Letters to the Editor
This site is supported by Health ONE
CONFIDENCE ON CONFIDENTIALITY - SOME CURRENT ISSUES
The 1999 SMA Lecture(1) by Mr Choo Han Teck, Judicial Commissioner, examined the legal aspects of medical confidentiality and the philosophical basis of rights and duties of the individual and society. It provides a ethical framework to reflect on some current issues of confidentiality confronting the medical profession - issues arising from the pervasiveness of commercial forces, burgeoning healthcare technologies and the increasing demand for healthcare information from third parties for audit and research.
These current issues are discussed under the four principles governing confidentiality - that information should not be disclosed unless in the course of care of the patient, with the patient’s consent, under statutory compulsion, and in situations with strongly countervailing public interest.
course of care of the patient
The concern that a nation-wide integrated EMR in Singapore, called ‘central healthcare database infringes privacy’ was the subject of a Straits Times reader’s letter published on August 19 1999. The Ministry of Health assured in a reply on the 28 August 1999 that ‘various pertinent issues including the ethical, security and legal aspects as well as patient confidentiality are being looked into before the system is implemented’.
The proposed system in Singapore aims to achieve closer integration between the EMR of the primary care providers and the hospitals to provide ‘better healthcare for all’. There is however the inevitable trade-off brought on by such aggregation of information viz. between ease of access versus security of the record, between timeliness in situation when expressed consent is not possible, versus the need for consent based on specific needs/time period. Thirdly there is also the utility of keeping only clinically significant records versus the temptation of accumulating detailed data from all sources.
Until these issues regarding confidentiality are ironed out, it may be prudent to implement integrated EMR on a limited basis on critical information, like drug allergies, and comprehensively only on an ‘opt-in’ bases to benefit those with complex medical conditions. A submission on the same subject by the American Medical Association in 1997 to a subcommittee of the US National Committee on vital and health statistics provides a good overview of these issues(2).
Though Information technology wizardry and legal reforms may provide best-fit solutions to some of the above problems, the medical profession must also keep its house in order. Rind et al(3) cautioned that the most common threat to confidentiality is the inappropriate accessing of information by authorised healthcare providers. It is onerous to audit the legitimacy of access for contextual patient care. Also as many institutions would be participating, the prevention, detection and punishment for cross-institution violations would have to be agreed. Confidence in the reliability and veracity of information in the EMS is crucial. In an editorial in the Annual of Internal Medicine, ‘Reduction of Medical Verbiage: Fewer Words, More Meaning’(4), Voytovich cautioned that the tradition of physicians relying heavily on a larger, less precise terminology (than say air-traffic controllers) could diminish the benefits of integration across institutions with different practice cultures.
There is a need to ensure that the computer axiom of “GIGO”, garbage in, garbage out, do not visit these records. A central research and pedagogic authority like the Reed Institute funded by NHS in Great Britain should be considered in Singapore to standardise terms and codes, to educate users and to monitor the system.
Aside from EMR, the ownership and trusteeship of physical medical records also impacts on confidentiality. Our healthcare system allows for non-doctors and commercial organisations to own medical establishments and therefore, the paper in paper-based records and the physical media in which EMR are stored.
They may have a legal but not the same ethical obligation as doctors to patients on confidentiality. An English High Court ruled in May 1999 that doctors and pharmacists who sell information about doctors’ prescriptions to a database company for commercial use would breach patient confidentiality even though the information was anonymised(5). The ethical constraints of using such data may not apply to non-doctor entities. There is a need to work out explicit rules about disclosure and release of such records and punishments for violation if the information is used for commercial gains or in an unauthorised manner.
Explicit consent for disclosure is legally given if that document is signed under non-coercive and informed circumstances. However in this particular case, the patient was asked to sign the document before a mandatory pre-employment medical examination as a condition for employment. Should the medical profession therefore take stewardship to ensure that the balance be in the patient’s best interest and garnered the support of consumer advocates, civil rights groups and employee’s unions against such ‘unfair’ practices?
Third party payers also exert pressures on doctors. A doctor lamented on 14 January 1999 to SMA that “it has now become common practice for third party payers and insurance companies to demand that diagnosis be stated on the claim form before the amount claimed can be approved and paid to the medical practitioner submitting the claim. The patient’s consent is not specifically sought. Doctors “want to do the right thing, only to find themselves shut from the ‘contracts’“.
It would be a pity if patients in third party payer schemes do not have the choice of seeing doctors who opted out because they are unwilling to compromise patient’s confidentiality. Would pragmatists see these ‘conscientious objectors’ as being out of touch with the times and unnecessarily inflexible?
While there are legitimate needs for defined information by third-party payers, employers and healthcare managers, to ensure a well managed system, unfettered and unauthorised access can lead to intrusion into privacy of patients and discriminatory profit-driven practices. An alliance of consumer advocates employee’s unions and the medical profession is needed to check the excesses. It would be a ‘tragedy of the commons’ if all concern groups look away and pretend that only doctors are involved.
In Singapore, the Private Hospital & Medical Clinics (Amendment) Act of 1999 passed recently empowered the Director of Medical Services to compel healthcare establishments to furnish such information relating to ‘the condition, treatment and diagnosis of any person... notwithstanding that the prior consent of such person has not been obtained.’
When the Ministry conducted a ‘survey on antibiotic prescribing practices in general practices’ in June 1999 by mandating the submission of photocopy of the daily dispensing register, some doctors were uncertain it would be unethical to provide the information as the register also contains patient’s personal particulars. The Ministry assured concerned doctors, through the President SMA on 25 June 1999, that personally identifiable medical information would not be included in the data set and that the concerns on confidentiality is noted.
A request for de-identified data would skirt the ethical issue. The providers can easily remove identifying information in EMR. However, the exercise to segregate such data in paper-based records is laborious, if not impossible. Whether the doctor can be found unethical in providing information not de-identified in complying with this Act (should a breach of confidentiality ensures) still remains to be clarified.
While accepting the vital role that research and audit can play for the overall health of the system, the tenuous balance between patients privacy and access to data in the public interest must still be maintained even if greater cost and effort is needed.
countervailing public interest
This appeared to be the rationale for the 1999 amendment in Singapore to “The Infectious Disease Act” section 20D. While the traditional breach of confidentiality pertains only to the statutory requirement to notify the authorities in the list of gazetted infectious diseases, it is now amended in the case of patients who are HIV positive. The amendment allow doctors to inform spouse, former spouse and contacts of HIV infected persons if the doctors reasonably believe that there is significant risk of infection to such persons and the HIV infected person has refused to inform or consent to inform these people despite due counseling. The doctor may also apply to the Director of Medical Service if he was unable to counsel the HIV positive patient.
Editorial Note: This commentary is based on A/Prof Cheong’s presentation at the SMA Ethics Convention Seminar on Patient Confidentiality which was held on 28 November 1999, after the 1999 SMA Lecture. The full report of the seminar will be published in subsequent issue of the SMA News.
A/PROF CHEONG PAK YEAN