The next time you’re sitting through a PowerPoint lecture on someone’s recent medical mission experience, I’d like you to consider it through a different lens. Take a pause, between cooing over the cute children they played with and gaping at the rare pathology they treated, and think: is this HIPAA compliant?
I am sure that the last thing you want to think about during a fun global health lecture are the Health Insurance Portability and Accountability Act privacy rules. They’re boring, they’re suffocatingly restrictive, and they create endless mountains of paperwork for all involved. I would argue, though, that there is an important principle buried under all that red tape. Patients have a right to privacy, and they value that right. Patients expect confidentiality of their personal health information when they access the healthcare system. Healthcare professionals have a duty to respect patients’ rights to privacy, except in rare situations where another moral duty supersedes the right to privacy of the patient.
In the United States, elaborate measures are often taken to try to protect the privacy of patients during presentations or in publications. Even when making an educational presentation to our peers, physicians typically refer to the patient by their initials only, or perhaps just by their age and gender. If the presentation is to be made in front of members of the public, or if the publication is to be widely disseminated – such as in a blog, a newspaper article, or a book – further attempts at concealment might be made. Key details about the patient, including gender or age, might be altered. Other details, any that might provide identifying information about the patient’s appearance, family members, or location, may be omitted. Healthcare institutions in the United States also monitor closely the use of social media by their staff. Physicians can have their licenses revoked over violations of patient privacy online, healthcare professions students can be disciplined or expelled, and other staff members can be fired.
Most of us know these things – we have to, because they’re included in our hospital orientation before we start work. We think of them when we’re in the hospital, and especially when we’re in the elevators, where posters have strategically been placed to remind us not to talk about the patients where others can hear us. When we provide healthcare outside the walls of our home institution, and travel outside the borders of our home country, does HIPAA follow us? We have entered a gray area in patient confidentiality. The care was not provided in the United States, and the patient is not an American citizen. When we travel and undertake research projects in developing countries, we are obligated to have that research examined by our Institutional Review Board, and encouraged to submit our plans to a local Institutional Review Board as well, if one exists. As yet, no such organized bodies review the clinical care provided by traveling healthcare workers, nor does any review board or hospital committee discipline their staff based on inappropriate use of information or photographs gathered while on international ‘mission’ trips.
Based on my experience, after attending umpteen global health conferences, seminars, and lectures, most of us are not strict about adherence to privacy rules when we make presentations under these circumstances. There is a large range of behavior encompassed here, from public presentations or sales of non-medically-related photographs that were taken and used for commercial or educational purposes without the permission of the subjects, to the stark display of shocking medical photographic material without any effort to obscure the identity of the subject.
A partially nude woman in extremis is presented on screen, for example, her face contorted in pain. Does the fact that she lives in Botswana, and that it is extremely unlikely any audience members would be able to identify her, mean that we can show images of this patient’s condition and her suffering with impunity? What if a photograph is shown of a child who was treated by the presenter, smiling after being given a curative treatment, with the healthcare provider’s arm around her and the child’s name underneath in the caption? The child was happily treated and embracing the healthcare worker in gratitude. Is it important that neither the child nor her guardian was asked permission to show her photograph or her name in a public presentation?
I would argue that the rights of the patient to privacy and confidentiality are not just codified in an irksome piece of legislature, rather, the legislature was designed to support a universal truth. To whatever extent reasonably possible, the patient you treat in Port-au-Prince should be accorded the same rights and respect that you give a patient in Portland, Oregon.
It seems likely that most such presentations or publications related to patient encounters are done with good intentions. The presenter wishes to illustrate most clearly the situation that they were working in. They may be rightfully proud of the work they did to provide humanitarian aid under crisis conditions. Or they may simply have made a human connection with their patients and been inspired by their stoicism and their ability to overcome adversity. And it is common for such presentations to be done as part of a request for donations to help with further humanitarian efforts.
On a less selfless note, I do wonder to what extent such photographs and stories reinforce disturbing subtexts or themes to humanitarian aid efforts. The healthcare providers are heroic, powerful, resourceful, and often white. The patients or members of the community being assisted are helpless, impoverished, desperate, passive, and often brown or black. Do these stories and photographs about the patients, and our power to reveal their identifying features or personal health information, provide stereotypical messages about race, ethnicity, or nationality, to those in the audience? There is no law to guide you in answering these questions, only your conscience.
Lee, S. “Social Media in Healthcare Creates Risks, Benefits.” San Francisco Chronicle, 6/21/2012. Found at: http://www.sfgate.com/health/article/Social-media-in-health-care-create-risks-benefits-3650284.php
Stanford Encyclopedia of Philosophy. “Privacy and Medicine.” Last revised 2/28/2011. Found at: http://plato.stanford.edu/entries/privacy-medicine/
U.S. Department of Health and Human Services. “Summary of the HIPAA Privacy Rule.” Found at: http://www.hhs.gov/ocr/privacy/hipaa/understanding/summary/index.html