A regular contributor to The Pump Handle, Anthony Robbins, MD, MPA, and his co-editor Phyllis Freeman wrote the following editorial which is available at the Journal of Public Health Policy.
In early July 2013, James R. Clapper, Jr, United States Director of National Intelligence apologized to the Chairwoman of the Senate Select Committee on Intelligence for ‘clearly erroneous’ statements made during public testimony before the committee in March.1 In his testimony, he denied that the National Security Agency collected private data on millions of American citizens. In a television interview, after Edward Snowden, Jr, a former employee of an NSA contractor, revealed Mr Clapper’s testimony to be untrue, Mr Clapper described his perjury as the ‘least untruthful’ way to answer a question about domestic surveillance.
With this background, we return to this issue of trust,(here, here)a key element of medical care and of public health. In medical care, everyone must trust clinicians to act in the patient’s best interest, not the interest of a professional or commercial entity. In public health, trust is perhaps even more important, as public health interventions often require that the population trust the public health programs that ask people to act or submit to things for the benefit of the population, not just themselves.
From the very start of discussions about how and when to protect the privacy of health data, trust has been an accepted objective. As data use and storage have grown, concerns about privacy and maintaining trust have grown.
We always suspected that public health data and information about individuals were at risk to hackers and marketers and to careless data management practices. Now we have learned that the US Government and most other governments with spy agencies can and do break into large data systems, such as telephone and e-mail records. Today, this spying is justified as part of a ubiquitous fight against ‘terrorists’, a label that seems to justify any response.
How can we in public health act to help public health agencies protect the trust the public bestows on them? Are we promising privacy and confidentiality when we know or suspect that we are unable to protect the information we collect and hold?
In the past, the privacy protections we offered to patients and research subjects posed difficult challenges. If, for example, many years after collecting data for a study we learned that certain individuals from whom we collected data were at a risk of developing a disease where secondary prevention could be protective, what was our obligation to find and treat those people?
Now the actions of spy agencies and their contractors suggest it may not be possible to offer privacy and confidentiality at all. When jobs and livelihoods of individuals are at stake, can we promise that there will be no disclosure without getting permission from the data source? Can we promise privacy when governments have made it clear that their laws permit them access to any database? We in public health and medical care will need to determine what we can control and what we can promise in this newly recognized environment. And when we cannot promise protection from disclosure of health information, can we anticipate the consequences and engage to mitigate them?
Anthony Robbins, MD, MPA is co-Editor of the Journal of Public Health Policy. He directed the Vermont Department of Health, the Colorado Department of Health, the U.S. National Institute for Occupational Safety and Health, and the U.S. National Vaccine Program.