We put money that we do not spend in the bank – not under the mattress or in a hole in the back yard. We are not bankers, and neither of the authors has any special expertise in economics or bank regulation.
Ethical Oversight,
Consent and Confidentiality
INTRODUCTION
We
put money that we do not spend in the bank – not under the mattress or in a
hole in the back yard. We are not bankers, and neither of the authors has any
special expertise in economics or bank regulation. However, sometime early in
childhood, we learned to believe that the bank would safeguard every penny,
would pay a modest rate of interest and would give our money back to us on
request. Eventually (maybe by watching Jimmy Stewart save the Bailey Savings
and loan each Christmas), we figured out that even though we could always get
our money back, it was not in the vault and that people who receive loans are
being given ‘our’ money. At some level, we recognize that by collecting,
protecting and circulating the money of significant numbers of people, banks
provide the lifeblood of the local economy, creating and sustaining a public
good while protecting the very personal financial interests of the individuals
whose money is being used.
This
chapter is not about the economy, but it is about something that is just as
vital to our quality of life: the epidemiologic and outcomes research that
anticipate and addresses public health needs, sustains quality and fuels
innovation in our health care system. Information is the lifeblood of
twenty-first century health care, whether the information and analyses that
researchers provide clinicians and public health officials or information about
individuals’ health and routine health care made available to researchers for
analysis. However, few ordinary citizens are aware of the critical role played
by their health information – maintained and used in confidence – for
sustaining quality and innovation in our health care system and for protecting
the population from public health risks such as new flu viruses, other
communicable diseases, teratogens and biological weapons. In fact, far too many
ordinary people have an unfounded belief that the anonymous use of information
about their health and health care for these purposes is risky to them as
individuals. To some extent, this fear is mirrored in the US state and federal
regulations.
The
US state and federal medical privacy regulations, promulgated by the Department
of Health and Human Services,1 were authorized as part of the
‘adminis-trative simplification’ section of the Health Insurance Portability
and Accountability Act (HIPAA).2 They establish the infrastructure
for protecting individuals’ personal privacy interests in seeking medical care
or health benefits while ‘banking’ their medical informa-tion to make it
available for determining their course of treatment and for administration of
health benefits. The regulations do not apply to researchers. Rather, the
regulations restrict the conditions under which researchers may have access to
medical records for epidemiology and outcomes research. Moreover, the dominant
approach to individual privacy taken by this regulation (and by most state laws
affecting research) is comparable with encouraging each individual to stuff
money in a mattress or dig a hole and to lend very, very carefully.3
As discussed more fully below, the HIPAA medical privacy regulation also
appears to be affecting interpretation of the established Common Rule4
provisions governing data research in ways that are detrimental to
epidemiologic and outcomes research.
The
HIPAA approach to the data-only research is a hybrid of two philosophically
disparate approaches. The secondary approach, added just before the regula-tion
became effective in 2003, is the ‘data use agree-ment’. As discussed more fully
below, this approach has promise, but because of limitations resulting from the
influence of the dominant approach, its utility for certain types of research
is severely limited. The domi-nant approach is irrevocably and, we argue,
mistak-enly rooted in the authorization of each individual for each research use of his or her health
informa-tion.5 The same is true of the European Union’s Data Privacy
Directives although the Directive arguably allows for more flexibility in
implementation than the HIPAA regulations. The consent/authorization model is
grounded in a system of ethics that values auton-omy over community.7
This can be seen as a natu-ral outgrowth of American individualism, but in this
context, it does erect potentially significant barriers to epidemiologic
research. As discussed more fully below, with respect to archival or records
research, a consent-based model is entirely unsuited to protect-ing
individuals’ privacy interests and has resulted in some extremely wasteful
research practices that also are not privacy enhancing. This chapter reviews
the roots of the current regulatory approaches and offers preliminary thoughts
regarding the parameters of a model more suited to protecting the privacy
interests of individuals while encouraging the secure use of medical archives
and other databases in epidemiologic and outcomes research.
Related Topics
TH 2019 - 2025 pharmacy180.com; Developed by Therithal info.