Ethical aspects of application of advanced informatics to Medicine
Departamento de Bioética, Universidad de Navarra.
Paper read at the Brussels Meeting of the AIM Group.
Thank you, Mr Chairman.
My duty this morning is to offer you a survey of the requierements doctors demand for the protection of data in Medicine. My description must be necessarily schematic, because we cannot limit our discusion to an analysis of the present situation: the title of our conference invites us to act as foretellers of the future, and to characterize the ethical commitments we must keep for years to come, when Medicine will be more and more deeply embedded in a dense informational environment.
Two main points, then, must form the nucleus of my talk. The first is to summarize how, at present, the requirements of the doctor's duty of data protection and confidentiality towards his patients are understood; the second is to consider how the present situation can be adapted to the new conditions created by the ever growing application of advanced informatics to Medicine. What the AIM Management Committee expects from us, I supose, is to think on how to articulate a peaceful transition from the present and complex situation to one more harmonious that belongs to the future. I am optimistic, because the medical and allied professions in Europe have shown both an inexhaustible capacity to adapt themselves to the demanding challenges of social, scientific and technological progress, and a great ingenuity to preserve faithfully their traditions in new and exciting scenarios.
A general survey of the specific medical requirements on data protection, such as they are expressed in the Codes of Deontology and the Guides to Ethical Conduct promulgated by the National Medical Orders or Associations of the member countries of the EC, shows us considerable diversity in respect to their quantitative contents and qualitative concerns. Running the risk of oversimplification, two polar attitudes can be described among the professional guidelines on medical data protection: one characterized by a rigid rejection of procedures involving more than minimal risk to confidentiality or security; the other, accepting responsibly the introduction of Informatics in Medicine, provided a clearly advantageous benefit/risk ratio is reached.
In some countries, local legal and deontological traditions compel physicians to be extremely cautious: no potential advantage can release the doctor of his duty to secrecy. Such an almost absolutization of data protection could hinder the wider use of Informatics in Medicine. Fortunately, there are some indications that such diffuse apprehension against the use of computer-stored medical data is yielding and giving way to a more moderate approach, as shown by the evolution of jurisprudence, the relative protection granted by the law, and a more realistic acceptance inside the profession of both the advantages and the servitudes of the computer.
A second attitude, more open and widespread, is grounded in the World Medical Association's Statement on the Use of Computers in Medicine. The World Medical Association prepared such Statement to protect medical confidentiality and, at the same time, to regulate the widest possible use of medical data for justified purposes. The Statement entrusts to the national medical associations the responsibility to ensure the privacy, security and confidentiality of information on their patients, and to oppose the enactment of legislation which could endanger or undermine the rights of the patient. The Statement forbids the linking of medical data banks to other central data banks, but openly declares that it is not a breach of confidentiality to release or transfer confidential health care information required for epidemiological or clinical research, management or financial audits, programme evaluations or similar studies, provided the information released does not identify, directly or indirectly, any individual patient.
A similar doctrine has been adopted by the International Conference of Medical Orders, whose Principles of Medical Ethics for Europe are intended to inspire in the future the medical codes of conduct in the State members of the EC. Article 8 of the Principles requires that every automated medical data bank must remain, on professional ethics grounds, under the responsibility of a specifically appointed doctor. This requirement has made its way to the recent and revised editions of the Italian and the Spanish Codes of Medical Deontology. The Spanish Code has been the first to impose on the doctor the duty to maintain independent information pathways: one for the patient's clinical data and another for the client's administrative matters.
Negotiations, therefore, are needed to accommodate the venerable traditions to the new demands. For this task, an eclectic deontological approach would be best suited, since it could manage to combine the old hippocratic mores with the new emerging practices.
A consensus must be reached, at least, on two points: 1. On the need to abandon the old-styled absolutist concept of privacy requirements and substitute it by a more open and operational concept of medical confidentiality; and 2. On a more advanced and realistic formulation of the principle of beneficence, embodying the acceptance of the inherent, reasonable and proportionate risk of every acceptable medical intervention (information technology included), to avoid the greater harm of slowing innovation and not doing research.
1. Whether patient records are kept on paper or on floppy disks, the moral duties of the doctor continue to be the same. It is undeniable that computers in medical practice favour some possibilities of abuse, but it is no less true that technology can offer us protective measures which can make electronic stored health information more difficult to invasion or negligence than the paper-based clinical record.
The medical profession must accept with open mind the challenge of the new technologies. The task is not easy, as past experiences at the Standing Committee of Doctors of the EC bear witness. Some disturbing factors, well known to all of us (the large proportion of sensitive data collected, the multitude of users with diverging information needs, the different national legal and professional regulations on access rights or damage responsibility, and the hazy deontological delimitation between acceptable and forbidden behaviour) tend to compound the negotiation. Our sensitivity for the claims of privacy will push us not to develop negativistic attitudes, but to develop new procedures to be up to the new task. The more extended our technical capacities, the more refined our ethical responsibilities.
2. The behaviour of the doctor must be guided by the principle of beneficence: to search for the best way to serve the interests of his patients. He cannot deprive them of the best diagnostic and therapeutic procedures. Medical Informatics has become today an standard element of good medical practice.
Some deontological principles can help us in defining future medical requirements on data protection.
The Principle of parsimony. This principle admits several formulations in the field of data protection: In your dealings with the patient, limit yourself to the essentials; be austere; do not accumulate superfluous information and keep for future use only what is relevant; do not succumb to the technological imperative.
Parsimony in storing highly sensitive data is an important medical requirement for data protection. It implies the collection of only those data which are really needed, and the destruction of useless, irrelevant or no longer needed information. The physician must abstain from recording those details which, if revealed, could place him in a dangerous or embarrassing position.
The Principle of transparency. The satisfaction of the public's legitimate expectations of confidentiality and concerns about quality of Informatics mediated care is a very important requirement, which is better served by education and openness than by concealment or deception. Patients and their families have to know, for example, what the rules are about data use, who and in which conditions has access to the different (personal, social, clinical, financial, statistical) data categories. They also must be assured that their interests in privacy and confidentiality are going to be respected and that doctors have a sincere concern in the protection of privacy.
The Principle of responsibility. The hippocratic dictum "Do not harm" imposes on the doctor the duty to avoid in every circumstance any gratuitous or disproportionate damage to the patient. The need to be careful and responsible in an informational environment is clearly seen when one considers the appalling harm that can be inflicted to patients by material faults or operational mistakes.
This principle also teaches us that in every circumstance the ultimate responsibility for the care of every patient must remain with an individual doctor. Thence, an individual doctor must be responsible for the security and use of his patient's data. This requirement points to the need of developing M.D. programmes in Quantitative and Computational Medicine.
The Principle of universality. Data protection policies must include all types of Information technology as appliable to Medicine.
Of particular relevance to AIM effort is the specification of the ethical requirements for the research it sponsors.
There is an almost universal acceptance of the guidelines on biomedical research as contained in the Helsinski Declaration of the World Medical Association. According to it, all research work involving human subjects must adapt itself to some norms, two of which are of particular relevance to us: the obligation to submit the research protocol to the approval and surveillance of an independent Research Ethics Committee, and the duty to obtain from human subjects their informed consent to participate in the research project. Furthermore, specific and valuable guidelines on the professional requirements for research in an informational athmosphere have been offered by the British Medical Research Council and a Working Party convened by the Commission of the European Communities (DG V).
It is my conviction that Research Ethics Committees must play a very important role in the context of the AIM Program. I would suggest that in the Call for Tenders of AIM Main Phase, a clause might be included requiring that every research proposal, in which human subjects are directly or indirectly involved, must contain an evaluative analysis and approval of the research plan by an independent Research Ethics Committee.
It seems to me almost self-evident that a number of AIM Main Phase evaluators should be sensitive for the ethical problems of biomedical research to fulfill the function of detecting defects in the ethical frame of the projects submitted, and also to make suggestions. The primary mandate of such evaluators should be to ensure that the rights and dignity of research subjects are not violated and that any risk entailed is commensurate with the intended benefit. They must be free of vexed interests, have a serious concern for the reputation of the scientific enterprise, and a great capacity for negociation, offering friendly advice to improve the ethical complexion of research protocols. They must be open-minded as required by the AIM's context of international cooperation, where, for example, data sharing must play an ever increasing role. May I add that, contrary to the dominant opinion, it is possible to share scientific data without undue risk for confidentiality.
To argue on the opportunity of establishing an Ethics Committe for AIM's Main Phase, to devise how could it be structured and which functions should it play, could be an appropriate topic for discussion within this Workshop.