Privacy and Health Care: Squaring the Circle

This way the GP remains in control of his or her professional practice and can exercise due diligence, while the individual (the patient) retains control over information that belongs to him or her. The integrity of the doctor/patient relationship is preserved.

While the GP may own the data in question and the individual may have control over the data relating to him or to her, many parties may have beneficial use of the data.

These may include others who are involved in caring for the individual’s health, health insurers, government agencies and so on. Also, aggregated data may be used by government, universities and others for research, planning and management purposes.

Standards for Data Protection

Within the model at Figure 1 there are two types of transaction envisaged:

1. Between the individual and the data broker
2. Between the data broker and the provider or recipient of data

The individual’s transaction with the broker is akin to the relationship s/he may have with a provider of financial services and an appropriate level of security should apply. This could be done by means of a personal identification number (“PIN”), a password or a combination of such tools. This would provide adequate protection and trust at a relatively low cost.

For the second type of transaction, a higher level of security is required, akin to bank to bank transactions. Public key infrastructure (“PKI”) has been canvassed as an appropriate solution.

PKI is the term that describes the laws, policies, standards, and software that regulate or manipulate certificates and public and private keys. The intent is to define a set of standards for applications that use encryption.

PKI is relatively expensive and does not necessarily provide the level of security one might expect for the price. Alternatives such as SPKI/SDSI or Brandsian Private Credentials may be preferable, but detailed consideration of such matters is beyond the scope of this paper.

Summing Up

The concept proposed here for the management of health data satisfies the guiding principles discussed earlier, because it:

1. Is a simple, flexible framework that would accommodate existing and new technical solutions;
2. Places control of personal data in the hands of the citizen/client/customer, while allowing others to have beneficial use of the data;
3. Allows government access to clean, reliable, structured sources of data;
4. Allows health providers to manage data efficiently, while protecting the integrity of the clinician/patient relationship;
5. Provides a national regime of privacy protection that is available to all, at no direct cost;
6. Lessens the risk of identity theft or fraud;
7. Creates a new market, with new business opportunities;
8. And also creates a risk management gradient – adequate protection for all, user pays for those who want more; simple security tool for the individual, higher level of protection for data at industry level.

There is no guarantee that this proposal would reduce health care costs. The modelling required to test this hypothesis is somewhat beyond the scope of this paper (and the author’s skills). However, this proposal creates a defined space within which all the fundamental issues can be explored with a view to generating policy options, the viability and desirability of which can be tested later. This is only the beginning of a process of exploration; it is not a conclusion.