Do I value the privacy of my health information? What do you mean?
- That if I email my doctor about an embarrassing symptom, only my doctor will read it?
- That only my doctor, my nurse and I have access to the information in my electronic medical record, including notes on our confidential conversations, prescriptions and test results?
- That my local drug store doesn't sell information about me to pharmaceutical companies?
- That if I hand over some genetic material – either by sending a hundred bucks and a cheek swab to a company or by spitting in a jar for a clinical trial at my hospital – only the results of those tests that I have agreed to will be shared and they will be shared only with me?
Survey after survey finds that we are concerned about the privacy of our health and health care information. But what exactly are we thinking about when we answer those general survey questions? What do we think will be revealed about us, to whom, and what will the consequences of those revelations be?
Most of us are confused about health information privacy. We overhear conversations about other patients in clinic hallways and can easily glimpse chart notes on other patients' prescriptions and treatments in the hospital. We assume that others have the same access to information about us. Our anxiety about privacy is stoked by revelations of medical information breaches: Unsecured laptops with thousands of patient records are left in McDonald's. Hacks and security lapses of hospital records and health plans are reported in the news daily. And who could've missed the news about Target's security breach that has affected millions of shoppers? If this weren't a problem for us, it wouldn't be in the news, right?
So we struggle to imagine the impact of a range of scenarios in which we lack or lose privacy. Does it mean my neighbor can find out intimate information about me on Facebook? Does it mean I can be blackmailed by some teenager in an eastern European country? Does it mean my employer will have access to my medical history and fire me because I am at high risk for another cancer?
We may not be able to envision the particular dangers, but the bank and retail data breaches we hear about daily provide templates for our trepidation: A stranger has access to my credit card or bank account and can steal all my money. If that stranger had access to all my health information, what could happen to me?
In the face of our confusion and inchoate anxiety, I've seen three types of responses from health stakeholders:
Surprise at our lack of outrage and opposition. Why aren't we picking our doctors and hospitals based on their privacy guarantees? This response comes from some health care leaders and advocates who can imagine some of the scenarios which might take place as our privacy erodes. They are concerned that we don't seem to get it, are puzzled that we are not more alarmed about the lack of health information security, and are frustrated that we don't demand more and better protection.
Dismissal of our concerns. "We are already using all your data from your EHR. We don't need your permission. Get over it." I have heard this response from system developers, vendors and health plan leaders whose focus on the functionality and marketability of their EHR or other record-keeping systems dwarfs the privacy concerns of individuals, especially when there are few consequences for violating them. They seem to think that our belief in health information privacy is naïve. For them, building secure systems that safeguard our privacy is a low priority, an unnecessary expense.
Annoyance that we still expect be asked to sign informed consent forms for tests, surgical procedures and clinical research when really, we should just donate whatever data those activities produce to the greater research enterprise and trust them to safeguard it while scientists use it to develop cures. I have heard this frequently from entrepreneurs and bio-tech start-up types whose app designs (and revenue models) depend on access to our data to bear fruit. For them, our selfish paranoia about the risks of donating our data to an iffy start-up company should be eclipsed by our altruistic urge to invest now in the possibility of discovering cures for our diseases in a distant future.
These responses don't bode well for any real institutional or commercial investment in ensuring that our information is secure. And they signal a leadership deficit that makes it unlikely that the public will ever gain a clear picture of the security status of our health information. To be fair, though, there probably won't ever be one approach to privacy. Constant churning in the development of health information technology with only intermittent attention paid to the privacy of patient information means there will be different privacy parameters depending on the source and that those may shift over time.
The privacy promised for my EHR will differ from the fitness monitor on my phone, which will differ from that of my data when I enter it into an online chronic disease affinity group website, which will differ from the protections offered for my genetic information in a clinical trial. And the privacy promised today may ebb and flow over time (and without notifying me) for system, regulatory and, oh, arbitrary and capricious reasons.
Tracking all this information, calculating the risks and benefits of the level of privacy and security for each and then acting according to one's own sensitivities is yet another task for those of us who are already caring for ourselves while juggling multiple sources of information and treatment providers. We can expect that current variations in the public's understanding of what is at risk in the erosion of our health information privacy will probably continue even in the face of well-meaning public education efforts to increase our vigilance.
Who knows how our concerns about patient privacy will take shape over time. My guess is that we will come to see our health privacy in much the same way we view patient safety: We will hear about a few egregious violations but most people will assume that they are unaffected. Similarly, most of us will probably adjust to some level of distrust and anxiety about the privacy of our health information and will act when its violation is imminent and the consequences are clear. But because most of us are well most of the time, the privacy of our health information will not be a high priority. We'll just take chance that the bad stuff won't happen to us.