January 01, 2007

Health Information Privacy Protection: A Critical and Evolving Challenge

by Robyn S. Shapiro

Health care delivery, along with virtually every other service industry, has become increasingly dependent on complex and pervasive information systems. While sophisticated personal data-keeping and transmission systems have tremendous promise to improve efficiency, enhanced access to information raises significant privacy and confidentiality concerns.

Maintaining confidentiality of patients’ health information has been an ethical duty of physicians since the origin of the Hippocratic oath. Today, under case law and state and federal statutes, it is also a legal duty of health care practitioners. The rationale behind these ethical and legal mandates is that society benefits when people seek and receive proper medical treatment, but they may hesitate to disclose all information required for proper treatment if they do not receive assurances that the disclosures will remain confidential.

Scientific advances in genetics heighten the need to assure patients of confidentiality. Today, a small and easily obtained tissue sample can yield a large amount of information about a patient that can be readily stored and disseminated. The type of information conveyed through genetic testing, which may include a patient’s susceptibility to disease as well as familial history, can be particularly stigmatizing or otherwise detrimental to the patient.

Real life examples of risks encountered when third parties access genetic information include a case where a pregnant woman who tested positive for cystic fibrosis subsequently heard from her insurance company that it would not pay for the child’s health care costs if she chose to complete the pregnancy. In another case, the Burlington Northern Santa Fe Railroad had been performing genetic testing, without consent, on employees who filed claims for work-related injuries based on carpal tunnel syndrome. It stopped the practice only after the Equal Employment Opportunity Commission successfully challenged the practice as violative of the Americans with Disabilities Act (ADA). While hard data generally are unavailable on the extent of genetics-based discrimination in insurance and/or employment matters, a 1997 survey showed that 3 percent of those surveyed reported being refused employment or being fired, 3 percent reported being denied health insurance, and 5 percent reported being denied life insurance because of inherited disease or conditions.

In response to advances in our genetic capabilities and the potential misuse of genetic information, some argue for the need to strengthen existing laws on privacy and confidentiality of health information, while others push for enhanced legal protections against genetic discrimination. The passage of the federal Health Information Portability and Accountability Act and implementing regulations, a watershed event in health information privacy law, provides some protections specifically addressed to genetic information, in that it prevents group health plans from using genetic information to determine insurance eligibility or to establish preexisting medical condition coverage exclusions. Nonetheless, this act leaves a number of issues unaddressed (for example, protection for people whose employers do not offer insurance coverage, protection against lifetime caps on all benefits or certain benefits, protection against coverage exclusions for particular conditions), regulates only a portion of the health insurance market, and fails to address risks of genetic information disclosure in other contexts.

Title VII of the Civil Rights Act of 1964 and the ADA provide some legal protection against genetics discrimination in employment, but these laws also leave a number of gaps. For example, Title VII would not apply if an employer instituted a genetics screening program for traits that are not strongly associated with a protected group, and the ADA may not apply to discrimination based on a genetic trait that is not manifested in symptomatic disease. While several states have enacted legislation addressing the threats associated with misuse of genetic information, it is highly inconsistent and often deals only partially with pertinent issues.

Medical advances—in genetics and other areas—are a certainty, and additional developments in law related to the use and disclosure of resulting personal health information clearly will follow. Underlying policy goals that should be promoted in legislative proposals include (1) assuring that people are not coerced into having tests that reveal genetic or other personal health information, (2) preventing people who wish to undergo such tests from being deterred because of fears concerning potential misuse of the results, (3) preventing use of genetic or other personal information for “irrational” discrimination (where no scientific basis exists for discrimination), and (4) preventing “rational” discrimination when it violates public policy (for example, discrimination on the basis of disability).

Adherence to these goals in legislative and case law developments will help to assure that access to health information is limited to uses that individuals, clinicians, and society regard as beneficial.

Robyn S. Shapiro

Robyn S. Shapiro is Ursula Von der Ruhr Professor and director of the Center for the Study of Bioethics at the Medical College of Wisconsin and partner in the health law practice group at DrinkerBiddleGardnerCarton. She is chair-elect of the Section of Individual Rights and Responsibilities.