CSU Long Beach
ENGR 350
 Computers, Ethics, and Society

Syllabus
Schedule
Grading
Portfolio
Homework:
  Guidelines
  Standards
  1 - Images
  2 - Risks
    -- example
  3 - Infobahn
    -- example
  4 - Dataveillance
    -- example
  5 - Worklife
    -- example
  6 - Killer Robot
Term project

    Homework 4 - example

    "Dataveillance"

    Note for UCI - ICS 131: The first two grading categories are combined into one at UCI.

    Writing:
    5 __Spelling and syntax errors caught by Word (max. 5, -1 per error)
    5 __Other errors (e.g., word usage), not caught by Word (max. 5, -1 per error)
    10 __Readability and organization (10 max.)
    10 __Relevant and correct use of sources (10 max., 0 here may mean 0 on the assignment).

    Content:
    10 __Did you do what the assignment asked for? (10 max., 0 here may mean 0 on the assignment)
    10 __Did you show real understanding of the course material? (10 max.)
    10 __Did you go beyond the "minimum" to analyze the topic in depth? (10 max.)

    60 __Total (60 max.)

    I shall focus on a subject which most of us consider very private and personal, namely our medical records. I shall discuss what information it contains, how the health care providers obtain it, who can gain access to the data, what their motivation may be, and, most importantly, how that can affect our lives and our right to privacy.

    Surprisingly, only about half of the states guarantee patients the right to examine their medical files. Under the California Health and Safety Code, section 1795, health care providers must allow a patient to inspect his record within 5 days of a written request or provide a copy within 15 days [1]. I had no difficulty obtaining a copy of my medical report. My HMO faxed me a consent form, which I signed and returned by mail. Approximately two weeks later I received my copy, which was a printout of a computerized file. They charged a fee of 25 cents per page, and I noticed that the copy came from third party, not my HMO. The record contained detailed information about each doctor visit, laboratory results, prescriptions as well as my family medical history. Other data typically included are substance abuse, smoking and family relationships. I was relieved to find no inaccuracies. It also pleased me that my HMO uses a medical record number to identify patient records instead of the social security number. That makes it a little harder for an outsider to access my file.

    The information in my medical record comes from two sources: the doctors who have examined me and the information I have provided. The HMO obtained my medical background from the lengthy questionnaire that they asked me to fill out at my initial visit. I remember resenting the personal nature of the questions and the time involved as well as wondering about the relevance of "ancient" information. Nevertheless, I still provided the answers. The reason they ask for the medical history is so the doctor can get to know me better according to the staff. I have on several occasions had doctors ask questions that clearly showed they did not read the form I filled out. That makes me wonder how many physicians actually take the time to "get to know me better". Another reason for the questionnaire could be that the medical organization’s liability insurance requires it to be thorough, and it is convenient to gather a patient’s medical history at one time. As patients we can choose not to provide personal medical details until there is a specific need, however. This is one area over which we have some control. The advantage to this approach is that when a problem arises, the doctor will only ask for the part of our medical history that is relevant. Thus, we avoid having personal medical information sitting in a file without a good reason and reduce the potential for misuse.

    As far as I know, my medical record has not adversely affected my life. There exist, however, many threats to the privacy of medical records that can negatively impact people’s lives, often without them knowing it. According to the Electronic Privacy Information Center (EPIC), a public interest research center, one type of threat can be categorized as administrative errors, which include "compromised accuracy, misuse by legitimate users, and uncontrolled access" [2]. Incorrect data can range from harmless mistakes to potentially serious errors such as a wrong blood type or diagnosis. Possible misuse can include medical employees selling information about patients or doctors over billing insurance companies.

    With the possible exception of small, independent medical practices, medical files have become fully computerized. On one hand it can help protect patients’ privacy if security measures such as passwords are added. On the other hand computerization can decrease privacy protection by collecting large amounts of data in one small area and making access available from remote locations via networks according to the EPIC [2]. Thus, an unauthorized user who gets into the program has access to possibly tens or hundreds of thousands of medical files. Furthermore, someone who is clever may be able to disguise the fact that he accessed the system and never get caught.

    Some instances of harmful consequences happen when unrelated parties, i.e. people outside the patient-doctor loop, acquire access to your medical records. Before they issue a policy or set the rate, insurance companies require you to sign a consent form that gives them access to your medical information. David F. Linowes states in his article "Your Personal Information Has Gone Public" that this authorization form has been described as a "search warrant without due process" [3]. He says it leaves a person very vulnerable because the waiver allows the holder to legally obtain information about the person from any source. Thus, unless you limit the consent form to your medical file with Doctor X, you do not control the type of information that the insurance firm uses to deny or offer insurance. If inaccurate and damaging information is obtained, you may get the health or life insurance policy at an unreasonably high cost or not at all without knowing why. To be fair, insurance companies have a genuine need to assess the risk of insuring you, and your medical record is very relevant to them. One way insurance firms obtain your medical data without your knowledge or consent is through the Medical Information Bureau (MIB). According to the Privacy Forum, a moderated digest that discusses privacy issues related to the information age, the MIB is a medical database with approximately 15 million files run by the insurance industry [1]. The purpose of the database is to detect fraudulent applications, but the data can also be used for marketing.

    Your medical record can also affect your ability to get employment. Employers may want to review an applicant’s medical background if they have experienced frequent absenteism from past employees. Businesses may also want to know about any medical conditions that will affect the cost to insure the applicant. Another reason could be that an employee appears to abuse the company’s sick pay. These concerns are valid, but unless the prospective employee has agreed to release his medical record, he will not be aware that the company is using it in its evaluation. Furthermore, the applicant will not be able to address the medical issue. There is also a real possibility of discrimination due to the stigma associated with certain diseases such as HIV. According to the Privacy Forum federal law protects medical privacy in workplaces with more than 25 employees. Employers are not allowed to ask about medical information or require a physical examination unless they require it from all employees. This law does not protect those who apply for work at small businesses, i.e. firms with fewer than 25 employees. Some companies use the services of investigative firms to obtain medical reports without authorization according to David F. Linowes [3]. In addition some drug companies have deals with doctors and hospitals which let them use patient information to market specific products according to EPIC [2]. Still other unrelated parties that have access to medical records include government agencies that want to verify Medicare bills or worker’s compensation claims.

    Our medical records are clearly not as confidential as we would like to think. In fact, they can be accessed by many different people and organizations through legal or illegal means and with or without our knowledge.

    References:

    1. PRIVACY Forum, URL: http://www.vortex.com/privacy/prc.med-8
    2. Electronic Privacy Information Center, URL: http://www.epic.org
    3. Linowes, David F. (1996). "Your Personal Information Has Gone Public." Computerization and Controversy: Value Conflicts and Social Choices. Academic Press, San Diego.