Harvard Law School Berkman Center for Internet & Society The Berkman Center for Internet & Society at Harvard Law School
Home

projects

Teaching
Research
Advising
Advocacy

get informed

The Filter
Email
Feeds
Podcasts
Publications
Books

about us

Mission
People
Newsroom
FAQ
Contact
Clinical

search






















SocialPhysics



Link to us

Privacy in Cyber/Spaces

May 13, 1998

 

RICHARD SOBEL: Good afternoon. I'd like to welcome you to this panel discussion today about privacy in cyberspaces. I'm Richard Sobel. I'm a Berkman Center fellow and a political scientist. I appreciate your all coming out, particularly the students. This is during exam period, so we're glad that you could join us.

I think we have a very interesting panel today on government databanks and identification, particularly medical and other instances. I'll let the panelists speak for themselves. We're going to start out with an introduction from the director and founder of the Berkman Center for Internet and Society, Professor Charles Nesson.

CHARLES NESSON: Welcome. It's a pleasure to have you all here. Yes, indeed, I am the director of the Berkman Center. The Berkman Center was founded with a bequest from a guy named Jack Berkman, his widow Lillian. They got started in the greeting card business. They kind of went into cellular, and before you knew it, they were into digital in a way that led them to a fortune, which they fortunately left, at least in some significant part, to Harvard Law School to fund the Berkman Center.

The mission of the Berkman Center is to understand how law works in cyberspace. There's a little bit of a query right on that sentence, because at least my disposition is that law has a pretty limited role in some sense in cyberspace. The idea of studying how law develops and how communities function is a subject that doesn't exist in any books. And so the mode of operation of the center is actually to build out into the space, rather than take it as a traditional academic subject, and confront issues as we go, study them and see if we can make progress with rationalizing them.

The first issue, from the user's point of view, as you build out into cyberspace, is privacy. And we in fact have started a little cyber course on privacy, which Molly Shaffer will be able to speak to in I hope a very good fashion. The issue that is a part of this panel, as I understand the question that's of true interest, is that there's a clear cut and deeply powerful conflict emerging with respect to issues of privacy. On the one hand, we see things like the health care system striving to develop standards. And when you look closely at why they want the standards, it's because they need it for their credibility. They have been impeached by the profit motive that drives it. And they're looking for ways to say, no, we practice good medicine. The very process, though, of articulating that in some form that's credible, calls for the development of much more elaborate information systems that allow audit of decisions with respect to patients. This is an honorable enterprise to accomplish, and at the same time clearly poses enormous possibilities for use and misuse of information that's acquired.

Likewise, on the national security front, we've just seen a Department of Defense simulation of virus warfare spread along the Mexican border, with a simulation that produced not a rational response with evacuation and containment, but rather a breakdown of the relevant agencies into squabbling that stalemated, with contagion taking over. This clearly is a prelude to the Department of Defense recognizing the need for greatly elaborated information systems for purposes of doing containment with respect to any form of network infection, whether it be biological or electronic. And what that containment system inevitably suggests is audit trails so that when damage is done, it can be sensed and responded to in a ways that create containment. This also is an extremely powerful force, pushing in the direction of much elaborated information systems, and comes up once again against the notion of privacy.

So for me the key question is, how will we go forward into the future? Can we identify, can we develop a process by which our sensibilities about privacy are lined up with the actual practical steps that have to be made so that each can be flexible in a way that produces a resolution that enables us to have excellent health care, excellent security, and an excellent sense of personal privacy.

So thank you all for coming. I greatly look forward to this panel. It's just a great panel. And Richard, I turn it back over to you to do the introduction and get us underway.

RICHARD SOBEL: I should have mentioned in the introduction that Charlie was also the moderator for the PBS series, "The Constitution: That Delicate Balance." And particularly because we're talking about government databanks and identification schemes, where constitutional questions come into the fore, that's wholly appropriate.

Let me give you a quick overview of what we're going to do. And we've put on the board who various people are. We are in order on the panel, so you can follow various people. And there will be a reception afterwards, where you can interact informally with people. But we're going to talk about generally the issue of privacy in cyberspaces. And in cyberspaces because we're talking about more than one government databank or identification scheme. We have the good fortune of having people on this panel who are, their special expertise is in medical privacy. And that will be the focus. But at the end, we will expand this into larger questions of privacy in other government cyberspaces.

We will begin with Phyllis Freeman, from Umass; then Denise Nagel from the Coalition for Patients Rights will speak. Philip Caper from Codman Research Associates will speak. And then Harold Bursztajn from Harvard Medical School. This will be our sort of subpanel on medical privacy.

Then John Roberts from the ACLU will talk about other government databanks and questions. And Molly Van Houweling, who is a graduating law student and one of the editors for the Journal of Law and Technology will talk about the cyber course, "Privacy and Cyberspace," which is one of the inspirations for this panel and is run by Arthur Miller, who is one of the codirectors of the Berkman Center, and also one of the pioneers on the question of privacy.

So I think we have quite an exciting panel here. We will have the presentations, and we'll go back and forth between the panelists. And then we'll open it up to what I hope will be wide audience participation, which will continue on at the reception next door afterwards. So with that brief overview, let me go to the first presentation.

Our first presenter is going to be Phyllis Freeman, who is at the far end of the table. She is professor and chair at the Law Center in the College of Public and Community Service, and on the faculty of public policy at the University of Massachusetts in Boston. She is a lawyer and also a senior fellow at the McCormick Institute of Public Affairs. Earlier in her career, she served as counsel to the oversight and investigation subcommittee on energy and commerce in the US House, and she's been a scholar in residence at the Institute of Medicine at the National Academy of Sciences. And she has written a very interesting paper which, although there is not time to present, she will be summarizing it, on the health data privacy debate.

PHYLLIS FREEMAN: Well, Richard gave me a very interesting and challenging assignment, which has about 24 parts for 12 minutes. So I'm going to try not to talk in code, but hope that some of the points that I don't explain what I mean, I'm taking it on faith that my colleagues up here will be taking those issues on more so that I'm going to try to get away with that in the interest of time.

I think the first thing I want to say is that in order to understand this year's version of the health privacy debate, one needs to understand what it is that the Congress has been up to most recently, because this debate in many ways has been going on fairly unchanged for 25 years. But the thing that's unique, I think, to the last couple of years, is that the Congress passed a law in 1996 called the Health Insurance Portability and Accountability Act.

And the public is familiar to the extent you may or may not be of this is known as the Kennedy-Kassebaum Bill in its earlier years. And I think of it as sort of the dregs of the Clinton health care reform. It contains one provision that talks about if one is lucky enough to have health insurance, and you move from one job to another, that the insurance industry is not able to cancel you out in your excursion across town, but you have to be able to pay for it. So it doesn't solve very many problems. But that's what it's known for.

The reason it raises such incredibly difficult issues in terms of privacy is that it has some elements known as the administrative simplification provisions, which do several things which I think will be sort of fundamental to what we talk about today. One of them is that it insists that there must be a unique patient identifier for everyone who participates in any kind of medical services in this country. And another is, it says that there shall be a uniform standardized electronic dataset used for any information in transactions that involve administrative and financial issues. So any transactions involving money and administration of the health care system, a unique identifier is critical to making that work.

So those are the things that characterize this moment in this long debate. The other piece that makes me totally dubious about if we can expect any reasonable law to come out of the Congress, aside from having worked there for three years, is that the Congress has set itself a deadline for setting privacy policy and writing a law for August 1999. An while this deadline has been known since 1996, I don't think we've made extraordinary gains towards clarifying the issues, never mind resolving them.

Richard asked me to explain a little bit about where this support and enthusiasm for these provisions comes from. But that helps us understand what the privacy struggle really is about. In the shortest form, I would say that what I have to remind myself and my students all the time is that most health legislation isn't about health. And this is no exception. It's about the economy. It's about global competition of industry and the cost of health care insurance and services and the whole system we run, and that everything else is footnotes, from my point of view. And so the people who are the most enthusiastic participants that led to this piece of legislation and the administrative simplification in particular, I would suggest, are the folks who are most concerned with billing and with managerial aspects of the health care system, from enrolling people, figuring out eligibility and those sorts of concerns. And another group that were very concerned with curbing fraud and abuse, which by some HHS estimates amounts to something like 10% of our trillion dollar enterprise. So we're talking big billions of dollars worth of investment there.

There's another set of enthusiasts who I would categorize differently, and those are the folks who I think are very concerned with the quality of clinical care and really improving clinical outcomes. And there is a group of them who have enormous enthusiasm for datasets and sharing and linking them. So I would guess, and others may have other points of view on this, that the most enthusiastic proponents of this part of the legislation that sets up the struggle over privacy don't come from the health world, though there's a very important subset who very much do.

My concerns in even getting to raise what the privacy issues are is that we really are very likely to end up with very poor law in this area from my sort of humble confrontations with the debate. And it has to do with how incredibly complicated it is, when you're talking about thousands of data elements and how they might be handled, and for what purposes they might be used, and a public who is largely unaware of most of the implications for themselves, never mind for society 10, 20, 30, 50 years from now.

We've been having this same debate with many of the elements being the same for at least 25 years, since computers became a major piece of our lives. And there's a literature filled with the same sets of principals on privacy and the same issues, including many conclusions in the reports that say there's been widespread trafficking in health records that has been very damaging to individual human beings. And this has been observed through many of the studies. And we've never resolved it. So my first issue with the privacy debate that makes me not optimistic is over 25 years, is we haven't gotten very far.

Secondly, I think the commercial forces that make the stakes so high have only gotten more intense, which doesn't make it easier to resolve in a way that's going to make a lot of people real happy. And I think as it gets more complicated, the likelihood of democratizing the discussions so that more people really knowledgeably participate in it, and are explaining what the stakes are for them, is much reduced as well.

The paper that Tony Robbins, my colleague, and I wrote, which is, there are copies of it around somewhere, really grew out of my concern with a kind of lack of discipline I found, probably not in the level of folks who are participating in this panel, who are very sophisticated about the issues, but maybe one level down in the operations of the health care system, all the record room people, and lots of folks who handle all of these records all the time, who I would sit in on policy conversations in the wake of this new HIPAA law, and discover that they weren't talking about the same thing at the same time, almost ever. They would be having what they thought was an intense policy debate about how we ought to handle privacy. And come to find out, they weren't talking about the same data elements. They weren't making the same assumptions about how identity would be handled, whether it was clearly identifiable, coded, identifier stripped and anonymity except for some code keeper, who was supposed to be the point person for security. And so the conversations in my experience became almost absurd, because the assumptions people were making about what policy issue it was they were discussing and trying to resolve bore almost no resemblance, even in relatively small groups of folks who did this for a living all day long.

So I sort of said to myself a real big oops and started thinking about, if I got to be the czar for disciplining a discussion about these issues, how could we begin to even talk about the same thing at the same time, and then work our way up towards what do we understand and therefore know whether we disagree or agree about? And what don't we fundamentally as a society of fairly sophisticated participants not even understand well enough to have an opinion about? And I find that there are a number of issues that I don't have an opinion about yet because I can't figure it out. So I wanted to help people sort out where we're clear and less clear, with the notion that it's easier to make policy on things that you can define and describe than it is about things you can't.

So the paper really gets at the first issue I saw as critical, which is most of the people who talk about these things all day don't use the same terms and don't use the same assumptions. So there's sort of a pitch in there in the first part of the paper for a way of reproducibly describing any data transaction in terms of what's going where, for what purposes, who's going to use it, and who's going to get the primary benefit out of that transaction. And we don't have that in my view. That's sort of point number one.

Point number two in the paper suggests a way to start in on that is, if we could get to the point where we're actually talking about the same thing and could get close to understanding where we agree and disagree and which issues we understand not at all, we could then have a discussion to discover where we agree on what the purposes of data use ought to be in various areas. And how much we agree or disagree about that. For example, the situation that most people are familiar with is the medical care situation where I always assume that the person who's supposed to be the primary beneficiary is the patient. And that's a situation where individuals trade privacy against more people being involved in their medical care because they might contribute something that would make the outcome better. And you'd trade off privacy to get the services paid for, because otherwise it's going to be tough to come up with, and you might get denied a service you want. So that's a situation that I think most people are fairly familiar with.

There are endless policy issues we haven't resolved, like how much information needs to go where, and at what level of identification to get claims paid for. There's an uproar in there. But there are also some issues that we can talk about fairly sensibly.

Another area is the commercial use of data where there are lots of industries that have an enormous interest in the economic value of the data and want very few restrictions, because the greatest economic gains is from being able to be innovative and use it in as many ways as possible. From a policy standpoint, I have a very simple view of this. I don't understand why personally identified health data should ever be available for commercial exploitation without the knowledge and consent of the data subject. And I'm prepared to have the industry try to explain to me and all of us why that's not right and convince me there's some interest I don't understand why I should feel differently. But I have yet to have that presentation made or for me to be convinced.

Then there's what I think is the most complicated area that worries me most in the long run in terms of the public debate, because I think it's gotten the least attention. And that is that there are a whole series of public purposes for which we use data. For example, health research that helps us understand which interventions actually help people recover from serious illnesses better than others, public health interventions that help us prevent exposures that can cause diseases that may not need to circulate and cause our population problems.

There are a lot of folks concerned with how to run an orderly society with the law enforcement system. We license health facilities. We certify professionals who can participate or not based on their credentials. And for all of that, we use data. Some of it is personally identified. Some of it is not. And there are different experts who have a grip on how we've done things and what's good or bad about it and what privacy issues it’s raised, and how we might think about that more sensibly in the future. And they don't talk to one another. They don't speak the same language. And I don't understand all those issues. And what I discovered along public policy discussions is that people lump all those together as though you can come up with a way of resolving that's really very simple and compact and won't have a major implication on my major concern, which is I would like health care legislation have something to do with improving the health of the entire population. And I'm very concerned to understand the data issues in such a way that we make that possible at the same time we're concerned with individual privacy.

And what I feel overwhelmed by is the humbleness of the debate, that's a very kind word, in terms of how much we can expect that the Congress is going to understand about those issues when the issues are framed right now in terms of a knock down, drag out struggle between the industry that doesn't want to be restrained and the folks, some of whom are here who can explain it very clearly today, about what the implications are for individuals who may suffer from that in a health care system. And then maybe Phil Caper can help us understand some of the things we can do about health if we use data carefully. But it's not without privacy complications. But those issues are becoming a step-child in the policy debate, and I don't expect they'll be discussed very successfully, never mind resolved. So that's my dilemma.

RICHARD SOBEL: Thank you, Phyllis. I think that presents very well a quick overview of a very complicated subject and the kind of dilemmas that we as individuals are facing and this panel is facing to try to get some clarity on. So that's a good way, I think, to get us started.

Our next speaker is Dr. Denise Nagel, who is the executive director of the National Coalition for Patient Rights. The national coalition is a non-profit organization that is dedicated to restoring medical privacy through advocacy and public education. In addition, she is a clinical instructor at Harvard Medical School, and she has testified before key congressional committees on exactly this issue of patient privacy. Dr. Nagel has been widely quoted in The New York Times, The Wall Street Journal, Time Magazine, among others, and she's appeared on ABC News "Nightline". She is a practicing psychiatrist, and she also appeared with Professor Miller and Molly van Houweling and myself recently on, appeared isn't exactly the right word. It's a cyber course which, is anybody here in that cyber course? It's a course in cyberspace on privacy in cyberspace. It's the first cyber course that the Berkman Center has been involved with, and she appeared or disappeared or was virtually there talking about exactly this issue about medical privacy. So we will turn the table over to Denise Nagel.

DENISE NAGEL: I guess, Richard, everyone is going to tell what you asked us to do and when. So I will do that, too. I was supposed to discuss today in 12 minutes government databases, patient ID numbers, how patient privacy is affected by all these changed and discuss Phyllis's paper. And I got the paper this weekend, so I'll try. First I thought I would show you just a couple of overheads here.

RICHARD SOBEL: By the way, while Denise is setting up, in various points in the front and in the back, various panelists have brought information on the medical privacy debate. So I hope afterwards you will come down and grab some copies of them.'

DENISE NAGEL: This is my favorite cartoon on this issues. This is lawmaker Neil Haggarty, United National Health Insurance. "Mrs. Snalmaker, put down the cheesecake now, or we'll double your premium." Well, just to set the stage, I wanted to, first of all I just wanted to say on that one, I used to think it exaggerated the situation but was funny. Now I think it's close to the situation.

To set the stage, let me show you a few things I collected recently. The first couple have to do with the corporate mentality, not necessarily from medical records, per se, but just to give you an idea of how people think of data. This came from Database America to one of my colleagues. It was a Dear Doctor letter. I cut out parts of it. "We have supreme patients. Our protocol for picking the perfect patient. Thanks to our advanced information technology, Database American, the nation's premier list company, can help you pull those people from our vast database with the best possible criteria to insure business for your practice." Well, it went on and on, but it also said that you don't have to worry. The patients will see only your distinguished stationary. They didn't mention not the sleazy way you got their names.

This was another ad that appeared in a magazine, the Health Data Management magazine. It says, "Strike it rich. Turn nuggets of data into valuable information." This was talking about health information. This one I didn't have as an overhead. I'm just going to put this silly slide here just to remind me. You can all read that, right? It starts out, "Announcing the finest list of who's got what?" And then it goes on, each of those little lines is telling you how many names and addresses of people with different diseases, incontinence, diabetes, headaches you can get. And it turns out that that list was put together by maximum security prisoners in Texas.

This last one is one that shows not the corporate mentality, but I think what Phyllis was talking about of people trying to assure quality and trying to kind of figure out what the best way of using all of this information. And it's an example of how I think this can go awry. This was an article that appeared in Fortune magazine in May. And it says, "It's not creepy. It's a wonder drug. Can Prozac cut health costs? How far should a health insurer poke into your privacy?" Well, what they did was, they cross linked databases from the insurance company of people using a lot of medical insurance with the database of the employer, Sara Lee, to see who was missing days at work or performing below par or showing up late. The cross linked these to try to identify the depressed patients. And then the article ended, I don't know if you can see it here, "It won't be surprising," in the last column, "if those sluggish workers are told of the wonders of SSRI's," which are the antidepressants.

Well, medical information, as you've been hearing, is a hot commodity. Charles Welch, who is chairman of the Mass. Medical Society's task force on privacy and confidentiality put it this way. "There is a long gravy train forming around medical records. The insurance companies are making money. The politicians are making money. And there's only one party that's paying, and that's the patients."

With this backdrop, I wanted to turn my attention to the paper that was just talked about in brief. And it’s difficult. I enjoyed reading the paper. And most things that Phyllis talked about today I agree with. But in the actual reading of the paper, which I hope you'll all do, there were some differences that I wanted to focus on, because we have just a short period of time. So while I'd like to spend a lot of time saying all the things I agree with, I'm just going to kind of cut to the chase and talk about the things that I don't agree with, or a couple of them anyway.

The paper is presented as a balanced view that sets out a framework for looking at the policies today currently going on. And sometimes it achieves that aim. But unfortunately, embedded in the very description of the parties of the debate that's laid out in the first table, I think there's some bias that doesn't serve us well as a starting point for the dialogue. In this table, the clinicians are listed as just one of about 28 groups that are considered as needed to weigh into the health privacy debate. There wasn't any special status, but are listed as professionals along side of data managers, administrators and law enforcers. Professionals are separated from entities, which include data management firms, employers and insurance carriers. And no doubt, no one would argue that all of these all are parties to the debate. And certainly, no one would argue that they are surely stakeholders in the sense that billions of dollars may be made or lost based on policy decisions. But the problem is no real differentiation is made between these parties.

Now, let me contrast this with the way that the Canadian Medical Society addressed the same issue. "The depiction of physicians as but one of several stakeholders fails to recognize that the information in question has been confided to the physicians in the context of a very special trust. Also missed is the fact that physicians therefore have a greater stake and moral claim to shape policy decisions affecting this trust. Represented as but one of the many groups of stakeholders, the fiduciary perspective is diluted, not balanced."

This may seem like a small point, but actually, I think it is central to the whole discussion of patient privacy, national ID numbers, databases and so on, that is, why do patients share information? They share information because it is their belief that it will be used to make them get well, to heal them. Even in times when people maybe didn't trust the "medical profession" and saw doctors as too rich, they still trusted their doctor, by and large. And one of the critical factors is the fact that the cornerstone of that trust is the privacy and confidentiality of the doctor-patient relationship. People often share such personal, intimate information, that it may be information that they have not shared with another soul in the whole world. The expectation for thousands of years, and I would say right up to the lifetime of everyone in this room, is that if you as an individual, if we as individuals do not want our information to be revealed to anyone else, it wouldn't be, except in very limited circumstances.

Now all of that is changing. And I must tell you that if you don't keep yourself grounded in this simple truth of why people share information and how they expect it to be used, you will find yourself on a roller coaster of confusion. I often do myself. I get into these policy debates, and I get just terribly confused, until I kind of ground myself and come back to that central point.

Contact | Newsroom | Legal | Employment | Sponsors | Site Map | Berkman Internal