Andrew Harvey, Director of Information Governance at Graphnet Health, has published a paper on medical data privacy.
The paper, Medical Privacy: Aligning the Need to Breach Patient Confidentiality with Data Protection in the Public Interest, was published in the Journal of Data Protection & Privacy (Vol. 7.1, Autumn 2024).
This timely paper provides a much-needed framework to guide healthcare professionals on when, how, and why patient confidentiality might be breached in order to protect public health while remaining compliant with data protection laws.
As healthcare becomes increasingly digital, the tension between safeguarding patient privacy and sharing medical data for public health purposes has reached a critical juncture.
The healthcare sector is at the crossroads of digital transformation, with data sharing offering both great benefits and significant risks
In response, Harvey has developed a clear and ethical framework that helps professionals navigate this complex issue.
The framework Harvey puts forward in the paper ensures that any decision to breach confidentiality is made with care, transparency, and in compliance with data protection legislation, including the UK Data Protection Act 2018 and the General Data Protection Regulation (GDPR).
"The healthcare sector is at the crossroads of digital transformation, with data sharing offering both great benefits and significant risks.
"My paper explores how healthcare professionals can balance the need for data sharing with the imperative of protecting patient privacy. It offers a decision-making framework that ensures when confidentiality must be breached, it is done ethically, legally, and transparently, with patient trust and public health safeguarded," Harvey explained
The framework for ethical data sharing
The core of Harvey’s paper is the development of a practical decision-making framework designed to help healthcare professionals evaluate when it is appropriate to breach patient confidentiality.
The paper weighs the societal benefits of data sharing in critical public health scenarios - such as disease outbreaks and medical research - against the individual rights of patients.
The paper also explores the legal and ethical considerations that must guide such decisions.
While patient confidentiality is a cornerstone of medical ethics, argues that there are situations where breaching confidentiality becomes not only justified but necessary for the greater good.
Breaching patient confidentiality should never be taken lightly
For example, sharing patient data to control an infectious disease or for vital medical research can save lives and improve public health outcomes.
However, Harvey stresses that any breach of confidentiality must be carried out transparently and with robust safeguards in place.
"Breaching patient confidentiality should never be taken lightly.
"Healthcare professionals must be equipped with a clear framework to guide their decisions, ensuring the right balance between patient privacy and public health needs. The framework I’ve outlined provides a structure for these difficult decisions, with accountability and patient rights firmly at the centre," Harvey said.
A timely and vital contribution to data privacy
As healthcare organisations around the world increasingly adopt digital health solutions, such as electronic health records (EHRs) and health information exchanges (HIEs), the protection of personal health data has never been more important.
With these technological advancements, however, comes the increased risk of misuse, data breaches, and ethical dilemmas surrounding patient privacy.
By offering actionable guidance, it sets a new standard for ethical and legal data handling within the healthcare sector
Harvey’s paper directly addresses these issues, providing clarity on how healthcare professionals can responsibly navigate the complexities of data sharing while remaining compliant with the law.
By offering actionable guidance, it sets a new standard for ethical and legal data handling within the healthcare sector.
A vision for the future of healthcare data privacy
The paper is part of a larger conversation on how to ensure healthcare data is shared and used ethically, securely, and in a way that ultimately benefits patients and society.
Harvey’s work is a significant contribution to this ongoing discourse and will be invaluable to healthcare professionals, data protection officers, and anyone involved in the governance of medical data.
The paper weighs the societal benefits of data sharing in critical public health scenarios
As healthcare organisations continue to embrace the power of data to improve patient care, Harvey’s paper offers a roadmap for how they can do so responsibly, ensuring that both patient confidentiality and the public good are carefully considered in every decision made.