Privacy and Health Research. Potential Harms from Wrongful Disclosure

05/01/1997

Wrongful disclosure of confidential health data may occur either through carelessness— through gossip in a clinic, for instance, or lazy discarding of clinical records—or through deliberate transgression, either by someone associated with the data-holder or by an outsider.

Harm may be inflicted through the very fact of disclosure—that is, simply through other people's coming to know things that the data-subject, and presumably the entrusted data custodian, expected to be kept confidential. The subject may feel embarrassed, vulnerable, or otherwise violated, as well as feel betrayed by the data-holder, and personal or other relationships may suffer.

Or, harm may be incurred if discrimination is brought against the interests of the subject (in employment hiring or promotion, access to health or life insurance, access to housing, qualifying for a loan, exposure in legal proceedings, etc.) based on wrongfully disclosed information.

Abuses may be personally offensive and harmful, though not necessarily illegal; or they may be clearly illegal (such as blackmail).

Commentators usually surmise that threats to health data are more likely to be perpetrated from inside the data-holding organization, through curiosity, nosiness, mischief, or malice, than from outside. This is especially a vulnerability of computerized systems having many nodes and only weak security controls. Outside attackers of health data range from computer pranksters, to business competitors, to private detectives pursuing evidence of unfitness in divorce or child- custody cases, to journalists probing the lives of celebrities or other public figures.

An important issue for policy is whether to focus controls and sanctions on protection of confidentiality per se (i.e., protecting against unwarranted disclosure in-and-of-itself), or, on punishing inflictions of harm that occur because data are used improperly; or both. (The author believes it should be, both.)