ABSTRACT
AbstractDespite broad ethical consensus supporting developmentally appropriate disclosure of health information to older children and adolescents, cases in which parents and caregivers request nondisclosure continue to pose moral dilemmas for clinicians. State laws vary considerably regarding adolescents' rights to autonomy, privacy, and confidentiality, with many states not specifically addressing adolescents' right to their own healthcare information. The requirements of the 21st Century Cures Act have raised important ethical concerns for pediatricians and adolescent healthcare professionals regarding the protection of adolescent privacy and confidentiality, given requirements that chart notes and results be made readily available to patients via electronic portals. Less addressed have been the implications of the act for adolescents' access to their health information, since many healthcare systems' electronic portals are available to patients beginning at age 12, sometimes requiring that the patients themselves authorize their parents' access to the same information. In this article, we present a challenging case of protracted disagreement about an adolescent's right to honest information regarding his devastating prognosis. We then review the legal framework governing adolescents' rights to their own healthcare information, the limitations of ethics consultation to resolve such disputes, and the potential for the Cures Act's impact on electronic medical record systems to provide one form of resolution. We conclude that although parents in cases like the one presented here have the legal right to consent to medical treatment on their children's behalf, they do not have a corresponding right to direct the withholding of medical information from the patient.
Subject(s)
Confidentiality , Parents , Humans , Adolescent , Confidentiality/legislation & jurisprudence , Confidentiality/ethics , Male , United States , Disclosure/legislation & jurisprudence , Disclosure/ethics , Personal Autonomy , Parental Consent/legislation & jurisprudence , Parental Consent/ethics , Patient Rights/legislation & jurisprudence , Child , Privacy/legislation & jurisprudence , Electronic Health Records/ethics , Electronic Health Records/legislation & jurisprudence , Access to Information/legislation & jurisprudence , Access to Information/ethicsABSTRACT
BACKGROUND: Health monitoring technologies help patients and older adults live better and stay longer in their own homes. However, there are many factors influencing their adoption of these technologies. Privacy is one of them. OBJECTIVE: The aim of this study was to provide an overview of the privacy barriers in health monitoring from current research, analyze the factors that influence patients to adopt assisted living technologies, provide a social psychological explanation, and propose suggestions for mitigating these barriers in future research. METHODS: A scoping review was conducted, and web-based literature databases were searched for published studies to explore the available research on privacy barriers in a health monitoring environment. RESULTS: In total, 65 articles met the inclusion criteria and were selected and analyzed. Contradictory findings and results were found in some of the included articles. We analyzed the contradictory findings and provided possible explanations for current barriers, such as demographic differences, information asymmetry, researchers' conceptual confusion, inducible experiment design and its psychological impacts on participants, researchers' confirmation bias, and a lack of distinction among different user roles. We found that few exploratory studies have been conducted so far to collect privacy-related legal norms in a health monitoring environment. Four research questions related to privacy barriers were raised, and an attempt was made to provide answers. CONCLUSIONS: This review highlights the problems of some research, summarizes patients' privacy concerns and legal concerns from the studies conducted, and lists the factors that should be considered when gathering and analyzing people's privacy attitudes.
Subject(s)
Privacy , Humans , Privacy/legislation & jurisprudence , Monitoring, Physiologic/methodsABSTRACT
Patient privacy is essential and so is ensuring confidentiality in the doctor-patient relationship. However, today's reality is that patient information is increasingly accessible to third parties outside this relationship. This article discusses India's data protection framework and assesses data protection developments in India including the Digital Personal Data Protection Act, 2023.
Subject(s)
Computer Security , Confidentiality , India , Humans , Confidentiality/legislation & jurisprudence , Computer Security/legislation & jurisprudence , Computer Security/standards , Physician-Patient Relations/ethics , Privacy/legislation & jurisprudenceABSTRACT
This Viewpoint summarizes existing federal regulations aimed at protecting research data, describes the challenges of enforcing these regulations, and discusses how evolving privacy technologies could be used to reduce health disparities and advance health equity among pregnant and LGBTQ+ research participants.
Subject(s)
Confidentiality , Government Regulation , Pregnancy , Research Subjects , Research , Sexual and Gender Minorities , Female , Humans , Confidentiality/legislation & jurisprudence , Data Anonymization/legislation & jurisprudence , Federal Government , Informed Consent/legislation & jurisprudence , Personally Identifiable Information/legislation & jurisprudence , Privacy/legislation & jurisprudence , Refusal to Participate/legislation & jurisprudence , Research/legislation & jurisprudence , Research Subjects/legislation & jurisprudence , Sexual and Gender Minorities/legislation & jurisprudence , United StatesABSTRACT
The protection of privacy of patient that is applying for medical care, diagnostics and treatment is one of the main pillars of implementation of medical activities. However, despite sufficient volume of legal regulation of lifetime respect of privacy of examination, observation and facts of medical intervention, in practice occur situations when privacy ceases to be such after death of the patient. The article is based on results of content-analysis of normative legal acts (n = 11), scientific publications (n = 52), cases of judicial practice (n = 8). The problem of non-observance of privacy becomes especially actual after death of person whose name is widely known. Having no possibility to impact on causes and modes of obtaining and propagating such specific information, the deceased, one's illness, stages of treatment, struggle for life, resources spent, clinics and specialists involved become object of close attention of various subjects (mas media, Internet communities) that use obtained information for speculative purposes at the expense of fixation of inhumane public replicas and increase of number of browsing. Despite prohibition provided for by law of dissemination of information constituting privacy of applying for medical care, after death of patient and application of measures of legal liability for fact of such a disclosure, information leak occurs regularly and information that got into common access frequently discredit good name of the deceased or develop other problems that are subjects to legal protection, for family members and legal successors. Yet, circumstances of transfer of information of limited access by medical organization (data leakage) or by intent of medical worker are difficult to be proved. Therefore, in judicial practice there are practically no such cases. At that, after death of famous people, juristic community regularly faces problems of protecting personal rights and non-material values from the side of relatives, legal successors and other interested persons. On the basis of formal logical method and system analysis method of disputable situations, possible perspectives of applying for judicial protection, procedural characteristics of procedure of applying for protection and possible composition of participants are presented.
Subject(s)
Death , Privacy , Humans , Privacy/legislation & jurisprudence , PatientsABSTRACT
This Viewpoint summarizes a recent lawsuit alleging that a hospital violated patients' privacy by sharing electronic health record (EHR) data with Google for development of medical artificial intelligence (AI) and discusses how the federal court's decision in the case provides key insights for hospitals planning to share EHR data with for-profit companies developing medical AI.
Subject(s)
Artificial Intelligence , Confidentiality , Delivery of Health Care , Search Engine , Humans , Artificial Intelligence/legislation & jurisprudence , Confidentiality/legislation & jurisprudence , Delivery of Health Care/legislation & jurisprudence , Delivery of Health Care/methods , Electronic Health Records/legislation & jurisprudence , Privacy/legislation & jurisprudence , Search Engine/legislation & jurisprudenceSubject(s)
Confidentiality , Privacy , Humans , Privacy/legislation & jurisprudence , Health ServicesABSTRACT
This Viewpoint examines the privacy concerns raised by medical uses of large language models, such as chatbots.
Subject(s)
Artificial Intelligence , Health Communication , Health Insurance Portability and Accountability Act , Privacy , Artificial Intelligence/legislation & jurisprudence , Guideline Adherence/legislation & jurisprudence , Health Communication/methods , Health Insurance Portability and Accountability Act/legislation & jurisprudence , Privacy/legislation & jurisprudence , United StatesABSTRACT
This Viewpoint discusses how regulators across the world should approach the legal and ethical challenges, including privacy, device regulation, competition, intellectual property rights, cybersecurity, and liability, raised by the medical use of large language models.
Subject(s)
Artificial Intelligence , Health Communication , Legislation, Medical , Privacy , Ownership/legislation & jurisprudence , Privacy/legislation & jurisprudence , Language , Health Communication/methods , Artificial Intelligence/legislation & jurisprudenceABSTRACT
BACKGROUND: Wiretapping laws generally govern the legality of surreptitious or unconsented audio recording or other interception of face-to-face conversations, telephone calls, and other oral or wire communications. Many of these laws were originally passed in the late 1960s or 70s, and many have since been modified or amended. Wiretap laws vary from state to state within the United States, and many clinicians as well as patients are often unaware of the scope and implications of these laws. CASE EXAMPLES: We provide three hypothetical case examples to illustrate scenarios in which wiretapping laws come into play. METHODS: Through a review of current legislation, we compiled relevant wiretapping statutes for each state, as well as the potential civil remedies and criminal punishments that could be imposed for violations. We include the results of targeted research related to cases in which rights or claims under applicable wiretap statues have been asserted in the context of medical encounters and healthcare practice. RESULTS: We classified thirty-seven out of 50 states (74%) as one-party consent state laws, nine out of 50 states (18%) as all-party consent state laws, and the remaining four states (8%) as "Mixed". Remedies and punishments for violations of state wiretapping laws generally can involve civil or criminal fines and/or potential incarceration. Cases in which healthcare practitioners have asserted rights under wiretap laws remain rare. CONCLUSIONS: Our findings demonstrate heterogeneity with regard to the wiretapping laws state-to-state. The majority of punishments for violations involve fines and/or potential incarceration. Given the wide variability in state legislature, we suggest that anesthesiologists know their state's wiretapping law.
Subject(s)
Physicians , Privacy , Telephone , Humans , United States , Privacy/legislation & jurisprudence , Telephone/legislation & jurisprudenceABSTRACT
En la actualidad podría afirmarse que la mayor problemática existente en torno a los delitos de descubrimiento y revelación de secretos de empresa se encuentra en la indeterminación de su objeto material: el secreto de empresa. Esta indeterminación, que la reciente Ley 1/2019, de 20 de febrero, de Secretos Empresariales ayuda a solventar, ha llevado a los Tribunales de la jurisdicción penal a pronunciamientos dispares sobre la aplicación de los tipos penales relativos al descubrimiento y revelación de secretos de empresa, siendo uno de los supuestos más cuestionados en la práctica de nuestros Tribunales el tratamiento (o no) de un listado de clientes como un secreto de empresa. Si bien, hay muchas resoluciones que abogan por entender que dichos listados de clientes no forman parte de la información confidencial y reservada de una empresa lo que impediría entenderla como un secreto de empresa, encontramos también ejemplos de casos en los que se ha adoptado una solución contraria. Por medio del presente análisis, se pretende responder a la siguiente pregunta: ¿Puede un listado de pacientes ser considerado un secreto de empresa y, por tanto, dar lugar su descubrimiento y/o revelación a la comisión de un delito de los recogidos en el artículo 278 y siguientes del Código Penal? ¿Y si dicho listado de pacientes contuviera documentación clínica (con datos médicos) de cada uno de ellos? (AU)
Nowadays, the main problem with the offences of discovery and disclosure of trade secrets may lie in the indeterminacy of its material object: the business or trade secret. This indeterminacy, which the recent Law 1/2019, of 20 February, on Business Secrets helps to resolve, has led the Courts of the criminal jurisdiction to make disparate pronouncements on the application of criminal offences relating to the discovery and disclosure of business secrets, with one of the most questioned cases in the practice of our Courts being the treatment (or not) of a list of clients as a business secret. While there are many rulings that argue that such customer lists do not form part of the confidential and reserved information of a company which would prevent it from being considered a trade secret, there are also examples of cases in which the opposite solution has been adopted. This analysis aims to answer the following question: Can a list of patients be considered a business secret and, therefore, can its discovery and/or disclosure give rise to the commission of an offence under Article 278 et seq. of the Criminal Code? What if the list of patients contained clinical documentation (with medical data) for each of them? (AU)
Subject(s)
Humans , Confidentiality/legislation & jurisprudence , Privacy/legislation & jurisprudence , Medical Records , Patient Generated Health DataABSTRACT
In 2022, the U.S. Supreme Court removed constitutional protection from the individual's right to end a pregnancy. In Dobbs v. Jackson Women's Health Organization, the Court invalidated previous rulings protecting that right as part of the individual liberty and privacy interests embedded in the U.S. Constitution. Now, many observers are speculating about the fate of other rights founded on those interests. The Dobbs ruling conflicts with the Court's 1990 Cruzan decision restricting the government's power to interfere with personal medical choices. The language and reasoning in Dobbs and Cruzan offer guidance on how the Court might address future cases involving the right to refuse life-sustaining treatment. The decisions also point to policy strategies for preserving that right.
Subject(s)
Government Regulation , Supreme Court Decisions , Treatment Refusal , Female , Humans , Pregnancy , Constitution and Bylaws , Freedom , Patient Rights/legislation & jurisprudence , Personal Autonomy , Privacy/legislation & jurisprudence , Right to Die/legislation & jurisprudence , Treatment Refusal/legislation & jurisprudence , United States , Withholding Treatment/legislation & jurisprudence , Life Support Care/legislation & jurisprudence , Decision Making , Human Rights/legislation & jurisprudenceSubject(s)
Abortion, Induced , Civil Rights , Health Insurance Portability and Accountability Act , Privacy , Reproductive Rights , Supreme Court Decisions , Abortion, Induced/legislation & jurisprudence , Civil Rights/legislation & jurisprudence , Confidentiality , Female , Health Insurance Portability and Accountability Act/legislation & jurisprudence , Humans , Jurisprudence , Pregnancy , Privacy/legislation & jurisprudence , Reproductive Rights/legislation & jurisprudence , United States , Women's Rights/legislation & jurisprudenceSubject(s)
Civil Rights , Government Regulation , Population Surveillance , Technology , Africa , Civil Rights/ethics , Civil Rights/legislation & jurisprudence , Civil Rights/standards , Population Surveillance/methods , Privacy/legislation & jurisprudence , Technology/ethics , Technology/legislation & jurisprudenceABSTRACT
Continuity in patient care is crucial but is not a 'given' in complex circumstances when several health care professionals are involved in a clinical trajectory. Discontinuity may make it difficult to follow a patient's clinical course, which can be instructive and providing useful feedback on professional performance. Hence, it is a good clinical habit to check on patients after the care has been taken over by others. However, too strict interpretation of privacy laws and regulation may hamper this valuable practice. Obviously, protection of medical information and patients' privacy is vital, however, this should not apply to health care professionals that were involved in earlier phases of a patient's care as they should be considered having a continuing care relationship with the patient. Interestingly, a vast majority of patients themselves have no concern at all when professionals that were involved in earlier phases of their care access their information.
Subject(s)
Privacy , Quality Improvement , Confidentiality/legislation & jurisprudence , Humans , Privacy/legislation & jurisprudenceABSTRACT
An account of privacy's evolutionary roots may hold lessons for policies in the digital age.
Subject(s)
Computer Security , Online Systems , Policy , Privacy , Biological Evolution , Computer Security/legislation & jurisprudence , Cues , Humans , Online Systems/legislation & jurisprudence , Privacy/legislation & jurisprudenceSubject(s)
Information Dissemination/legislation & jurisprudence , Mobile Applications/standards , Patient Identification Systems/methods , Telemedicine/statistics & numerical data , Big Data/economics , Computer Security/legislation & jurisprudence , Humans , Information Dissemination/ethics , Mobile Applications/statistics & numerical data , Privacy/legislation & jurisprudence , Telemedicine/ethics , Telemedicine/instrumentationABSTRACT
OBJECTIVES: To investigate whether and what user data are collected by health related mobile applications (mHealth apps), to characterise the privacy conduct of all the available mHealth apps on Google Play, and to gauge the associated risks to privacy. DESIGN: Cross sectional study SETTING: Health related apps developed for the Android mobile platform, available in the Google Play store in Australia and belonging to the medical and health and fitness categories. PARTICIPANTS: Users of 20 991 mHealth apps (8074 medical and 12 917 health and fitness found in the Google Play store: in-depth analysis was done on 15 838 apps that did not require a download or subscription fee compared with 8468 baseline non-mHealth apps. MAIN OUTCOME MEASURES: Primary outcomes were characterisation of the data collection operations in the apps code and of the data transmissions in the apps traffic; analysis of the primary recipients for each type of user data; presence of adverts and trackers in the app traffic; audit of the app privacy policy and compliance of the privacy conduct with the policy; and analysis of complaints in negative app reviews. RESULTS: 88.0% (n=18 472) of mHealth apps included code that could potentially collect user data. 3.9% (n=616) of apps transmitted user information in their traffic. Most data collection operations in apps code and data transmissions in apps traffic involved external service providers (third parties). The top 50 third parties were responsible for most of the data collection operations in app code and data transmissions in app traffic (68.0% (2140), collectively). 23.0% (724) of user data transmissions occurred on insecure communication protocols. 28.1% (5903) of apps provided no privacy policies, whereas 47.0% (1479) of user data transmissions complied with the privacy policy. 1.3% (3609) of user reviews raised concerns about privacy. CONCLUSIONS: This analysis found serious problems with privacy and inconsistent privacy practices in mHealth apps. Clinicians should be aware of these and articulate them to patients when determining the benefits and risks of mHealth apps.
