Journal of General Internal Medicine

, Volume 16, Issue 2, pp 100–111 | Cite as

Shared expectations for protection of identifiable health care information

Report of a national consensus process
  • Matthew K. WyniaEmail author
  • Steven S. Coughlin
  • Sheri Alpert
  • Deborah S. Cummins
  • Linda L. Emanuel
Health Policy


OBJECTIVE: The Ethical Force Program is a collaborative effort to create performance measures for ethics in health care. This report lays out areas of consensus that may be amenable to performance measurement on protecting the privacy, confidentiality and security of identifiable health information.

DESIGN: Iterative consensus development process.

PARTICIPANTS: The program’s oversight body and its expert panel on privacy include national leaders representing the perspectives of physicians, patients, purchasers, health plans, hospitals, and medical ethicists as well as public health, law, and medical informatics experts.

METHODS AND MAIN RESULTS: The oversight body appointed a national Expert Advisory Panel on Privacy and Confidentiality in September 1998. This group compiled and reviewed existing norms, including governmental reports and legal standards, professional association policies, private organization statements and policies, accreditation standards, and ethical opinions. A set of specific and assessable expectations for ethical conduct in this domain was then drafted and refined through seven meetings over 16 months. In the final two iterations, each expectation was graded on a scale of 1 to 10 by each oversight body member on whether it was: (1) important, (2) universally applicable, (3) feasible to measure, and (4) realistic to implement. The expectations that did not score more than 7 (mean) on all 4 scales were reconsidered and retained only if the entire oversight body agreed that they should be used as potential subjects for performance measurement. Consensus was achieved on 34 specific expectations. The expectations fell into 8 content areas: addressing the need for transparency of policies and practices, consent for use and disclosure of identifiable information, limitations on what information can be collected and by whom, individuals’ access to their own health records, security requirements for storage and transfer of information, provisions to ensure ongoing data quality, limitations on how identifiable information may be used, and provisions for meaningful accountability.

CONCLUSIONS: This process established consensus on 34 measurable ethical expectations for the protection of privacy and confidentiality in health care. These expectations should apply to any organization with access to personally identifiable health information, including managed care organizations, physician groups, hospitals, other provider organizations, and purchasers. Performance measurement on these expectations may improve accountability across the health care system.

Key words

health policy health care information 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Emanuel L. Professional standards in health care: calling all parties to account. Health Aff (Millwood). 1997;16:52–4.CrossRefGoogle Scholar
  2. 2.
    Wynia M. Performance measures for ethics quality. Eff Clin Pract. 1999;2:294–8.PubMedGoogle Scholar
  3. 3.
    Goldman J. Protecting privacy to improve health care. Health Aff (Millwood). 1998;17:47–60.CrossRefGoogle Scholar
  4. 4.
    Etzioni A. The Limits of Privacy. New York, NY: Basic Books; 1999.Google Scholar
  5. 5.
    Gostin LO, Hadley J. Health services research: public benefits, personal privacy, and proprietary interests. Ann Intern Med. 1998;129:833–5.PubMedGoogle Scholar
  6. 6.
    Gostin L. Health information privacy. Cornell Law Review. 1995;80:101–84.Google Scholar
  7. 7.
    For the Record: Protecting Electronic Health Information. Washington, DC: National Academy Press; 1997.Google Scholar
  8. 8.
    Monane M, Mathias DM, Nagle BA, Kelly MA. Improving prescribing patterns for the elderly through an online drug utilization review intervention: a system linking the physician, pharmacist, and computer. JAMA. 1998;280:1249–52.PubMedCrossRefGoogle Scholar
  9. 9.
    Howell A. Experts address concerns over plans invading medical confidentiality of members. BNA Healthcare Daily Report. 1998;volume 6, issue 37.Google Scholar
  10. 10.
    Health Privacy and Confidentiality Recommendations. Report of the National Committee on Vital and Health Statistics. Washington, DC: National Committee on Vital and Health Statistics; 1997.Google Scholar
  11. 11.
    Marwick C. Medical records privacy: a patient rights issue. JAMA. 1996;276:1861–2.PubMedCrossRefGoogle Scholar
  12. 12.
    1998 Harris-Westin Survey on Privacy and the Elements of Self-Regulation. Department of Commerce Privacy Conference. Washington, DC: Department of Commerce; 1998.Google Scholar
  13. 13.
    Harris-Equifax Consumer Privacy Survey, 20–29 July, 1996. Available at Accessed March 20, 2000.Google Scholar
  14. 14.
    2000 Ethics Survey of Consumer Attitutdes about Health Web Sites. California Healthcare Foundation and the Internet Healthcare Coalition. Available at: Accessed March 20, 2000.Google Scholar
  15. 15.
    Buckovich SA, Rippen HE, Rozen MJ. Driving towards guiding principles: a goal for privacy, confidentiality and security of health information. J Am Med Inform Assoc. 1999;6:122–33.PubMedGoogle Scholar
  16. 16.
    The State of Health Privacy: An Uneven Terrain. Washington, DC: Health Privacy Project; 1999.Google Scholar
  17. 17.
    O’Brien DG, Yasnoff WA. Privacy, confidentiality and security in information systems of state health agencies. Am J Prev Med. 1999;16:351–8.PubMedCrossRefGoogle Scholar
  18. 18.
    Westin A, Louis Harris and Associates. Health Care Information Privacy. A Survey of the Public and Leaders. Equifax, Inc. Study no. 934009; 1993.Google Scholar
  19. 19.
    American worry about the privacy of their computerized medical records; health plans, drug companies and government health programs are least trusted. BW Healthwire. January 29, 1999.Google Scholar
  20. 20.
    Goldman J, Hudson Z. Exposed: A Health Privacy Primer for Consumers. Washington, DC: Health Privacy Project, Institute for Health Care Research and Improvement, Georgetown University; 1999.Google Scholar
  21. 21.
    Alpert S. Smart cards, smarter policy. Medical records, privacy, and health care reforms. Hastings Cent Rep. 1993;23:13–23.PubMedGoogle Scholar
  22. 22.
    Studdert D. Direct contracts, data sharing and employee risk selection: new stakes for patient privacy in tomorrow’s health insurance markets. Am J Law Med. 1999;25:233–65.PubMedGoogle Scholar
  23. 23.
    Etzioni A. Medical records. Enhancing privacy, preserving the common good. Hastings Cent Rep. 1999;29:14–23.PubMedGoogle Scholar
  24. 24.
    Moore J. Confidentiality casualty: patient billing printouts released in Kansas fraud case. Crain Modern Health Care Magazine. 1998;28(37):3.Google Scholar
  25. 25.
    O’Harrow R Jr. Survey not stifled by privacy concerns. Washington Post. December 15, 1998:C18.Google Scholar
  26. 26.
    Protecting Privacy in Computerized Medical Information. U.S. Congress Office of Technology Assessment. Washington, DC: US Government Printing Office; 1993. OTA-TCT-576.Google Scholar
  27. 27.
    Duncan G, Jabine T, Wolf VD. Private Lives and Public Policies: Confidentiality and Accessibility of Government Statistics. Committee on National Statistics, Commission on Behavioral and Social Sciences and Education, National Research Council and the Social Science Research Council. Washington, DC: National Academy Press; 1993.Google Scholar
  28. 28.
    Sweeney L. Weaving technology and policy together to maintain confidentiality. J Law Med Ethics. 1997;25:98–110.PubMedCrossRefGoogle Scholar
  29. 29.
    Armstrong MP, Rushton G, Zimmerman DL. Geographically masking health data to preserve confidentiality. Stat Med. 1999;18:497–525.PubMedCrossRefGoogle Scholar
  30. 30.
    Ohrn A, Ohno-Machado L. Using Boolean reasoning to anonymize databases. Artif Intell Med. 1999;15:235–54.PubMedCrossRefGoogle Scholar
  31. 31.
    Gostin L, Hodge J. Balancing individual privacy and communal uses of health information. Model State Health Privacy Project. Available at: Accessed October 25, 2000.Google Scholar
  32. 32.
    Finkelstein K. The computer cure. The New Republic. 1998;219:28–33.Google Scholar
  33. 33.
    Barrows RC Jr, Clayton PD. Privacy, confidentiality, and electronic medical records. J Am Med Inform Assoc. 1996;3:139–48.PubMedGoogle Scholar
  34. 34.
    Campbell SG, Gibby GL, Collingwood S. The Internet and electronic transmission of medical records. J Clin Monit. 1997;13:325–34.PubMedCrossRefGoogle Scholar
  35. 35.
    Duncan G, Pearson R. Enhancing access to microdata while protecting confidentiality: prospects for the future. Stat Sci. 1991;6:219–39.Google Scholar
  36. 36.
    Parsi KP, Winslade WJ, Corcoran K. Does confidentiality have a future? The computer-based patient record and managed mental health care. Trends Health Care Law Ethics. 1995;10:78–82.PubMedGoogle Scholar
  37. 37.
    Rind D, Szolovits P, Kohane I. Confidentiality and electronic medical records. Ann Intern Med. 1998;128:510–1.Google Scholar
  38. 38.
    Melton L. Privacy and medical records research. N Engl J Med. 1998;338:1076–8.CrossRefGoogle Scholar
  39. 39.
    Coughlin S. Ethics in Epidemiology and Public Health Practice: Collected Works. Columbus, Ga: Quill Publications; 1997.Google Scholar
  40. 40.
    McCarthy DB, Shatin D, Drinkard CR, Kleinman JH, Gardener JS. Medical records and privacy: empirical effects of legislation. Health Serv Res. 1999;34:417–25.PubMedGoogle Scholar
  41. 41.
    Cost and Impact Analysis: Common Components of Confidentiality Legislation. Chicago, Il: Blue Cross Blue Shield Association of America; 1999.Google Scholar
  42. 42.
    Statement for the Record on the Confidentiality of Health Information. Washington, DC: The Washington Business Group on Health; 1999.Google Scholar
  43. 43.
    Pimley D. Maine experience shows potential snag as public grapples with patient privacy. BNA’s Health Law Reporter. 1999;8:No. 5.Google Scholar
  44. 44.
    Vukadinovich DM, Coughlin SS. State confidentiality laws and restrictions on epidemiologic research: a case study of Louisiana Law and proposed solutions. Epidemiology. 1999;10:91–4.PubMedCrossRefGoogle Scholar
  45. 45.
    Hodge JG Jr, Gostin LO, Jacobson PD. Legal issues concerning electronic health information: privacy, quality, and liability. JAMA. 1999;282:1466–71.PubMedCrossRefGoogle Scholar
  46. 46.
    Naser C, Alpert S. Protecting the Privacy of Medical Records: An Ethical Analysis. Boston, Mass: National Coalition for Patient Rights; 1999.Google Scholar
  47. 47.
    Doyal L. Human need and the right of patients to privacy. J Contemp Health Law Policy. 1997;14:1–21.PubMedGoogle Scholar
  48. 48.
    Kremer T, Gesten E. Confidentiality limits of managed care and clients’ willingness to self-disclose. Prof Psychol Res Pract. 1998;28:553–8.CrossRefGoogle Scholar
  49. 49.
    Goldman J, Muligan D. Privacy and health information systems: A guide to protecting patient confidentiality. Washington, DC: Center for Democracy and Technology; 1996.Google Scholar
  50. 50.
    Winslade W. Privileged Communications. In: Reich W, ed. Encyclopedia of Bioethics. New York, NY: Simon and Schuster MacMillan; 1995:2073–6.Google Scholar
  51. 51.
    Seigler M. Confidentiality in medicine — a decrepit concept. N Engl J Med. 1982;307:1518–21.CrossRefGoogle Scholar
  52. 52.
    Allen A. Privacy in Health Care. In: Reich W, ed. Encyclopedia of Bioethics. New York, NY: Simon and Schuster MacMillan; 1995:2064–73.Google Scholar
  53. 53.
    Emanuel LL. A professional response to demands for accountability: practical recommendations regarding ethical aspects of patient care. Working Group on Accountability. Ann Intern Med. 1996; 124:240–9.PubMedGoogle Scholar
  54. 54.
    Litwin M. How to Measure Survey Reliability and Validity. In: Fink A, ed. The Survey Kit. Vol 7. Thousand Oaks, Calif: Sage Publications; 1995.Google Scholar
  55. 55.
    Aday L. Designing and Conducting Health Surveys: A Comprehensive Guide. San Francisco, Calif: Jossey-Bass Publishers; 1996.Google Scholar
  56. 56.
    Alpert S. Privacy and the Analysis of Stored Tissues. Research Involving Human Biological Materials: Ethical Issues and Policy Guidance, Volume II, Commissioned Papers. Washington, DC: National Bioethics Advisory Commission; 1997;A1-A36.Google Scholar
  57. 57.
    Chapman A. Developing Health Information Systems Consistent with Human Rights Criteria In: Chapman A, ed. Health Care and Information Ethics: Protecting Fundamental Human Rights. Kansas City, Mo: Sheed & Ward; 1997.Google Scholar
  58. 58.
    Ethical Issues and Patient Rights: Across the Continuum of Care. Oakbrook Terrace, Il: Joint Commission on Accreditation of Healthcare Organizations; 1998.Google Scholar
  59. 59.
    Starr P. Health and the right to privacy. Am J Law Med. 1999;25:193–201.PubMedGoogle Scholar
  60. 60.
    Records, Computers, and the Rights of Citizens: Report of the Advisory Committee on Automated Personal Data Systems. United States’ Secretary of Health Education and Welfare. Washington, DC; 1973.Google Scholar
  61. 61.
    Flaherty D. Protecting Privacy in Surveillance Societies. Chapel Hill, NC: University of North Carolina Press; 1989.Google Scholar
  62. 62.
    Model Code for the Protection of Personal Information. Etobicoke, Ontario: National Standards Association of Canada; 1996.Google Scholar
  63. 63.
    Guidelines for the Protection of Privacy and Transborder Data Flows of Personal Data. Paris: Organisation for Economic Cooperation and Development; 1981.Google Scholar
  64. 64.
    Janes G, Clutter G, Greenberg M. The Health Insurance Portability and Accountability Act: new standards for health data systems. J Reg Mgmt. 1998:86–90.Google Scholar
  65. 65.
    Dahm L. The Health Insurance Portability and Accountability Act of 1996. Health Law News. 1999;13:8, 15.Google Scholar
  66. 66.
    Brittin A, Brown A, Tedesco J. Privacy: Understanding HHS’s Proposed Health Information Privacy Standard. Washington, DC: McKenna and Cuneo, LLP; 1999.Google Scholar
  67. 67.
    Protecting Personal Health Information: A Framework for Meeting the Challenges in a Managed Care Environment. Washington, DC: National Committee for Quality Assurance and the Joint Commission on Accreditation of Healthcare Organizations; 1998.Google Scholar
  68. 68.
    Accreditation 2000: Draft Standards for Managed Care Organizations and Managed Behavioral Healthcare Organizations. Washington, DC: National Committee for Quality Assurance; 1999.Google Scholar
  69. 69.
    Model State Health Privacy Project. Sponsored by the U.S. Centers for Disease Control and Prevention, the Council of State and Territorial Epidemiologists, the Association of State and Territorial Health Officials, the National Conference of State Legislatures, and the Georgetown University Law Center (GULC). 1999. Available at: Accessed October 25, 2000.Google Scholar
  70. 70.
    Best Principles for Health Privacy. Washington, DC: Health Privacy Project; 1999.Google Scholar
  71. 71.
    Pomeroy G. NAIC News: message from the officers. September 1998. Available at: Accessed October 25, 2000.Google Scholar
  72. 72.
    Interim Report of the Inter-Council Task Force on Privacy and Confidentiality — Board of Trustees Report 36-A-99. Chicago, Il: American Medical Association; 1999.Google Scholar
  73. 73.
    Final Report of the Inter-Council Task Force on Privacy and Confidentiality — Board of Trustees Report 16-I-99. Chicago, Il: American Medical Association; 1999.Google Scholar
  74. 74.
    Electronic Communications and Privacy Interest Group. American Bar Association; 1999. Available at Accessed 1/5/01.Google Scholar
  75. 75.
    AAHP’s Board of Directors Adds New Protections to Industry-Wide, Patient-Centered Initiative. January 7, 1999. Available at: Accessed October 25, 2000.Google Scholar
  76. 76.
    ASHG statement. Professional disclosure of familial genetic information. The American Society of Human Genetics Social Issues Subcommittee on Familial Disclosure. Am J Hum Genet. 1998;62:474–83.CrossRefGoogle Scholar
  77. 77.
    American College of Epidemiology. Statement on health data control, access, and confidentiality. Available at: Accessed July 12, 1999.Google Scholar
  78. 78.
    Chilton L, Berger JE, Melinkovich P, et al. American Academy of Pediatrics. Pediatric Practice Action Group and Task Force on Medical Informatics. Privacy protection and health information: patient rights and pediatrician responsibilities. Pediatrics. 1999;104:973–7.PubMedCrossRefGoogle Scholar
  79. 79.
    Bluml BM, Crooks GM. Designing solutions for securing patient privacy—meeting the demands of health care in the 21st century. J Am Pharm Assoc. 1999;39:402–7.Google Scholar
  80. 80.
    Information for Health: An Information Strategy for the Modern NHS 1998–2005. London England: British National Health Service; 1998.Google Scholar
  81. 81.
    Protecting Data Privacy in Health Services Research. Washington, DC: Institute of Medicine Committee on the Role of Institutional Review Boards in Health Services Research Data Privacy Protection; 2000.Google Scholar
  82. 82.
    Protecting the Confidentiality of Patient Information in a Rapidly Changing Health Care System: Summary of a National Conference. Protecting the Confidentiality of Patient Information in a Rapidly Changing Health Care System. Washington, DC: Health Systems Research, Inc.; 1998.Google Scholar
  83. 83.
    Emanuel EJ, Emanuel LL. What is accountability in health care? Ann Intern Med. 1996;124:229–39.PubMedGoogle Scholar

Copyright information

© Blackwell Science Inc 2001

Authors and Affiliations

  • Matthew K. Wynia
    • 1
    Email author
  • Steven S. Coughlin
    • 2
  • Sheri Alpert
    • 3
  • Deborah S. Cummins
    • 1
  • Linda L. Emanuel
    • 4
  1. 1.Received from the Institute for EthicsAmerican Medical AssociationChicago
  2. 2.Centers for Disease ControlAtlanta
  3. 3.Notre Dame UniversitySouth Bend
  4. 4.Northwestern University Medical School (LLE)USA

Personalised recommendations