TELEMEDICINE REPORT TO CONGRESS

January 31, 1997


PRIVACY, SECURITY AND CONFIDENTIALITY

IN TELEMEDICINE



A. OVERVIEW

New technologies have vastly improved the ability to electronically record, store, transfer and share medical data. While these new advances have potential for improving health care delivery, they also create serious questions about who has access to this information and how it is protected. Additionally, this technology is threatened by potential unauthorized intrusion, such as computer hackers who have been known to tap illegally into private information on computer networks. Computer hackers could possibly gain access to and even alter patient records.

Clearly, privacy and security concerns are not unique to telemedicine. Protection of personally identifiable information--whether health information, banking records or employment history data, must be ensured before consumers, patients and other users are willing to participate in electronic commerce or the NII.

However, the challenge for telemedicine policy makers lies in identifying emerging concerns that are unique to telemedicine. Lack of privacy and security standards do play an important role in the legal challenges facing telemedicine (e.g. malpractice) and have profound implications for the acceptance of telemedicine services. This is of particular concern in the use of telemedicine technologies for treating mental illness, substance abuse, and other conditions that carry a social stigma. Given the volume of work on general privacy issues generated by the Federal Government, this chapter will only touch upon some of the general issues related to protecting sensitive patient information as well as potential concerns raised by the use of telemedicine.

B. GENERAL PRIVACY, CONFIDENTIALITY AND SECURITY ISSUES

Privacy advocates and data experts continue to grapple with the many issues that have emerged as new technology has been employed the in the delivery of health care. In dealing with these issues, understanding what these terms mean is important. According to the National Information Infrastructure Advisory Council, the IITF's private sector advisory group:

Information Privacy is the ability of an individual to control the use and dissemination of information that relates to himself or herself. Confidentiality is a tool for protecting privacy. Sensitive information is accorded a confidential status that mandates specific controls, including strict limitations on access and disclosure. These controls must be adhered to by those handling the information. Security is all the safeguards in a computer-based information system. Security protects both the system and the information contained within it from unauthorized access and misuse, and accidental damage.(1)

Security also includes training and policies--not just technologies (i.e. fire walls and encryption).

Legal protections for health information generally reside at the state level. While every state has adopted some form of privacy protection, the level of health information protection can vary from state to state. About a dozen states have comprehensive health-care information confidentiality statutes. Two (Montana and Washington) have passed the Uniform Health-Care Information Act of the National Conference of Commissioners on Uniform State Laws, (NCCUSL) (1985). Many state statutes govern specific classes of health information, such as HIV-infection and AIDS patient information, mental health information, and communicable disease information held by public health agencies.

Federal protection of privacy is even more limited than that provided by the states. No explicit right to privacy is guaranteed under the Constitution and privacy protection is derived from case law. The only Federal health record confidentiality law covering the nation is one controlling disclosure of substance abuse patient information, and only specialized substance abuse facilities and units are subject to the law.(2) While there are a number of Federal initiatives underway that examine the protection of electronic patient information, there has been little consideration given to privacy issues related specifically to telemedicine (See Box 34).

C. EMERGING PRIVACY, CONFIDENTIALITY AND SECURITY CONCERNS FOR TELEMEDICINE

Because of the unique combination of patient data, video imaging, and electronic clinical information that is generated between two distant sites during a telemedicine encounter, privacy concerns that normally pertain to patient medical records may be magnified within the telemedicine arena or may be different in character altogether.

Telemedicine technology is so new that many new privacy and security issues are just now coming to light. During the past 18 months, the JWGT has identified a number of situations in which the use of telemedicine could raise concerns about protection of privacy, confidentiality, and security of sensitive patient information. They are:

A lack of uniform confidentiality and privacy legislation at the state level in terms of the transfer of health information in telemedicine encounters (just as there is with respect to health information generally). Since telemedicine consultations can take place over state lines, the potential for confusion over which state's standards should be employed could arise.

A long-distance telemedicine consultation typically involves a clinician-patient session that can be videotaped in its entirety. Thus, the health professional may face his/her own privacy issues under these circumstances. For example, unlike standard medical record documentation in which the practitioner has discretion to selectively record his or her findings, most interactive Telemedicine consultations are recorded in toto. This record is maintained as part of the documentation of the consultation. As a result, practitioners have less discretion to remove sensitive items that they might otherwise not record. From the patient perspective, the patient may not be able to "see" who else is viewing the session along with the clinician on the other side of the long distance consultation.

The use of telemedicine equipment usually adds additional personnel to the typical provider-patient encounter. For instance, a technical outsider, like an engineer, may be privy to the consultation.

From a technical standpoint, there is a higher volume of data and complexity involved in the various communication mediums used during a typical telemedicine consultation. That could make securing the data more problematic.

D. NEXT STEPS

Telemedicine technology brings with it concerns about privacy, security, and confidentiality that go beyond those associated with protecting medical records. Identifying those specific concerns is just now beginning. As a result, a full discussion of these concerns may not be possible until more concrete examples emerge. However, the JWGT, in consultation with the DHHS Privacy Advocate, hopes to examine privacy, security, and confidentiality issues in telemedicine in the coming year. Specifically, the committee hopes to:

Examine the outcome of pilot projects that may provide insights into privacy concerns or identify particular areas that need attention.

Establish a more formal process of examining and identifying those privacy, security and confidentiality issues that uniquely arise out of the telemedicine practice.

Pursue a more permanent linkage with other Federal groups working on privacy issues, particularly the initiatives shown in Box 34.


FOOTNOTES

1. The National Information Infrastructure Advisory Council, "Common Ground: Fundamental Principles for the National Information Infrastructure," March 1995.

2. 42 U.S.C. secs. 290 dd-3, 290 cc-3(1988). The Federal Privacy Act of 1974, 5 U.S.C. Section 552 a(1988) protects individuals from nonconsensual government disclosure of confidential information. The Act prohibits Federal agencies, including Federal hospitals from disclosing information contained in a system of records except under prescribed circumstances.