|Home | About | Journals | Submit | Contact Us | Français|
The development of information technology has had a significant impact on modern healthcare. Shared care, telemedicine and electronic health records (EHRs) are some of the important changes. However, new methods create new challenges; therefore, health care organisations (HCOs) need to adopt new solutions to overcome the problems posed by the electronic environment. “The emergence and evolution of a new technology gives us a chance to test old tools and, as necessary, to invent new ones in order to get better moral leverage on the problems at hand. Such tools will inform our decisions, guide our actions and prepare us for future challenges”.1
Here we try to identify and scrutinise ethical issues encountered during the development and application of S3P rather than studying them from a theoretical perspective. We think that this experiential knowledge might be helpful to bridge the theoretical and the practical, thus enabling us to present ethically sound policies as we move from paper‐based policies to electronic ones. Although we have come up with some preliminary solutions, solving ethical problems of electronic healthcare and computerised policies is a sophisticated task and needs a collaborative effort by experts from different professional backgrounds, such as physicians, sociologists, ethicists, lawyers and epidemiologists. S3P can serve this purpose by providing a software platform for testing various healthcare scenarios and privacy policies.
In modern, electronic‐based HCOs, individuals from diverse professional backgrounds work collaboratively in decision‐making processes concerning patients' health, and patients have the right to influence these processes. Winkler states that an organisation‐wide policy that covers all individuals in an HCO and deals with both standard and morally controversial medical practices ensures autonomy, quality, fairness and efficiency of decision‐making processes.3 The privacy policies of many developing countries, which mainly assume a traditional physician–patient decision‐making approach, fall short of fulfilling such goals.
Therefore, checking the adequacy of privacy protection is important for faultless sharing of information between HCOs. An example of such adequacy checking is the Safe Harbor, which assures the adequacy of privacy protection as defined by the European Directive on Data Protection with regard to data shared with nations outside the European Union.6
Since electronic healthcare introduces changes such as division of labour and more comprehensive health records, electronic privacy policies are more sophisticated than the traditional ones. Consequently, unforeseen conflicts and errors can materialise that are difficult and costly to resolve with the traditional forms of privacy policies. However, an electronic policy can be controlled and revised using sophisticated software to ensure validation and verification of its contents and to make it compatible with ethical values.
During the development of S3P, we have been confronted with several ethical dilemmas. Below are some of the themes that we have compiled from our experience with S3P and the questions relating to them. The typology of the questions was inspired by Anderson and Goodman.1
In electronic healthcare, various HCOs may participate in the treatment of patients by sharing parts of their health information. Additionally, physicians may need to grant access to other physicians for consultation purposes, a feature called “granted access” in S3P.
For secondary uses, such as research, disclosed information should be de‐identified by removing personal, identifiable parts of the EHR.
To prevent the duplication of records and for the accuracy of research, disclosed records should be uniquely identified without making the record owners known to others. Duplications may occur because the patients may have records in several hospitals. Additionally, de‐identification should be reversible (a process we call re‐identification)—for instance, to inform the patient about a rare disease diagnosed during research.
Informed consent is used to inform patients about the uses and disclosures of their records. It also provides the opportunity for patients to specify the privacy protection level by opt‐in and opt‐out choices applied on policy rules. By opting in, patients can include their records in any information gathering and usage activity, and by opting out, they can exclude their records from such activities.
Policies may contain errors or conflicts that can lead to privacy violations or unavailability of necessary information. Conflicts may arise due to diversity of roles and the membership of individuals in possibly multiple roles.
Recommendation: Privacy policies can be analysed using the software to reveal conflicts in assigning access rights to different roles.
Patient records should be uniquely identified in order to prevent medical errors. Using a social security number as a health identifier is one choice. However, it is subject to abuse and can endanger patient privacy by linking EHRs to other records, such as financial ones.10
Recommendation: An alternative identifier model is used in S3P to identify disclosed records uniquely and to re‐identify them if needed.
Patients can have access and control over their health records; this is called “patient empowerment”.11
In Turkey, patients have the right to have a copy of their medical records according to the statute of patient rights 12 (as cited in Aydin, 200413). However, some parts of the EHR, such as mental health information, may be concealed from patients for their own safety.
Telemedicine is the “use of telecommunication technologies to deliver medical information and services to locations at a distance from the care giver or educator”.14 High‐speed connections and low‐cost storage devices enable the recording of all physician–patient conversations.
All activities carried out on an EHR can be audited for later quality analyses or for possible litigation.
Herein we present S3P, a prototype computer program that simulates enforceable electronic privacy policies in an electronic healthcare setting. It is a tool for testing medical scenarios and assessing the effect of computerised privacy policies on healthcare processes. We have observed several ethical challenges during the development and application of the software. S3P can help to highlight these problems and assist policy‐makers in fine‐tuning and perfecting the patient privacy guidelines in the electronic healthcare setting. This task will lead to design of ethically sound privacy policies appropriate for electronic healthcare.
Many thanks to Dr Atac Baykal and Dr Arda Arikan for their helpful comments and generous support in editing the drafts of this paper.
EHR - electronic health record
HCO - health care organisation
Competing interests: There are no competing interests related to this paper.