Privacy and Health Research. Current Legislative Attention


Several important legislative events are focusing attention on the issues.

  • In October 1995 the European Union (E.U.) adopted a broad "Directive on the Protection of Individuals with Regard to the Processing of Personal Data and on the Free Movement of Such Data," the principles of which the E.U. Member States must embrace in their national laws by October 1998. This Directive applies to health data as well as to many other kinds of data.
  • In February 1997 the Committee of Ministers of the Council of Europe adopted a formal, specific "Recommendation on the Protection of Medical Data" which is expected to influence practices throughout Europe.
  • In August 1996 the U.S. adopted the "Health Insurance Portability and Accountability Act," which among other things established provisions relating to confidentiality of medical data as they are handled in health insurance, billing, and payment, which will have implications for research and will set precedent.
  • An omnibus "Medical Records Confidentiality Act," a "Medical Privacy in the Age of New Technologies Act," and a "Fair Health Information Practices Act" are being considered by the U.S. Congress, as are a "Genetic Confidentiality and Discrimination Act" and other genetic privacy bills.
  • Many U.S. States have adopted, or are considering adopting, specialized laws on confidentiality of genetic, or mental health, or vaccination, or HIV–AIDS data.
  • The Organization for Economic Cooperation and Development, the Canadian and other governments, and many nongovernmental organizations are developing policies or standards on encryption and electronic transmission of health data, on genetic privacy, and on medical confidentiality in general.

But even if all these formal activities weren't occurring, now would be a propitious time to review the issues. Indeed, for reasons that will be made evident below, now is almost too late.

As the fundamental nature of health care, and of health data and their uses, is changing dramatically, society must—now—examine and re-decide how much it cares about protecting health privacy. Health researchers must be certain that they are taking all reasonable measures to safeguard the data they collect and use, and to maintain the respect for privacy that is embodied in the very compact with society under which they work. And society must reformulate and update some of the rationales and criteria under which the health experience of individuals may be studied to benefit society.