«ISPS-BIOETHICS WORKING PAPER ISPS14-024 [7 OCTOBER 2014] BONNIE KAPLAN, PHD, FACMI CENTER FOR MEDICAL INFORMATICS INTERDISCIPLINARY BIOETHICS CENTER ...»
SELLING HEALTH DATA: DE-IDENTIFICATION, PRIVACY, AND SPEECH
ISPS-BIOETHICS WORKING PAPER
[7 OCTOBER 2014]
BONNIE KAPLAN, PHD, FACMI
CENTER FOR MEDICAL INFORMATICS
INTERDISCIPLINARY BIOETHICS CENTER
INFORMATION SOCIETY PROJECTSELLING HEALTH DATA: De-Identification, Privacy, and Speech 1 Cambridge Quarterly of Healthcare Ethics (in press) Bonnie Kaplan, PhD, FACMI, Yale Center for Medical Informatics, Yale Interdisciplinary Bioethics Center, Yale Information Society Project, Yale University, New Haven, CT
Bonnie Kaplan, PhD, FACMI Yale University 238 Prospect Street Box 208293 New Haven, CT 06511 203-436-9085 firstname.lastname@example.org
Confidentiality Health Data Privacy Ethics Health Records Secondary Use Big Data Data Mining Pharmaceutical Marketing Health Data Sale De-Identification HIPAA EU Data Protection Directive Sorrell v. IMS Health, Inc.
R v. Department of Health, Ex Parte Source Informatics Ltd.
Running Title: SELLING HEALTH DATA: De-Identification, Privacy, & Speech Acknowledgements: I am grateful for the thoughtful contributions to the panel I organized on the Sorrell case for the 2011 American Medical Informatics Association Annual Symposium and comments on a very early draft of some portions of this paper by Paul DeMuro, JD, CPA, MBA, MBI, Oregon Health and Science University, Portland, OR;
Kenneth W Goodman, PhD, FACMI, University of Miami, Miami, FL; and Carolyn Petersen, MS, MBI, Mayo Clinic, Rochester, MN.
Kaplan- SELLING HEALTH DATA: De-Identification, Privacy, and Speech Abstract Two court cases that involve selling prescription data for pharmaceutical marketing affect biomedical informatics, patient and clinician privacy, and regulation.
Sorrell v. IMS Health, Inc. et al. in the US and R v. Department of Health, Ex Parte Source Informatics Ltd in the UK concern privacy and health data protection, data deidentification and re-identification, drug detailing (marketing), commercial benefit from required disclosure of personal information, clinician privacy and duty of confidentiality, beneficial and unsavory uses of health data, regulating health technologies, and considering data as speech. Individuals should, at the very least, be aware of how data about them is collected and used. Taking account of how that data is used is needed so societal norms and law evolve ethically as new technologies affect health data privacy and protection.
Introduction Widespread use of electronic patient record systems enables opportunities to improve health care through data sharing, secondary use, and big data analytics, but also creates more opportunities for privacy violations, data breaches, and inappropriate uses.
A 2011 US Supreme Court case concerning selling prescription data for pharmaceutical marketing, Sorrell v. IMS Health Inc., et al.,1 provides an occasion for examining issues related to privacy and protection of health data. Although the legalities involve unique features of US constitutional law related to free speech, a similar case in the United Kingdom in 2000, R v. Department of Health, Ex Parte Source Informatics Ltd.,2 points to the international nature of these issues. In that case, Source Informatics, which Kaplan- SELLING HEALTH DATA: De-Identification, Privacy, and Speech operates as a subsidiary of IMS Health Inc. in the UK,3 wanted to sell pharmaceutical companies information on general practitioners’ prescribing habits.
According to their web site, “IMS Health is the world’s leading information, services and technology company dedicated to making healthcare perform better.” Operating in over 100 countries, they process over 45 billion healthcare transactions annually, information from 100,000 suppliers, for over 5,000 healthcare clients globally.
Throughout the 1980s, IMS Health developed online services to report on pharmaceutical sales and purchased or collaborated with companies engaged in related activities. By 1989, they were providing “laptop-based sales management service tools for pharmaceutical sales representatives in the US and Europe.”4 That IMS Health, Inc. was joined in the US case by SDI, Source Healthcare Analytics (a subsidiary of Wolters Kluwer Pharma Solutions), and the Pharmaceutical Research Manufacturers Association makes it even more obvious that aggregating and selling prescription and other health data is an international enterprise. Thus, the Sorrell and Source cases raise more general global concerns, including: appropriate use and secondary use of data for data mining, marketing, research, public health, and health care; data ownership; and patient and clinician data and privacy protection. Their consequences may affect biomedical informatics, patient and clinician privacy, and regulation in ways this paper explores, both in the US and elsewhere.
Throughout the paper, I focus primarily on Sorrell. I bring in the Source case, calling into question whether de-identification, on which US and European privacy regulation rests, is sufficient for these purposes. After introducing Sorrell and the US legal environment, I turn to ethical analysis, focusing first on problems of deKaplan- SELLING HEALTH DATA: De-Identification, Privacy, and Speech identification and then on particularities of prescription data. I discuss drug detailing (marketing), commercial benefit from required disclosure of personal information, clinician privacy and duty of confidentiality, beneficial and unsavory uses of health data, regulating health technologies, and considering data as speech. Elsewhere I discuss additional ethical issues related to selling health data.5 6 7 Throughout, I take the stance that individuals should, at the very least, be aware of how data about them is collected and used, and that how that data is used is crucial.
The Source case permitted pharmacy data to be sold without patient permission because it was “anonymized,” i.e., specified identifying information was removed, what in the US is called “de-identification.” Such disclosure was deemed not to be unfair to or to disadvantage the patient, and therefore, was not judged a breach of confidentiality by the pharmacist. The UK’s Court of Appeal based this opinion on a Federal Court of Australia decision, declaring that patient privacy was safeguarded because patient personal identities are concealed. It found that “a reasonable pharmacist’s” conscience would not be troubled by this use of a patient’s prescription, so confidentiality would not be breached. Thus, the case was decided on privacy grounds, and depended upon whether selling de-identified prescription data meant pharmacists violated their duty of confidentiality. The Court of Appeal held that processing anonymized data is not within the scope of the European Union Data Protection Directive and the UK Data Protection Act of 1998 based on it.8 This meant that pharmacists could disclose anonymized patient data for whatever purpose they wished.9 Kaplan- SELLING HEALTH DATA: De-Identification, Privacy, and Speech Some interpreted the decision to suggest that whether releasing patient data without consent was a breach of confidentiality depended on context and raised questions about the scope and basis of the duty of confidentiality. In this reading, the decision ignored not only some of the provisions of the EU Data Protection Directive (and, indeed, the European Court of Human Rights, in a later case, took a more expansive view of privacy10), but also the distress that could be caused by releasing even anonymized personal data. It also undermined patients’ expectations of privacy. 11 12
The US Sorrell case was different from UK Source case in that it was argued and decided as a speech case. Nevertheless, it often is understood as pitting privacy protection against free speech, and resolving the apparent conflict in favor of free speech.
There was scant attention to pharmacists’ duty of confidentiality. 13 Despite the US legalities, like Source, the case brings out significant issues of values and rights related to personal health data. As the ability of both government and private organizations to collect and aggregate individually identified personal data has grown, data as speech v.
privacy has become the focus of much legal debate that illuminates privacy and policy considerations relevant everywhere.
In the US, health data collected for clinical care is governed by The US Health Insurance Portability and Accountability Act (HIPAA) (discussed below), while free speech case law is based on the First Amendment to the US Constitution. Though particular to the US, examining this legal background is helpful for thinking through the issues involved, especially as US law shares characteristics with international legal tools and also because what happens in the US affects markets and services worldwide.
Kaplan- SELLING HEALTH DATA: De-Identification, Privacy, and Speech In Sorrell, the US Supreme Court struck down a Vermont law that restricted selling prescriber prescription data to use for marketing prescription drugs without prescriber consent.14 The challengers of the Vermont law, IMS Health, other data aggregators, and the Pharmaceutical Research and Manufacturers of America, argued the case on free speech grounds. William H. Sorrell, in his role as the attorney general of the state of Vermont, defended the law on the grounds that restrictions on direct-to-physician pharmaceutical marketing ("detailing") were justified to (1) "protect medical privacy, including physician confidentiality, avoidance of harassment, and the integrity of the doctor-patient relationship" and (2) to achieve its [Vermont’s] policy objectives of "improved public health and reduced healthcare costs”15 by reducing "overprescription of new drugs [and] controlling costs by stemming practices that promote expensive, branded drugs over generics.”16 Vermont’s announced intention to tip the marketplace of ideas against drug companies was the "fatal self-inflicted wound" for free speech.17 The Court, in a 6-3 decision, rejected Vermont's position and struck down the law.
The US is unusual in its tradition of constitutional protection of speech. The First Amendment to the US Constitution–"Congress shall make no law...abridging the freedom of speech..."– has come to cover a wide range of expression. Different categories of speech, related to its purpose and value, have developed and are protected differently.
Generally, common business practices and expression that is part of economic activity, such as marketing, advertising, and contracts, have not been protected as speech, or, when they have been protected, they are protected differently from, for example, political speech or artistic expression.
Kaplan- SELLING HEALTH DATA: De-Identification, Privacy, and Speech "Commercial speech," such as advertising, is regulated according to criteria in a 1980 Supreme Court decision Central Hudson Gas & Electric Corporation vs. Public Service Commission of NY case.18 In Sorrell, the Court did not apply the commercial speech standards of Central Hudson to strike down the Vermont statute. Instead, the majority opinion applied the heightened judicial scrutiny standard governing individual speech, declaring that “[s]peech in aid of pharmaceutical marketing... is a form of expression protected by the Free Speech Clause of the First Amendment.”19 The Sorrell decision is ambiguous and can be considered a retreat from previous US commercial speech doctrine, a defense of not singling out speech that is disfavored, or a judgment that all data is “speech” and so any data regulation is subject to US constitutional protection. The data is speech argument has trumped privacy in US courts, where data traditionally has been considered speech.20 The Sorrell case received considerable attention because the decision involves constitutional issues of speech and privacy. Ironically, the Court largely avoided issues of privacy.21 The First Amendment implicitly protects aspects of privacy in the form of freedom of thought, intellect, and association, and, in the famous defining words of Justice Louis Brandeis, citing Judge Cooley, “the right to be let alone”22 but generally not privacy claims related to disclosing highly sensitive truthful personal information.23 But the Sorrell case also concerns public health, health care, and regulatory policy as it relates to preserving both free speech and privacy – and health care data privacy.
Both the Source and Sorrell cases assume de-identification serves to protect privacy. Indeed, the foundation of much privacy regulation is that if there is no personally identifiable information, there is no privacy harm.24 Making de-identification Kaplan- SELLING HEALTH DATA: De-Identification, Privacy, and Speech central to privacy raises significant ethical and legal concerns. Relying on deidentification assumes that patients mainly are concerned not to have their names attached to data about them. However, this is not always how they see it. Henrietta Lack’s family was upset because her name was not attached to her cell line.25 Individuals may object to using their personal data, de-identified or not, in research which they consider repugnant, for example for contraception research, animal research, embryonic research, or genetic research. Patients who think it wrong that they themselves have no commercial interest in data about themselves, but that others do, may be distressed by practices they consider unethical by data aggregators, pharmaceutical companies, or individuals who sell patient data, and so not wish to contribute to their profits.26 Also at issue is who determines if data is identifiable. Whether an official, such as a data controller in the EU, can identify an individual is not the same as whether a marketer, newspaper reporter, a neighbor, or other party could.27 Pharmacists’, physicians’, nurses’, or patients’ experiences of breaches of confidentiality is, to them, a violation regardless of what courts decide.