A lone hacker saddles up to his computer, cracks his knuckles and begins to hammer away at the keyboard. With his agile mind in full code-breaking mode, the intruder maneuvers his way through all system defenses and sidesteps all passwords, until ultimately the hard drive of a computer located miles away gives way and greets this unwanted visitor with a "Welcome."
With a few quick key strokes, rushes of information suddenly cascade down the screen: name, date of birth, complications of pregnancy, details of an appendectomy at age 12, plastic surgery to repair the subject's ear, signs of possible alcoholism, recurring visits to an out-of-town therapist. The data flows endlessly. The hacker then downloads the information, leans back in his chair and smiles at his success.
What's even more frightening about this scenario is that in the not-so-distant future accessing this information could be legal--and it might be your future employer or insurance company sitting at the keyboard.
Although this scene might appear plucked from any number of recent fictional creations in print or on the big screen, according to Lawrence Gostin, an expert on privacy and medical information, it's not all that far-fetched. Right now, computers can store vast amounts of data on an individual that can be easily retrieved. Thus, the inevitable question has surfaced, Who should have access to this information?
And the U.S. Congress has given itself until February 2000 to come up with an answer to that very same question.
For those still worried about Big Brother watching, Gostin says there is one more thing to worry about: Big Brother is also keeping notes.
"It's no fairy tale. If people realized how much medical information is seen and used right now they would be very concerned about their privacy," says Gostin, a professor of law at Georgetown University and of law and public health at Hopkins' School of Hygiene and Public Health.
Gostin will engage this privacy issue on April 24 in a lecture titled "Privacy and Medical Information," which is the first in the Robert H. Levi Lecture Series in Bioethics and Public Policy. The lecture, sponsored by the Bioethics Institute at Hopkins, will take place at 4 p.m. in the Norman I. Schafler Auditorium in the Bloomberg Center on the Homewood campus. It is free and open to the public.
The Bioethics Institute was established in 1995 as a university-wide endeavor to bring the moral aspects of health policy, medical care and the sciences to the forefront of scholarship and practice. The Robert H. Levi Lecture Series was established last year in honor of Levi, a Hopkins alumnus who served on the boards of trustees of both the university and hospital for three decades prior to his death in 1995. The goal of the program, according to Ruth R. Faden, director of the Bioethics Institute, is to raise the level of ethical discourse about critical issues in medical and social policy, such as medical privacy.
Since 1994, Gostin has been at the forefront of this medical privacy issue as chair of the privacy and medical information section of President Clinton's Task Force on National Health Care Reform. Gostin also serves on advisory committees of the World Health Organization, the Council of International Organization of Medical Sciences, the National Academy of Sciences and the U.S. Centers for Disease Control and Prevention, for which he was recently asked to write a model of statutes for privacy standards.
The lecture comes at a time when the U.S. Congress and Department of Health and Human Services are considering new federal regulations and laws to protect personal health information and limit its use. The foremost of these is the Medical Records Confidentiality Act of 1995, also known as the Bennett-Leahy bill, that is currently back in Congress. Congress's self-imposed 2000 deadline, according to Faden, makes this lecture even more timely.
Faden says that both the public and medical worlds need to confront the issues of using medical information. For example, medical practices such as genetic research, which is able to determine which individuals are more likely to develop cancer in their lifetime, have many moral implications, such as if that individual will be looked at differently by employers and insurance companies.
"We think this issue of privacy is enormously significant," Faden says. "It's riddled with moral concerns."
"Right now we protect someone's banking records more than his sensitive medical information," says Gostin. "We just have no adequate laws to protect the improper use of buying and selling this information."
For instance, Gostin says it's no coincidence that an individual with diabetes or AIDS will be contacted by a marketer with information specific to his disease. Organizations that currently have access to personal medical and financial data, he said, may include your employer; medical care providers; public health departments; the Internal Revenue Service; banks; the Department of Defense, if you've been affiliated with the military; and insurance companies.
Gostin says his lecture will paint a vision of the future in which every American will have a longitudinal patient record, that is, all medical events pre-birth to death stored in one neat location.
Gostin said one of the "big risks" with many agencies having access to this information is the potential for an insurance company or employer to deny coverage or employment.
"If you have HIV or a mental illness, insurers might put a cap on coverage to exclude that particular illness. Or if you have a high risk of developing breast cancer they just won't insure you," Gostin says. "Each person in the future might have a medical diary that could affect his employment."
However, Gostin says access to medical information is certainly not a black or white issue.
The benefits of the collection of medical data are that it saves time and money compared to the old filing system, and it also aids clinical decision making and public health issues by making it easier to access information such as what children are immunized for certain diseases and to track the progress of a new infectious disease.
With all this medical information readily available, "the potential for benefit is very large," Gostin says. It means better research and, in turn, better treatment of the public.
Yet, Gostin says what is sorely needed are laws that govern the use of this information.
"We need this information to be used in a fair and secure way," he says. To that end, Gostin is backing legislation that calls for consent to be given before medical information is used, and that allows individuals to review or correct their own records.
Faden says she hopes that people will leave Gostin's lecture with a better sense of the privacy issues that face public health so they can make informed decisions about pending legislation.
"I hope those who attend will start to think about privacy issues more proactively," Faden says. "We can't pay attention to all the issues; but I think that after this lecture folks are more likely to pay attention to this particular issue."