the basis of public concern has moved beyond having their secrets kept to anxiety regarding personal financial loss.

I also offer the following observations based on consultations I have had over the years with consumer and patient advocate bodies.

1. Persecution and discrimination involving the improper use of a range of private health information is not an infrequent experience among those with stigmatizing diseases (AIDS, Hep C, Mental Illness etc), particularly in the fields of employment and in the individuals access to various services. Thus the need for high levels of confidence and certainty against unauthorized disclosure is easily understood, as is the quite reasonable use of multiple identities to avoid exposure – computer systems must allow for this – or risk rejection by users.

2. The right to not know some things (e.g. possible genetic “doom”) is valued and must be respected.

3. People vary widely in the value they place on being able to keep some information secret (e.g. that they have had an abortion or an STD) and systems have to be sensitive to this variation to succeed.

4. Careful consultation with those on the outer (e.g. the mentally ill, the poor and the homeless) is vital to ensure a privacy underclass with little or no access to services is created.

5. Trust is not a commodity that is as widely available as it used to be – especially of government – and communication of what is happening in the area of Health Information Privacy is vital. Also there needs to be a high level of conservatism and a measured pace of change for success in implementation.

6. Most in the community support secondary use of information for research as long as they are aware the use is happening. This needs to be fostered by openness by the information holders about what research is being done and what the benefits may be.

The privacy issue is a serious ‘hot potato’. Every effort needs to be made to get it right in order for e-health to succeed. We can only hope NEHTA will adopt a sensitive, careful and consultative approach when it comes to implementation.

David.