Ethical implications of the computerization of the patient data

Gonzalo Herranz, department de Humanities Biomedical, University of Navarra
University Secretary of the Central Commission of Deontology of the Organización Médica Colegial (OMC)
Intervention in the roundtable on Ethical implications of the computerization of the data of the patient.
III International Symposium on Nursing Diagnoses: From Nursing Conceptualization to Computerization
Pamplona, May 25 and 26, 2000

Introduction

The organizers of the Symposium have asked me order to offer some general ideas to serve as an introduction to topic about which we are going to talk.

There are many reasons that militate in favor of the application and use of IT resources in the care that doctors and nurses provide to their patients: no one disputes that it is a complex task and that it requires overcoming a lot of resistance. But no one reasonably disputes that a well-integrated, well-structured, well-spoken electronic medical record can contribute to improving the quality and continuity of patient care; it can significantly help to reduce the issue of errors and omissions; it facilitates the use of the clinical and care data as raw material for the audit of management and for the work of research; It opens up the possibility of informing the patient more promptly and efficiently, both during the course of the illness and at the time of discharge; and, most gratefully, it alleviates the problems of storing and retrieving the enormous mass of information that accumulates, and which is growing every day, in outpatient clinics and hospitals.

But we all have more or less sobering experiences that, with these formidable blessings, computerization brings problems and risks. Some of them are catastrophic, such as the destruction, invasion or theft of entire archives, the systematic adulteration of data. Others, equally serious, but underhand, such as the progressive deterioration of confidentiality, the erosion of the respect we owe to patients, the opacity that the machine can cause in the human aspect.

As with all other technologies and their inherent risks of dehumanization, clinical informatization must be guided by ethics. Ethics and technology must work together to achieve a bountiful harvest of benefits and eliminate the greatest contingent of misfortunes. It may therefore be interesting to discuss, albeit briefly, the more general ethical implications of the problem, to be followed by Professor Montserrat Busquets' discussion of the details.

From the point of view of professional ethics, we can work in a computerized environment with a great deal of freedom and ease if we are able to guarantee adequate protection of the data that we enter in our patients' records. In this way, we will respect the patient's right to the integrity and privacy of the information he/she has entrusted to us.

This obliges us to do two things: to be sufficiently competent in the technical handling of the computer. And, above all, to be sufficiently humane to treat with dignity the patient for whom we are the data.

Some definitions

Before going any further, it is useful to recall what we are dealing with. For the sake of brevity, I will limit myself to giving, from an ethical perspective, the definition of the right to privacy, confidentiality and protection of data.

The right to intimacy (privacy) is the power of each person to determine for him/herself the Degree in which he/she wants to share with others the information that concerns him/herself. In ordinary health care circumstances, it is the patient's right to the secrecy of the data that he/she discloses or that concerns him/her personally, and to have these data protected from spurious uses or unjustified knowledge dissemination .

Confidentiality is the deontological-professional - and, in many cases, contractual - duty of physicians, nurses, midwives, managers, secretaries, administrators, computer technicians and staff assistants, that is, of all those who work in the health care setting, to keep secret all information they have about patients, regardless of how that information has been generated, acquired, collected, stored, processed, retrieved or transmitted.

The protection of data refers to the entire set of measures that safeguard data and computer programs from unwanted alterations, whether intentional or accidental, and which result in result the knowledge dissemination, modification, destruction or loss of information or data.

The protection of data implies the ethical (and also legal) duty to implement two types of technical measures.

Some of them refer to integrity of use. Use integrity includes measures that protect against unauthorized access to programs and data. It ensures that the clinical data and administrative data are seen by the right people and no one else; that they are not only at receipt from casual onlookers or hackers skilled in snooping through banks of data, but also from the negligent carelessness of their guardians.

Other measures rela te to the integrity of data and programs, which means that material or processing failures that could lead to inaccuracies, losses or unintentional errors must be actively avoided and prevented; that instrumentation and backups must be periodically renewed; that operating errors and physical damage to instruments and networks must be detected early; that repositories and banks must be protected against damage by bomb, fire or flood; and that, finally, that the storage and storage facilities must be protected against damage by bomb, fire or flood; that operating errors and physical damage to instruments and networks must be detected at an early stage; that the data repositories and banks must be protected against damage by bomb, fire or flood; and that, finally, appropriate measures must be taken against any malicious external invasion not only to snoop, but also to adulterate, steal or destroy.

The secrecy and protection of data implies a lot of duties, which must be carried out by all of us. Therefore, we have to talk about shared responsibilities.

Shared responsibilities

It might seem that the guarding of confidentiality or the care of the integrity of use, of data and of programs, are functions that, only in very small part, concern the nurse, they are the nurse's responsibility. It is obvious that many protective functions of data have to be decided and implemented by those who manage the organization at its highest level. Indeed, they, the managers, with the indispensable financial aid of the IT technicians, must determine the stratification levels of the most general responsibilities; they must regulate who can produce, store, access and use the data, at what levels and with what procedures; they must indicate which channels are to be used for each subject, whether healthcare or administrative, for patient information; they must determine whether and which encryption and decryption systems are to be used; whether or not controlled gates are to be created to divert data from one side to the other, in relation to the more or less sensitive nature of the information transmitted or deposited. They must also determine the structure of the internal network , the distribution of terminals, the allocation of programs, user access. And, as the ultimate responsibility, they have to decide if, how and where to connect the internal computer system with external networks.

But once all these decisions are made and the tasks are underway, the responsibility for keeping the system active and ethical falls on everyone. A computer system, no matter how advanced and secure it is at design, cannot indefinitely withstand neglect, chaos, lawlessness or malevolence. Just as important as the technical infrastructure of tools, networks and software, is that all users commit to following the ethical rules for the use of the system. And comply with them.

It is necessary an ethical commitment among all, to attend constructively to the maintenance and innovation of the system. It is very difficult to leave a safe and familiar plane, to move to a new, promising but unknown territory. Tensions can develop between the incorporation of new programs and advances and the rigorous application of routines. This is the moment when the hospital has to function as a moral, well-knit unit that assumes collective responsibilities.

But always, for innovation as well as for the navigation of Wayside Cross, everyone needs to adhere to certain principles of action. I believe that sending the problems that repeatedly arise on the hospital's computerized work to committee can be a good opportunity to keep committee awake and to make everyone more sensitive to ethics.

Principles of action

The entire work of the nurse must be guided by the protection of the dignity, life and interests of the patient. As the agreement of Biomedicine of the committee of Europe says in its article 2, on the primacy of the human being, "The interest and welfare of the human being should prevail over the exclusive interest of society or science". In case the matter was not clear, the explanatory report of agreement adds: "The whole of agreement, which aims to protect human rights and dignity, is inspired by the principle of the primacy of the human being, and all its articles must be interpreted under this criterion".

When the nurse goes to the keyboard, operates the mouse or moves the electronic pen on the touchscreen, what she has in front of her is not a computer, not even a patient's history: she has the patient himself, a human being who prevails over all the technology. This is a fundamental idea that each of us should deeply engrave in our minds, to avoid the risk of succumbing to the primacy of technology and thus dehumanizing the professional work .

The computer and computer programs, semantics and language, in the nursing process and the nurse herself, are at the service of the patient. From an ethical perspective, not a legal or regulatory one, medical records, nursing records, both paper and electronic, are not primarily the doctor's, the nurse's or the hospital's: they belong to the patients, because they are made for them, to better serve them, to respect them as human beings. The data of the histories refer to real people (I deliberately use this wonderfully ambiguous expression), who provide them, who allow them to be obtained and authorize them to be recorded and transmitted. So we must proceed with stories with the respect, the circumspection, the seriousness with which personal and very personal things are treated. We should be as quick to protect the computer screen from prying eyes as we are to close the door of the room where the patient is being examined or treated, to protect him or her from prying eyes. The deontological obligation to take care of the privacy of the patients refers equally to the body and to staff.

I believe that a few principles can help to understand the contents of this dimension staff of the computerization of the patient's data .

The principle of moderation

When making notes on history, we must limit ourselves to the essentials. It is true that quintessence is worth more than farrago. It is necessary to know how to use the templates, to fill in the indicated gaps. But there must also be a clean screen to express oneself concisely and gracefully. Narrative can be done on the computer and of very high quality. But accuracy is not only a matter of style: it must be a mental and ethical habit. It is necessary to select what is to be reviewed. Austerity should be the guiding principle. Do not accumulate superfluous information, keep only what is relevant. With a few sentences rich in meaning, order is better preserved, readability is gained, the story can be understood by others in a univocal way and without wasting time. It is not advisable to get carried away by the capacity of computer systems to store huge amounts of data.

Special care should be taken with sensitive information. Many problems would be avoided if only the truly necessary data were collected and the irrelevant, informal and potentially compromising ones destroyed as soon as they are born. A universal deontological rule obliges to moderate curiosity about the patient's personal or social weaknesses. Details that, if revealed, could put the writer in an embarrassing or guilty position, should never be recorded in histories.

We cannot forget one basic thing: that, as a legal and ethical principle, personal data can only be recorded if the data subject has given his or her unequivocal consent. Nor can we forget that the data subject has the right to access, freely, without restriction and at reasonable intervals, without excessive delay or expense, these data; that he/she has the right to civil service examination, which allows him/her to delete, rectify for his/her own legitimate reasons these data. Only in ethical respect is it possible to create and maintain these files. Let us keep the information at a human level: in its contents, in the style in which it is recorded, in its measured quantity. Excess suffocates information; moderation makes it shine.

This principle of moderation will help us to remain humane. It seems to me that, if not, there may be a curious risk of computerized incarnation, of a kind of defensive medicine in which the safety of the person making the history is sought more than the service of the patient. The CEDM of 1999, says in its article 18.2: "The physician must not indicate examinations or treatments that have no other purpose than his protection. Defensive medicine is contrary to medical ethics".

Principle of transparency

Respect for patients and their loved ones requires an important task from Education, much easier today than a few years ago. The public's expectations regarding the safeguarding of confidentiality and the role of the computer in their health care are much better served if we are explicit and honest than if we practice concealment and deception.

Patients have the moral and legal right to know what uses can be made of the information concerning them, who and under what conditions have access to the different categories of data (personal, clinical, financial, statistical) that are obtained and processed about them, in the hospital, in public bodies, in private insurance companies.

We live in a computerized culture: the personal data constitute the subject raw material of a gigantic industry, in which the electronic footprints that one leaves behind with one's credit cards, airline tickets, Internet purchases, records of entries in the network pages, prescriptions dispensed in pharmacies, and so many other things. The deontological rule says that no medical data bank can be connected to any network of data non-medical . But no one pays any attention to that anymore. We are all connected. No one is safe that files cannot be invaded by viruses and hackers capable of circumventing all security and encryption systems.

In any case, it is necessary to create in everyone a confident disposition towards informatics. But that requires the loyalty to be at least as enthusiastic about protecting the human values of the patient as we can be about technical efficiency. We must create an environment, a culture, of openness and transparency. If not, the performance of informatization will be meager and we will find ourselves embroiled in endless ethical and legal disputes.

Principle of responsibility

The principle of primum non nocere obliges us to avoid in all circumstances any gratuitous or disproportionate harm to patients. The need to be, in the IT environment, very careful and responsible becomes clear when one thinks of the enormous damage that can be caused by errors in the operation of records or negligence in remedying repeated blunders. There has to be a fine sensitivity both to detect and immediately remedy mistakes made, and to exploit the computer's ability to prevent imminent or remote errors from being made.

The principle of responsibility has a profoundly ethical manifestation: that of not diluting oneself in anonymity, of not turning the computerized environment into a house of touch me Roque. The computer must be accessible to doctors, nurses and assistants, each one at his or her own level, with his or her own password to enter, and with his or her specific functions well defined. But everyone must sign what they write. The deontological responsibility, says the current Code of Ethics and Medical Deontology, does not disappear or is not diluted by the fact of working in a team. The use of the electronic signature is, in this sense, a valuable financial aid to be implemented and authenticated. The signature is the seal of responsibility.

Principle of universality

Ethics must govern the use of all IT resources: not only the computer and computer networks. The transmission of data by e-mail or fax, by mobile connected to network and the use of all the virtualities of telemedicine and smart health cards, can bring enormous advantages in improving health care and will save many lives.

When using these resources, we must not forget that we are still bound by the strictest ethical standards without exception. And we cannot forget either that there are listening and interception systems that, by accident or deliberately, can breach secrecy, so we must know how to use them prudently and take measures that favor their security and protection.

The wonder of information technology is not just that it makes us more efficient. The real wonder is that it will help us become better people, more sensitive to the rights of others.