Mark Rothstein, the Herbert F. Boehl Chair of Law and Medicine at the University of Louisville School of Medicine, gave a lecture Tuesday afternoon on patient and health privacy in the 21st century. His lecture was this year’s installment of the School of Public Health’s Center for Health Law, Ethics and Human Rights’ Cathy Shine lecture series.
Wendy Mariner, a health law professor in SPH and one of the organizers of this year’s lecture, wrote in an email before the lecture that one of the goals of the event was to ensure that the audience would be better informed about the advantages and disadvantages of various laws governing privacy of health information.
“We hope that audiences will gain a deeper appreciation for the trade-offs inherent in research with health data and, in their own research, be alert to what is being gained and lost in any particular balancing of the value of research and value of privacy,” Mariner wrote.
Before his lecture, Rothstein said he wanted attendees to appreciate how tenuous and important the topic of health privacy is.
“I think many people don’t realize how many different ways your health information can be obtained and disclosed and some of the harms that can result,” Rothstein said.
While he said he believes privacy in general is important, Rothstein said patient privacy is especially important because it concerns very sensitive information.
“Your health records can contain a lot of sensitive things,” Rothstein said before his lecture. “Number one, you would be embarrassed if many other people learned about [them], and number two, you could have sort of tangible harms as a result as well. It can affect your ability to get a job or insurance.”
Carolyn John, a second-year graduate student at SPH who attended Rothstein’s lecture, said she thinks the topic of patient privacy is interesting, especially during a time in which millennials are engaging with each other on social media.
“I constantly see my friends posting pictures and videos from the hospitals or the health centers,” John said. “I think it totally relates to this topic today. I recently had an incident where one of the institutions I work at had a mishap and the patient documents were faxed to another person instead of the organization that it was supposed to go to.”
During the lecture, Rothstein said some impacts of a lack of informational health privacy are “tangible harms” such as discrimination or embarrassment, “intangible harms” such as lack of trust in the health care system, “individual health harms” such as suboptimal care and “public health harms” such as reluctance for patients to seek health care for stigmatized conditions.
Health privacy is not dead, Rothstein said, but it will be dead if people stop caring about it.
“Once we lose health privacy or any other form of privacy, given the way that records are maintained and stored and available, you’re not going to be able to get it back,” Rothstein said.
Ivy Kim, a first-year graduate student at SPH, said she thought the lecture was good but would have liked to hear more about realistic ways to address the issue.
“I’m pretty sure a lot of people already know my social security number,” Kim said. “Uber was hacked. Target was hacked. I think it’s kind of too late to regulate how people collect data, but now it’s time to find other ways to protect already known data.”
Michael Ulrich, a professor of health law, policy and management at SPH, said he thought the lecture was informative and that Rothstein did well summarizing the conflicting issues on both sides of the argument for how health data ought to be managed.
“I think he really highlighted well that it’s going to be hard to have both more and more data that’s going to answer all of our questions, while retaining privacy rights,” Ulrich said. “… If you want one [side] then you’re going to have to potentially risk issues on the other side.”
