For example, individuals or social groups that are repeatedly used in research may have different reactions to its procedures than those who have not had this experience. (Anthropologists are especially familiar with this effect.) Such developments may later have an effect on the research process itself.Google Scholar

45 C.F.R. § 46.111 (1991).Google Scholar

Lyon, D., The Electronic Eye: The Rise of Surveillance Society (Minneapolis: University of Minnesota Press, 1994): At 47.Google Scholar

Report of the National Committee on Health and Vital Statistics, Core Health Data Elements (Washington, D.C.: U.S. Department of Health and Human Services, Aug. 1996).Google Scholar

Health Insurance Portability and Accountability Act of 1996, Pub. L. No. 104-191, 110 Stat. 1936 (codified as amended in scattered sections of U.S.C. and I.R.C.) (1996). The Act mandates the assignment of identifiers to health providers, health plans, employers, and individual patients. The provision regarding assignment of unique patient identifiers is strongly opposed by the American Civil Liberties Union and the National Coalition for Patient Rights.Google Scholar

Hearing of NCVHS Subcommittee on Confidentiality and Privacy, (Jan. 13, 1997).Google Scholar

Id. at 22–23.Google Scholar

Administrators in the management sector claim a right of access to patient records by virtue of their status. Similarly, physicians in the clinical sector are often given broad access to patient records by virtue of their status, even though they bear no responsibility for the care of most of the patients in the data base.Google Scholar

Lasalandra, M., “Privacy Issue Raised in Med Record Release,” Boston Herald, Mar. 14, 1997, at 10; and Lasalandra, M., “Panel Told Releases of Med Records Hurt Privacy,” Boston Herald, Mar. 20, 1997, at 35.Google Scholar

“Every holder maintaining personal data shall:—(1) not collect or maintain more personal data than are reasonably necessary for the performance of the holder's statutory functions.” Mass. Gen. Laws ch. 66A § 2(1) (1996).Google Scholar

Mass. Regs. Code tit. 801, § 3.03 (1993). The Code states that: “any holder intending to establish any personal data system shall provide notices in generally read newspapers in communities throughout the Commonwealth, and shall take reasonable means of drawing attention to such system prior to its establishment.”Google Scholar

Mass. Gen. Laws ch. 30, § 63 (1996).Google Scholar

Session of the Joint Committee on Health Care, Massachusetts State Legislature, (Mar. 19, 1997) (testimony of Shelby Solomon, vice president, Medstat Group). Medstat is the private firm that handles the GIC health care data base.Google Scholar

Session of the Joint Committee on Health Care, Massachusetts State Legislature, (Mar. 19, 1997) (testimony of Latanya Sweeney, computer scientist, Massachusetts Institute of Technology).Google Scholar

Health Economic Research refuses to reveal the firm's name on grounds of client confidentiality.Google Scholar

Chandler, Harriet, Privacy & Confidentiality: Is It a Privilege of the Past?, Address to the Massachusetts Medical Society's Annual Meeting, Boston, Mass. (May 17, 1997).Google Scholar

Interview with Kaufman, Jay, Massachusetts State Representative, in Boston, Mass. (Aug. 22, 1997). GIC has emphasized the steps it has taken to protect the data base from outsiders. But generally, the greatest threats to confidentiality come from insiders with authorized access. Examples involving state employees include a case in Maryland where employees of the state Medicaid agency sold information about identified patients to several health maintenance organizations (HMOs). See Valentine, P.W., “Medicaid Bribery Alleged: HMOs, Md. Agency Implicated by State,” Washington Post, June 14, 1995, at B1. In another case, in Florida, a state public health employee publicly revealed information about individuals with AIDS. See Hegarty, S. and Landry, S., “‘It Has Basically Ruined My Life,”’ St. Petersburg Times, Sept. 21, 1996, at 1A.Google Scholar

Richard Turkington calls these blanket consents “the black hole of confidentiality.” See Turkington, R.C., “Medical Record Confidentiality Law, Scientific Research, and Data Collection in the Information Age,” Journal of Law, Medicine & Ethics, 25 (1997): At 115.CrossRefGoogle Scholar

Faden, R.R. and Beauchamp, T.L., A History and Theory of Informed Consent (New York: Oxford University Press, 1986): At 274.Google Scholar

A great deal of research is being done with records whose contents have not been independently verified. The use of billing records is especially problematic, because they are not intended for research purposes.Google Scholar

The minimization of data collection is a key principle of the doctrine of “fair information practices.” Clauses requiring the minimization of data collection have been placed in a number of federal and state statutes and regulations since the 1970s. Unfortunately, they appear to have had little effect. Data collectors interpret these statutes as they wish or simply ignore them. The statutes generally fail to provide mechanisms by which an authority external to the data collector can interpret and enforce their provisions.Google Scholar

Many states regard the sale of personal data as a legitimate revenue source. The availability of these official data bases to the public provides opportunities for their linkage with data bases that contain deidentified data, thereby facilitating the re-identification of the deidentified data subjects. This complicates the task of protecting the privacy of the subjects of medical data bases. See Sweeney, L., “Weaving Technology and Policy Together to Maintain Confidentiality,” Journal of Law, Medicine & Ethics, 25 (1997): 98–110.CrossRefGoogle Scholar

Andrews, L., “Body Science,” ABA Journal, Apr. 1997, at 47.Google Scholar

Gostin, L.O., “Health Information Privacy,” Cornell Law Review, 80 (1995): At 514–15.Google Scholar

In a letter in the Journal of the American Medical Association, Gostin, Lawrence et al. wrote: “The Kennedy-Kassebaum act facilitates public use of health information, while it neglects individual rights to privacy.” Gostin, L.O. et al., letter, JAMA, 276 (1996): At 1138. While Gostin referred to “each person's interest in privacy” in his 1995 article (supra note 26), in this letter the phrase “individual rights” is used.Google Scholar

National Committee on Vital and Health Statistics, Health Privacy and Confidentiality Recommendations, (issued June 25, 1997) <http://aspe.os.dhhs.gov/ncvhs/privrecs.htm> (emphasis added). NCVHS's position is in stark contrast to that taken in a 1995 consensus statement of a working group convened by the National Institutes of Health and the Centers for Disease Control. See Clayton, E.W. et al., “Informed Consent for Genetic Research on Stored Tissue Samples,” JAMA, 274 (1995): 1786–92. The authors state: “[C]onsent cannot be waived on the simple assertion that seeking it would be tedious, burdensome or costly.” See id. at 1787. And further: “Public commitment to obtaining consent for research promotes the willingness of people to seek medical care because patients can be reassured that they do not give up their right to decide whether to participate in research when they enter the health care system.” Id.Google Scholar

Legal scholar Marjorie Shultz has commented: “Respectable researchers and IRBs will employ this provision rarely—perhaps, for instance, when subjects are dead and no concerns relevant to survivors appear. But the code's language is sufficiently elastic to allow broader uses that do raise ethical questions.” Shultz, M., “Legal and Ethical Considerations in Securing Consent to Epidemiologic Research in the United States,” in Coughlin, S.S. and Beauchamp, T.L., eds., Ethics and Epidemiology (Oxford: Oxford University Press, 1996): At 102.Google Scholar

Lowrance, W.W., Privacy and Health Research, A Report to the U.S. Secretary of Health and Human Services (Washington, D.C.: U.S. Department of Health and Human Services, May 1997). Lowrance states: “A universally endorsed ethical precept is that it is permissible to collect and use personally identifiable data, if the data-subject agrees to the conditions of data protection and use. The ideal is prior, informed, freely granted, specific consent.” Id. at 39. The NCVHS report signals an erosion of this “universally endorsed ethical precept.”Google Scholar

Id. at 66–67. Lowrance writes that his scheme “is proposed … in the hope that it will attract discussion and development.” Some aspects of the scheme would, in my view, perpetuate the deficiencies of current practices.Google Scholar

Id. at 41–42.Google Scholar

See Shultz, , supra note 29, at 106.Google Scholar

The federal regulations define “research” as “a systematic investigation, including research development, testing and evaluation, designed to develop or contribute to generalizable knowledge.” 45 C.F.R. § 46.102(d) (1991).Google Scholar

Bill, Leahy, 104th Cong. §323 (1996). The draft bill contains many provisions that privacy advocates favor.Google Scholar

See Sweeney, , supra note 23. Senator Patrick Leahy's legislative assistant Maggie Whitney acknowledges that the notion of “identifiability” is a “moving target” and hopes that the problems with the definitions in the draft bill can be remedied through further consultations and in the hearing process. Telephone interview with Maggie Whitney, legislative assistant to Senator Patrick Leahy (D-Vt.) (Aug. 30, 1997).Google Scholar

Saffir, B.J., “Senate Bill Aims to Curb On-line Data: Social Security Numbers Shielded,” Boston Globe, Apr. 17, 1997, at A3.Google Scholar

Md. Code Ann., Health Gen. II § 19-1501-1515 (1995 Supp.); 22 Md. Reg. 1680-7 (Oct. 27, 1995); and 23 Md. Reg. 26-8 (Jan. 5, 1996).Google Scholar

Exact date of birth and race were eliminated in 1996. See 23 Md. Reg. 964-5 (June 21, 1996); and 23 Md. Reg. 1423 (Sept. 27, 1996).Google Scholar

Further deidentification strategies are suggested by Boruch, R.F., “Methods for Resolving Privacy Problems in Social Research,” in Beauchamp, T.L. et al., eds., Ethical Issues in Social Science Research (Baltimore: Johns Hopkins University Press, 1982): 292–314; and Walker, A.M., “Generic Data,” Pharmacoepidemiology and Drug Safety, 4 (1995): 265–67.Google Scholar

Markoff, J., “Patient Files Turn Up in Used Computer,” New York Times, Apr. 4, 1997, at A14.Google Scholar

Documentation obtained under the Freedom of Information Act (on file with the author).Google Scholar

The news report states “Dan Valentine of Jen said the names are not absolutely needed for the job….” Lasalandra, M., “Critics Rap Release of Med Records to Consultants,” Boston Herald, Mar. 26, 1997, at 10.Google Scholar

For examples of improper behavior involving government data bases of identifiable medical information, see supra note 17. One of the cases involves the sale of data to commercial entities, the other a harmful disclosure of the identities of persons with AIDS. Shultz criticizes the exemptions in the federal regulations that appear to permit transfers of this kind. “The message they convey—that government can avoid ethical requirements for research on its own programs—is troubling at both administrative and symbolic levels.” See Shultz, , supra note 29, at 102–03.Google Scholar

Tarlov, A.R., Comprehensive Health Data, Address to the Eighteenth Annual Meeting, Massachusetts Health Data Consortium, Boston, Mass. (Dec. 13, 1995).Google Scholar

McCarthy, C.R., “Confidentiality: The Protection of Personal Health Data in Epidemiological and Clinical Research Trials,” in Bankowski, Z., Bryant, J.H. and Last, J.M., eds., Ethics and Epidemiology: International Guidelines (Geneva: Council for International Organizations of Medical Sciences, 1991): At 59–63.Google Scholar

Shalala, Donna E., Address at the National Press Club, Washington, D.C. (July 31, 1997).Google Scholar

The philosopher Hans Jonas took the position that the benefits to health produced by research are desirable, but that the production of such results is properly regarded as an optional service rather than as an obligatory duty. See Jonas, H., “Philosophical Reflections on Experimenting with Human Subjects,” Daedalus, 98 (1969): 219–45.Google Scholar

In a talk at a 1996 Harvard-sponsored course on patient confidentiality, Dr. Lisa Simpson, deputy administrator of the Agency for Health Care Policy and Research, urged that the collection of data for clinical performance research and outcomes research be integrated into every clinical encounter as a fundamental aspect of the care process itself. Lisa Simpson, Remarks at Seminar: Patient Confidentiality, Enhancing the Power and Privacy of Medical Information, Cambridge, Mass. (Sept. 30–Oct. 1, 1996).Google Scholar

Mass. Gen. Laws ch. 111, § 70(E) (1996).Google Scholar

If law enforcement officials have their way, the medical record will not only be a tool that can be used routinely by researchers, but also a tool used routinely for law enforcement. NCVHS's report to Secretary Shalala emphasizes that representatives of the Department of Justice and the DHHS Inspector General in testimony at the NCVHS hearings expressed unwillingness to restrict the use they might make of medical record information against a record subject. See National Committee on Vital and Health Statistics, supra note 28. The report also points out that a provision in HIPAA allows the U.S. attorney general to issue an administrative subpoena for any health record in the U.S. medical system in connection with a health care fraud investigation. It concludes: “If law enforcement agencies can obtain health records—especially in fraud and abuse investigations—and can use those records to put the patient in jail based on disclosures made by the patient to the physician, then little is left of the notion of health privacy.” Id.Google Scholar

See also the concluding comments in Woodward, B., “The Computer-Based Patient Record and Confidentiality,” N. Engl. J. Med., 333 (1995): At 1421–22.CrossRefGoogle Scholar

There is no professional correspondence in the house. That would raise other issues.Google Scholar

The notion that privacy rights should be “balanced” against the social good raises many difficult conceptual and practical issues, which cannot be addressed here. In general, privacy rights should be overridden only to prevent a serious harm, not to promote the general welfare. If the latter is permitted, privacy rights tend to disappear.Google Scholar