***************
Invited Symposium: Integrated Telematic Services and Communication Through Scientific IRC: Virtual User Communities of Biomedicine in UNInet






Abstract

Section 1

Section 2

Section 3

Section 4

Section 5




Discussion
Board

INABIS '98 Home Page Your Session Symposia & Poster Sessions Plenary Sessions Exhibitors' Foyer Personal Itinerary New Search

Confidentiality of Clinical Information using IRC and other Resources


Contact Person: Nora Chaponick (norach@is.com.ar)


Introduction

All we met through the Uninet'(1)snúmeros para pie de pagina IRC. What we have in common is that we think that this medium is not only an entertainment, and when correctly used, it can contribute to the advancement and difussion of technical and scientific knowledge. We wrote a more comprehensive work, impossible to fit due to space limitations, and that's why we have extracted, for the presentation in INABIS98, a part of it. The whole paper will soon be available in the WWW server of the channel "#justicia'' in Uninet(2).

This time we want to suggest two enhancements to make the IRC more secure for the transmission of clinical information, from two points of view; technical and legal. From the technical point of view, some enhancements to the IRC standard are suggested, and from the legal point of view, the adoption of a new form keep medical records, through which it is possible to establish the cesessary legal protection to the professionals and patients alike.

Back to the top.


The IRC service

The Internet network has gone through some phases of developement. In the first phase, the net was a testbench that allowed the development of the communication tools and services in use today. Once the first experimental phase was passed and the net grew, it became a communication medium for universities and research institutions. In this second stage, although experimentation was always present, went to backstage and the net found practical application. Scientists have made a heavy use of the net to send results from experiments, telescope images, email messages among members of sparse research teams... Finally, we have reached the third phase, the commercialization. The number of users has experimented an explosive growth, and this has brought many problems.

Originally, the net was a more or less pacific community, and the access to the network was allowed only to members of the academic and scientific community. Generally speaking, the network has worked thanks to the trust among its users, and, in case of conflict, ease of use and information sharing has had priority over security. In a restricted user community who accept an etiquette, this model has proved useful, except for some isolated incidents.

With the arrival of commercial users, however, this model is no longer useful. There is a demand for services such as telemedicine, electronic commerce, home banking, etc, and, the previously small community of users has evolved to a society with similar problems to the real world. So, the former trust based model must change, and more secure services and tools, capable of offering security and privacy, must be deployed. Unfortunately, most of the tools widely used today in Internet, notably electronic mail and IRC, don't take into account this new scenario, and a user cannot be reliably identified.

Among the emerging applications, one of the best examples is Telemedicine. The Internet can ease enormously information sharing between doctors in very distant places, regardless of political borders, and there have been even experiments in which a doctor has been controlling an operation in a distant country.

An example of information sharing is the IRC service operated by Uninet. The IRC is a chat service in which the users may participate in different discussion groups (known also as channels or rooms), similar to rooms in a building. Although traditionally used as an entertainment medium, the IRC can be a very useful tool for conferencing, at least until a valid infrastructure for audio/videoconferencing be deployed, given the resources demanded for such services. On the other hand, the IRC allows hundreds of people scattered over the world to participate in conversations, with very limited network resources, and so its use isn't reserved only to the most powerful countries, with many network resources. The IRC, however, suffers some of the problems previously mentioned:

  • Lack of privacy: The IRC doesn't include any secure encryption facility, so it is not an appropiate medium for the transmission of confidential information such as medical records, necessary for its application in telemedicine.
  • Lack of reliable user identification: A user can give any name, and there is no means to verify who he/she is.
  • These two problems in no way make the IRC useless, which has proved its potential in some virtual congresses, but the enhancement of the IRC security will make it a work tool with enough reliability and security to be used for communications involving confidential patient data such as medical records.
Currently I'm working on the design of some extensions to the IRC protocol (or a new protocol, it's on a preliminar phase) allowing:
  • Verifying the users' identities through certificates
  • Encrypt information sent through the channels
  • Establish dependable access controls on the channels.
  • A service meeting these goals will not only protect the information degarding confidential patient data from access by unauthorized people.
  • Verifying the identity of people in a secure channel allows to know the credibility of what is said, and even allows for the attriubution of responsabilities, something of capital importante in this field.

Back to the top.


Legal Discussion

The first problem we face, from the Law point of view, is the demand of personal data imposed by the modern society's operational and security needs.

Hence, we must know how to preserve and protect the citizens' rights, and this implies that we must think how information about citizens is gathered, stored, transmitted and broadcast, which is the technology currently available and which is the applicable law either nationally or internationally.

On October 25th this year, a new directive about personal data protection (95/46/CE)(3)was passed.

The accelerated development of the modern technologies, which makes possible the correlation between the personal data mentioned, makes it necessary to establish the limits to the control over the rights of the citizens against this advancement. Current doctrine and jurisprudence in all the countries has done so and will do it in the future. And this is because, as German Law(4) states, in this way a datum carent of interest in itself can gain a new value, and so there is no useless data when automatic data processing applies. Both have stumbled in discussions about the difference between different concepts: privacy right, intimacy right, identity right, and dignity right(5). As an example, we can see two different views about privacy and intimacy.

  1. The Court of Justice of Argentina (before and after the constitutional ammend in 1994)(6) claims that each citizen has the right to decide by itself about the sharing of personal data, thinkings and facts in his/her personal life. And, ratifying this claims before the mentioned ammend, defined the intimacy right as that thich protects juridically an individual autonomy domain which encompasses the feelings, uses, family relations, economic situation, religious beliefs, mental and physical health, and, summarizing, actions, facts or data which, according to the life standards accepted by the community, are reserved to the citizen and which general knowledge or disclosure may pose a potential or real threat for the intimacy. (7)
  2. In Spain, in the motivations list for the LORTAD(8),números para pie de pagina privacy is mentioned but not intimacy: privacy is more comprehensive, as intimacy encompasses only the most singular aspects in the life of a person -the home, the communications in which the citizen expresses his/her feelings-, privacy includes a wider set of data, whose elements isolated may have no meaning, but when likned can draw a comprehensive portrait of the personality of a citizen who has the right to keep it in secret.

    We think many of these issues are already solved, and some remain to be solved. Among the latter, the possibility of violating the professional secret when difusing this kind of information, especially through the transfer of data involving medical records.

In a paper written by ALFREDO GARCíA(9)we find the following, attributed to MAESTRE: ``Success in the automatization of medical records is supported by the design of tools that protect the interests of all the agents who claim a property over them: the institutions, professionals and patients''.

We agree: there exists this need to cover the interests of those who consider themselves owners of the medical records, and to define unambiguously this concept of ownership.

As an experiment, we have interviewed a different health professionals about their concept of ownership of medical records, and we have received different answers, some of them influenced by the membership of medical institutions, which we have overlooked because they are not independent. Generally, these are related to bad praxis problems.

From the independents, some of them say that these documents are only a backing for the personell memory, who otherwise could not reliably keep all the data about their patients, independently of their individual rights.

The most lucid answer we received has led us to develop a proposal with which DR. GRACIELA PEYRú said, physician and psychiatrist from Argentina, nationally and internationally known thanks to her important scientific history.

In the making of a personal records there are two kinds of information: the first are the conjectures made towards a diagnostic, which may include discussions with other professionals, and objective data about the patient (analysis results, observations, other tests...), medicines prescribed, patient's response to them, etc. Regarding the first part, it seems that there is no doubt that it is a subjective ellaboration made by the professional, and his/her exclussive intellectual property. The second part, on the other hand, once written in the diagnostic history, becomes the exclussive property of the patient.

This classification, made by Dr. Peyrú, led us to propose the international reglamentation of the format for patient records, which could be standardized to guarantee two fundamental aspects:

  1. The intimacy rights, which are universally legislated
  2. A way to define the limits of the confidentiality to be kept by the professionals, which sometimes is hard to define
Regarding intellectual property and security when using IRC for the transmission of critical information, we should define where the laws protecting intellectual property will apply.

After dividing the medical record in two parts, let's start analyzing the first part. Medical dictionaries define the diagnostic as: ``The part of medicine whose objective is to identify a disease, from its symptoms''. What the physician does is to analyze the symptoms and signs observed; this analysis is based on the knowledge acquired by the professional, and this analysis can be (and should be) discussed with other colleagues, to achieve a better precision.

It is clear that whenever a physician needed information related to a patient, information available in a medical record, the name of the patient should not be disclosed, being a violation of the ethical code (10).

At first, it is clear that the information owned by the physician is the analysis made from the clynical signs observed; this information, given that the identity of the patient is not disclosed, is the intellectual property of the physician, who can present, analyze it, etc, in whatever way he/she thinks appropiate, and for whichever scientific and intellectual purposes. However, while the professional has to avoid the disclosure of the patient's identity, this could, supporting it on a habeas data action, request his/her diagnostic, so he/she could know the diagnostic. And here is where the main contradictions begin, fundamentally regarding physical and psychological analysis.

So far, it seems that all applicable laws covering property rights over the first part (given that the patient's identity is not disclosed) pertain the physician who analyzes the case.

Moreover, the habeas data right could be used by the patient to know the medical record, and more so whenever that record is kept in a database. If it was difficult to enforce the habeas data when the records were not kept in computers, according to the article 1 of the French law, which states ``Computers must serve the citizen'', and being most of the laws applicable to data stored in databases, it is clear that the right applies to medical records.

Regarding the second part of the record, however, personal data about the individual, clinic signs, medicines, etc, are covered by the privacy rights, being this information absolutely confidential, and should be treated as such, as any disclosure or publication of this information would carry legal and ethical actions.

From the legal point of view, it is true that national and international texts cover only the implantation of measures to guarantee the personal data protection, but it is also true that none of them specify which are the actual measures that must be developed in each case. The other important element is implantation of such measures, through a gradual process before they become mandatory. So far, the transmission of information regarding clinical records through Internet has been discussed during some years in both the government and private sectors, due to the sensitive aspects involved, such as privacy, precision... Progress has been slow, which for some is a positive aspect(11) .If we see it from the point of view of the right to intimacy, PARENT(12) defines this right as the right to be sure that nobody has undocumented information about facts regarding an individual who does not want them to be widely known. The value of intimacy is related by this author to the necessity of avoiding other people to gain power over ourselves, and the freedom to choose a way of life.

Intrusions against imtimacy can have several forms, according to the aspects of each individual subject: for example, unauthorized inspection of medical records, observations of body parts, etc.

There is an important question which matters here: In which cases should the individual give up a fundamental right to favor the advancement of science? We admit that the answer is a difficult one. However, in the Spanish current law the case we are considering, the transmission of clinical data over the IRC seems to have an answer. The fundamental text on the matter, the Spanish Constitution, in the articles 43 and 49, acknowledges the right of the citizens to the protection of health. To make this right effective, a sanitary reform was needed, in the form of the General Health Law of April 25th 1986.

The Constitution, in the article 184, also states the right of a citizen to have the use of computers limited so that the honor and privacy are preserved. This is one of the reasons why the Organic Law 5/1992 of October 29th regulates the automated processing of personal data. We can see that, being necessary to protect the health of the citizens, it is also mandatory to protect their intimacy. It is stated that it is necessary to establish a boundary between the progress of the human race and the individual rights. In this regard, the law is based on three general principles:

  1. Principle of racionality and congruence
  2. Principle of Consent
  3. Principle of Information
In the laws currently applicable in Argentina, we can find some that, although not adressing the subject exactly, touch it in a generic form:
  • Constitución nacional
  • Pacto internacional de derechos civiles y políticos
  • Convención americana de derechos humanos
  • Convención sobre los derechos del niño
  • Código procesal civil y comercial de la nación
  • Código penal de la nación
When we finished this paper, we received an email mesage sent to the DERECHO-ES mailing list by Margarita Lacabe, president of a human rights association, which we highly recommend, given its special relevance(13)

Back to the top.


Conclusion

The life in the planet has changed. The age of cuberculture has arrived in moments in which the individualism doesn't allow the basic feelings to rise; traditional values such as love, honesty, and justice, mentioning only a few. In this world scenario, the concentration of money in a few hands makes scientific advance to go ahead of law. While democratic systems consume more resources to build a law according with the situation, it is not impossible to achieve it in an international agreement. The solutions exist and are also possible. Some creativity must be applied to the task. Confronted to this situation, the only possibility is the quick adoption of a solution by a multidisciplinar team with a global scope, and in this work we hopefuly contribute some ideas. The adoption of international legal standards is urgent, as is the definition of the individual interests -protected in the best possible way- which may be given up for the benefit of the society. People working in the technical field, mainly on information security, must be sure that their results will not be distorted by political and economic interests of the social groups who have the power. This leads us to the need for a new standard for the IRC, which would ease the transfer of information, in this case, clinical information, in a secure manner.

Internet must allow for the pacific coexistence of the different communities. People who want to do business, and the academic and research communities.

We hope we have described the current state of the matter:

  • Legal problems: Mainly the lack of coherence between different countries. Networks such as Internet cross political boundaries.
  • Privacy problems: We must use mechanisms to ensure the protection of the privacy. This is a technical problem.
  • Lack of reliability: Internet doesn't currently guarantee a quality of service. For example, if a surgeon is tele-operating and many people access to a photographs server, the doctor can loose the image of the operation.

Back to the top.


BIBLIOGRAPHY

  • American Health Information Management Association; `\"Your Health Information Belongs to You`\". 1993, Chicago.
  • Borea Odría, Alberto;`\"Evolución de las Garantías Constitucionales`\". Editorial Grijley. 3ra. Edición. 1996, Perú.
  • Carrascosa López, Valentín; `\"Valor Probatorio del Documento Electrónico`\". En: Informática y Derecho #8 pp. 133-173, Universidad Nacional de Educación a Distancia, España, 1995. ISBN: 84-88861-53-2
  • Corte Europea de Derechos Humanos; Sentencia del 25-2-1997, caso Z. c. Finlandia, en Communiqués du greffier de la Cour européenne des Droits de l'Homme, Estraburgo, 16 de enero-25 de febrero de 1997, pp. 23-27
  • Corte Suprema de Justicia de Colombia Sala de Casación Penal; Sentencia del 24-1-1995, proceso penal 1406, en Acción de Tutela, extractos de sentencias 1, primer trimestre de 1995, Bogotá, p. 83
  • García, Alfredo; `\" La historia clínica informática del mañana`\", Diario Médico, Martes, 22 de abril de 1997
  • Gomez Mendoza, Gonzalo; `\"Código Penal`\", texto ordenado de acuerdo a la Normatividad Oficial. Biblioteca Jurídica, vol. IV. Editorial Rodas, 2da.
  • Edición, 1996, Perú.
  • Iriarte Ahon, Erick. `\"Habeas Data`\". Octubre 1998. Revista Electrónica de Derecho Informático, No. 3
  • Landa Arroyo, César y Velasco Lozada, Ana; `\"Constitución Política del Perú 1993`\", Sumillas e Indice Analítico. Segunda Edición, Pontificia
  • Universidad Católica del Perú, Perú, 1995.
  • Mandirola, Humberto F. y Nano, Mercedes; `\"Aspectos Legales de los Registros Médicos (RMI)`\". Hospital Belgrano.
  • Ministerio de Justicia; `\"Código Civil`\", Tercera Edición, Gaceta Jurídica Editores, Perú, Mayo 1996.
  • Ministerio de Justicia e Interior; Real Decreto 1332/1994, de 20 de junio, por el que se desarrolla determinados aspectos de la Ley Orgánica 5/1992, de 29 de octubre, de regulación del tratamiento automatizado de los datos de carácter personal. BOE de 21 de junio de 1994.
  • L-Soft list server at RedIRIS (1.8d) File: `\"PROTEC DATOS`\". . [E-mail para: `\"Erick Iriarte`\" faia@amauta.rcp.net.pe]. 01de Septiembre de 1998.
  • Rivas, Javier; `\"[DERECHO] Aspectos legales de la telemedicina`\". [Discusión]. Derecho, Ley y Jurisprudencia en España ;19 de Septiembre de 1998.
  • Rivas, Javier. Telemedicina en Internet. Abril 1996. [19 Septiembre 1998].
  • Rodríguez Iturri, Róger `\"El Derecho a amar y el derecho a morir: Entre la vida y la muerte`\". Pontificia Universidad Católica del Perú, Fondo Editorial, 1997. pp. 299-300.
  • Vázquez Acuña, Martín; Comentario al `\"Estudio comparativo en discriminación contra personas afectadas por el HIV/SIDA`\", realizado por el Instituto Suizo de Legislación Comparada de la Universidad de Lausana (1993), en Hechos y Derechos, Revista del Instituto de Promoción de Derechos Humanos, Buenos Aires, No. 1, 1995, p. 45.

Footnotes:

  1. To know the Uninet network, see Dr. Maria Jesús Coma paper in INABIS'98
  2. http://crispin.ugr.es/~justicia/logs.htm
  3. http://www2.echo.lu/legal/es/browses.html
  4. Federal Constitutional Court: Sentence law of December, 15th 1983 (rf. 1 BvR 209/83). Censum Law. Right to privacy and honor.
  5. Bianchi, Aberto B; `\" Habeas data y derecho a la privacidad`\", E.D. 161-866; Molina Quiroga, Eduardo: "Autodeterminación informativa y habeas data`\"; J.A. 2/4/97; 1997-II-691; Colautti, Carlos E.,`\"Reflexiones preliminares sobre habeas data`\"; L.L. 1996-C-917; Vanossi, Jorge R., `\"El habeas data no puede ni debe contraponerse a la libertad de los medios de prensa`\",E.D.; 159-948; Cifuentes, Santos, `\"Derecho personalísimo a los datos personales`\", L.L. 1997-E-1323.
  6. C.S.J.N.: "Ponsetti de Balbín, Indalia c/Editorial Atlántida", J.A.,1985-I-513
  7. C.S.J.N:"Dirección General Impositiva c/Colegio Público de Abogados de la Capital Federal",13 de febrero de 1996.J:A. 1996-II-295, citado por Diego Duprat, "Los datos sensibles y el habeas data", J.A. nro. 6078, pag.20 febrero 25 de 1998.
  8. Marzal Herce, Gloria; "Bases de datos personales: requisitos para su uso Comentarios a la LORTAD y normativa complementaria" DEUSTO Bilbao, 1996.
  9. Extracted from the article by Alfredo García: "La historia clínica informática del mañana", at the Diario Gestión Médico, April 22th 1997.
  10. Criminal Code from Peru, article 156, states: ``that who revealed aspects of personal incimacy (...) known thanks to the work done for the victim (...) will be punished with prision for no les than a year.
  11. Dahbar Jorge, MD. Vicepresident AAFP, Private communication to Dra. Chaponick:
  12. "Privacy, Morality and the Law "1983,Vol. 12 N. 4, page.269
  13. http://www.gilc.org/privacy/survey/

Back to the top.


| Discussion Board | Previous Page | Your Symposium |
Chaponick, N.; Gimenez, M.; Iriarte Ahon, E.; de la Puerta Marcos, B.; Corrales, C.; (1998). Confidentiality of Clinical Information using IRC and other Resources. Presented at INABIS '98 - 5th Internet World Congress on Biomedical Sciences at McMaster University, Canada, Dec 7-16th. Invited Symposium. Available at URL http://www.mcmaster.ca/inabis98/coma/chaponick0315/index.html
© 1998 Author(s) Hold Copyright