Transparency is no substitute for informed consent in health records privacy

William Pewen wrote a terrific commentary a few weeks ago. If you didn’t read it, read it now. Here’s a snippet:

Unfortunately, the congressional approach to medical records has failed to be a truly patient-centered one. Republicans largely view medical information through a business lens and assert that the marketplace will be self-correcting; many Democrats have been convinced to accept risk of individual harm by the promise of scientific progress and resulting improvements in public health. The result is that lobbying on both fronts has eroded an ethical foundation built on bulwarks such as the Hippocratic Oath, the Nuremberg Code, and the Helsinki Declaration. The full ramifications of that erosion have an insidious impact upon civil rights and require a more comprehensive treatment.

Suffice it to say, the public’s interest in medical records has often been subordinated to lobbying by health sector interests in recent years. This occurs at the same time that health IT promises to increase information exchange exponentially, raising the stakes. Two prerequisites to implementation should be obvious – data must be appropriately secured and restricted, and uses without consent must be limited to those that are necessary. In the absence of patient consent, access to medical data should follow the principle of need to know, not want to use.

Not surprisingly, I agree with him and have felt like a broken record repeating the mantra that entities need consent to share information or data. Informed consent (not just unknowing consent as might occur when a patient signs a bunch of papers so they can get in to see the doctor when they’re ill) is a cornerstone of trust between patient and doctor. Some of the most vociferous advocates on this issue are all professionals who are or who have been clinicians. That politicians and business people who are not health care professionals trained in the concept of privacy and confidentiality don’t fully “get it” does not surprise me, but it scares me as they have more clout on a day-to-day basis than those of us who are trying to get the adoption of new technologies to be privacy- and patient-centric.

Today, Frank Pasquale writes about a shift from a consent-based paradigm to a transparency paradigm. He writes, in part:

A collective commitment to privacy is far more valuable than a private, transactional approach that all but guarantees a race to the bottom. If such a collective commitment does not materialize, record systems will only deserve trust if they become as transparent as the patients and research subjects they profile. Given corporate assertion of trade secrecy (and even privacy rights), reciprocal transparency will not be easy to achieve. Nevertheless, repeated breaches, fraud, and data meltdowns in the US should provoke an alliance of socially responsible researchers to lobby the US government to set minimal standards of reciprocal transparency and auditing. Consumers can only trust innovators if they can understand what is being done with data. As we become “transparent citizens” (as Joel Reidenberg puts it), we should demand that the corporate, university, and governmental authors of that trend reciprocate, and become more open about the data they gather.

While that may sound reasonable, it is unsatisfactory, as transparency and audits are not a substitute for informed consent. They are helpful and they are important, but they are not a substitute for consent.

It is clear that people are still trying to do an end-run around consent by offering alternatives that make lack of consent more palatable. But those approaches are simply not consistent with the oath we take to keep what we learn about a patient confidential and private – an oath most of us take pretty damned seriously.