Hippocrates revisited? Old ideals and new realities
© The Author(s) 2008
Received: 16 March 2008
Accepted: 26 April 2008
Published: 14 May 2008
Individual genomics has arrived, personal decisions to make use of it are a new reality. What are the implications for the patient–physician relationship? In this article we address three factors that call the traditional concept of confidentiality into question. First, the illusion of absolute data safety, as shown by medical informatics. Second, data sharing as a standard practice in genomics research. Comprehensive data sets are widely accessible. Third, genotyping has become a service that is directly available to consumers. The availability and accessibility of personal health data strongly suggest that the roles in the clinical encounter need to be remodeled. The old ideal of physicians as keepers of confidential information is outstripped by the reality of individuals who decide themselves about the way of using their data.
It used to be the pharmaceutical industry approaching you, seeking probands for clinical trials among your patients, and it used to be researchers from academia seeking subjects for biomedical and social sciences’ studies, and recently, it could be a population biobank project notifying you of your patient’s enrollment and her authorization to access her medical records that you are keeping.
Today, it may happen that you are approached by one of your own patients, that you have been treating for years, asking you to make the data from her medical record available, as she intends to contribute these to an open individual genomics project that collects comprehensive genotype and phenotype data.
Individual genomics is there, personal decisions to make use of it are a new reality (Editorial 2008). As a doctor, what should you do?
There are the legal issues surrounding the ownership of medical data that in many countries resides with the patient. But how about that other part of your relationship with your patient—the issues of mutual trust, confidentiality, and protection of privacy?
The combination of health-information altruism (Kohane and Altman 2005) and self-management by individuals of their medical data beyond the assumedly safe domains of the physician’s office and the approved clinical trial seems to undermine the traditional ideal of Hippocratic confidentiality. Many physicians will find the request like that of the patient mentioned above, utterly disturbing. Besides, complying with it may be quite time consuming. We will argue that the traditional Hippocratic ideal has in fact been superseded quite a long time already.
In practice, one-to-one strict confidentiality between doctor and patient is the exception rather than the rule, as the clinical encounter will always include third parties as well. In research, by industry-based or academic researchers, the promise of confidentiality often constitutes a key condition for consent. It is assumed that this promise can be fulfilled through measures of data protection. However, it becomes ever more obvious that absolute data security does not exist. Ethical and legal frameworks for the conduct of human subjects research must take into account that strict confidentiality is not a promise that can be delivered upon. We will give three examples of factors that call the widely held concept of confidentiality in the medical context into question.
First, the flaws in the strategies and the tools used to protect identity and information content of participants in research.
In the past decades comprehensive regulatory frameworks have been established for the protection of personal data. Guidelines for research protocols pay a great deal of attention to describing different modes of coding—e.g., single coded, double coded, and anonymized—in order to ensure the separation of individual identity from information content in data sets. Both in clinical trials and in epidemiological research there has been a strong focus on control of the keeper of the key of the code and on conditions for access, stating under what circumstances the key may be released. The normative framework of ethics and law has addressed exactly this: the actors and the rules. Providing guidance to those conducting research is among the core business of normative ethics and this involvement is to a large extent institutionalized in form of committees, advisory groups, oversight bodies, and the like. In the review process relatively little attention has been paid to the quality of the keys: how reliable are they? Research in medical informatics and statistics has shown that security is often illusory, discussion with patients and research subjects of data protection should acknowledge this (Malin 2005).
Second, the practice of data sharing leads to a further distortion of the ideal image of confidentiality.
Large-scale genomics research confronts us with studies using increasingly comprehensive genotype and phenotype data sets that are being shared among researchers and that often are publicly accessible. Moreover, DNA is an identifier in itself. In this situation, the keepers of the keys to individual identity are applying old rules to new cases. Transporting the traditional idea of confidentiality into the protocols of large-scale genomics research and biobanks, is misleading. The accessibility of data in a databank will become the endpoint of a chain of unsustainable promises of privacy and confidentiality that once started with the Hippocratic ideal in mind, in a doctor’s office (Lunshof et al. 2008). The same holds true for clinical trials: they differ in scale, but data are being shared and allow for reidentification. Remaining silent on this point may cause irrevocable damage to trust in science and researchers. Indeed, study protocols and consent language increasingly include paragraphs on data sharing.
Third, genotyping has become a service that is available directly to consumers. Making use of these easy accessible web-based services is a strictly individual decision, like the purchase of any product or services via internet. However, be it for genealogical, ancestry, or paternity testing, for nutrigenomics or pharmacogenomics purposes, or susceptibility testing for serious hereditary disorders, the client hands over body material and personal information. Both would be regarded as subject to strict confidentiality in the patient–physician relationship.
Obviously, individuals, as patients or assumed healthy consumers do have sufficient confidence in the standards of confidentiality as advertised by the service providers. But, being their own doctor you may get involved as well with their course of action. This will often occur at the end, when patients present you with the test results and seek “medical direction” (Hunter et al. 2008). However, you might get involved at the beginning, as in our case, when a patient asks you to be a facilitator of her decision to engage in research that will make its yet unpredictable findings available, together with previous medical data, not only to herself but to an undefined research community, and in open access studies also to the public at large.
In this new context, mutual trust is the basis for giving up confidentiality and privacy protection. With blurring boundaries between the clinical, the research, and the commercial domain, the roles in the clinical encounter likely need to be remodeled. Direct involvement of individuals in research, through interactive researcher–subject communication may increase transparency and take a burden off the patient–physician relationship. Modern information technology has the tools for direct communication ready at hand. However, in a wired, web-based world individuals should be aware that any personal data that they release—informing about their lifestyle, opinions, or health—may be used for drawing inferences that are very detrimental to their lives. This may happen, regardless of whether the data have been made available altruistically, in good faith, or out of sheer naivety. Society can try to regulate the use of health related and genetic data. But, informing people of the potential impact of their own decision to go public with their personal data will likely be the first huge challenge beyond the traditional protection of privacy and confidentiality.
This article is distributed under the terms of the Creative Commons Attribution Noncommercial License which permits any noncommercial use, distribution, and reproduction in any medium, provided the original author(s) and source are credited.
- Editorial (2008) Positively disruptive. Nat Genet 40:119View ArticleGoogle Scholar
- Hunter DJ, Khoury MJ, Drazen JM (2008) Letting the genome out of the bottle—will we get our wish? N Engl J Med 358:105–107PubMedView ArticleGoogle Scholar
- Kohane IS, Altman RB (2005) Health-information altruists—a potentially critical resource. N Engl J Med 353:2074–2077PubMedView ArticleGoogle Scholar
- Lunshof JE, Chadwick R, Vorhaus DB, Church GM (2008) From genetic privacy to open consent. Nat Rev Genet 9:406–411PubMedView ArticleGoogle Scholar
- Malin BA (2005) An evaluation of the current state of genomic data privacy protection technology and a roadmap for the future. J Am Med Inform Assoc 12:28–34PubMedPubMed CentralView ArticleGoogle Scholar