Legal issues pertaining to the collection of sociodemographic data in emergency departments.

Abstract

A recent issue of Academic Emergency Medicine contained the article “Equity-relevant sociodemographic variable collection in emergency medicine: A systematic review, qualitative evidence synthesis, and recommendations for practice” by Leeies et al.1 We believe additional ethical and legal considerations warranted exploration beyond the scope of the above-mentioned systematic review and qualitative evidence synthesis. In this special contribution, we provide more detailed legal context surrounding our discussion on antidiscrimination, patient privacy, and consent, to provide emergency medicine and health information systems decision makers further knowledge on protecting the rights of patients. Concepts, rules, and regulations regarding ownership and control of data occur at the individual level, ethnocultural population level (e.g., specific Indigenous populations), institutional level, national level, and international level. The information systems of institutions and governments are evolving in terms of diversity and inclusion to offer expanded definitions and categories of sociodemographic data. For example, in 2021 the Canadian Census was modified to include the collection of gender identity from transgender and nonbinary populations and to better reflect ethnocultural diversity.2 Further, Canadian vital statistics legislations and corresponding personal health identification documents allow for an “X” designation in various jurisdictions, while other jurisdictions allow people to choose to not display their sex on their health card. Barriers to updating or modifying government documents may disproportionately affect gender-diverse people given the “intersection of gender diversity with various forms of social exclusion.”3 Without appropriate identification that accurately reflects the gender identity of the cardholder, gender-diverse persons are frequently outed, misidentified, and put in harmful situations when they present for health care.4 At the forefront of our recommendations is a process that can offer patients agency and autonomy over the information they share, with the hope that eventually there can be continuity to these data across the patient's medical records (if consented to) to decrease the patient's need to repetitively disclose their pronouns, gender identity, and name throughout health care visits. There is increased recognition globally of the benefits of data sovereignty, particularly for systemically oppressed populations, so that these groups can be empowered to govern their own data and work to dismantle longstanding structural inequities.5 Indigenous groups have led the development of frameworks for ethnocultural data sovereignty.6, 7 Evolving issues regarding ethnocultural information governance include interactions between legislation and ethnocultural principles, research ethics and data management, rules around intellectual property, archival practices, data sharing principles, and others. In Canada, the First Nations Information Governance Centre (FNIGC) has created a curriculum on principles of ownership, control, access, and possession (OCAP®) for Indigenous data.7 Indigenous data sovereignty “affirms the rights of Indigenous Peoples to control the collection, access, analysis, interpretation, management, dissemination, and reuse of Indigenous data.”8 The concept of Indigenous data sovereignty and consultation with Indigenous populations should be integrated in the collection of information relating to Indigenous Identity. The OCAP® framework for Indigenous data collection asserts that First Nations have control over data collection processes, that they own and control how this information can be used and should inform the reformation of health information systems.9-11 In the United States there is an increasing appetite for individual patients to have possession and control of their personal health information allowing for both privacy and portability. Personal access is regulated under the Health Insurance Portability and Accountability Act of 1996,12 an act that has been amended several times since its inception to respond to the changing world of privacy.13 Ownership and control of data vary across national jurisdictions. The European Union (EU) has harmonized data protection regulations for its member states through the General Data Protection Regulation (GDPR). This transnational regulation harmonizes national data privacy laws throughout the EU and specifies new rights for individuals including the right to access, transfer, revise, restrict, and/or destroy their personal data.14 Under GDPR regulations genetic, biometric and health data and specific social identities (e.g., race, ethnicity, religion) are subject to the highest levels of protection. Legal barriers exist in the sharing of data, with scholars pointing to many uncertainties and inconsistencies around who “owns” health data.15, 16 While there has been a push toward recognizing personal health information as property of the patient, this concept of data ownership has been largely debated including by health law scholars, despite detailed regulations existing in most developed countries.17 In the past, courts have found that this personal health information does not meet the definition of personal property in law.18 Some argue that personal data ownership should be recognized as a human right, with individuals having the power to sell, profit from, and access their data. However, others are wary that this individualized shift may have unintended consequences of increasing health care costs with negligible financial gain to individuals.17 This debate surrounding data sovereignty has become increasingly complex given the technological advancements and start-ups within the global health data market. Business plans are proposing the creation of mobile apps where people are given convenient access to their personal health information as well as an opportunity to sell their information to the private sector.17 While it was outside the scope of our systematic review and qualitative evidence synthesis to comprehensively analyze all potential legal implications of the jurisdictions represented by the citations included (Australia, Canada, and the United States), we were struck by quotations from publications in the United States where it was identified that a barrier to disclosure of demographic information for some patients was the lack of state law prohibiting discrimination based on gender identity or sexual orientation.1 In the United States only 54% of LGBTQ persons live in states that have hate crime laws covering sexual orientation and gender identity representing a significant gap in legal protections for nearly half of LGBTQ persons in America.19 The current antidiscrimination laws within the United States are limited in such a way that if sociodemographic data was systematically collected in EDs at this point, certain groups could face discriminatory treatment on the basis of their identity during health care provision with limited legal protections or recourse. In 2020, the U.S. government revised Section 1557 of the Affordable Care Act (ACA) to reduce the protections that had previously been afforded by removing the previous prohibition on discrimination based on sex stereotyping, gender identity, and specific health insurance for transgender individuals.20 Around this time, the U.S. Federal government also made significant changes to nondiscrimination regulations of health insurance and Medicaid thereby rescinding protections for many patients from sex discrimination by insurance providers. In 2022, the Department of Health and Human Services proposed to make changes to the ACA to ensure broader protections. The proposal would see protection for patients from discrimination based on sex, which will include sexual orientation, gender identity, and pregnancy or related conditions including pregnancy termination. A Federal Appeals Court recently affirmed a permanent injunction against this proposal in Franciscan Alliance v Becerra, 2022 WL 3700044, which places the onus on the Biden administration to consider whether to petition the Supreme Court to return these stripped protections to U.S. citizens. Each jurisdiction should consult with their antidiscrimination legislation to determine if the questions being asked may fall within the scope of protected grounds. For example, in Canada, there is federal, provincial, and territorial legislation that prohibits discrimination (including by health care providers) based on a protected ground, including race, age, ability, sexual orientation, gender identity, or any other characteristics identified within each act. While Canadian legislation uniformly prohibits discrimination on these grounds, it is not unanimous on the protection of potentially other relevant grounds, including source of income; receipt of public assistance; or social disadvantage, condition, or origin. If patients are asked to disclose sociodemographic data that may not be protected within existing human rights legislation, they may not have access to a legal remedy in the event of discriminatory treatment. Alternate protections for patients through individual institutional policies (at the hospital level) or health care professional associations are available but variable.21 In Australia, like Canada, all public emergency department (ED) health care providers are subject to antidiscrimination legislation that prohibits discrimination or unfair treatment of patients based on numerous protected grounds, including gender identity, race, sex, and sexual orientation. Australia also has the Australian Charter of Healthcare Rights that provides patients throughout Australia with the right to have their, “culture, identity, beliefs, and choices recognized and respected.” The Australian Charter is a set of standards created by the Australian Commission on Safety and Quality in Health Care; however, it is not directly enforceable by courts or tribunals given that it has no strict legal status. Finally, additional safeguards designed to protect patients from discriminatory treatment and protect patients’ privacy are typically mandated by the regulatory bodies that govern licensure of health care providers. A central benefit of collecting sociodemographic data is to offer an ability to quantify existing inequities through an intersectional lens and to ensure the provision of equitable care. Enhancing current data collection may provide evidence of previously unidentified inequities based on unique social circumstances that could support the need for expanded protections within existing antidiscrimination legislation. Expanded sociodemographic data may further support the existing advocacy of groups working to expand the enumerated grounds within human rights legislation.22 As clinicians with a duty of care to the health and wellness of our patients we advocate for partnership with our patients in informed shared decision making regarding the disclosure and use of personal sociodemographic information through a process that prioritizes autonomy. Our recommendation to include a standardized explanatory statement that outlines the contextual risks and benefits of disclosure of sociodemographic information is a key facilitator of safe informed disclosure.1 The protection of patient privacy is a central element when collecting patient information in health care. Existing privacy legislations vary between states and provinces. They outline what constitutes personal health information and the limitations on disclosure for health care providers and health systems. Health care providers and health systems may also be governed by regulatory bodies that have their own confidentiality requirements outlining how health information should be stored and what shall take place in the event of a privacy breach. Collecting sociodemographic data in EDs raises additional questions surrounding the privacy of this information given that the patient may not receive a direct benefit from sharing certain identity factors on a given ED visit. Given this, the collection of sociodemographic data should only occur after informed consent and an assurance that disclosure will not result in discriminatory treatment. Secondary uses of patient health information for the purpose of research or quality improvement have varying rules and regulations depending on the jurisdiction. Depending on the sociodemographic factors collected, there may be additional considerations regarding who should be involved in deciding how these data are collected and used. Privacy concerns were one of the key barriers to the collection of sociodemographic data in our systematic review as well as one of the most frequently endorsed potential harms that patients and staff were concerned about.23 Fears of stigma and discrimination from health care providers who obtain these data are known patient concern.24 For example, there are concerns with how collecting information relating to race, ethnicity, and language may be misused to identify undocumented immigrants. As a result, informed consent processes should include sufficient information for patients to understand how their data will or might be used. A recent injunction application by Moms Stop the Harm and Lethbridge Overdose Prevention Society to the provincial government of Alberta (Canada) highlights the importance of carefully considering what information will be asked of patients and the surrounding policies.25 In that case, Moms Stop the Harm and the Lethbridge Overdose Prevention Society argued that the Recovery-oriented Overdose Prevention Services Guide, which was implemented with the requirement that people accessing supervised injection sites provide their government Personal Health Care Number (PHN), would act as an unnecessary barrier to care and ultimately deter people from using the services. Given the ongoing health crisis and risk of overdose death while using drugs alone, they argued that this barrier would put the health and lives of vulnerable persons at risk and therefore is a violation of their Charter Rights to life, liberty, and security of the persons. The case did not resolve the ultimate issue about the legitimacy of the legislation and procedure because the issue before the court was an application for an injunction on the implementation of the law which uses a different legal test. The decision was appealed to the Alberta Court of Appeal, and the court again denied the application for an injunction. The court found it relevant that the requirement was a “soft” policy, and if people did not provide their PHN there was no explicit direction to deny them access to the injection site. This case serves as a reminder of the importance of implementing thoughtful patient centered practices in seeking personal health and demographic information and supports our recommendation that safe disclosure of sociodemographic personal information should be on a voluntary basis with full informed consent.1 Maragh-Bass et al.26 found patients reported that resulting bias and discrimination was the biggest risk of disclosing their personal sociodemographic information, and this treatment may result in some patients avoiding or delaying seeking medical care. Ensuring that health care settings are safe, inclusive spaces and reducing the chance of patients experiencing discrimination based on their social identities is a critical element to creating an opportunity for safe disclosure. The potential for care avoidance should be considered during the design and implementation of expanded sociodemographic collection in health settings as well as an important outcome in subsequent evaluations of the effectiveness and safety of such system-level changes. When it comes to concern over the information being collected staying private, there are many examples of unintended privacy breaches of confidential private health information. In 2018 there was a class action lawsuit against the University of Chicago and Google in the United States for allegedly sharing hundreds of thousands patient medical records without adequately removing identifying information.27 In 2020, a privacy breach occurred when detailed personal health information of 8900 children receiving services from a public health program was emailed to approximately 100 service agencies in Canada.28 In the United Kingdom, audits by the National Health Service has found hundreds of organizations in breach of data sharing agreements since 2015, with 33 organizations in breach in 2022 alone, including health care providers, universities, and pharmaceutical companies.29 The proposal for the collection of additional sociodemographic data must be reconciled with the reality that breaches do take place, including situations where data are wrongly shared by health care workers to third parties and stolen or lost. There are many ethical and legal considerations for how to implement the collection of sociodemographic data to best support health equity for patients. With decades of research showing the systemic discrimination within health care, institutions must find ways to adequately understand the issues at hand to make advancements on improving the quality of care to patients.30, 31 Intersections between medicine and law reveal overlap in the areas of patients’ rights, promotion of health equity for marginalized groups, and protection from patient harm. Advocacy for ethical issues pertaining to the collection of sociodemographic data should therefore include interdisciplinary work between medicine and law. Emergency medicine decision makers must consider their ongoing obligations to protect patients from potential bias and discrimination through antioppression education and advocacy of antidiscrimination legislation. Our original publication provides recommendations on how to implement sociodemographic data collection, including the need for meaningful collaboration with marginalized groups within all phases of the project and its evaluation.1 By improving sociodemographic data collection, EDs will be better able to protect patient privacy while they identify inequities through an intersectional lens, to measure gaps in care and design strategies to address systemic discrimination. All authors participated in the conceptualization and writing of this special contribution. The authors declare no conflicts of interest.