Information Centre

Speeches and Articles

 
Date: 16-18 December 2000
Personal Data Privacy Issues of E-Medicine

by
Stephen KM LAU
Privacy Commissioner for Personal Data
Hong Kong SAR

at the
International Healthcare Conference
16 - 18 December 2000
Hong Kong Convention and Exhibition Centre




"Whatsoever things I see or hear concerning the life of men, in my attendance on the sick or even apart therefrom, which ought not be noised abroad, I will keep silence thereon, counting such things to be sacred secrets."

    - Oath of Hippocrates, 4th Century, B.C.E.

 

Introduction

In the 80's, E-Medicine (Electronic Medicine) mainly referred to the use of technology in isolated and non-integrated areas in the practice of medicine, from the computerized storage of patients' information and drug inventory, to diagnostic equipment like CAT scanners and laser devices.

From the mid 90's, with the ever-increasing pervasiveness of Internet, and the cost effectiveness of high speed telecommunications, multi-media technology and wireless access to electronic databases through mobile devices including mobile phones, E-medicine (as in E-commerce) is traversing space and time, and taking on new dimensions in consultation, diagnosis and remedial actions involving multiple parties.

The key to the effectiveness of E-medicine, supported by these enabling technologies, is the ready access to and availability of the patients' clinical information in a medical record database to all parties concerned.  While no doubt E-medicine would bring unprecedented benefits to the community, there are increasing and real concerns of information privacy risks to patients' records which are regarded by all as highly sensitive and personal.

Medical information privacy is not just about security.  It is about trust, which is an integral part of a therapeutic relationship.  Loss of confidentiality and trust would seriously erode the effectiveness of medical care.

To overcome such concerns, medical record databases should be designed and implemented with a set of data protection principles and fair information practice which govern the collection, access, use, disclosure and security of these sensitive records.

Benefits of a Medical Record Database

Safe, comprehensive, and cost-effective patient care depends on the provider's ability to obtain an accurate record of the patient's previous health care, including treatments and testing.  Without this information, tests may be repeated or previous results ignored, allergies may not be known, and information about drug regimens maybe miscommunicated.  Never is the need for rapid access to information more apparent than when a patient seeks emergency care.  When patients who are usually cared for at one institution go to the emergency department of another institution, there is reason to be concerned that missing information may result in less than optimal care.  Inappropriate care caused by lack of access to information may delay diagnosis and result in improper therapy and increased health care costs.  In the emergency care of an unconscious patient lifesaving information may be unavailable.

The creation of a large database would also allow researchers to track certain diseases as well as to patients' responses to certain drugs.  This information could be valuable to advance public health and effective research for new drugs.

The creation of these databases would allow for better organization and more legibility of medical files.  Since elaborate security systems can be developed to monitor these medical databases, electronic records may actually be more secure than paper records.

Privacy Risks of a Medical Record Database

Besides information the individual's physical health, a medical record may include information about family relationships, sexual behavior, substance abuse, and even the private thoughts and feelings that come with psychotherapy. 

Information from a medical record may influence an individual's credit, admission to educational institutions, and employment.  It may also affect the ability to get health insurance, or the rates for coverage.

With the creation of Medical databases many individuals have expressed some apprehension as these and other information begin to become computerized.  There is a fear that computerized records will allow many more people legitimately accessing medical records.  The tendency for "function creep" could lead to authorized users to use the data for unauthorized purposes.

Recent US Surveys Reveal Serious Privacy Concerns

Sponsored by California HealthCare Foundation, a survey conducted by Princeton Survey Research Associates, January 1999 revealed:
 

  • One in five American adults believes that a health care provider, insurance plan, government agency or employer has improperly disclosed personal medical information.  Half of these people believe that it resulted in personal embarrassment or harm.
  • One in six Americans has done something out of the ordinary to keep personal medical information confidential.  To protect their privacy and avoid embarrassment, stigma, and discrimination, people withhold information from their health care providers or provide inaccurate information.
  • Two out of three U.S. adults say they don't trust health plans and government programs, such as Medicare, to maintain confidentially all or most of the time.


Another California HealthCare Foundation survey conducted by Cyber Dialogue, January 2000 showed that:
 

  • Seventy-five percent of people are concerned about health Web sites sharing information without their permission.
  • A significant percentage of people do not and will not engage in certain health-related activities online because of their concerns about privacy and security.  Forty percent of people will not give a doctor online access to their medical records; twenty-five percent will not buy or refill prescriptions; and sixteen percent will not register at sites.
  • Seventeen percent of people don't even go online merely to seek health information due to their concerns over privacy.


The Hong Kong Personal Data (Privacy) Ordinance

In Hong Kong, personal data are legally protected by the introduction of the Personal Data (Privacy) Ordinance (PD(P)O) in 1995.  Its objectives are two-fold:

- to protect the individual's right to privacy with respect to personal data; and

- to safeguard the free flow of personal data to Hong Kong from restrictions by countries that already have data protection laws.

The second objective, interestingly, relates to our economy.  Given the momentum of globalized trade and services, the European Union, comprising 15 European nations, decreed in 1998 that, unless there is adequate protection for personal data in third countries with which the European Union trades, cross-border transfer of personal data could be interfered with or even stopped between the European Union and other countries.  Hong Kong, given that our economic life-blood is our international trade and services, we cannot afford to be competitively disadvantaged if we do not have a legal data protection regime adequate to meet this European Union directive.

To fully understand and comprehend the essence of the Ordinance, it is essential to be acquainted with the data protection principles as stipulated in the Ordinance.  These data protection principles are the cornerstone of all similar data protection laws in different countries.  Universal in nature and recognition, these principles are generally based on a set of OECD guidelines promulgated in 1981 to provide a framework for the protection of the collection and use of personal data.

Six data protection principles are enshrined in the PD(P)O:

Principle 1 - Purpose and manner of collection

  •  this provides for the lawful and fair collection of personal data and sets out the information a data user must give to a data subject when collecting personal data from the subject.


Principle 2 - Accuracy and duration of retention

  • this provides that personal data should be accurate, up-to-date and kept no longer than necessary.


Principle 3 - Use of personal data

  • this provides that unless the data subject gives consent otherwise personal data should be used for the purposes for which they were collected or a directly related purpose.


Principle 4 - Security of personal data

  •  this requires appropriate security measures to be applied to personal data.


Principle 5 - Information to be generally available

  •  this provides for openness by data users about the kinds of personal data they hold and the main purposes for which personal data are used.  In other words, there should be a data privacy policy.


Principle 6 - Access to personal data

  •  this provides for individuals to have rights of access to and correction of their personal data.


Safeguarding Privacy with a Medical Record Database

Given the significant privacy concerns associated with medical data, the planning, development, implementation and operation of a medical record database should have the following considerations:

1. Privacy Impact Assessment (PIA)

 A Privacy Impact Assessment study should be conducted in the planning stage.  PIA is an assessment of any actual or potential effects that the activity or proposal may have an individual's privacy and the ways in which any adverse effects may be mitigated.  Such studies should also be conducted at different stages of the implementation of a medical record database, e.g. the detailed design of a web-enabled system, the introduction of new applications which access the database.

2. A Code of Practice

 While the PD(P)O provides for the legal protection of personal data in a medical record database, it is relevant to develop a code of practice with specific guidelines to the operations of such a database.  These specific guidelines incorporate the data protection principles stipulated in the Ordinance as well as fair information practice principles in view of the sensitivity of medical data.  These principles should include:

 Openness The individual should know their inherent rights with regard to their medical data, what information the database contains, and how it will be used.

 Informed Consent Apart from the primary use of the medical data for the purpose of clinical benefits, all other and additional uses and disclosure of data should be subject to the prior and informed consent of the individual.

 Security Adequate security features including appropriate hardware, software, data encryption and administrative measures are required to prevent unauthorized or accidental access to and disclosure of data in the database, to preserve data confidentiality, integrity and accuracy.

 Right of Access The individual must be provided with the means to access and 
 and Correction interpret his or her data in the database, as well as up-to-date information of the identity of third parties who have accessed his or her data and for what purposes.

 Sensitivity Some severely sensitive medical data, e.g. the psychotherapeutic relationship is of such severe sensitivity as to require special recognition as a domain of absolute privacy.

 Accountability Non-compliance to the Code of Practice should be accompanied by appropriate sanctions and penalties.

 Public Responsibility Exemption to the Code should be provided as the right to privacy is not absolute and should be balanced with the collective right of a society, viz public interest.  These exemptions, usually related to disclosure of data to support public health and research, and fight against healthcare fraud and abuse, should be stated clearly and precisely.

3. Independent Overseeing Mechanism

 An entity, independent from the organizations operating and accessing the medical record database, should have the responsibility to monitor compliance with the Code of Practice.  It should have the power to investigate complaints and enforce corrective actions.

References

1. Personal Data (Privacy) Ordinance, http://www.pcpd.org.hk
2. Electronic Privacy Information Center, http://www.epic.org
3. Model State Public Health Privacy Project, http://www.critpath.org
4. National Coalition for Patient Right, http://www.nationalcpr.org
 

 

Back to top

End of Page

[Media Statement] [Speeches, Articles & Papers] [Exhibition Materials] [Other Related Websites] [Archive] [Other Resources] [On-line Self Training] [Submissions to Public Consultation] [Privacy Commissioner's response following former Deputy Commissioner's conviction] [Response to the loss of medical data by Department of Health] [Privacy Commissioner commits himself to securing patients' data] [Privacy Commissioner commences inspection against Hospital Authority] [Response to data leakage by Immigration Department] [Response to data loss by HSBC] [Privacy is Your Business International Privacy Video Competition] [Privacy Commissioner strives to promote protection of personal data privacy] [Response following former Deputy Commissioner's conviction] [The Privacy Commissioner's clarification on criminalizing data leakage] [The Privacy Commissioner responds to media report today that] [Response to data leakage by the Police] [Progress of Inspection Against Hospital Authority] [The Director of Immigration Department signed formal undertaking] [Speech by Privacy Commissioner at the special meeting of Legislative Council Panel on Home Affairs] [Response to data loss incidents by The Hongkong and Shanghai Banking Corporation Limited] [The Privacy Commissioner completes the Inspection of the Hospital Authority's Personal Data System] [Privacy Commissioner Publishes Inspection Report on Hospital Authority] [Privacy Commissioner explains recommendations on the protection of patients' data privacy] [Privacy Commissioner accepts an Undertaking by HSBC] [Privacy is Your Business International Privacy Video Competition Prize Presentation Ceremony] [Response to Judgment of judicial review application by Cathay Pacific] [Privacy Commissioner welcomes HA's effort to enhance patient data privacy] [Statement by the Privacy Commissioner Following the Judgment made in HCAL 50/2008] [PCPD received a letter from CX Flight Attendants Union] [Impact of Technology on Data Privacy] [Privacy Commissioner responds to taxi industry's proposal of installing CCTVs in taxis] [United Christian Hospital's loss of patients' data] [Privacy Commissioner hosts the 31st APPA Forum] [Privacy Commissioner urges job seekers to be careful when providing personal data] [Launch of a booklet on protection of personal data] [Investigation Report: Employer Collecting Employees' Fingerprint Data for Attendance Purpose] [The Recruitment of Deputy Privacy Commissioner (DPC)] [Response to Media Report on the Use of Fingerprint Recognition System by a School] [Privacy Commissioner Responds to Public Enquiries about the Issue of] [Investigation Report: Tutorial Centre Using a Student's Results Notice for Promotion without the Student's Consent] [Privacy Commissioner Welcomes Hospital Authority's New Measures on the Protection of Patients' Personal Data] [Investigation Report: Food Company Collecting Participants' Personal Data in Lucky Draw Activity] [Privacy Commissioner Responds to] [The need to ensure that individuals are identified by the correct personal identifiers: the case of identification of new born babies] [Public Consultation on Ordinance Review] [] [Response to Media Report on Searching for Others' Personal Data on the Internet] [Privacy Commissioner attended the 31st International Conference of Data Protection and Privacy Commissioners] [Response to Media Enquiries] [The "Value-for-money" Audit Report on PCPD issued by the Director of AuditThe] [Protective measures taken by the Hospital Authority which enhance the protection of new born babies and the accuracy of their personal data] [The Privacy Commissioner issued two investigation reports on data access request fee charged by data users and the proper handling of personal data transferred by data users to their debt collection agency] [A personal statement by Roderick Woo, the Privacy Commissioner] [Office of the Privacy Commissioner for Personal Data's Annual Report won international awards for three consecutive years] [Privacy Commissioner Launches Privacy Awareness Week 2010] [Response to recent discussion about third parties' requests for patients data] [Opinion Survey: Senior Citizens' Attitudes and Perceptions towards Personal Data Privacy] [Public Seminar on] [Privacy Campaign for Insurers] [Google collected Wi-Fi data] [Google collected Wi-Fi data in Hong Kong] [Google collected Wi-Fi data in Hong Kong] [Privacy Commissioner attended the 33rd Asia Pacific Privacy Authorities Forum] [Privacy Commissioner responds to a local magazine's editorial on privacy issues] [Privacy Commissioner Publishes Guidance Note on Data Breach Handling and the Giving of Breach Notifications] [Privacy Commissioner responds to an opinion survey report on Octopus cards and privacy issues] [Privacy Commissioner's Finding against HSBC was set aside by the Administrative Appeals Board] [The Personal Data (Privacy) Ordinance and Octopus Card System] [Privacy Commissioner initiates investigation on the Octopus] [Privacy Commissioner Publishes Information Leaflet on Privacy Impact Assessment] [Privacy Commissioner published new revised edition of a book to provide in-depth interpretation] [The Privacy Commissioner gives interim report on the investigation of Octopus] [The Privacy Commissioner Completed the Compliance Check on Google's Collection of Wi-Fi Payload Data] [The Privacy Commissioner has completed a Privacy Compliance Assessment Report on the Smart Identity Card System] [Collection of Visitors' Fingerprint Data by a Theme Park] [Investigation Report: Beauty Centre Transferring a Client's Personal Data to a Third Party without the Client's Consent] [Hong Kong Letter - Roderick Woo, Privacy Commissioner for Personal Data] [Mr. Allan Chiang took office as Privacy Commissioner] [A short video introducing the Personal Data (Privacy) Ordinance] [Privacy Commissioner reminds data users of the requirements of the Ordinance when engaging direct marketing activities] [PCPD joined APEC Cross-border Privacy Enforcement Arrangement] [Privacy Commissioner discussed organizations’ collection and use of personal data for direct marketing with a political commentary group] [Amended Data Access Request Form takes effect] [Response to media reports on the attendance records of the Personal Data (Privacy) Advisory Committee] [Privacy Commissioner completed investigation on Octopus Holdings Ltd] [Multi-media Information] [Investigation Report – Octopus Rewards Program] [Privacy Commissioner publishes Guidance on the Collection and Use of Personal Data in Direct Marketing] [Privacy Commissioner responds to Government's proposals on Review of the Personal Data (Privacy) Ordinance] [PCPD's Statement regarding investigations into the Octopus Group of Companies] [Hong Kong Letter - Allan Chiang, Privacy Commissioner for Personal Data] [Investigation Report: A Telecommunications Company Authorized Another Company to Conduct Telemarketing] [A Personal Statement by Mr. Allan CHIANG in response to media reports on his handling of a personal data privacy case when he was Postmaster General in 2005] [A Personal Statement by Mr. Allan CHIANG in response to media reports on his handling of personal data privacy cases when he was Postmaster General from 2003 to 2006] [Online Survey of the] [PCPD's Submission in response to Report on Public Consultation on Review of the Personal Data (Privacy) Ordinance] [The Sharing of Mortgage Data for Credit Assessment] [Public Forum on Proposed Revisions to the Code of Practice on Consumer Credit Data] [Privacy concerns about resumption of Google Street View car operation] [Public Consultation on the Sharing of Mortgage Data for Credit Assessment Ended] [Consumer Roadshow on Protection of Personal Data] [Consultation Report on the Sharing of Mortgage Data for Credit Assessment] [Amendments to Code of Practice on Consumer Credit Data To Take Effect]

[About PCPD] [The Ordinance] [PCPD Activities] [Information Centre] [Personal Data Privacy Liberal Studies] [Privacy Zone for Youngsters]
[Publications & Videos] [Enquiries & Complaints] [Case Notes] [Contact Us] [Search] [Site Directory] [Graphical Version]
[Chinese Version]

Notice/Copyright 2001 Office of the Privacy Commissioner for Personal Data, Hong Kong. All rights reserved. Disclaimer