The need to know versus the right to know: privacy of patient medical data in an information-based society.

Abstract

"Whatever, in connection with my professional practice, or not in connection with it, I see or hear, in the life of men, which ought not to be spoken of abroad, I will not divulge, as reckoning that all such should be kept secret."(1) "Safeguards to privacy in individual health care information are imperative to preserve the health care delivery relationship and the integrity of the patient record."(2) As early as the fourth and fifth centuries B.C., Hippocrates contemplated the importance of medical information to the care and treatment of patients. His oath suggests that privacy of a patient's medical information creates the foundation upon which a patient reposes trust in his or her physician. While defining the earliest version of the physician-patient privilege, the oath does not envision the extent of modern day access to healthcare information. A patient's relationship with the modern healthcare delivery system often includes a team of physicians, nurses, and other clinical support personnel. This relationship extends beyond direct caregivers and may include healthcare administrators, payor organizations, and persons unfamiliar with a patient's identity, such as researchers and public health officials. Accessing a patient's medical information links these participants to the patient's healthcare delivery relationship. The Hippocratic Oath does not contemplate such broad access, nor does it contemplate the emerging privacy crisis resulting from the application of computer technology to medical record storage and retrieval. The combination of broad access, individual privacy rights, and computer technology requires a rethinking of measures designed to protect the realities of the modern medical information society.