Computers, Privacy & the Constitution

Privacy Issues Associated with the Collection of Medical Data by Government and Private Entities

-- By JalilMuhammad - 11 May 2022

Access to the health information of private citizens in the United States has become a highly sought-after data. This paper explores some of the privacy issues implicated when patient medical information is compiled by government entities, their affiliates and/or employers and shared with others for purposes the individual did not consent to. This paper will briefly examine two important instances where the privacy interest of patients is frequently jeopardized. These two instances are: Mandatory reporting of diseases by health care providers to public health agencies and the use of medical data by medical service providers and or employers for purposes that the patient did not provide consent.

Like most states, New York requires newborns at birth to be screened for approximately sixty genetic disorders. Screening takes place within the first 24 to 36 hours of birth by pricking the child’s heel for a small sample of blood. The testing is crucial because collection of the genetic information not only helps medical experts identify the existence of rare diseases among newborns, but it’s also because it affords health officials the opportunity to provide early treatment for diseases that, if left unaddressed, could adversely affect the child for life. However, these genetic tests raise significant privacy interest concerns because in most states, patients are unable to opt out. In her article, Reconsidering Constitutional Protection for Health Information Privacy, Wendy Mariner examines the relationship between the Supreme Court’s Third-Party Doctrine and state mandatory reporting laws and assesses to what extent the doctrine insulates states from fourth amendment violation claims. In Miller and Smith , the Court famously determined that plaintiffs had no legitimate expectation of privacy when they voluntarily turn over information to third parties. However, that case focused on the governments right to seize private information in a criminal investigation under circumstances where the plaintiffs clearly had no expectation of privacy and voluntarily handed over information to third parties. Here, where information is compiled by the government for civil purposes and patients are compelled to participate in genetic testing, the facts are different. Mariner writes, “mandatory reporting laws directly compel the third party to turn data over to government. Thus, mandatory reporting laws can be seen as government-compelled, continuous, suspicion less searches of an entire population’s data, which Miller and its progeny never considered. Although, the constitutionality of mandatory reporting laws for public health purposes is unquestionable under the 10th amendment and other forms of constitutional analysis, Mariner’s observation is interesting because, in some ways, it does draw a chilling resemblance to the continuous collection of telephone data by the NSA which we learned about earlier in the semester.

In 2010 the Texas Tribune published an exposť detailing how Texas Health officials stored infant genetic material and shared it with the federal and private entities without parental consent. Like New York, Texas screened newborn children for a variety of genetic disorders, and for years the genetic material was usually discarded soon thereafter. However, at some point in the early part of the last decade, the state changed its policy, developed a partnership with Texas A&M University for research purposes and begin collected all the genetic material of newborns without ever discarding them for “undisclosed purposes unrelated to the purposes for which the blood was originally drawn. Over the course of seven years, over 5 million infant blood spots were collected by the State of Texas with a significant fraction of that amount being turned over to the federal governments Armed Forces DNA Identification laboratory . The purpose of the latter was to create a national mtdna database to help aid in law enforcement and anti- terrorism efforts. Ultimately, as a part of a largely undisclosed settlement with parents, Texas destroyed the genetic material.

Similar privacy violations around the country have occurred by government agencies and medical service providers for years. This issue has become even more relevant in light of Covid 19 testing mandates. For instance, in December 2020, parents, students and employees of New York City Public Schools filed suit against the city claiming that the testing mandate violated their reasonable expectation of privacy because the test required parties to submit genetic material to a city testing contractor without a guarantee that specimens would not be analyzed and placed in an active DNA database or used for proprietary purpose. The plaintiffs noted that absent a felony conviction in the State of [[[New York]] , “placement of DNA into such a database may not be done without the express consent of an individual…” Although the vendor claimed in public statements that no DNA would be extracted for such purposes, plaintiff’s reluctance to rely on the vendors unsubstantiated assurances was likely not unreasonable since DNA material can be extracted from testing swabs and used for proprietary and perhaps even worse purposes.

The American people need to be assured that their private health information is secure and one meaningful way to fortify that security is ratifying legislation at the state level that protects the DNA of newborns from use by private actors without the consent of parents. After the Texas suit settled, Texas legislators updated its mandatory testing statue. The amended statue required parents be afforded the opportunity to object to the departments use of the genetic material for any purpose “other than the conduct of newborn screening tests” and required agencies to provide a public accounting genetic material extracted. Another way to fortify the security of patient medical information is to amend the HIPAA statue so that patients can directly sue covered entities who, without their consent, sell their genetic information to undisclosed parties. The past two years has shown that public health depends in large part on citizens willingness to participate in disease mitigation activities. To what extent the American people will be willing to voluntarily participate in public health mitigation activity in the future will in large part depend on how significantly they feel their private health information is protected.


Webs Webs

r4 - 11 May 2022 - 18:44:30 - JalilMuhammad
This site is powered by the TWiki collaboration platform.
All material on this collaboration platform is the property of the contributing authors.
All material marked as authored by Eben Moglen is available under the license terms CC-BY-SA version 4.
Syndicate this site RSSATOM