When to Consider Patient Data Privacy? All Along

Jack Murtha
OCTOBER 29, 2017
andrew shuman,university michigan,healthcare analytics news,data breach

It was perhaps the most difficult moment in Marc’s life. The 59-year-old painter had a non-healing oral ulcer, which had been bothering his lower denture. A biopsy confirmed it was stage IVa squamous cell carcinoma. He was staring down surgery and radiation.

Marc, whose name is a pseudonym, sat down with Andrew G. Shuman, MD, a surgeon in the University of Michigan Health System’s Division of Head and Neck Oncology. Shuman, who also co-heads the school’s program in clinical ethics, told him he had 2-4 weeks to get surgery. To rebuild Marc’s tongue, a transplant would need to be harvested from different parts of his body. While discussing the options on the table, Shuman brought up decisions affecting Marc’s privacy, and they needed to be made quickly.

‘Privacy—are you kidding me? We’re talking about taking my tongue out; we’re not talking about privacy,’ Marc told his surgeon. “But, of course, as this audience well knows, privacy is a continuum,” Shuman told his audience last week at a US Department of Health and Human Services symposium on privacy in the digital age.

The point, he added, was that talks surrounding patient privacy begin with the first consultation. Healthcare providers must be careful to help people during the most vulnerable times of their lives, going beyond regulatory requirements and into honest practicality. This is especially true as big data and genomics continue their ascent.

To Shuman, the job of a surgeon doesn’t end when the incision is closed. Instead, he must help people make difficult decisions—ones that could trade some degree of privacy for the greater good, in the form of research and medical breakthroughs. And the nature of dealing with a sick person’s privacy rights is different than those of, say, a consumer, he said.

“There’s clearly a harm associated with the surgery itself,” Shuman said. “But there’s also a harm of data breaches. There’s also a harm of unintended genetic information we might obtain through the course of his research.” Finally, he said, harms exist in Marc being on a tumor registry or cancer database, or his biospecimen being stored in a lab.

Meanwhile, Marc was thinking about more than his privacy. Should he ask for a second opinion and risk delaying the best course of treatment? Maybe he should opt only for radiation, saving his jaw. Does he try to quit smoking once again? And does he tell his ex-wife what’s going on?

All the while, Marc had to sign hundreds of documents, many of which related to the use of his tumor, story, and photographs in research.

For all these reasons, Shuman said, providers must personalize the informed consent and disclosure process for each patient. Navigating guidelines and regulations isn’t enough to fully inform each person, and to help them grasp the consequences of their decision. “We must create an atmosphere and disclosure environment where they can learn upfront rather than be surprised or disillusioned after the fact,” he said.

The biggest thing that providers and hospitals can do, he noted, is to recognize that patient data privacy concerns must enter the dialogue quickly and appear throughout the relationship. Consent documents should be only part of the equation. Rather than a contract, Shuman said, healthcare needs to shift toward doctor-patient covenants.

Marc, of course, ended up working with Shuman, whose research required speedy action to examine the freshly removed tumor. Since then, however, the use of the patient’s information has evolved to illustrate how seemingly straight-forward data decisions are anything but.

SHARE THIS SHARE THIS
32
Become a contributor