Privacy Matters — Medical Privacy
On June 30, 2012, Privacy India in partnership with the Indian Network for People living with HIV/AIDS, Centre for Internet & Society, IDRC, Society in Action Group, with support from London-based Privacy International, held a public discussion on "Medical Privacy" at the Yashwantrao Chavan Academy of Development Administration.
The conversation brought together a cross section of citizens, lawyers, activists, researchers, academia and students.
Prashant Iyengar, Assistant Professor, Jindal Law University, opened the conference with an explanation of Privacy India’s mandate to raise awareness, spark civil action and promote democratic dialogue around privacy challenges and violations in India. He summarized the series of ten consultations previously organized across India:
|
Elonnai Hickok, a member of Privacy India, introduced the draft book Privacy in India: A Policy Guide that Privacy India has been compiling. Focusing on the draft chapter, Medical Privacy, she provided examples of legislation and policy containing safeguards to privacy such as Medical Council of India's Code of Ethics Regulations 2002, and pointed out legislation with missing safeguards such as in the Mental Health Act of 1987. Additionally, she gave many examples of projects being implemented in India that impact health privacy including Save the Baby Girl Project, the Mother and Child Tracking System, the UID, and a cloud based system known as Health Hiway. |
Medical Privacy in India
Dr. Dharmesh Lal, MBBS, DHA, MD, DNB, DVLDP, Officiating Dean, IIHMR, Delhi, discussed the correlation between medical privacy and confidentiality. Medical Privacy involves the confidentiality of patient-provider encounters, along with the secrecy and security of information memorialized in physical, electronic and graphic records created as a consequence of patient-provider encounters. Confidentiality involves restricting information to persons belonging to a set of specifically authorized recipients. |
He went on to explain that limited financial resources in public hospitals often preclude the separate examination of one patient at a time. “In Government hospitals, large numbers of patients congregate in the doctors office,” he says. Privacy is also related to a patient's financial status and decreases as one goes down the socio-economic ladder.
Additionally, he described the privacy concerns that arise due to infrastructural constraints. India's healthcare infrastructure has not kept up with the development of government health initiatives. For examples, the Janani Suraksha Yojana (JSY) initiative was launched in 2005, under the National Rural Health Mission (NRHM). JSY was implemented with the objective of reducing maternal and neo-natal mortality by promoting institutional delivery among the Poor Pregnant Woman. Financial incentives were provided to mothers. There was a phenomenal increase of institutional delivery. However, there was no proportional increase in infrastructure.
He called for a change in medical education, administration and management, stating, “Privacy protection has to be established as a core value that connects organizational culture. Alarmingly, medical curriculum in India does not have formal component on medical privacy, significant curriculum reforms in undergraduate medical teaching is necessary.
Medical Privacy- Legal Aspects
Mr. Pandit, Advocate, Pandit law Office, discussed the Hippocratic oath, which includes the duty of the caregiver to ‘keep secret’ and ‘never reveal’ ‘all that may come to my knowledge’. In other words, right to medical privacy has to be balanced with right to healthy life of another whose right will be affected unless such information is disclosed to her/him. He described the code of conduct prescribed by Indian Medical Council to its members, as a guideline to be followed is intended to preserve protect and uphold dignity of profession. Physicians should merit the confidence of patients entrusted to their care, rendering to each a full measure of service & devotion. |
Referring to the Dr.Tokugha Yepthomi Vs Appollo Hospital Enterprises Ltd & Anr. III case, he described the Supreme Court’s verdict on the ‘Right to Life’.
The “Right to life” would positively include the right to be told that a person, with whom she was proposed to be married, was a victim of deadly disease, which was sexually communicable, since right of life includes right to lead a healthy life. Moreover where there is a clash of two fundamental rights, The RIGHT which would advance the public morality or public interest, would alone be enforced through the process of Court.
He concluded by asserting that there is considerable force in the argument that there is a need for a comprehensive legislation to protect the interest of poor patients and ordinary citizens who cannot afford to initiate a protracted legal battle to protect their medical privacy.
Supreme Court views on Medical Negligence
Professor K. Elumalai, Director, School of law, IGNOU, provided numerous Supreme Court verdicts on medical negligence cases. He summarized the cases and discussed their salient features. He discussed the manner in which a Medical professional can be prosecuted for medical negligence under criminal law. It must be shown that the accused did something or failed to do something which in the given facts and circumstances, no medical professional in his ordinary senses and prudence would have done or failed to do. |
Confidentiality and privacy in medical Settigs vis-a-vis PLHIV
Ms. Nitu Sanadhya, Senior Legal Officer, Lawyers Collective, HIV/ AIDS Unit, stressed the importance of a rights-based approach and integrationist legal response to the HIV epidemic. When legislations or policies discriminate or isolate persons living with HIV, for example, through mandatory testing and breach of confidentiality, it drives the epidemic underground.
In India, there is no comprehensive law on HIV. In 2007, the National Aids Control Organization (NACO) released the Operational Guidelines for Integrated Counseling and Testing Centres. She described the salient features of the guideline especially focusing on the privacy provisions. She described the various situations that permit a health practitioner to disclose the HIV status of a patient to a partner and/ or third party. Discriminatory practices that arise out of a breach or confidentiality or privacy violation include stigmatization, denial of access to treatment, loss of employment, etc. |
Under the RTI Act, A person’s HIV status is confidential and is protected in law and can only be disclosed to a third person in limited circumstances. The RTI Act specifically exempts the disclosure of personal information which is not of public interest; information which would cause an unwarranted invasion of privacy; and information which has been received in a fiduciary capacity. Therefore, The RTI Act 2005 cannot be used to obtain a person’s HIV report.
Privacy in Practice
Dr. Anand Philip, Personal Physician at NationWide Primary Healthcare Service Pvt. Ltd., drew from his personal experiences. During his presentation he emphasized how privacy is important, but it is clear that privacy does not happen the way it is theorized by. In fact there are many dichotomies in what we believe privacy is and how it is used. He pointed out that we often take for granted why privacy matters and where it comes from. He discussed how without patient autonomy and patient dignity, privacy cannot |
be upheld. Yet, one sees a constant breach of people’s dignities in the medical system. Some people rationalize this violation of dignity by explaining that in India, doctors are used to people who have nothing and thus, dignity is not important. Yet, he argued, dignity is something that is inherent. The lack of dignity practiced in India's medical system shows a problem with how we are trained. Giving an example of how dignity is breached in India, Dr. Philip referred to two people being treated on the same table. He pointed out that the physical aspects of privacy are non-existent. For example, the WHO recommends five feet between beds, but typically two or three feet exist between hospital beds. Furthermore, there are often no curtains in hospitals. He then moved from physical privacy to information physical. In a hospital information flows in all directions, it is not a controlled environment and the patient does not choose who sees his/her information – the hospital decided. Dr. Philip then talked about training. The health care system encompasses a larger team of people from doctors to sweepers. Training is only given to clinical staff. Thus other aspects such as the Indian culture, infrastructure, and training all impact how privacy is carried out in the medical field. In conclusion Dr. Philip re-stated that privacy is a byproduct of autonomy and dignity. He noted that offering a patient dignity was a critical step that must be taken by service providers. Closing his presentation, he challenged the audience with the following questions: Considering how autonomy is not important, how do we reach people with the idea? Since physical privacy is key to other forms of privacy, how do we take it more seriously? What can we do about the medical team's approach to privacy?
Best Practices of Medical Privacy in Various Health Settings
Sriram Lakshmanan, Head Information Security, UnitedHealth Group Information Systems, spoke about the US health-care market touching on medicare, medicaid, employer-sponsored insurance, and individual insurance plans. He also commented on the EU regime pointing out that most of the laws in the EU have a long list of identifiers indicating when your information counts as being compromised. Canada PIPEDA, is very strict and protects health privacy. In his opinion, the IT Act caters to many aspects of privacy. He also touched upon the eight OECD Privacy Principles and |
how they can be adopted for the Indian scenario. A few of the principles included collection limitation principle, data quality principle, purpose specification principle, use limitation principle. For example, if health information for treating malaria is collected, than that information should only be used for that purpose. Closing his presentation, he noted that most of the technologies that we use today for health run on IT, and thus can be used to compromise individual or hospital wide information.
Epidemics and Privacy
Dr. Rajib Dasgupta, Assistant Professor, Center of Social Medicine and Community Heath at Jawaharlal Nehru University, examined conflicts of issues of privacy, confidentiality and the role of the state in the context of epidemics and the provisions within the Epidemic Diseases Act. Epidemics are population-level events in contrast to illnesses that only involve individuals; therein lies the uniqueness of the intersection between medical privacy and public health ethics. The state has unique responsibilities to detect, diagnose, manage and control epidemics. This has local/regional and international ramifications. Also linked to these are limits to the powers, rights of individuals and the extent to which such rights may need to be suspended. |
The exercise of actions within the Act is not necessarily bereft of infringement of privacy and overt discrimination. Certain diseases, as indeed limitations imposed by the state, have elements of stigma that further confound the fuzziness of this debate.
When an epidemic occurs, the need for privacy in the mind of the individual goes down, as they are concerned solely with receiving treatment. He also pointed out that there are contradictory elements during epidemics. For instance an area might not want to be named as having an outbreak of a disease, but at the same time individuals will line up outside hospitals for treatment, exposing the fact that they have the disease. He also spoke about how steps taken to address epidemics can invade privacy. For example, during the SARS outbreak, it was the practice to put the patient in an infectious disease hospital. This was invasive to personal privacy as it created stigma and discrimination. Closing his presentation he explained how the conventional notions of privacy do not necessary hold in the case of epidemics because it is an emergency outbreak. Thus, protocol is established on a case-to-case basis. Despite this he believes that it is possible and valuable to protect privacy in cases of epidemics.
HIV/ AIDS and Privacy
KK Abraham, President of Indian Network for People Living with HIV/AIDS, described how privacy could be understood as a luxury, in some cases it can be understood as a right, and in other cases it is understood of responsibility. Regarding HIV patients, Mr. Abraham emphasized the need for privacy to be understood as a right. Mr. Abraham also pointed out that as trends are changing in India, and more services are becoming available, that this is the right time to talk about privacy. Closing his presentation Mr. Abraham called for a greater understanding of patients' privacy needs and the negative effect of stigma. |
HIPPA with reference to Applicability to Patient Privacy and Clinical Data Confidentiality in India
Dr. Lavanian Dorairaj, MD, CEO at HCIT Consultants, described how IT is a powerful tool for health care, despite the fact that health care has been hesitant to use IT. He explained that IT can help reduce errors in health care; it can help increase accessibility of patient data, improve diagnosis, treatment, and prognosis. Healthcare IT has great advantages but needs to be handled with great responsibility. He also pointed out that IT can lead to privacy violations if inappropriate access to patient records takes place. He argued that though India has recognized the need for privacy, it still needs to find a way to implement privacy protections and police the implementation of the guidelines. Drawing on examples from HIPPA, he argued that India would benefit from establishing privacy standards and security standards for health information. He explained further that HIPPA is a flexible rule, which obligates relevant entities to comply. The Rule is designed to be flexible. Entities regulated by the rules are obligated to comply. |
Presentations
Click to download the presentation files. [Zip files, 2184 Kb]