Intended for healthcare professionals


Disclosure and use of personal health information

BMJ 1996; 312 doi: (Published 16 March 1996) Cite this as: BMJ 1996;312:653
  1. Beverly Woodward
  1. Research associate in philosophy and sociology Brandeis University, Waltham, MA 02234-9110, USA

    Widespread access is likely to erode patient confidentiality

    Lord Walton's Disclosure and Use of Personal Health Information Bill received its second reading in the House of Lords this week. The bill illustrates the difficulty of legislating in the subject of medical confidentiality. The basic principle of medical confidentiality is simply stated: “patients have a right to expect that you will not pass on any personal information which you learn in the course of your professional duties, unless they agree.”1 Difficulties arise when there is an attempt to list the exceptions to this simple principle. The focus then tends to shift from protecting the patient's right to confidentiality and providing the patient with strong tools for preserving confidentiality to licensing disclosure and providing health professionals, medical researchers, and the police with permission to gain access to personal health information in a wide variety of circumstances.

    A right which is easily overridden, or overridden in many circumstances, becomes something less than a right. The sweeping access granted by Lord Walton's bill to those concerned with law enforcement, for example, is disturbing. The bill permits the disclosure of personal health information without patient consent whenever necessary “to avoid prejudice to the maintenance of the law by any public body, including the prevention, detection, investigation, prosecution and punishment of a serious offence.” This provision seems to grant the police, and perhaps other public officials, access to the medical records of nearly anyone, whether or not a suspect in a criminal case. Similar provisions in a “medical confidentiality” bill recently introduced in the United States led to strong protests from the American Civil Liberties Union.

    Apart from references to those concerned with “the maintenance of law,” Lord Walton's bill pertains mainly to individuals and bodies providing health care services. Here the bill applies a broadly construed need to know criterion that favours widespread dissemination of personal information within the health care system, rather than outlining procedures whereby the patient can maintain control over such disclosures. In brief, the bill grants permission to pass information around quite freely among health professionals, so long as such disclosures are somehow related to the provision of care. (By contrast, the report Security in Clinical Information Systems, recently commissioned by the British Medical Association, outlines procedures that enhance patient control.2

    In the age of the computer the application of a liberally construed need to know criterion is likely to entail widespread dissemination of personal data. While such dissemination may assist in care—for example, in the case of an accident far from home—it is also likely to lead to an erosion of the confidentiality of the disseminated information. Given this trade off, the critical issue is whether the patient will be permitted to implement his or her preferences. This bill does not grant the patient that capability.

    Lord Walton's bill has the virtue of criminalising certain categories of improper disclosure and of establishing penalties, albeit modest, for such infractions. But there are highly important practices that invade privacy which the bill does not address. It does not attempt to regulate the disclosure of personal health information once such information has left the circle of health care provision. Neither it attack the ever growing commerce in personal medical information nor penalise those who obtain such information under false pretences (by impersonating a doctor, for example.)

    Finally, it does not address the challenges to privacy posed by those who wish to use the computer to do all inclusive research—for example, research on “all the inhabitants of…” or “all the people who became ill with the…disease in 19 ….” With respect to research, the bill permits the use of patient identified information without consent when obtaining consent would not be “practicable.” Of course, obtaining consent from all the members of a large population set is generally not practicable. But given the kinds of studies that statisticians can now undertake with the aid of computer technology, do we really wish to permit the extensive and intensive invasions of privacy that are possible under this rule? If we wish only “de-identified” information to be used for such studies, can we come to an agreement about what counts as de-identified? The time has come for public discussion of these important issues. It is to be hoped that Lord Walton's bill will help to provoke it.


    1. 1.
    2. 2.
    View Abstract