Think your privacy is protected because you have nothing to hide?
I was making a follow up appointment at my dermatologist’s office today. On the reception desk right in front of me, in plain view, was a print out of a patient call list. Certainly, this was a minor violation of patient confidentiality in itself. But what caused me real concern was what was written in the column labeled ‘comments’ next to one of the patients’ names: bitch. I couldn’t believe what I was seeing. Since the term is a gendered, hate word used to disempower uppity women, I consider bitch to be as offensive as any racial slur (and am surprised it’s still socially acceptable to use, while racial slurs are not). So, not only was this patient’s privacy being violated in a most unprofessional way, she had officially been labeled as a bitch in a document at her doctor’s office.
What was even more concerning was that this list was a print out, meaning there was also an electronic copy on the office computer. Anyone who uses the internet knows how easily information can move around, accidentally or consciously being repurposed for uses other than the one originally intended (see David Lyon’s concept of leaky containers). Anyone standing at the desk could see this list, but the potential audience of an electronic document is much wider and perhaps even more of a threat. Who knows if that description is in her medical records, or if it will follow her to future doctors. It has the potential to compromise her medical care, for example her doctor might be less open or accommodating given that she is apparently ‘a bitch.’
Yet another reason why paper-based heath records are better for protecting privacy.
PS I’m still trying to figure out what to do about this discovery as it is in violation of Ontario/Canadian privacy law, and I’m certain whatever ethics/codes govern Ontario doctors. I wanted to tell my doctor, but my next appointment isn’t for another year and there is no way to get to her unless I go through a receptionist.
Edit (July 21, 2011): Based on some of the feedback I’ve been getting, I’d like to further clarify that my main point was to highlight the unprofessionalism of what I saw at my dermatologist’s office. My point about e-health records was secondary, but seems to be getting more attention, so I’ll support/clarify that argument a bit more with a few other examples (below) of why digital records pose more of a threat than paper. And no, I am not saying paper is 100% safe and private, rather that it is more private than digital records. Furthermore, arguments that I should trust doctors to be professional and keep my info safe with digital records because they will follow the strict protocols are pretty much invalidated by what was written in that patient call list. Indeed, it is human error/unprofessionalism that is the main problem here, but the properties if digital databases/ICT magnify these issues.
1.) Digital records threaten privacy through obscurity – see the Facebook newsfeed example
2.) Digital records allow for function creep and leaky containers – see the reuse of a digital database of photos taken for driver licensing being used to identify potential criminals