INFORMATION POLICY FOR THE U.S. HEALTH SECTOR: ENGINEERING, POLITICAL ECONOMY, AND ETHICS INTRODUCTION  

Deficits and aspirations  Health care throughout the industrialized world, and in the United States in particular, has made astonishing gains in effectiveness in recent decades through the employment of new medical technologies.  The sector has generally been far less progressive in its use of computer and communications technologies, even for such "basics" as improving traditionally paper-intensive processes at the core of operations (National Research Council, 1994).  Now this is changing.  Health care information technology deployment is proceeding at a rapid pace, with spending estimated at more than $10-15B per year (National Research Council, 1997).  Goals include:
 
• universal "electronic exchange" of claims information for billing and insurance (for billions of reimbursement claims handled in the U.S. system each year);
• management and transport of individual medical information in "paperless" electronic clinical records (for hundreds of millions of U.S. patients);
• utilization review, "outcomes" research, population-based health studies and public-health "surveillance," using data aggregated from computer-resident clinical and administrative information;
• real-time computer-based decision-support tools, replacing paper-based references and guidelines, complementing (and "interfacing" with) computerized clinical records;
• remote consultations among and continuing professional education of providers by video- and computer-conferencing, and via computer-based multimedia tools;
• consumer health education, home health care "self-management" assistance and remote monitoring via telephone-, video- and computer-based tools;
• tools to enhance "consumer choice," such as Internet-based data on providers, institutions, and managed care networks.

Efficiency, privacy  Information technology (IT) proponents envision a more efficient, smooth-running health care system as a consequence, with better coordinated care, reduced variation in practice patterns, and a lower rate of administrative costs.  Skeptics in the "privacy community" have instead focused on the risks to confidentiality posed by increased electronic record-keeping.  Though disagreeing on how tradeoffs should be made ñ indeed on what tradeoffs are possible ñ all sides concur that the legal and policy framework controlling information flows today is severely outdated and represents a "a legal, political and practical mess" (Gellman, 1996).  It is now a commonplace that, in the United States at least, "the biggest information privacy issue in the 1990s" will involve health care information (Regan, 1995).  Given the incentives inherent in our private, risk-based system of health care finance, and the absence of adequate "data protection" legislation, no country presents as unsafe an environment for health data as does the US today.

    It is well-studied policy territory.  In this decade alone, information privacy, confidentiality and security issues have been considered in lengthy reports by, among others, the Centers for Disease Control and Prevention (1996), the Department of Health and Human Services (1993, 1995), the Institute of Medicine (1991,1994), the General Accounting Office (1991, 1993), the National Institute of Standards and Technology (1994), the National Research Council (1997), and the Office of Technology Assessment (1993, 1995a), as well as in hundreds of other books and articles (see bibliography, National Library of Medicine, 1996).  Yet the weight of these reports has not been sufficient to provide a path to the national health care data protection legislation that all agree is necessary.  Our system of checks and balances and separated powers requires consensus on the details to move policy forward, and to date no consensus has emerged on the difficult political, economic and ethical tradeoffs presented by health information issues.  Efficiency and privacy goals are in conflict: easily-accessible, broadly-networked information is inherently less private information (Gostin, 1994).  Although engineering improvements and institutional change may improve the terms of trade, for a price, nothing will make the tradeoff disappear.


Terminology, expectations  The concepts associated with "privacy" bring forward a very complex set of considerations, definitions and expectations, which complicate the problem of achieving policy consensus.  In the terse legal maxim from the 19th century, privacy is simply "the right to be left alone" (Warren and Brandeis, 1890).  More expansively, privacy can be thought of as describing conditions of limited accessibility to various aspects of an individual.  These limitations embrace a range of social institutions and interactions, yielding varying capacities for solitude and bodily inviolability (physical privacy), as well as anonymity and secrecy (informational privacy).  (See e.g., Gavison, 1984.)  Of interest here is the capacity of new electronic technologies to reset the latterís parameters: the ability to determine what, how and when data about oneself is to be communicated to others, in matters related to health and in other areas of private life.

     Confidentiality formally refers to the obligations of individuals and institutions to appropriately use information under their control once it has been disclosed to them.  Disclosures customarily come in the context of a particular relationship, with implicit or explicit "contractual" parameters, such as that between doctor and patient.  Custom and professional, legal and regulatory strictures set the terms of the contract.  The principal of autonomy dictates respect for each individualís choices about uses and disclosures of their own information, as it does for privacy generally.  But individual control must obviously be weighed against other goals achievable only by limits on autonomy.  Privacy and confidentiality may be "traded" for truly collective goods ñ such as, in the present context, use of individual data for medical research, or for public health surveillance.  Tradeoffs may also be presented to each individual ñ e.g., the ability to secure appropriate medical treatment (requiring disclosure of symptoms and behavior) or, in the US health system, to  obtain reimbursement from third-party payers for that treatment.

     Security refers to the range of technical and procedural mechanisms that aim to preserve confidentiality, restricting information access to authorized "knowers" for authorized purposes.  Security modalities also have the goal of assuring the accuracy and timely availability of data for the legitimate user set, as well as promoting failure resistance in the electronic systems overall.  As in physical contexts, increased information security raises costs.  The explicit expense comes in outlays for additional computer and telecommunications hardware, associated software and personnel.  The implicit cost stems from the time and inconvenience to legitimate users as they navigate across protective barriers (such as logging in and presenting passwords), and endure the constraints of security-enhancing administrative procedures.  The balance is in part an engineering question of costs and system capabilities given available technologies ñ a balance which is constantly shifting.  It is also, fundamentally, a political question:  How much privacy and confidentiality does a society want?  What will it "trade" for it?  Certainly, life in small town America offered less privacy in the sense of anonymity than does contemporary urban life (Regan, 1995).  But new information technologies leave us potentially exposed to the world in unprecedented ways, with a limited vocabulary to articulate our preferences about the tradeoffs.
 
    Terms like privacy, confidentiality and security often bring more confusion than clarity, given the range of meanings in play.  Accordingly, the label "data protection" has been coined to encompass the range of legal, regulatory and institutional mechanisms to structure collection, use and disclosure of information.  It is much more commonly used in international information policy than in the US.  (See also the discussion of "fair information practices" in the "Ethical Issues" section of this paper.)
 

Public policy, managed care  Dozens of health information bills have been introduced in the US Congress in this decade, attempting to specify in federal statute the precise tradeoffs of data policy.  Several legislative reform proposals, aiming particularly at reduction of administrative costs, were introduced in the 102nd session (1991-92).  President Clintonís health care initiative, along with numerous competitor proposals, came in the 103rd (1993-94).  Most of these bills included a heavy reliance on information technology to facilitate the flow of administrative and clinical information, including, in the most ambitious formulations, the generation of cradle-to-grave electronic health care records on all system participants (Gostin et al, 1993; Alpert, 1993).  Several more bills were introduced in the 104th session (1995-96).  Only a modest study resolution was passed, however, embedded in the larger Kassebaum-Kennedy Health Insurance Portability and Accountability Act (PL104-191).  Under Kassebaum-Kennedyís "Administrative Simplification" provisions, the National Committee on Vital and Health Statistics (NCVHS) is undertaking a study of privacy, security and standardization issues.  NCVHS issued an initial report to the Secretary of Health and Human Services in June of 1997; the Secretaryís proposal to Congress, based on the NCVHS report, was issued in September.  (See NCVHS, 1997b; Department of Health and Human Services, 1997.)

    Dozens of bills with health privacy components have been introduced in the 105th session as of January 1998, but with little action on any thus far.  (See listing of current and previous session Congressional proposals in the "Other Documents" section.)

    Though comprehensive governmental reform has not emerged, private sector and state-level restructuring under the umbrella of "managed care" has proceeded apace.  More than any previous organizational scheme, managed care relies on an enhanced flow of information in order to organize care delivery and control costs.  Information technology advances over the last two decades ñ in processing, storage and telecommunications capacities ñ makes such large-scale reliance practicable.  Health data compilations now represent a core business asset, put in service of the holding organizationís competitive strategies.  This "proprietary" view of data is  increasingly coming into conflict with notions of health information as a social resource, to be used for cooperative ends.  It may also increasingly be in tension with concerns about, and protections for privacy.

    This paper discusses, in necessarily brief form, the engineering, economic, political and ethical issues that have emerged in the debates over health care data protection policy, and examines the major features of legislation that has come before the US Congress.  Readers who wish a fuller treatment of these issues may consult the materials listed in the "References," "Documents," and "Internet/WWW Resources" sections.