Invited Symposium: Integrated Telematic Services and Communication Through Scientific IRC: Virtual User Communities of Biomedicine in UNInet
All we met through the Uninet'(1)snúmeros para pie de pagina IRC. What we have in common is that we think that this medium is not only an entertainment, and when correctly used, it can contribute to the advancement and difussion of technical and scientific knowledge. We wrote a more comprehensive work, impossible to fit due to space limitations, and that's why we have extracted, for the presentation in INABIS98, a part of it. The whole paper will soon be available in the WWW server of the channel "#justicia'' in Uninet(2).
This time we want to suggest two enhancements to make the IRC more secure for the transmission of clinical information, from two points of view; technical and legal. From the technical point of view, some enhancements to the IRC standard are suggested, and from the legal point of view, the adoption of a new form keep medical records, through which it is possible to establish the cesessary legal protection to the professionals and patients alike.
The IRC service
The Internet network has gone through some phases of developement. In the first phase, the net was a testbench that allowed the development of the communication tools and services in use today. Once the first experimental phase was passed and the net grew, it became a communication medium for universities and research institutions. In this second stage, although experimentation was always present, went to backstage and the net found practical application. Scientists have made a heavy use of the net to send results from experiments, telescope images, email messages among members of sparse research teams... Finally, we have reached the third phase, the commercialization. The number of users has experimented an explosive growth, and this has brought many problems.
Originally, the net was a more or less pacific community, and the access to the network was allowed only to members of the academic and scientific community. Generally speaking, the network has worked thanks to the trust among its users, and, in case of conflict, ease of use and information sharing has had priority over security. In a restricted user community who accept an etiquette, this model has proved useful, except for some isolated incidents.
With the arrival of commercial users, however, this model is no longer useful. There is a demand for services such as telemedicine, electronic commerce, home banking, etc, and, the previously small community of users has evolved to a society with similar problems to the real world. So, the former trust based model must change, and more secure services and tools, capable of offering security and privacy, must be deployed. Unfortunately, most of the tools widely used today in Internet, notably electronic mail and IRC, don't take into account this new scenario, and a user cannot be reliably identified.
Among the emerging applications, one of the best examples is Telemedicine. The Internet can ease enormously information sharing between doctors in very distant places, regardless of political borders, and there have been even experiments in which a doctor has been controlling an operation in a distant country.
An example of information sharing is the IRC service operated by Uninet. The IRC is a chat service in which the users may participate in different discussion groups (known also as channels or rooms), similar to rooms in a building. Although traditionally used as an entertainment medium, the IRC can be a very useful tool for conferencing, at least until a valid infrastructure for audio/videoconferencing be deployed, given the resources demanded for such services. On the other hand, the IRC allows hundreds of people scattered over the world to participate in conversations, with very limited network resources, and so its use isn't reserved only to the most powerful countries, with many network resources. The IRC, however, suffers some of the problems previously mentioned:
The first problem we face, from the Law point of view, is the demand of personal data imposed by the modern society's operational and security needs.
Hence, we must know how to preserve and protect the citizens' rights, and this implies that we must think how information about citizens is gathered, stored, transmitted and broadcast, which is the technology currently available and which is the applicable law either nationally or internationally.
On October 25th this year, a new directive about personal data protection (95/46/CE)(3)was passed.
The accelerated development of the modern technologies, which makes possible the correlation between the personal data mentioned, makes it necessary to establish the limits to the control over the rights of the citizens against this advancement. Current doctrine and jurisprudence in all the countries has done so and will do it in the future. And this is because, as German Law(4) states, in this way a datum carent of interest in itself can gain a new value, and so there is no useless data when automatic data processing applies. Both have stumbled in discussions about the difference between different concepts: privacy right, intimacy right, identity right, and dignity right(5). As an example, we can see two different views about privacy and intimacy.
We agree: there exists this need to cover the interests of those who consider themselves owners of the medical records, and to define unambiguously this concept of ownership.
As an experiment, we have interviewed a different health professionals about their concept of ownership of medical records, and we have received different answers, some of them influenced by the membership of medical institutions, which we have overlooked because they are not independent. Generally, these are related to bad praxis problems.
From the independents, some of them say that these documents are only a backing for the personell memory, who otherwise could not reliably keep all the data about their patients, independently of their individual rights.
The most lucid answer we received has led us to develop a proposal with which DR. GRACIELA PEYRú said, physician and psychiatrist from Argentina, nationally and internationally known thanks to her important scientific history.
In the making of a personal records there are two kinds of information: the first are the conjectures made towards a diagnostic, which may include discussions with other professionals, and objective data about the patient (analysis results, observations, other tests...), medicines prescribed, patient's response to them, etc. Regarding the first part, it seems that there is no doubt that it is a subjective ellaboration made by the professional, and his/her exclussive intellectual property. The second part, on the other hand, once written in the diagnostic history, becomes the exclussive property of the patient.
This classification, made by Dr. Peyrú, led us to propose the international reglamentation of the format for patient records, which could be standardized to guarantee two fundamental aspects:
After dividing the medical record in two parts, let's start analyzing the first part. Medical dictionaries define the diagnostic as: ``The part of medicine whose objective is to identify a disease, from its symptoms''. What the physician does is to analyze the symptoms and signs observed; this analysis is based on the knowledge acquired by the professional, and this analysis can be (and should be) discussed with other colleagues, to achieve a better precision.
It is clear that whenever a physician needed information related to a patient, information available in a medical record, the name of the patient should not be disclosed, being a violation of the ethical code (10).
At first, it is clear that the information owned by the physician is the analysis made from the clynical signs observed; this information, given that the identity of the patient is not disclosed, is the intellectual property of the physician, who can present, analyze it, etc, in whatever way he/she thinks appropiate, and for whichever scientific and intellectual purposes. However, while the professional has to avoid the disclosure of the patient's identity, this could, supporting it on a habeas data action, request his/her diagnostic, so he/she could know the diagnostic. And here is where the main contradictions begin, fundamentally regarding physical and psychological analysis.
So far, it seems that all applicable laws covering property rights over the first part (given that the patient's identity is not disclosed) pertain the physician who analyzes the case.
Moreover, the habeas data right could be used by the patient to know the medical record, and more so whenever that record is kept in a database. If it was difficult to enforce the habeas data when the records were not kept in computers, according to the article 1 of the French law, which states ``Computers must serve the citizen'', and being most of the laws applicable to data stored in databases, it is clear that the right applies to medical records.
Regarding the second part of the record, however, personal data about the individual, clinic signs, medicines, etc, are covered by the privacy rights, being this information absolutely confidential, and should be treated as such, as any disclosure or publication of this information would carry legal and ethical actions.
From the legal point of view, it is true that national and international texts cover only the implantation of measures to guarantee the personal data protection, but it is also true that none of them specify which are the actual measures that must be developed in each case. The other important element is implantation of such measures, through a gradual process before they become mandatory. So far, the transmission of information regarding clinical records through Internet has been discussed during some years in both the government and private sectors, due to the sensitive aspects involved, such as privacy, precision... Progress has been slow, which for some is a positive aspect(11) .If we see it from the point of view of the right to intimacy, PARENT(12) defines this right as the right to be sure that nobody has undocumented information about facts regarding an individual who does not want them to be widely known. The value of intimacy is related by this author to the necessity of avoiding other people to gain power over ourselves, and the freedom to choose a way of life.
Intrusions against imtimacy can have several forms, according to the aspects of each individual subject: for example, unauthorized inspection of medical records, observations of body parts, etc.
There is an important question which matters here: In which cases should the individual give up a fundamental right to favor the advancement of science? We admit that the answer is a difficult one. However, in the Spanish current law the case we are considering, the transmission of clinical data over the IRC seems to have an answer. The fundamental text on the matter, the Spanish Constitution, in the articles 43 and 49, acknowledges the right of the citizens to the protection of health. To make this right effective, a sanitary reform was needed, in the form of the General Health Law of April 25th 1986.
The Constitution, in the article 184, also states the right of a citizen to have the use of computers limited so that the honor and privacy are preserved. This is one of the reasons why the Organic Law 5/1992 of October 29th regulates the automated processing of personal data. We can see that, being necessary to protect the health of the citizens, it is also mandatory to protect their intimacy. It is stated that it is necessary to establish a boundary between the progress of the human race and the individual rights. In this regard, the law is based on three general principles:
The life in the planet has changed. The age of cuberculture has arrived in moments in which the individualism doesn't allow the basic feelings to rise; traditional values such as love, honesty, and justice, mentioning only a few. In this world scenario, the concentration of money in a few hands makes scientific advance to go ahead of law. While democratic systems consume more resources to build a law according with the situation, it is not impossible to achieve it in an international agreement. The solutions exist and are also possible. Some creativity must be applied to the task. Confronted to this situation, the only possibility is the quick adoption of a solution by a multidisciplinar team with a global scope, and in this work we hopefuly contribute some ideas. The adoption of international legal standards is urgent, as is the definition of the individual interests -protected in the best possible way- which may be given up for the benefit of the society. People working in the technical field, mainly on information security, must be sure that their results will not be distorted by political and economic interests of the social groups who have the power. This leads us to the need for a new standard for the IRC, which would ease the transfer of information, in this case, clinical information, in a secure manner.
Internet must allow for the pacific coexistence of the different communities. People who want to do business, and the academic and research communities.
We hope we have described the current state of the matter:
| Discussion Board | Previous Page | Your Symposium |
|Chaponick, N.; Gimenez, M.; Iriarte Ahon, E.; de la Puerta Marcos, B.; Corrales, C.; (1998). Confidentiality of Clinical Information using IRC and other Resources. Presented at INABIS '98 - 5th Internet World Congress on Biomedical Sciences at McMaster University, Canada, Dec 7-16th. Invited Symposium. Available at URL http://www.mcmaster.ca/inabis98/coma/chaponick0315/index.html|
|© 1998 Author(s) Hold Copyright|