Fox, R., “Ethical and Existential Developments in Contemporaneous American Medicine: Their Implications for Culture and Society” in Fox, R., Essays in Medical Sociology (New Brunswick, USA: Transaction Books, 1988): 381–421 at 403.Google Scholar

Callahan, D., “Shattuck Lecture – Contemporary Biomedical Ethics,” N. Engl. J. Med. 302 (1980): 1228–1233, at 1230. Factors contributing to the tendency to think about health care in narrow, individualist terms are the language of rights within the Constitution, and the many social movements (both within and without medicine) whose aspirations have been translated as legal claims: Movements asserting rights for women, gays, African-Americans, reproductive rights, sexual rights, the right to die, to refuse life-supporting treatment, and many more.CrossRefGoogle Scholar

In Roe v Wade 410 U.S. 113 (1973), the Supreme Court adopted what is known as a “substantive due process” analysis of the Fourteenth Amendment guarantee of liberty, holding that the liberty interest prevents State interference with “fundamental personal decisions” (pre-eminently abortion), absent a “compelling State interest.” Health information privacy also enjoys a degree of constitutional protection under the Fourteenth Amendment. In Whalen v Roe 429 U.S. 589 (1977), the Supreme Court appeared to recognize an intermediate level of protection for information privacy claims falling somewhere between the “compelling state interest” approach (that applies where state legislation would interfere with fundamental liberty interests), and the more easily-satisfied “rational relation” test, where it would not: see Chlapowski, F., “The Constitutional Protection of Informational Privacy,” Boston University Law Review 71 (1991): 133–160, at 144–150. In Britain, although confidentiality has tended to be seen by courts as an instrumental value, rather than a fundamental right, the implementation of the European Convention on Human Rights into domestic law, through the Human Rights Act 1998 (UK), invites a renewed emphasis on rights. The Human Rights Act 1998 gives effect to Article 8 of the ECHR (respect for private and family life) as a qualified right under the Act.Google Scholar

410 U.S. 113 (1973).Google Scholar

429 U.S. 589 (1977).Google Scholar

See Kuczewski, M. “Two Models of Ethical Consensus, or What Good is a Bunch of Bioethicists?” Cambridge Quarterly of Healthcare Ethics 11 (2002): 27–36, at 30–32.CrossRefGoogle Scholar

Jones v Stanko 160 N.E. 456 (1928) (smallpox); Davis v Rodman 227 S.W. 612 (1921), 614 (typhoid fever); Skillings v Allen 173 N.W. 663 (1919) (scarlet fever); Wojcik v Aluminum Co. of America 183 N.Y.S. 2d 351 (1959) (tuberculosis); Hofmann v Blackmon 241 So.2d 752 (1970) (tuberculosis); see also Gammill v United States 727 F.2d 950 (1984) (infectious hepatitis).Google Scholar

177 N.W. 831 (1920); similarly, C. v D. [1925] 1 DLR 734.Google Scholar

See, e.g. Biddle v Warren General Hospital 715 N.E.2d 518 (1999), 523.Google Scholar

Tarasoff v Regents of the University of California 551 P2d. 334 (Cal 1976), 345.Google Scholar

E.g. Thompson v County of Alameda 614 P.2d 728 (1980) (generalized threats; no duty to warn police, or parents of child subsequently killed); cf. Lipari v Sears, Roebuck & Co. 497 F.Supp.185 (1980), 194.Google Scholar

See Gostin, L. and Hodge, J. Jr., “Piercing the Veil of Secrecy in HIV/AIDS and Other Sexually Transmitted Diseases: Theories of Privacy and Disclosure in Partner Notification,” Duke Journal of Gender Law & Policy 5 (1998): 9–88.Google Scholar

E.g. Smith v Jones (1999) 169 DLR (4th) 385; W v Egdell [1990] 1 All ER 835; R v Crozier (1990) 12 Cr.App.R.(S.) 206. Courts generally have also recognized an exception where confidential information is relevant to a serious crime: e.g., Bryson v Tillinghast 749 P.2d 110 (1988).Google Scholar

E.g. Harvey v PD [2004] NSWCA 97; BT v Oei [1999] NSWSC 1082.Google Scholar

See, e.g., Hunter v Mann [1974] 1 AB 767. For a review of legislative duties with respect to transmissible diseases in Australia, see Magnusson, R., “Promoting Sexual Health: the Role of Law,” in Temple-Smith, M. and Gifford, S., eds., Sexual Health: An Australian Perspective (Melbourne: IP Communications, 2004) (in press).Google Scholar

Dickens, B., “Legal Approaches to Health Care Ethics and the Four Principles,” in Gillon, R., ed., Principles of Health Care Ethics (Chichester: John Wiley & Sons, 1994): 305–317, at 311–312.Google Scholar

E.g. Hammonds v Aetna Casualty & Surety Co. 243 F.Supp.793 (1965), 801; Tarasoff v The Regents of the University of California 551 P.2d 334 (1976), 346.Google Scholar

X v Y [1988] 2 All ER 648, at 653.Google Scholar

X v Y [1988] 2 All ER 648, 658, 660 (disclosure of HIV/AIDS); W v Egdell [1990] 1 All ER 835, 845–46, 848–49 (disclosure of propensity towards violence). For the limits of the duty in Australia, see Kadian v Richards [2004] NSWSC 382, at para 45; Sullivan v Sclanders (2000) 77 SASR 419, 424–7.Google Scholar

See, e.g. California Civil Code §§ 56–56.37. In Australia, see, e.g. Health Services Act 1988 (Vic) s. 141.Google Scholar

See, e.g. Public Health Law (NY) §§ 2780–86 (HIV confidentiality provisions); California Civil Code § 56.17 (genetic confidentiality).Google Scholar

See generally Gostin, L., The AIDS Pandemic: Complacency, Injustice, and Unfulfilled Expectations (Chapel Hill: University of North Carolina Press, 2004); Magnusson, R., “Australian HIV/AIDS Legislation: A Review for Doctors,” Australian and New Zealand Journal of Medicine 26 (1996): 396–406.Google Scholar

In X v Y [1988] 2 All ER 648, for example, an English court granted a permanent injunction restraining a newspaper from publishing the identities of two physicians with AIDS, whose identities had been leaked by a hospital employee, for reward, to the newspaper, which intended to publish under the headline “Scandal of Docs with AIDS.”Google Scholar

Dickens, B., “Legal Limits of AIDS Confidentiality,” JAMA 259 (1988): 3449–3451.Google Scholar

See Hammonds v Aetna Casualty & Surety Company 243 F.Supp. 793 (1965), 803; Biddle v Warren General Hospital 715 N.E.2d 518 (1999), 528; X v Y [1988] 2 All ER 648.Google Scholar

Dickens, , supra note 24, at 3449.Google Scholar

See Dickens, B., “Confidentiality and the Duty to Warn” in Gostin, L., ed., AIDS and the Health Care System (New Haven and London: Yale University Press, 1990): 90–112, at 99–100; Duncan v Medical Disciplinary Committee [1986] 1 NZLR 513, 521.Google Scholar

See Siegler, M., “Confidentiality in Medicine: A Decrepit Concept,” N. Engl. J. Med. 307 (1982):1518–1521. As the Canadian Privacy Commissioner has observed: “[a] leak from a doctor’s office is damaging enough: Maintaining a trusted relationship with the health system’s cast of thousands is quite another”: Canadian Privacy Commissioner, 1997/98 Annual Report (Office of the Canadian Privacy Commissioner, 1998): 4.CrossRefGoogle Scholar

E.g. X v Y [1988] 2 All ER 648.Google Scholar

For an Australian example, see Slater v Bissett (1986) 85 FLR 118.Google Scholar

OECD, Guidelines Governing the Protection of Privacy and Transborder Flows of Personal Data, Paris, 23 September 1980.Google Scholar

Privacy Act of 1974 (US), codified at 5 U.S.C. § 552a; Data Protection Act 1998 (UK); Privacy Act 1988 (Cth).Google Scholar

See U.S. Department of Commerce “Safe Harbour” portal: <http://www.export.gov/safeharbor/> (last visited August 30, 2004).+(last+visited+August+30,+2004).>Google Scholar

45 C.F.R. Parts 160 and 164.Google Scholar

Pub. L. No. 104-91; 110 STAT. 1936 (1996).Google Scholar

See Studdert, D., “Direct Contracts, Data Sharing and Employee Risk Selection: New Stakes for Patient Privacy in Tomorrow’s Health Insurance Markets,” American Journal of Law & Medicine 25 (1999): 233–65, at 235–236.CrossRefGoogle Scholar

Furrow, B., Greaney, T., Johnson, S., et al., Health Law: Cases, Materials and Problems, 3rd ed. (St. Paul: West Publishing Co, 1997): 520–521.Google Scholar

As Schwartz notes, one important form of review “involves the examination of patient records to guard against so-called “DRG creep,” which occurs when physicians place patients into more generous DRG [diagnosis related groups] categories than are warranted”: Schwartz, P., “The Protection of Privacy in Health Care Reform,” Vanderbilt Law Review 48 (1995): 295–347, at 302.Google Scholar

Studdert, , supra note 36, at 254.Google Scholar

See Schwartz, , supra note 38, at 300ff for discussion of how data processing has become a way of controlling physicians.Google Scholar

See Gostin, L., “Personal Privacy in the Health Care System: Employer-Sponsored Insurance, Managed Care, and Integrated Delivery Systems,” Kennedy Institute of Ethics Journal 7 (1997): 361–376.CrossRefGoogle Scholar

U.S.C. § 12112(d).Google Scholar

U.S.C. § 12201(c); Gostin, , supra note 41, at 367; Studdert, , supra note 36, at 257–259.Google Scholar

HIPAA Privacy Rule, codified at 45 C.F.R. § 164.504(f).Google Scholar

See HIPAA § 702; 29 U.S.C. § 1182, amending the Employee Retirement Income Security Act (ERISA).Google Scholar

HIPAA § 701; 29 U.S.C. § 1181.Google Scholar

National Health Act 1953 (ah) ss 73AAH, 66.Google Scholar

The HIPAA Privacy Rule requires contractual restrictions to be imposed on the use by “business associates” of identifying health information. Business associates may not be authorized to use or disclose such information in violation of the Rule: see 45 C.F.R §§ 164.502(e), 164.504(e).Google Scholar

HIPAA Privacy Rule, codified at 45 C.F.R §§ 164.502,164.506.Google Scholar

The States provide a network of hospitals, receiving Commonwealth financial support under periodic “Medicare agreements” that create incentives to the States to meet various cost, service and other policy targets: see Duckett, S., The Australian Health Care System (South Melbourne: Oxford University Press, 2000): 34ff.Google Scholar

See Health Insurance Act 1973 (Cth) s. 130.Google Scholar

The PBS database is protected under the National Health Act 1953 (Cth) s. 135A. Like the Medicare database, it is also regulated under Privacy Guidelines issued by the Federal Privacy Commissioner under s. 135AA of the National Health Act. The Privacy Act 1988 (Cth) also applies to personal information held by the Health Insurance Commission.Google Scholar

See Mendelson, D., “Travels of a Medical Record and the Myth of Privacy,” Journal of Law and Medicine 11 (2003): 136–145.Google Scholar

National Health Act 1953 (Cth) ss 73BD-73BDAA.Google Scholar

For example, where a purchaser/provider agreement is in operation, the National Health Act 1953 (Cth) s. 73BD(2) requires the hospital to disclose to the health fund the data set specified in the Hospital Casemix Protocol (see National Health Regulations (Cth) Schedule 7).Google Scholar

Specifically, insurers disclose data to the Commonwealth Health Department and the Private Health Insurance Administrative Council: see National Health Act 1953 (Cth) s. 73AB.Google Scholar

National Health Act 1953 (Cth) ss 73AB(5), 73G; Mendelson, D., “Health Legislation (Private Insurance Reform) Amendments Act 1995 (Cth) and the Question of Medical Confidentiality: The Money or the Ethics?” Journal of Law and Medicine 4 (1996): 107–111.Google Scholar

See National Research Council, For the Record: Protecting Electronic Health Information (Washington, D.C.: National Academy Press, 1997), Chapter 1, available on-line at: <http://www.nap.edu/readingroom/books/for/> (last visited August 27, 2004).+(last+visited+August+27,+2004).>Google Scholar

Goldsmith, J., “The Internet and Managed Care: A New Wave of Innovation,” Health Affairs 19 (2000): 42–56, at 44–48.CrossRefGoogle Scholar

See Thompson, T. and Brailer, D., The Decade of Health Information Technology: Delivering Consumer-Centric and Information-Rich Health Care: Framework for Strategic Action, (Washington, D.C.: Office of the Secretary, National Coordinator for Health Information Technology, July 21, 2004), available at <http://www.hhs.gov/onchit/framework/hitframeworkpdf> (last visited August 27, 2004).+(last+visited+August+27,+2004).>Google Scholar

Coiera argues that “Biomedical expertise, for example, will no longer be seen to reside in the heads of experts, but will rather reside in the system. Knowing “about” is replaced by knowing “how to find out,” and clinicians and machines are always “connected” to each other via the information grid to share knowledge…”: Coiera, E., “Four Rules for the Reinvention of Health Care,” British Medical Journal 328 (2004): 1197–9, at 1197.CrossRefGoogle Scholar

Humber, M., “National Programme for Information Technology,” British Medical Journal 328 (2004): 1145–6.CrossRefGoogle Scholar

See Magnusson, R., “Data Linkage, Health Research and Privacy: Regulating Data Flows in Australia’s Health Information System,” Sydney Law Review 24 (2002): 5–55, at 47–51. See also <http://www.health.gov.au/healthconnect/> (accessed August 27, 2004).Google Scholar

Supra note 60.Google Scholar

See Armstrong, B. and Kricker, A., “Record Linkage – A Vision Renewed,” Australian and New Zealand Journal of Public Health 23 (1999) 451–452, at 452.CrossRefGoogle Scholar

Magnusson, , supra note 63, at 44–46.Google Scholar

Examples include Kaiser Permanente, a managed care organization, which provides on-line services to members, which mistakenly sent 838 e-mail messages to wrong recipients, some of which contained sensitive information: Goldman, J. and Hudson, Z., “Virtually Exposed: Privacy and E-Health,” Health Affairs 19 (2000): 140–148, at 141.CrossRefGoogle Scholar

Those purposes are already extensive. As the National Research Council notes, “because care is now provided by a variety of providers from a variety of locations and the bills are paid by more than one payer, the EMR is used to facilitate familiarity with the patient’s status, document care, plan for discharge, document the need for care, assess the quality of care, determine reimbursement rates, justify reimbursement claims, pursue clinical or epidemiological research, and measure outcomes of the care process: supra note 58, Chapter 1.Google Scholar

Secretary of the Department of Health and Human Services, Tommy G. Thompson has argued that health information technology has the potential to save total annual spending on health care by ten percent: News Release, “Thompson Launches ‘Decade of Health Information Technology’,” July 21, 2004, available on-line at <www.hhs.gov/news/press/2004pres/20040721a.html> (last visited August 27, 2004).+(last+visited+August+27,+2004).>Google Scholar

See §§ 1171–1179 of the Social Security Act, codified at 42 U.S.C. 1320d-1320d8.Google Scholar

HIPAA § 264, codified at 42 U.S.C. § 1320d-2 note.Google Scholar

Lowrance, W., “Privacy and Health Research, A Report to the U.S. Secretary of Health and Human Services,” May 1997, part 2, available at <http://aspe.os.dhhs.gov/datacncl/PHRhtm> (last visited August 27, 2004); see also Douglas, R., “Disease Control in the Information Era,” Medical Journal of Australia 174 (2001): 241–3; Magnusson, , supra note 63, at 38–44.Google Scholar

See Social Security Act § 1178(b), codified at 42 U.S.C. § 1320d-7(b); see also the HIPAA Privacy Rule, 45 C.F.R § 160.203(c).Google Scholar

See 45 C.F.R § 164.512(b).Google Scholar

45 C.F.R. § 164.501; CDC, “HIPAA Privacy Rule and Public Health,” MMWR 52 (2003): 1–12.Google Scholar

Thompson, and Brailer, , supra note 60.Google Scholar

Goraya, A. and Scambler, G., “From Old to New Public Health: Role Tensions and Contradictions,” Critical Public Health 8 (1998): 141–151, at 144.CrossRefGoogle Scholar

See Rosenbaum, S. and Kamoie, B., “Managed Care and Public Health: Conflict and Collaboration,” Journal of Law, Medicine & Ethics 30 (2002): 191–200, for discussion of the tensions between the provision of care under the managed care model, and the broader “extra-contractual” goals of public health.CrossRefGoogle Scholar

Murray, T., “Genetic Exceptionalism and ‘Future Diaries’: Is Genetic Information Different from Other Medical Information?” in Rothstein, M., ed., Genetic Secrets: Protecting Privacy and Confidentiality in the Genetic Era (New Haven, Connecticut: Yale University Press, 1997): 60–73. In a wonderful phrase, Annas and colleagues refer to genetic information as a “coded probabilistic future diary”: Annas, G., Glantz, L. and Roche, P., “Drafting the Genetic Privacy Act: Science, Policy and Practical Considerations,” Journal of Law, Medicine & Ethics 23 (1994): 360–66, at 360.Google Scholar

See, e.g. Civil Code (Cal) § 56.17; Insurance Code (Cal) § 10140–10145.4; Health and Safety Code (Cal) §§ 1374.7, 124975–124980; Civil Rights Law (NY) § 79–1; Insurance Code (Tex) § 546. For a complete listing of State laws, see <http://www.genome.gov/PolicyEthics/LegDatabase/pubsearch.cfm> (last visited August 27, 2004).+(last+visited+August+27,+2004).>Google Scholar

See Mathew, C., “Postgenomic Technologies: Hunting the Genes for Common Disorders,” British Medical Journal 322 (2001): 1031–4. By genomics, I refer to the identification of the genetic bases for molecular abnormalities causing disease.CrossRefGoogle Scholar

Pharmacogenomics refers to the correlation between an individual’s genotype and their drug reaction phenotype. Pharmacogenomic profiling aims to identify genetic markers that will identify individuals having a particular phenotype. Genetic pharmacology refers to the design of drugs to counteract the lack of a required protein, or the chemical effects of an undesirable genetic variation. See Neil, D. and Craigie, J., “The Ethics of Pharmacogenomics,” Monash Bioethics Review 23 (2004): 9–20.CrossRefGoogle Scholar

See for discussion, Magnusson, R., “Regulating Genetic Privacy in the On-Line Health Information Era,” Health Information Management Journal 30, no. 4 (2002) (copy on file with author).Google Scholar

See, e.g., See, eg, Burnett, L., Barlow-Stewart, K., Proos, A. et al., “The ‘GeneTrustee’: A Universal Identification System that Ensures Privacy and Confidentiality for Human Genetic Databases,” Journal of Law and Medicine 10 (2003): 506–512.Google Scholar

See, e.g., Skene, L., “‘Patients’ Rights or Family Responsibilities? Two Approaches to Genetic Testing,” Medical Law Review 6 (1998): 1–41.CrossRefGoogle Scholar

Neil, and Craigie, , supra note 82, at 17.Google Scholar

See Sobel, S. and Cowan, D., “Impact of Genetic Testing for Huntington Disease on the Family System,” American Journal of Medical Genetics 90 (2000): 49–59; Taylor, C. and Myers, R., “Long-Term Impact of Huntington Disease Linkage Testing,” American Journal of Medical Genetics 70 (1997): 365–370.Google Scholar

Brazier, M., Glover, N., “Does Medical Law Have a Future?” in Hayton, D., ed., Law’s Future(s): British Legal Developments in the 21st Century (Oxford: Hart, 2000): 371–388, at 372.Google Scholar

Brazier, and Glover, , supra note 88, at 388.Google Scholar

National Research Council, supra note 58, Chapter 1 (on-line).Google Scholar

Kennedy, I., “The Medical Frontier” in Howe, L. and Wain, A., eds., Predicting the Future (Cambridge: Cambridge University Press, 1993): P 96, at 114–116.Google Scholar

See Citizens for Health v Thompson, United States District Court for the Eastern District of Pennsylvania, No 03–2267, McLaughlin J, April 2, 2004, available at <http://www.epic.org/privacy/medical/cfh_order.pdf> (accessed August 27, 2004) (dismissing a constitutional challenge to the HIPAA Privacy Rule).+(accessed+August+27,+2004)+(dismissing+a+constitutional+challenge+to+the+HIPAA+Privacy+Rule).>Google Scholar

Dickens, , supra note 24, at 3449.Google Scholar