Abstract
Advances in information technology, be it by way of social media or use of the electronic medical information systems, has changed the way we deal with patient confidential information. The hitherto clear professional relationship with the patient has been blurred using social media, just like the unprecedented rate at which electronic health information is used to access and share patient's confidential information among healthcare professionals. However, given the special professional relationship of confidence which traditionally bonds the healthcare practitioner with the patient, use of these technologies by the healthcare professionals portends the risk of breach of that duty of confidentiality. Although the patient's right to demand confidentiality of his information is not absolute, an unlawful breach could result in a crime, actionable tort, or become a subject of disciplinary action. This chapter undertakes a general review of the benefits and dangers of embracing these new information technologies and their impact on the confidentiality of sensitive health data.
TopIntroduction
Advances in information technology have led to diverse impact on patient experience in healthcare (Rauv, 2017). Information technology, be it by way of social media, use of the electronic medical information systems or web-based other smart applications/tools is, therefore, a welcome idea. Its use heralds numerous far-reaching benefits for health communication between and among the public, patients, and health professionals. However, it also has changed the way we deal with confidential patient information. The impact of technology on non-financial outcomes such as patient satisfaction and quality is gaining interest (Wallwiener, Wallwiener, Kansy, Seeger, & Rajab, 2009). Information is the lifeblood of modern medicine, while the health information technology (HIT) infrastructure could be considered as its circulatory system. Without that system, neither individual physicians nor health care institutions can perform at their best or deliver the highest-quality care (Wallwiener et al., 2009).
Health information technology (IT) has the potential to improve the health of individuals and the performance of providers, yielding improved quality, cost savings, and greater engagement by patients in their own health care (Buntin, Burke, Hoaglin, & Blumenthal, 2011). As the transition of healthcare from paper to an increasingly electronic world ensues, a new debate over privacy of individually identifiable health information has emerged. The concept of privacy and confidentiality ensures a win-win situation for both the patient and the healthcare professional. Healthcare professionals need the confident patient to divulge all pertinent information necessary for diagnosing and treating the patient, while the patients need to feel confident that they can receive needed health care without the risk that their private information will be inappropriately disclosed. Any such concerns might result in withholding of information and lead to potentially negative clinical consequences (Kuhn, 2011).
Major sources of disagreement over privacy issues can sometimes be traced back to the use of different definitions for key terms. Therefore, it would be proper to define the terms with a view avoiding confusion during the discussion in the subsequent sections. Many at times, we feel tempted to use the terms “privacy” and “confidentiality” interchangeably as if they bear one and the same meaning or connotation. The terms privacy and confidentiality are sometimes distinguished on the basis that privacy refers to physical matters, while confidentiality refers to informational material (Goodman, Miller, & Informatics, 2006). In other words, the right to privacy is the limitation placed on the right of others to have access to information about, or the physical space, of an individual (James, 1975). It should be noted that the privacy limitation placed on information is regarding unlawful access rather than its unlawful sharing with (or disclosure to) third parties, which comes within the ambit of confidentiality.
Conversely, confidentiality is simply, the duty to maintain patient’s private information revealed during a professional relationship (Folkman, 2000). The information sought to be protected must be unique to that particular patient (as opposed to information that could be attributable to any person qua person) (Everstine et al., 1980). The lawful access to patient’s private data or other similar information of this kind, therefore, creates an obligation in, or a commitment by the healthcare professionals to keep that data in confidence (Parent, 1983).
Privacy is the right of patients for their personal information not to be accessed and divulged (disclosed) to others, while confidentiality is the obligation of all holders of Individually Identifiable Health Information (IIHI) to protect the information according to the privacy interests of the patients to whom the information relates (US Department of Health and Human Services, 2001). A patient expects (trusts) that data that have been shared with a provider will not be further shared inappropriately. On the other hand, individually identifiable health information is any health data or record that could be correlated with a particular individual (Kuhn, 2011).
Key Terms in this Chapter
mHealth (mobile health): The use of mobile phones or other wireless (mobile) technology in healthcare, medical practice or public health.
General Data Protection Regulation (GDPR): A legal framework that sets guidelines for the collection and processing of personal information from individuals who live in the European Union.
Privacy: The right of individuals, in the exercise of their autonomy, to control access to their private personal information by others.
Personal Data: Any information or different pieces of information that relates to a particular identified or identifiable living individual.
EHealth: A novel technological concept that enables an electronic delivery of healthcare services online via the Internet.
Health Information Technology (IT): Information technology applied to health and health care.
Data Controller: A person, or an organization that determines the purpose and means of collecting and processing a person’s personal data. For example, in the case of health information systems, the person responsible for deciding what data are collected, the purpose for its use, and the way and manner it may be processed.
Electronic Health Information System: An electronic system used by healthcare facilities to collect, store, manage and share a patient's electronic health or medical records for the purpose of patient care, research and quality management.
Social media: Websites and applications that enable users to create and share content or to participate in social networking.
Individually Identifiable Health Information (IIHI): Information, including demographic data, that relates to: the individual’s physical or mental health or condition (past, present or future), the provision of health care (including the payment therefor) to the individual that identifies (or for which there is a reasonable basis to believe it can be used to identify) the individual (See 45 C.F.R. § 160.103 HIPAA).
Electronic Health Records: An electronic form of the patient's paper-based medical or health record that can be instantaneously made securely and promptly available to authorized persons.
Confidentiality: Literally, it is the state of keeping or being kept secret or private. In medical practice, confidentiality is the duty to keep and/or maintain (not to unlawfully disclose to third person) the patient’s private information (secrets) revealed during a professional relationship.