Craig M. Klugman, Ph.D.
Professor of Bioethics and Medical Humanities, Department of Health Sciences, DePaul University
While the Internet age has been in full force for nearly 30 years, it is only in the recent decade that computer technology has made its way into patients’ hands. From electronic medical records that give patients access to their chart, to online support communities, to apps and websites that record care plans, digital health technology has the potential to improve people’s ability to better manage their health.
As a bioethicist, much of my worktime is spent in exploring medical decision-making and looking at the benefits and risks of new technologies. At the bedside, this helps patients and families to understand their health conditions and options in order to make good choices. For the community, a bioethicist analyzes issues and provides food for thoughtful contemplation and debate. In other words, a bioethicist looks at the benefits and risks of technologies and asks questions to help us as individuals and as a society to make decisions.
The information that these online and mobile programs track and collect permits an individual to exercise autonomy, also known as self-governance. If a person is competent (legally able to make his or her own choices) and capacitated (able to make a specific decision at a particular point in time as judged by a heath care provider), then he or she has a legal and ethical right to make health care decisions. These technologies should request a person’s informed consent—that is, their voluntary permission to participate after learning about the risks, benefits, and alternatives.
There are strong benefits to participation. By making a wellness plan, having one’s phone track and notify of changes in behavior, and joining online communities, one can gain information that allows the person to maximize autonomy through self-care, self-awareness, and planning for their care needs in advance.
However, by having private information available online, there is a risk that privacy and confidentiality could be compromised. In the last year, the news has reported on hacking into people’s emails, web searches, financial records, and even health care information. A hack this summer compromised the data of the U.K.’s National Health System and several hospitals in the U.S.
Health care providers are obligated to protect patient confidentiality; any secrets that one shares with a health care provider cannot be discussed with anyone who is not involved with the patient’s health care. This sacred trust is important because health care providers need patients to share their personal concerns and problems in order to help them. At the same time, patients have an expectation that their secrets will be held in confidence. There are some exceptions to confidentiality such as public health, when a court issues a warrant for one’s medical records, or if one poses a threat to themselves or a third party. In those cases, the appropriate authorities must be informed.
In the digital age, the Health Insurance Portability and Accountability Act (HIPAA) requires that hospitals and medical offices take efforts to protect the safety and security of their record systems such as encrypting information, requiring passwords to access records, and keeping servers in locked rooms. Still, any computer connected to other computers (including the Internet) is at risk. Hackers can bypass security measures to locate and steal private information. They may do this for fun, for profit, or to find information on a specific person. Beyond using secured connections (e.g., https, VPN) and not putting information online, there is a not a lot that patients can do to protect their health information.
There is an interesting caveat to privacy and confidentiality in that each generation values them differently. For example, Baby Boomers and Gen X take privacy and confidentiality very seriously. However, Millennials and Gen Z have grown up in a world of constant online sharing. They value privacy but rather than expecting others to help preserve it, the younger generations do not share their true secrets with anyone.
What are the risks of breaches to privacy? One may not want others to know of a diagnosis in order to avoid stigma. What if an employer found out? Could that be grounds for dismissal or make it difficult to find future employment? Would this information affect a person’s ability to have health insurance coverage for a particular condition in the future?
I also noticed that these online technologies all have the goal of putting responsibility for care on the patient. Knowing your behavior has changed is not necessarily about letting your physician or your family know you need help, but informing you. And that means that these programs can send a message that taking care of health is solely the patient’s responsibility. This also implies that failure to manage one’s health is blamed on the person. Such a perspective can increase stigma against people who live with diseases rather than providing a sense of support. The goal of empowering people living with illness is a good one, but it is important that as a society we do not blame or stigmatize people who choose not to use these technologies and that we do not abandon them in their moment of need.
If you choose to add your information to an electronic source, ask questions and know the risks and benefits to participation. Does the website have an https prefix (instead of a less secure http)? Can one withdraw from participating at any time? If one does withdraw, does the company or organization get to keep all of the data shared until that point (this is the case with most programs)? Or can one ask them to delete the data? What will the company or organization do with the data that is stored with them? If a person is completing a survey, or storing his or her care plan online, who can see this data? Is the data encrypted (i.e., only readable by people to whom one has given a “key”)? Some companies that are repositories for data use that information to conduct research. Such information must be anonymized (meaning that names, emails, and locations are stripped out) to use for research. For example, when you give permission to have your genes analyzed by a company, you are also consenting to having your anonymous data sold to companies and researchers who will use the information to find new ways to diagnose, treat, and cure disease. The risk, however, is that it may be possible to re-identify the information and figure out to whom it belongs.
If these tools can provide a benefit and help people manage their disease in partnership with health care professionals, family, and friends, then they represent a new and empowering turn in taking control of one’s health. However, there are very real risks to privacy and increasing stigmatization that we must consider and develop public policies to protect against.
Craig M. Klugman, Ph.D., is a Professor of Bioethics and Medical Humanities in the Department of Health Sciences at DePaul University in Chicago, where he is also Co-Director of the Bioethics & Society minor. He teaches and researches on public health ethics, end-of-life issues, technology, and teaching. He serves on the DePaul IRB and on the Northwestern Memorial Hospital ethics committee. Dr. Klugman is blog editor at bioethics.net, where he writes a weekly post on bioethics and health policy. He is the editor of Medical Ethics (Gale Cengage Press) and co-editor of Ethical Issues in Rural Health (Hopkins). Dr. Klugman received his Ph.D. in medical humanities from the University of Texas Medical Branch, his M.A. in bioethics and his M.A. in medical anthropology from Case Western Reserve University, and his B.A. in human biology from Stanford University.
- What concerns do you have, if any, about your medical data being digital? What benefits do you think come from having digital records?
- What do you ask your providers about keeping your medical information safe and secure?
- Ozair et al., “Ethical issues in electronic health records: A general overview”
- McGregor et al., “Improving Service Coordination and Reducing Mental Health Disparities Through Adoption of Electronic Health Records”
- Harman et al., “Electronic Health Records: Privacy, Confidentiality, and Security”
- Robert Wood Johnson Foundaiton, “Ethical, Legal and Social Issues for Personal Health Records and Applications”