WikiBI/Social Issues

From AI Wiki

Contents 1 Abstract 2 Introduction 3 Important Concepts 4 Literature Review 4.1 Nature of Patient-Physician Relationship 4.2 Biomedical Ethics 4.3 Politics in Sharing Information 4.4 De-identification and Identity Abuse 4.5 Legal Issues and Liability 4.6 Electronic Breaches and Tracking of Medical Information 4.7 Bio-piracy and Bio-prospecting 4.8 Costs and Affordability 4.9 Accessibility Consideration 4.10 Training and Correct Use 4.11 Security and Privacy Concerns 4.12 Impact of Patients' Insecurity due to Lack of Privacy and Security of Biomedical Data 4.12.1 Individual Impact 4.12.2 Community Impact 4.13 Policy Governance: HIPAA and GLBA 4.13.1 The Protecting Fence 4.13.2 HIPAA 4.13.3 GLBA 4.13.4 Lack of Institutionalized Policy 4.14 Access Control, System Reliability, and Backup Mechanisms 5 Case Study: The Social Impact of Online Support Groups 5.1 Introduction 5.2 The Driving Forces Behind Online Support Groups 5.3 Ethical and Social Issues Centered around Online Support Groups 5.4 Summary 6 Case Study: National Consumer Health Privacy Survey 2005 ... Key Findings 6.1 Introduction 6.2 Findings Put into Social Context 6.3 Measures and Outcomes 6.4 Recommendations 6.5 Summary 7 Overall Concluding Remarks 8 References 9 Online Resources 10 Questions for Discussion

Abstract

Biomedical Informatics have evolved through time and have always carried with them social, privacy, and security issues. The notion of privacy is not a new concept and is the core of the patient-physican relationship. Ethics and biopiracy have become hot topics especially since IT has given users more tools and flexibility to work-around the system. Other considerations such as costs, affordability, and accessibility to biomedical informatics applications must be examined. Web 2.0 technologies are favoring the use of online communities for support group purposes. Despite all the advances biomedical informatics are experiencing, consumers and patients are still concerned with the privacy of their biomedical data; those that are most concerned are minorities or patients with terminal illnesses.

Introduction

Biomedical data often are sensitive in nature and although generally used for the benefit of the patient, such data is quite prone to misuse. Some people argue that electronic-based medical records are more secure than those that are paper-based, but at the same time making easier for hackers to locate and search for information once they gain access to the system. ^[1] Additionally, with the revolution of IT and the Internet, our social norms and traditional ways of doing things have changed dramatically. Tools like online support groups or self-education on a certain disease using WebMD impacted the way society lives and functions. Our perception of the privacy and security of our biomedical data is still at an uncomfortable palce. A patient's data pertaining to treatment are continuously reviewed and accessed by insurance companies, employers, or in some cases financial institutions at various capacities and for different purposes. In this chapter we will overview the field of biomedical informatics privacy, social, and security issues.

Important Concepts

Health Insurance Portability and Accountability Act (HIPAA): This statute was enacted by US Congress in August 21st 1996. In it’s first title, the act specifies healthcare access, portability, and renewability. The second title addresses the prevention of healthcare fraud and abuse with an emphasis on the security and privacy of health and patient data. ^[2]

Patient-Physician Relationship: is the private and confidential relationship where patients communicate information about their health status in-order to receive proper treatment. Physicians have the obligation of respecting the nature of this relationship and be honest and open with their patients about their condition. Patients also have an obligation not to hide or block important information like that of their HIV status for example. ^[3]

Biomedical Ethics: As defined by Dr. Diana Flemings from Indiana University South Bend: “The goal of biomedical ethics is to gain a better understanding of the philosophical issues underlying the moral dilemma faced by medical professionals … Biomedical ethics embraces issues of public policy and the direction and control of science that have far-reaching consequences.” ^[4]

Managed Care: is defined as the provision of health services through a single point of entry and formal enrollment where patient care is managed to ensure an emphasis on quality preventive and primary care, a reduction in inappropriate use of services, control of costs, and management of risk. This concept has been applied to managed care organizations, which integrate the finance and delivery functions of health care.^[5]

Bio-Piracy: The World Foundation for the Environment and Developments refers to is as "the unauthorized and uncompensated taking of biological resources" ^[6] such as drug compounds that are patented. Another definition provided by the Action Group on Erosion, Technology and Concentration is "the appropriation of the knowledge and genetic resources of farming and indigenous communities by individuals or institutions who seek exclusive monopoly control (patents or intellectual property) over these resources and knowledge."^[7]

Bio-Prospecting: "The Compact Oxford English Dictionary ... defines bioprospecting as 'the search for plant and animal species from which medicinal drugs and other commercially valuable compounds can be obtained.' " ^[8]

Literature Review

Keeping patient healthcare records electronically has numerous benefits including safer practices in a timely manner, yet it poses some controversial issues around privacy, security, and social connotations.This is true due to the sensitive and private nature of medical information. A patient’s record contains very personal and sensitive information. Infringement or abuse of this sensitive data can cost someone his or her job, loss of personal privacy, denial from insurance policies and bank loans, or even death (in the case of hate crimes against HIV-Positive patients). This notion of health care privacy is derived from the personal, one-on-one relationship between the physician and the patient.

Nature of Patient-Physician Relationship

It all begins in the doctor's office. When a person is in need of medical attention due to injury or sickness, they seek physicians and healthcare providers to help them. Through this help, a relationship is established either explicitly or implecitaly. Physicians and healthcare providers have a duty and humanitarian obligation to maintain this relationship and provide the necessary help. The American Medical Association states that "once a patient-physician relationship is begun, a physician generally is under both an ethical and legal obligation to provide services as long as the patient needs them." ^[9]

This relationship is characterized with mutual respect, trust, privacy and confidentiality at all times to reach the best outcomes. This relationship today is affected by so many externelities such as health insurance coverage, innovations in information technologies and infrastructures. In 2003, the 3rd Annual Disease Management Outcomes Summit held in Phoenix concluded that "as we enter the 21st century, however, the nature of the patient-physician relationship appears to be far more complex. Sweeping changes within and outside the health care sector—such as the growing preponderance of chronic illnesses, new medical technologies, shifting reimbursement practices, the Internet, government regulations, rising costs and changing social norms—are constantly molding patient and physician behavior." ^[10] The summit also emphasized that a visible change to this relationship, and one that introduces even further complexity, is that patients have become more involved, active, and more willing to take control of their own treatment decisions. Although this is not a new concept - originally addressed by Paul Ellwood in the 1988 Shattuck Lecture ^[11], it has become increasingly relevant as patients gain more and more autonomy and access to biomedical informatics in this era of the internet and communication explode.

In a 200-person conference workshop at 3rd Annual Disease Management Outcomes Summit, physicians and patients came to the consensus of 7 important elements in the patient-phycisian relationship. ^[12] These elements are:

1. Open and clear communication and information gathering
2. Appropriate and comfortable physician office experience
3. A personalized quality hospital experience
4. Educating and informing patients
5. Integration and information sharing
6. Involving patients in the decision making process
7. Outcomes desired to all parties involved in the process, including clinicians, patients, and physicians

Central to this patient-physican relationship are three issues the American Medical Association discuses that physicians must consider in addition to privacy and confidentially. These issues are: Informed Consent; Termination of the relationship/treatment; and Patient Safety. ^[13]

Biomedical Ethics

Like business, law, and many other professional fields, the biomedical informatics field has ethics too. It’s especially hard when dealing with gray areas or those that have a conflict of interest.

“Can the sanctity of the doctor patient relationship be maintained within a managed care setting which requires the doctor to serve not only the patient, but an employer or insurer who is trying to reduce costs in order to maintain a profit margin.” ^[14] This question is often raised in the U.S. creating major ethical dilemmas for physicians.

According to the Kellogg Library at the University of Dalhousie, Canada, the first biologist to use the term “bioethics” was Van Rensselaer Potter and he used it in his paper (Bioethics: Bridge to the future) in 1971. ^[15] . “Gradually, the term "bioethics" came to refer to "the broad terrain of the moral problems of the life sciences, ordinarily taken to encompass medicine, biology, and some important aspects of the environmental, population and social sciences. The traditional domain of medical ethics would be included within this array, accompanied now by many other topics and problems." ^[16] The library also identifies four main areas for inquiry in biomedical ethics:

1. Theoretical Bioethics
2. Clinical Ethics
3. Regulatory and Policy Ethics
4. Cultural Bioethics

Examples of such biomedical ethic issues include the dilemma physicians when treating HIV-positive patients: Should the physician refuse to give care in order not to risk their own life and not contract the virus, or should they offer treatment since it’s their obligation and moral duty to serve patients when needed? Should they report back their diagnosis to insurance companies? Notify the infected's family, community, ...etc?

An innovative way of discussing such ethical dilemmas is pioneered by the biomedical ethics and film program at the University of Stanford. The progam produces biomedical films and video clips that are " created to inspire both medical students and the general public to experience and question the magnitude of the ethical dilemmas in healthcare facing our society today."^[17] The program's production line includes Hold Your Breath, Worlds Apart, and The Vanishing Line.

Politics in Sharing Information

One of the major issues regarding biomedical informatics that touches upon the aspects of security and socialism is that of politics behind sharing biomedical informatics in applications like [WikiBi/applications EMRs]. Some of the questions that arise due to this are:

• What standard should be used? Organization A's standard or Organization B's standard? What about Organization C, D, E, ...? and so on.
• By sharing the data organization A has, it potentially is risking the integrity and security of the data that belongs to a particular patient. But how does organization A insures that the data is secured and will never be tampered with across the rest of the organization that have access to the data? One argument for data security is to not share the data in the first place and manage it locally.
• Investment costs to integrate disparate healthcare/bioinformatics systems in heterogeneous environments are enormous. For eaxmple, a panel of experts determined that the cost of the U.S. National Health Information Network is "$156 billion in capital investment over 5 years and $48 billion in annual operating costs"^[18]. Who will be responsible for these costs? How will the costs be justifies, especially since some organization, like Mayo Clinic, have already invested in their own healthcare/bioinformatics systems? The burden is huge since there are 6714 hospitals in the U.S. alone according to the American Hospital Directory.

A leading example that better addressed the politics of sharing information is COPLINK that was developed by the University Arizona. COPLINK has a centralized approach with a "one size fits all" philosophy when it comes to linking between various police departments. Aggregating the data in a data warehouse where it will be shared, while still allowing each police department to maintain their own separate databases and only disclose the information they want to disclose to other police departments. ^[19] Such framework may be applicable to information sharing issues in biomedical informatics applications.

De-identification and Identity Abuse

To protect a patient's identity in biomedical informatics applications, one way of doing so is to de-identify the data and their linkage to a particular patient. One approach to this is scrambling patient's names using a hashing key/algorithm. Although this is useful in large pools of data and people, it has been proven ineffective in protecting the privacy of patients if the pool was small or very specific. For example, if one or two females were in a pool of data and they were de-identified, it is still relatively easy to find out their identities since the size of the pool is manageable. ^[20] To counter this, a query-size or overlap restriction must be in place. Collman and Cooper further suggest in their paper the following techniques to ensure anonymity of patients: Pseudonymisation, Binning, Data aggregation, and Mediated access.

Legal Issues and Liability

Legal concerns around biomedical informatics and their application have an interesting dynamic. In a court room, a person, responsible party, or a corporation may be held liable for their actions; but in our case, can an information technology application be sued if it took an incorrect action that resulted in a human causality? Often times, expert systems like CDSS, offer supporting material to the examining physician to enable the right decisions and avoid any errors. Such systems are trained on past data and based on previously seen/administrated cases, but what if the system encountered a new or rare case that it was not trained on? It's expected that the system will give inaccurate information, or in best cases, a sub-optimal solution. That in the case of healthcare, can mean a life of a human being. Can somebody sue the CDSS for that? Does the CDSS producing company get sued for not training it's system on a totally inclusive data set? Is it realistic to expect that a CDSS must know every "trick in the book"?

Electronic Breaches and Tracking of Medical Information

SInce biomedical informatics and their applications are rapidly being digitized and stored in databases and shared over networks, there growing concerns that hackers and people who have a malicious intent gain access to this sensitive and private data. In a reported security breach at Kaiser Permanente Internet Patient Portal, patients' appointment details, answers to their personal questions, and specific medical advice were jeopardized. This breach had multiple reasons of which are applying incompatible patches to the mail server and writing inaccurate code to solve the patch incompatibility issue. ^[21]

Bio-piracy and Bio-prospecting

While the search never stops to finding new drug compounds to battle the various diseases like HIV and Malaria, Bio-piracy and Bio-prospecting became major concerns in the biomedical field. While pharmaceutical companies for example spend millions of dollars each year on drug compound research and development, they at the same time acquire patented rights over their discoveries and thus put a premium or royalty on the prices of the drugs they sell in the market. In many cases, especially in the developing countries, patients and infected people, like those who are HIV-Positive or have Malaria, can not afford the high premiums on the drugs and thus do not have fair access to them. In response, local labs in developing countries reverse-engineer the drugs and develop generic ones that sell for a fraction of the price without regard to any patents or compensating the founding pharmaceutical company of the drug. Developing countries also suffer that big pharmaceuticals do not compensate them for the resources and traditional knowledge they are offered with after the discovery of a usable drug compound from that particular country. ^[22] In 2002, it was approximated that animal and plants from tropical countries were worth $39 billion to pharmaceuticals, but only little have been given back to developing countries. ^[23]

Costs and Affordability

With any new developments in biomedical informatics applications, costs of investment are incurred. It is imperative to closely analyze how such costs will affect affordability of such applications on patients, caregivers, hospitals and pharmaceuticals, insurance companies and governments. In most cases, biomedical informatics applications bring higher costs of ownership and require an allocation from the annual budget to operating and maintenance costs. It is true that such applications bring tremendous benefits, or so the argument goes, but who will ultimately bear the costs? If the costs were passed down directly to the patients in order to get better healthcare, many patients will not be able to afford healthcare at all, especially senior citizens, or those who have low/no income. If the costs were passed to governments on the other hand, many developing counties will not be able to afford these biomedical informatics applications whatsoever. Some argue though that a large capital investment in an new architecture or technology for biomedical informatics, like SOA, may yield cost savings and thus lower the cost of ownership for biomedical informatics applications while leveraging their benefits.

Accessibility Consideration

Biomedical informatics applications should be designed with accessibility considerations in mind to deliver the benefits to everyone that uses them. Such applications must be tailored to all physically challenged people in mind for instance. So, if someone was to design an online database for all the diseases and their treatments for the use by the general public, having a website/portal that allows for text magnifying, or text-to-voice capability, or even a way to get printed copies of certain materials for the blind will truly be accessible to all people. Another example of accessibility is having an application, like WebMD, that uses simplified terms of complex biomedical terms for the general public. Having an application in multiple languages and not only English, greatly enhances the application's accessibility for non-English speaking users.

Training and Correct Use

Deploying new technologies and applications of biomedical informatics, like any other deployment of new software applications, requires training and proper use and adaptation by its users for it to succeed and achieve its goals. This means that physicians and workers in the field of biomedical informatics must adopt this change and embrace it. Changing people's behaviors and attitudes to use something new can be very hard and difficult, especially if they did not see the value behind it. In a lot of cases, it's not the power of the tool or how it looks that matter, but how will it be used and how often will it be utilized is what truly matters.

Another important point to emphasize is that if the applications were not used correctly or the users were trained with inconsistent/inaccurate information, the application will fail, and in some cases jeopardize the patient's safety and health. This makes training and correct use of the applications and tools very important.

Security and Privacy Concerns

There are several driving reasons behind the imporance of the security and privacy of biomedical data today.^[24] Among those reasons are:

1. Rise in managed care: with insurance companies requiring to access a patient's medical record and treatment history for the processing of health insurance claims, security of this data becomes necessary. Access control to these records with defined views of the data based on the person's role have been an-ongoing discussion issue.
2. Improved tools of communications and new emerging IT: The revolutionary IT emergence and ease of communications in this century has simplified access to the information and data; including biomedical information and medical records. For that, few IT and medical professionals argue that the infringement of biomedical data has become easier and doesn't necessarily require any physical force.
3. Increased demand for health and biomedical data: Some of the driving forces behind this increasing demand are due to the rising health care health insurance claims' costs. Another reason is the widespread of collaboration amongst scientist and physicians on key biomedical research projects.
4. Commercial use of health and biomedical data: Pharmaceutical companies are paying large sums of money to obtain private health and biomedical data including medical records in order to execute an effective direct marketing campaign for a certain drug they have developed.

Impact of Patients' Insecurity due to Lack of Privacy and Security of Biomedical Data

If biomedical data lacked privacy and security, individuals and communities will loose trust of the applications and systems, both manual and computerized, that store the data and will be impacted negatively as a result ^[25]. On an individual basis, patients will seek ways to protect their own biomedical data. Such behaviors can be characterized as "privacy-protecting" behaviors that can in fact put patients at great risk^[26].

These impacts of such behaviors on individuals and communities can be summarized as follows:

Individual Impact

Because of the lack of trust created by the loose privacy and security policies, patients will become hesitant to visit a health care provider and my choose to stay away from them. Some choose not to get tested for a certain health condition because of the fear of social rejection if they were diagnosed with a certain illness like cancer or HIV. This patient/individual is at a high risk of untreated or even undetected health conditions because they fear that their employers will find out and fire them, or insurance company deny them coverage/demand a hefty premiums. Additionally, physicians and health care providers can not fully diagnose and treat a patient when the information at hand is incomplete or inaccurate and ultimately leading to the compromise of any future treatments for that particular patient. Other patients "doctor-hop" every time; they see a different physician so as to not expose all the details related to a certain health condition/illness they are experiencing.

Community Impact

If all patients in the community actively chose not to fully participate in a program where medical/biomedical information is gathered (i.e. EMR), the information will become unreliable or in worst cases unavailable for each patient and/or a health jurisdiction for public health purposes. Individuals may be inclined to provide inaccurate information or not providing them at all; reaching research goal and achieving best-practies in medicine will be almost impossible. The community will loose it's trust in such systems and programs and any efforts to monitor and address public health concerns, bio-terrosim, or disease outbreaks; such systems will provide inaccurate data and ultimately fail.

Policy Governance: HIPAA and GLBA

The Protecting Fence

As the figure above illustrates, a patient's personal and private biomedical data are surrounded by various layers of protection or access. Depending on how close the entity is in relation to the patient on the figure, determines the level of access they may be granted for that particular patient. Different regulations and policies were put in place by governments to protect such sensitive data. In the U.S. HIPAA and GLBA are amongst those important ones. A brief overview of each will follow:

HIPAA

The United States Congress attempted to addresses these concerns and issues by enacting the Health Insurance Probability and Accountability Act of 1996. HIPAA protects some of the patients’ rights over their own medical information and restricts others’ access to them. Unfortunately though, the American Health Information Management Association (AHIMA) in 2006 reported that only 39% of hospitals and health systems were fully compliant with HIPAA rules, while about 20% are unwilling or unable to meet it’s requirements. Furthermore, with 20 000 claims of HIPAA violations in the last 3 years, only two people were prosecuted. ^[27]

In any information sensitive environment, like that of a medical information system namely EMR, clear and well-defined policies need to be in place. These policies in turn will act to shape the information system, not the other way around. As demonstrated earlier, HIPAA doesn’t seem to have very tight controls on medical and healthcare information systems thus creating a great challenge to create national EMR systems that protect the privacy and security of patients’ data.

GLBA

Gramm-Leach-Bliley Act, also known as the Financial Modernization Act, was passed by the U.S. congress in 1999. The act is aimed at protecting consumers' non-public personal and financial information held by financial institutions like banks, credit-card companies, and insurance companies. GLBA has three main principals to it's privacy requirements: the Financial Privacy Rule, Safeguards Rule, and pretexting provisions. ^[28] The act becomes important to the privacy of biomedical information, when considering for example insurance companies. In addition to insurance companies complying with HIPAA regulations, they must also comply and protect the personal, non-public patient/insured data pertaining to treatments. This obviously adds another layer of protection for patients' data.

Lack of Institutionalized Policy

Federal law prohibits disclosure of information that is associated with federal agencies only and not in the private sector or on a state and local government level. This creates a big challenge to have an EMR system go national because consistency simply doesn’t exist. Management of such systems becomes chaotic and often very confusing resulting in a sub-optimal system, if not poorly operated and utilized.

Access Control, System Reliability, and Backup Mechanisms

The security of a healthcare system is vital and can be framed in three areas: access control, system reliability, and backup mechanisms. ^[29]

One of the fundamental system requirements for any healthcare information system is to have tight security controls in place. Who is granted access to what data under what conditions is an important question. If this data was available to an outsider (insurance company, employer, or data broker) to can pose a threat to the patient. A person may be denied a loan or health insurance coverage, not accepted into a job, or even solicited by insurance and pharmaceutical companies because of a security breach of the healthcare system. This is why proper and strong access control of healthcare data is critical. One of the most common threats, and often overlooked, in the access control to the system is an insider’s attack. An insider is someone who’s affiliated with the organization and has the proper access to the data, but might be inclined to abuse his/her privileges and access to data for personal and/or financial reasons.

System reliability is also another important aspect a healthcare system’s security. The system must be very reliable in order to deliver the optimal healthcare practices. Imagine a system where it’s reliable and accurate about 80% of the time. Such system will cause more harm than good and may lead to fatalities. If the system was unreliable it will lead to lower confidence levels and very low adoption and nationalization of such system.

The other aspect of healthcare information systems is a proper backup mechanism. Like any information system, healthcare system can crash and the data may be lost if no backups were captured. A comprehensive data backup mechanism is essential to the healthcare information system in case of disasters, whether they are human-made (theft, vandalism, etc …) or natural disasters (hurricanes, floods, etc …)^[30].

Case Study: The Social Impact of Online Support Groups

Introduction

As discussed in the earlier chapter of biomedical informatics applications, the emergence of online support groups for long-term diseases such as breast cancer or HIV/AIDS have brought some social issues worth considering. People and patients are seeking out virtual support groups over the internet thus allowing them to connect to people from across the world and share their experiences and knowledge across space and time. Since this might be a possible shift or replacement to traditional face-to-face support groups, it's important to consider the merits and challenges that online support groups have and their impact on society. ^[31]

The Driving Forces Behind Online Support Groups

There exists multiple drivers that are behind the adaptation of online support groups and growing number of their members; they include:

• The advancements in information technology and the wide spread of the internet are major drivers. People and younger generations consider computers and the World Wide Web part of their daily life. Having such generation that is educated and cultured around the internet, it is very natural to see such high adoption rates for online support groups.
• Since in most cases and in many online support groups one can post anonymously and freely, patients are more encouraged and less fearful of sharing their feelings and experiences with others around them. HIV patients for example can post about their daily life experiences and seek specific advice, without fear of being judged or discriminated against since they are using artificial aliases to identify themselves; this has made it very attractive to everybody.
• The emergence of the "web 2.0" concept and the rich multimedia personalization allowed in the web, in forms of personal blogs or videos, is nothing but an encouragement for people to express themselves more on the web and create online communities.
• Having the freedom and flexibility to access and join a support group virtually from any where in the world at any given time is another major driver. You can be at home and in your PJs and be part of a support group and not worry about your busy schedule, or finding a parking spot at the location where the traditional support group meets downtown. Furthermore, because it's electronic and over the internet, all you need is a computer with an internet connection and because of that many people from diverse backgrounds are able to join. This helped in satisfying the quest after a diverse support group and a large base of members.

Ethical and Social Issues Centered around Online Support Groups

With any human interaction and dealing with sensitive information, ethical and social issues arise; this is true for online support groups.

• What will the role of a moderator be in such virtual setting? Who is qualified to serve as a moderator for this online support group? What are the expectations of moderators (scope of their moderation, times they work and check the online posts, etc ...)? Since the support groups conducts it's activities online, the potential number of members is high, and the members come from very diverse backgrounds, having one or two moderators is not sufficient. Rather, making sure that the participants of the support group understand that the relationships amongst themselves, and any experts that may be present, is a "psychoeducational" relationship.
• Even though many online support groups and their bulletin boards are secured and password-protected, there still exists a privacy concern with the sensitive data and personal experiences that are being exchanged. Consider that Mary gives out her personal password to her neighbor Jill so she can view other support group members' personal stories and may even be able to obtain their contact information if they were displayed. An insider's threat must not be overlooked here.
• Because the support group is online, how will jurisdictions and liabilities be established. Members of support groups often exchange advice on certain topics and issues and since many of them are not experts, physicians or psychologists, they may give out wrong advice and the question is: can they still be held accountable for their words even though they have not disclosed their real identity or showed real proof of their qualifications? What if a person who claims that they are a psychologists and recommended a wrong thing, but they actually lived in India, can they still be prosecuted and held liable for their actions under U.S. law?
• There's also a fear that because patients and online support group members find comfort using the online support groups a lot that they will tend to isolate themselves from the real outside world. They become dependent on the internet and will be shy or fearful to join or express their feelings and experiences in face-to-face support groups or even in their circles of trust.

Summary

Online support groups have various benefits and are slowly becoming the norm. Many drivers are behind this trend including the "web 2.0" movement and flexibility of utilizing the benefits of online support groups. As with any beneficial trend, there are important things to consider when evaluating online support groups; ethical and legal issues of liability must be examined closely before fully supporting such tool/initiative.

Case Study: National Consumer Health Privacy Survey 2005 ... Key Findings

Introduction

With increased use of information technology in various applications of biomedical informatics, consumers and the general public have rising privacy concerns. Worried about being discriminated against in the work place, the society, or even amongst their peers/families, consumers are not willing to share many of their private biomedical data. In 2005, Forrester Research, conducted a national Consumer Health Privacy Survey for the California Healthcare Foundation. 1000 people were surveyed nationally and an additional 1000 from the state of California. The survey's objective was "to inform and strengthen the nation's health information technology effort by assessing the impact of such factors as health care information technology, HIPPA privacy notices, and the effect of recent privacy breaches on consumers' attitudes and behaviors." ^[32] Amongst the various questions that were posed to health patients both in California and nation-wide is the following question: How Concerned are You with the Privacy of Your Personal Medical Records? Approximately 67% of respondents were concerned (very concerned and somewhat concerned) with the privacy of their personal medical records as illustrated in figure 3.

Findings Put into Social Context

Minorities and people of color have been known to suffer discrimination in many aspects of their lives, including healthcare. In the U.S. for example, Black and Native Americans, and Hispanic minorities suffered more than their White counter-parts. Dr. Nazroo, Epidemiology and Public Health professor, states that "social and economic inequalities, underpinned by racism, are fundamental causes of ethnic inequalities in health." ^[33] It can also be inferred that poor physical and mental health issues can be associated and attributed to discrimination. ^[34] Discrimination can also be taken against those with terminal and/or contagious illnesses like HIV/AIDS. In Asia for example, HIV-positive people were discriminated against in healthcare settings. A 2005 study on AIDS-related discrimination in Asia concluded that "a considerable number of respondents were refused treatment after being diagnosed with HIV and many experienced delayed provision of treatment or health services." ^[35] It was no surprise that due to this discrimination, respondents to the National Consumer Health Survey who were of a minority group or suffered a terminal illness were most concerned with the privacy of their personal biomedical data.

Awareness of incidents where the privacy of personal biomedical data were compromised was mainly amongst consumers who have a college degree; approximately 29%, which is is still relatively low. This presents an important point that many people, especially consumers with no college degree, are not aware of the privacy of their biomedical data. Additionally, people who were aware of privacy compromising incidents to personal biomedical data, are more concerned with the privacy of their own biomedical data. Education and awareness become an issue that governments and health officials must manage in society; they presented 66% of the population.

As figure 4 illustrates, minorities were less likely to recall or acknowledge receiving a notification document/statement about the privacy of their personal biomedical data. This raises question marks on the effectiveness of privacy rules like HIPAA and other related regulation and to what extent are they practiced or enforced by healthcare providers and institutions, especially those treating minorities or that are located in areas where minorities live.

Measures and Outcomes

The survey asked various other questions that dealt with the privacy concerns patients had, the level of awareness patients had of their privacy rights, the use of "privacy-protecting" behaviors such as paying for the medical treatment themselves, and patients' levels of willingness to share biomedical data with their care-givers and physicians for medical treatment. The survey observed the following outcomes on the previously mentioned parameters:

• Despite all the governmental efforts to protect patients' privacy, concerns are still present. Many patients are still unaware or misinformed of such protections; patients who are not aware of their rights, can not take any steps to demand them or even protect them.
• Many patients are taking "privacy-protecting" behaviors like asking physicians not to record a certain illness, or avoiding hospitals altogether risking their health and well-being in the process.
• Many people do not trust their employers in safeguarding the confidentiality of their medical data.
• IT enabled health and biomedical applications are at risk for the lack of consumers' appreciation to their potential and benefits they provide.

Recommendations

Based on the above-mentioned observations, the survey concluding with the following recommendations:

• Health organizations and health officials must develop and execute a public awareness campaign educating consumers about their biomedical privacy rights and the efforts put in place to protect them.
• Employers have the obligation to enforce strong and strict privacy safeguards of their employees' biomedical data and communicate their efforts and progress in doing so to their employees.
• Strong privacy and security safeguards must be integrated into new IT-enabled health and biomedical applications and emergency preparedness plans.

Summary

To this day the public is still concerned with the privacy of their biomedical data. Governments and healthcare organizations have a long way to go in terms of educating the patients of their privacy rights, enforcing privacy-protecting legislation and laws, .. etc. Minorities and those with terminal illnesses are more venerable and concerned to the privacy of their data.

Overall Concluding Remarks

Since biomedical informatics applications store and handle sensitive patient data, many privacy and security concerns arise. Politics of information sharing get thrown in the mix too alongside costs and accessibility issues. There's a big push for the stronger security measures like de-identification of private patient data. New technologies like web 2.0 are changing the way society views biomedical informatics and the way people interact. They promote tools like online support groups that are on the rise.

References

1. ↑ (2000). "Public Attitudes Toward Medical Privacy". The Gallup Organization. Accessed 4/1/07 <http://www.forhealthfreedom.org/Gallupsurvey/IHF-Gallup.html>
2. ↑ Office of Civil Rights (2003). “Summary of the HIPAA Privacy Rule” The Department of Human and Health Services http://www.hhs.gov/ocr/privacysummary.pdf
3. ↑ (2003) "Defining the Patient-Physician Relationship for the 21st Century" Johns Hopkins University. <http://www.healthways.com/articles/outcomes/PatientPhysician.pdf>
4. ↑ Flemings, D.,(2007). “Introduction to Biomedical Ethics” Indiana University South Bend. http://mypage.iusb.edu/~dcflemin/OC_Biomedical/LectureNotes/lecture1.pdf
5. ↑ Schoech, D.,(2007). “Prevention Glossary” University of Texas at Arlington. http://www3.uta.edu/sswtech/sapvc/information/teens13_15/Teens_(ages13-15)_Glossary.htm
6. ↑ (1992) " Glossary of Terms". World Foundation For the Environment and Development Accessed 03/09/07 <http://www.wfed.org/resources/glossary/>
7. ↑ Hamilton, C., (2006). "Biodiversity, Biopiracy and Benefits". Developing World Bioethics. 6(3):158–173.
8. ↑ Hamilton, C., (2006). "Biodiversity, Biopiracy and Benefits". Developing World Bioethics. 6(3):158–173.
9. ↑ (2007) "Patient-physician relationship issues" American Medical Association. Accessed 03/08/07 <http://www.ama-assn.org/ama/pub/category/4609.html>
10. ↑ (2003) "Defining the Patient-Physician Relationship for the 21st Century" Johns Hopkins University. <http://www.healthways.com/articles/outcomes/PatientPhysician.pdf>
11. ↑ Ishida, Julie, "Hands-On Testing for New Docs." The Washington Post, July 29, 2003
12. ↑ (2003) "Defining the Patient-Physician Relationship for the 21st Century" Johns Hopkins University. <http://www.healthways.com/articles/outcomes/PatientPhysician.pdf>
13. ↑ (2007) "Patient-physician relationship issues" American Medical Association. Accessed 03/08/07 <http://www.ama-assn.org/ama/pub/category/4609.html>
14. ↑ Rigterink, R., "Biomedical Ethics: Readings on the Internet". University of Wisconsin - Fond du Lac. <http://www.fdl.uwc.edu/faculty/rrigteri/biomed.htm>
15. ↑ Ruggles, T., (2007) "Bioethics - Introduction and Definition". Dalhousie University Libraries. <http://www.library.dal.ca/kellogg/Bioethics/definition.htm>
16. ↑ Ruggles, T., (2007) "Bioethics - Introduction and Definition". Dalhousie University Libraries. <http://www.library.dal.ca/kellogg/Bioethics/definition.htm>
17. ↑ (2007). "Biomedical Ethics in Film Program". Stanford University School of Medicine. Accessed 3/10/07 <http://medethicsfilms.stanford.edu/>
18. ↑ Kaushal, R., Blumenthal, D., Poon, E., Jha, A., Franz, C., Middleton, D., Glaser, J., Kuperman, G., Christino, M., Fernandopulle, R., Newhouse, J., Bates, D., Cost of National Health Information Network Working Group (2005). "The Costs of a National Health Information Network" Annals of Internal Medicine. 143(3):165-173
19. ↑ Chen, H., Zeng, D., Atabakhsh, H., Wyzga, W., Schroeder, J., (2003). "COPLINK: managing law enforcement data and knowledge". Communications of the ACM. 46(1):28-34
20. ↑ Cooper, T., Collman, J., (200x) "Managing Information Security and Privacy in Healthcare Data mining"
21. ↑ Cooper, T., Collmann, J., (2007). "Breaching the Security of the Kaiser Permanente Internet Patient Portal: the Organizational Foundations of Information Security" JAMIA. 01(07); 1-14.
22. ↑ Dutfield, G., (2002). "Bioprospecting: legitimate research or 'biopiracy'?". SciDevNet. <http://www.scidev.net/dossiers/index.cfm?fuseaction=policybrief&policy=40&section=170&dossier=7>
23. ↑ Hirsch, T., (2002). "UN moves to curb bio-piracy". BBC online. <http://news.bbc.co.uk/2/hi/science/nature/1936130.stm>
24. ↑ (2001). "Introduction to Health Privacy". Health Privacy Project. Powerpoint Slides.
25. ↑ (2005). "National Consumer Health Privacy Survey 2005". California Healthcare Foundation.
26. ↑ Barrows, R., Clayton, P., (1996). “Privacy, Confidentiality: and Electronic Medical Records” Journal of the American Medical Informatics Association, 3(2). 139-148.
27. ↑ IEEE Spectrum: Dying for Data http://www.spectrum.ieee.org/oct06/4589/datasb2
28. ↑ "Financial Privacy: Gramm-Leach-Bliley Act". Federal Trade Commission. Accessed 3/22/07 <http://www.ftc.gov/privacy/privacyinitiatives/glbact.html>
29. ↑ Barrows, R., Clayton, P., (1996). “Privacy, Confidentiality: and Electronic Medical Records” Journal of the American Medical Informatics Association, 3(2). 139-148.
30. ↑ Claerhout, B.,(2005). “Privacy Concerns in Biomedical Informatics” ERCIM News, 60. http://www.ercim.org/publication/Ercim_News/enw60/claerhout.html
31. ↑ Till, J., (2003). "Evaluation of support groups for women with breast cancer: importance of the navigator role". Health and Quality of Life Outcomes. 1:16
32. ↑ (2005). "National Consumer Health Privacy Survey 2005". California Healthcare Foundation.
33. ↑ Nazroo, J., (2003). "The Structuring of Ethnic Inequalities in Health: Economic Position, Racial Discrimination, and Racism". American Journal of Public Health. 93(2): 277-284
34. ↑ Williams, D., Neighbors, H., Jackson, J., (2003). "Racial/Ethnic Discrimination and Health: Findings From Community Studies". American Journal of Public Health. 93(2): 200-208
35. ↑ Paxton, S., Gonzales, G., Uppakaew, K., Abraham, K., Okta, S., Green, C., Nair, K., Parwati Merati, T., Thephthien, B., Marin, M., Quesada, A., (2005). "AIDS-related discrimination in Asia". AIDS Care. 17(4):413-424

Online Resources

• American Medical Informatics Association (AMIA)
• Journal of American Medical Informatics Association (JAMIA)
• Journal of American Medical Association (JAMA)
• Office for Civil Rights – HIPAA
• Patient Privacy Rights Foundation
• The Health Privacy Project

Questions for Discussion

• Who should have access to personal genetic information, and how will it be used?
• Who owns and controls a person's genetic or biometric information?
• How does personal genetic information affect an individual and society's perceptions of that individual?
• How does genomic information affect members of minority communities? people predisposition to certain diseases like cancer?