Ethical Issues in Secondary Use of Personal Health Information

Abstract

The accessibility of personal health information (PHI) will increase on the Internet of the future to provide timely support for both primary and secondary uses. Although PHI for secondary uses is generally anonymized, its widespread distribution on the Internet raises ethical concerns. The PHI should remain an individual's most closely guarded asset [1], [2]. While other forms of personal data represent what the person does, owns, or knows, PHI represents what the person is. PHI describes the biological attributes of the human being, often containing longitudinal records of wellness, illness, test results, and treatments [3]. These characteristics amplify the seriousness and un-reversible consequences that uniquely differentiate breaches or disclosures of PHI data from other forms of data breach. In conducting risk assessment analysis, the result of even a single PHI data breach can be catastrophic. As it is impossible to place a price on our health, it is similarly impossible to place a price on PHI. Risk assessments calculations [4] involving annual loss expectancy, single loss expectancy, or annualized rate of occurrence are irrelevant when PHI has been breached. In light of this, the questions of: (1) granting the patient the right to consent, that is, opt-in or out, of the de-identification and subsequent secondary use of their PHI; and (2) finding synthetic alternatives to de-identified PHI for certain type of secondary uses to protect patient privacy, urgently need to be addressed.