When you visit a medical or dental office in the future you won’t be handed a clip board and paper forms, all your personal and medical data will be stored on the cloud. The medical / dental office will merely request a download and all the data will be available instantly. No forms, no guessing about medications, no forgetting your last visit, no confusion about insurance.
Isn’t that great all your highly personal medical data will be available to anyone with access through the cloud!
That will be really great because we wouldn’t want out personal stuff available to any old hacker so we will have the same level of protection that people had for their nude photos or that Target had for purchases or …well maybe it won’t be so great.
As much as I love technology and see the incredible potential of cloud based data and want it to be safe and secure, clearly it is not.
As digital technology and electronic health records stored in the cloud continue to develop they generate legal, moral and philosophical questions our existing ethical framework is simply not equipped to handle.
Most of these ethical questions can be summed up as:
Who owns the data?
Patients? If you ask patients the immediate and unequivocal answer is that they do. That seems right, each patient should have control of their medical information. That is what the HIPAA privacy rules are supposed to address. Yet that is not how the system works.
Doctors? If you ask a dental practice management software company (PMS) who owns the data the immediate and unequivocal answer is that you do the doctor owns the data.
Yet again this is not how the system works.
If as a dentist I own the data, I should be able to exercise the basic rights of ownership including using or transferring the data. However current systems do not allow me to transfer the data to another dentist or to use it as I wish for analysis. Plus as a dental professional I am obligated ethically and legally to protect the data as confidential.
If I have the data but can’t access parts of it or more commonly can’t transfer parts of it do I really own it?
Public? One of the most significant benefits of large online data bases of medical information is the aggregation of data for medical research purposes. Already there have been important findings resulting in improved patient care based in data base analysis. It seems axiomatic that more data from a wide range of sources will ultimately lead to better results. That is a good thing, but.
Is it OK to use personal medical data in a study without the patient’s permission? What if the personal identifiers are removed?
Then there is the issue of privacy. The primary issue driving HIPAA privacy rules is that a patient’s information must be protected. HIPAA is not about speaking a patients name aloud in the waiting room, it is about electronic medical data and making it available to others is wrong. Wrong morally and legally. That seems to be obviously true on the surface. Our personal data should be held in confidence. But what if we choose to make it public by participating in a study? Do we still own that data? Who does; the researchers, the web aggregator or the public, as in the public good?
In an ideal world all our medical data could be accumulated in a huge national (or for that matter global) data bank. This mass of data would be used by benevolent researchers to delve into disease patterns and treatment outcomes to provide a vastly improved understanding of the human condition.
But of course in the real world we have fear, politics, hackers, bureaucrats, proprietary data bases, the nightly news and less than benevolent people.