February 13, 2012 at 3:59 pm #153023
Privacy: there's no question that our privacy gets violated. Sometimes it's violated with our permission. Sometimes, without. My question is - if you find yourself in the role of having to protect someone's private information, what rules should you be held to?
I've been exposed to a lot of private information in my career. In many cases, my access was governed by formal rules enforced by legal threat. These rules were never perfect. Creative thinkers with ill intent could find ways to violate or step around them if so inclined. Understanding of intent and deeply personalizing the mission of protecting the people we serve had to fill in for flaws in the formal rules. Commitment to integrity was a very real and was challenged often.
When I was a provider of medical care, I was in people's private space often. I had access to their physical body - with or without their explicit knowledge or permission (sometimes, my patients were unconscious), their medical records, drugs they consumed, and the stories they shared with me in confidence. Some of these people I knew in social situations.
When I was Chief Information Officer (CIO) and Information Systems Security Manager (ISSM), I saw what went on in people's heads. If people can think about it, they're likely using their computer to access or communicate it. To protect State secrets, enforce rules like the Joint Ethics Regulation and child pornography laws, and prevent corporate espionage, we had to monitor everything that flowed in or out of our networks.
As we saw in recent FDA activities, this power to monitor information flow (in this case, personal emails), can be used to cover up wrong doing, promote political agendas, or target individuals for persecution. There doesn't seem to be a clear rule for how personal information or information shared with the expectation of privacy can or can not be used. More importantly, we may not offer adequate training or assistance to those who manage the people who manage these environments.
In medicine, we take an oath. There is a cultural law that protects patients (and their privacy) at all costs. To violate this cultural law is to violate a sacred trust with the entire community. A violator would be hard pressed to find work in the medical field if their transgression were discovered.
If you were the one with access to private information, what rules do you think should be applied to you? What rules would you apply to yourself?
You must be logged in to reply to this topic.