The use of health care information by agencies and professionals working within a climate of ethical accountability to patients. The medical profession has traditionally espoused a commitment to maintaining the confidentiality of patients’ information such that what is heard or discovered in the context of a medical consultation or course of management should, in general, not be disclosed to others where it would be inappropriate to do so. The reading of that requirement relied on a shared set of sensibilities and a shared morality that united professional and patient. The climate of health care has now changed but the traditional commitment still serves as a framing ethos for a health care professional. In the light of those traditional commitments, certain general principles govern the ethics of health care information use in a contemporary setting. 1. Autonomy of the patient. 2. A duty of care of the health provider. The idea of ownership of health information is, as is often remarked, generally unhelpful and the principles are better understood in terms of rights of access, rights of control, and responsibilities for the retention and maintenance of medical information, for instance in patient notes and records, in a manner compatible with the proper discharge of duties of care. We can therefore approach the use of health information within this framework. 1. Autonomy 1.1 Patient Autonomy is expressed in the doctrine of informed consent to health care interventions. The general condition that must be met in relation to medical information is that a patient is entitled to information about the use of his or her information that would be likely to affect his or her decision as to whether and under what conditions to engage in a health care regimen. 1.2 Patient consent to disclose information is therefore an implicit part of a medical care episode and the privacy legislation requires, as a general principle in accordance with patient autonomy, that the patient be appraised of the subsequent uses to which that information be put. The extent of disclosure is a matter of discussion and can broadly be characterised as falling under the requirements of informed consent in general which themselves fall within the following ethical framework: a) objective assessments of what is reasonable; b) subjective requirements to meet the needs of the individual patient. 1.3 Reasonable compliance with arrangements to deliver the health care services being used by the patient can be considered a legitimate aspect of the provision of any health service and, to meet those service needs, the gathering and disclosure of information about service delivery and targeting (to agencies who need it) can therefore fall under this provision. 2. The duty of care. 2.1 The delivery of appropriately targeted health care services requires adequate documentation of the health care history of the individual concerned so that mistakes are not made due to ignorance. It is therefore necessary that some means of collating health care information for any consumer be part of the regimen of care. The requirement is not subject to unconstrained patient autonomy because certain safeguards for the provider are built in to an adequate information gathering and documentation process so as to protect the provider against the material, professional, and moral harms of treatment related injury to the patient. 2.2 Material harms arise from expenses incurred by the health care provider through inadvertent use of less than optimal or even harmful interventions. 2.3 Professional harms arise when issues of competence or negligence arise through a regimen of care that is inadequately informed. 2.4 Moral harms arise whenever a patient is adversely affected by treatment even if material or professional issues do not arise. This general ethical framework translates into concrete recommendations about the proposed situation that has been brought to my attention by Harbour Health in relation to primary care delivered within the health care service package funded by Auckland Health Board. 3. Procedural ethics for health information use. 3.1 Information should be freely available to be used, on a need-to know basis, by professionals and agencies for the purposes of providing health care requested by the patient. This covers the use by directly involved health care professionals and also the use of information in a form required to fulfil any duties in relation to the delivery and funding of the health care package. 3.2 Patients should know or be notified in some ethically acceptable way of uses of information that may not be obvious to them or could not be expected to be part of the awareness of a reasonable New Zealand Health Care Consumer. On this count most people would be aware that any specially directed funding would involve the notification of identifying details to authorizing authorities but the details of information streams consequent on enrolment with any provider ought to be able to be accessed by any consumer who wants to know. 3.3 Any person or body who has access to patient data as a result of process requirements for the data being collected incurs an obligation to respect patient privacy and the use of information in accordance with the appropriate privacy rules. 3.4 A professional who communicates with or collaborates in Health Care Provision with such an organisation or body (such as Testsafe) has obligations to observe the general requirements already outlined and is entitled to believe that the other agencies involved are acting ethically. 3.5 The unconsented use of health information by any agency is a violation of ethical responsibility by that agency and cannot be considered to be a failure of ethical conduct by other agencies or providers even where they have been instrumental in supplying the information or facilitating access to it by the culpable party. 3.6 Partial responsibility for unconsented or unethical use, however, lies with any professionals or agencies who are or should be aware of the unethical uses being made and takes no steps to correct the abuse of information or to extract themselves from the arrangement within which that is occurring. 3.7 These requirements will usually be met by adequate disclosure or publicity about information use at, or prior to, the time of collection and that requirement in turn is met by professionals or agencies taking reasonable steps to acquaint consumers with the reality of their health care provision and the consequent requirements for information that foreseeably arise from it. In general, use of non identifying information for statistical or research purposes does not attract restrictions as a result of privacy requirements and use of identifiable information does and is subject to explicit consent except where it properly falls within the arrangements for orderly health care delivery. 3.8 If there exist options relating to information gathering and use in the context of health care service delivery (such as the possibility of “opting out” of a register or data bank then these options and the consequences of taking them should be disclosed when it is reasonable to do so. 3.9 Reasonable disclosure is subject to an objective or “reasonable health care consumer” standard and the level of disclosure should be varied when a reasonable health care provider would be led to believe that the consumer concerned would not find the general or objective provisions acceptable. In such a case the consequences of refusal to sanction certain information sharing ought to be disclosed to the patient, and other collaborative service providers should be warned of their obligations in that special case. 3.10 In practice the “objective” standard results in generally acceptable provisions for the use and sharing of data that meet the requirements of consumers, service providers, and funders and individual variations should be considered as exceptions to the general procedures that should be resorted to in only the most unusual circumstances. Many apparent problems of this type will be resolved by a frank discussion of the realities concerned but patients have a right to have their concerns met and to be satisfied by the answers they receive before they agree to any given arrangement. (Some, probably most, will be satisfied by a general notice outlining what is done with test and other information gathered during the delivery of health care) In Broad terms most health care providers are entitled to rely on the good faith of the organisations and health care agencies they deal with and trust that those other parties in health care delivery have their own processes of governance and ethical accountability to protect them against the transgression of relevant guidelines and statutes. That is not, of course, to say that blind faith is ever warranted particularly when events occur which would lead a reasonable observer to suspect that the relevant ethical standards were not being met in some respect or other. In such a case there will be processes of audit and investigation which a health care provider can invoke so that the ethical questions can be answered and suspicions can be laid to rest. Any provider should, as part of the duty of care towards consumers, have arrangements whereby information relevant to the care provided can be obtained and accessed in a timely and reasonably practicable manner so as not to undertake health care service provision under conditions in which it is unsafe to do so. That will usually mean that, once general conditions on information use have been agreed, a professional should be able to make routine and unproblematic use of the data access requirements they need to deliver competent and appropriately directed and funded health care. That possibility necessarily requires that each agency involved in health care provision act according to the accepted ethical standards prevalent and promulgated in the community where care is being provided. Grant Gillett, Professor of Medical Ethics, Dunedin Hospital and Otago Bioethics Centre, University of Otago Medical School, Dunedin PO Box 913 New Zealand 4747007-ext 7398 MOBILE 6402102507988