In the first post of this series, I set up a common, but false dichotomy: the supposedly stark choice between enabling data access for high quality care and protecting the privacy of individuals. In this post, I will introduce the concept of contextual integrity, proposed by New York University Professor Helen Nissenbaum, who has written extensively on consumer privacy, as a way of addressing the dichotomy.
Contextual integrity was recently embraced by the FTC in its privacy report, which recognizes that commonly accepted data practices do not need explicit consent, and that choices for non-commonly accepted data practices should be presented to consumers in the context within which the decision to supply the data is made.
Contextual integrity grounds privacy not as a single all-encompassing framework, but in the cultural norms and expectations of the activities and information flows associated with privacy expectations. The HIT Policy Committee has adopted a flavor of contextual integrity in deliberations by citing the "principle of least surprise to the patient." This approach to privacy recognizes that data usage expectations change by situation and activity, and at the same time defines clear boundaries for each activity for out-of-bounds information flows that violate contextual integrity. In healthcare, this approach recognizes both the benefits to patients in receiving high quality care, and the risks of improper disclosure that does not meet contextual expectations.
This approach also models well the physical non-virtual world of healthcare: Privacy expectations when one is in the ICU are vastly different from the same expectations when one is obtaining a blood draw for a routine physical. Note again that in the physical world, we do not think of privacy as something that we "give up" in order to obtain a service. Instead, we recognize that certain kinds of information flows and access are part of receiving good health and excellent healthcare. Privacy concerns enter in primarily when the contextual integrity of the service is violated.
How does this approach to understanding privacy expectations work with HIPAA? The so called TPO (Treatment, Payment and Health Care Operations) conditions for permitted use and disclosure for essential health functions function in many ways like the FTC's commonly accepted data practices, creating an understanding of contextual integrity for common uses of PHI, particularly within the boundaries of a HIPAA Covered Entity. HIPAA extends the contexts for commonly accepted data practices involving PHI data sharing to treatment broadly and to operations both within an "Organized Health Care Arrangement" (OHCA) and to another covered entity if there is a mutual relationship with the patient.
So what we want is an approach to data sharing in support of patient health that meets contextual integrity and the data sharing rules under HIPAA, and also enables providers with the right information at the right time in the right place to deliver high quality care to patients. I will explore such an approach in the next post.