Give the gift of LIFE! Support the Population Research Institute!

Only $106,679 to go!

We Have an Absolute Right to Health Privacy, but We Must Fight for It

Last week the Second International Patient Privacy Summit took place in Washington, D.C. Our part in this conference was to bring Catholic Church teaching to bear on the question of who effectively owns these health records. Do we have a natural law right to these records which are, after all, collections of intimate information about our very selves?

Last week the Second International Patient Privacy Summit took place
in Washington, D.C. Dozens of leading experts gathered from across the
United States to discuss how electronic health records can be
protected from the numerous government agencies and private companies
that want to collect, mine, and market them.

(If you don’t yet have an electronic health record, you soon will,
since Washington is spending 29 billion dollars to not only
create them, but to store them on federally funded Health Information

Our part in this conference was to bring Catholic Church teaching to
bear on the question of who effectively owns these health
records. Do we have a natural law right to these records which are,
after all, collections of intimate information about our very selves?
Do we own, in any real sense, our own genome? Can we insist on giving
(or withholding) permission for any proposed experimentation using our

Because the technology is advancing at the speed of light, while
Church teaching moves at a much slower pace, Rome has as yet given no
definitive answers to these exact questions.

Of course, Catholic bioethicists have consistently maintained that
doctors must respect the privacy and confidentiality of their
patients. But how far do these principles extend beyond the human
person per se to encompass personal data? Data itself, it may
be argued, is not a human subject and therefore has no moral standing.
At the same time, however, it is becoming ever easier to identify
individuals from ever fewer data points, so that patient privacy and
confidentiality may be compromised by even very limited data sharing.

Medical data is far more intimately associated with the human person
than mere personal property, such as money or clothing, or personal
identifiers, such as addresses and phone numbers. In fact, a complete
medical history going back to birth, complete with blood tests and
brain scans, comes close to being a blueprint of a person’s corporal,
emotional, and psychosomatic well-being.

We believe that we can parse out the position that the Church is
likely to take on this emerging issue of medical record privacy from a
number of recent Vatican documents.

1995 Charter
for Healthcare Workers
, issued by the Pontifical Council for
Pastoral Assistance to Healthcare Workers, offers some insight:
“Health care workers must above all else be aware that each
person is a unity of body and soul, and realize that for this reason
the person himself in his practical reality becomes achieved through
the body.”

What is “achieved through the body” are intimate
expressions of the person, not merely actions by the person. For this
reason a patient who is a possible subject of medical research must
be, according to the above Charter, “… informed about the
experimentation, its purpose and possible risks, so that he
can give or refuse his consent with full knowledge and freedom. In
fact, the doctor has only that power and those rights which the
patient himself gives him.”

But what rule applies when the medical experimentation does not
involve the patient directly, but “only” the use of his
medical records to validate an existing medical treatment, or test a
new one? That is to say, what ethical norm is applicable to the
confidentiality of patient information, once removed from proximity to
the patient himself?

As we have noted, healthcare records pertain to much more than an
individual’s privacy; they are more in the nature of a personal
identity. The Pontifical Academy for Life’s document on Prospects
for Xenotransplants
deals with the ethical treatment of personal

Certainly, the concept of “personal identity” is replete with
implications and subtleties of meaning, given the different
contributions of philosophy and science we can indicate personal
identity as the relation of an
individual’s unrepeatability and essential core to
his being a person (ontological level) and feeling that
he is a person (psychological level). These characteristics are
expressed in the person’s historical dimension and, in particular, in
his communicative structure, which is always mediated by his

It must be affirmed, then, that personal identity constitutes a
good of the person, an intrinsic quality of his very being, and
thus a moral value upon which to base the right and duty to promote
and defend the integrity of the personal identity of every

And again, from the Charter:

In the research stage, the ethical norm requires that its aim
be to “promote human well-being.” Any research contrary to
the true good of the person is immoral. To invest energies and
resources in it contradicts the human finality of science and its
progress. In the experimental stage, that is, testing
the findings of research on a person, the good of the person, protected
by the ethical norm, demands respect for previous conditions which are
essentially linked with consent and risk.

This link between consent and risk is more than evident to the medical
community of today. The collection, banking, combing and analysis of
electronic data, is not a secure process. Records are handed on for
billing, disease control, pharmaceutical research, marketing, etc.,
and data is even sold. Patient records have become a commodity, not
owned by the patient.

The risks of such activities to the patient are well known. The
2009 Report of the Council on Ethical and Judicial Affairs of the
American Medical Association
claimed that medical identity theft
is the “fastest growing form of identity theft,” citing
that security breaches are “higher than ever before” due
to “complex patterns of collecting and using patient

Even without a break-in, your electronic health records are already an
open book to millions of providers, employers, government agencies,
insurance companies, billing firms, transcription services, pharmacy
benefit managers, pharmaceutical companies, data miners, creditors and
more. This is considered “routine” use, and is not covered
by HIPAA (Health Insurance Portability and Accountability Act of

In fact, you probably did not know that in 2002 HHS actually amended
the HIPAA “Privacy Rule” to eliminate the patient’s
“right of consent” altogether.

There is only one solution: We, as individuals, must insist on the
right to control our own e-health records. Not only must the
“right of consent” be reinstituted by law, but
wide-ranging privacy protections must be put in place as well. We must
have the right not merely to “opt-out” of any requests for
our health information, but to “opt-in” to data sharing
only when we choose to do so.

The good news is that award-winning software technology that allows
patients to do just this already exists. Singled out for excellence at
the Patient Privacy Summit was a Dallas-based company called Jericho
Systems, whose software puts the patient in charge, allowing him to
specify what doctors, practices, and institutions are allowed access
to his medical records. In fact, the technology extracts only the data
that he wants to share, and withholds information about his medical
history that he prefers to keep private.

In other words, the technology keeps all of the advantages of
electronic medical records—timely sharing between specified providers
and institutions in the even of a health crisis—while eliminating the
danger to the patient of indiscriminate or inadvertent disclosure of
private health information.

It could do other things as well, such as allow patients to act on
their pro-life principles. People of pro-life sentiments, for
instance, could refuse to allow their health records to be used in
studies by pharmaceutical companies that manufacture and produce
abortifacient drugs.

This is already being done in the U.K. In 2009, the English bishops
objected to the use of women’s gynecological records (obtained without
consent) to develop abortifacient contraceptives. The result of their
successful intervention was the imposition of new and more stringent
privacy standards.

Catholics in the U.S. likewise need to stand up and demand that our
electronic health records be safe from prying eyes and immoral

Jennifer Kimball Watson is the director of the Culture of Life
Institute. Steven Mosher is the President of the Population Research

Comments are closed on this post.

Recent Posts

Never miss an update!

Get our Weekly Briefing! We send out a well-researched, in-depth article on a variety of topics once a week, to large and growing English-speaking and Spanish-speaking audiences.