Fears about re-uses of personal data as well as re-uses of research data and samples are the focus of a policy paper released today by the American College of Physicians (ACP). The new document, which is an update of a paper produced by ACP two years ago, adds a policy position regarding research. It proposes a privacy rule that says researchers should maximize appropriate uses of information to achieve scientific advances without compromising ethical obligations to protect individual welfare and privacy.
The release of Health Information Technology & Privacy comes eight days before the close of the comment period for the Advance Notice of Proposed Rulemaking (ANPRM) of Human Subjects Research Protections: Enhancing Protections for Research Subjects and Reducing Burden, Delay, and Ambiguity for Investigators. The proposed changes, which will be highlighted in ACP's ANPRM comments, are designed to strengthen protections for human research subjects.
"While coming changes did not prompt this paper, its production and release are turning out to be quite timely," noted Virginia L. Hood, MBBS, MPH, FACP, president of ACP. "The paper suggests revisions to the current regulations, which are now being considered because the Department of Health and Human Services (HHS) believes these changes will strengthen protections for research subjects in a number of important ways."
In its 15-page policy paper, ACP proposes 13 policy positions to guide the development of the comprehensive framework. The new policy position, number 4, says:
New Position 4: Regarding research, a revised privacy rule should maximize appropriate uses of information to achieve scientific advances without compromising ethical obligations to protect individual welfare and privacy.
A. Participation in prospective clinical research requires fully informed and transparent consent that discloses all potential uses of PHI and IIHI, and an explanation of any limitations on withdrawing consent for use of data, including biological materials.
B. ACP recognizes that further study is needed to resolve informed consent issues related to future research use of Protected Health Information (PHI) and Individually Identifiable Health Information (IIHI) associated with existing data, including biologic materials.
C. Informed consent documents should clearly disclose whether law enforcement agencies would have access to biobank data without a warrant.
D. ACP recommends that regulations governing IRB review be expanded to include consideration of the preferences of research subjects whose tissue has been stored.
The paper also says that by including providers, governmental bodies, consumers, payers, quality organizations, researchers, and technologists, the resulting framework would clearly specify appropriate activities such as treatment, payment, and some health care operations where sharing of personal health information can proceed without the need for additional consent. Once the boundaries of appropriate data-sharing practices and situations are agreed on, it will be far easier to define consent requirements for appropriate activities.
"The patient-doctor relationship is dependent on trust and this extends to the personal information shared as part of that relationship," said Dr. Hood. "As U.S. health care moves from paper to an electronic world, a new national debate over privacy of individually identifiable health information (IIHI) has emerged. Patients need to feel confident that they can receive needed health care without the risk that their private information will be inappropriately disclosed, which might result in withholding of information and lead to potentially negative clinical consequences. Patients benefit when information pertinent to their care, concerns, and preferences is shared among those rendering health care services to them."
ACP strongly believes in the goal of widespread adoption and use of health information technology (HIT) to improve the quality of care, the paper says. ACP supports the concept of safe and secure electronic health information exchange (HIE) and advocates that clinical enterprises, entities, and clinicians wishing to share health information develop principles, procedures, and polices appropriate for the electronic exchange of information necessary to optimize patient care.
The paper emphasizes that privacy policies need to satisfy the growing expectations that the implementation of computerized and networked medical records will facilitate better care at lower overall costs while preserving the expressed intent of one of the principles from the Hippocratic Oath, "All that may come to my knowledge in the exercise of my profession or in daily commerce with men, which ought not to be spread abroad, I will keep secret and will never reveal."