The patient’s right to privacy and autonomy against a changing healthcare model
Western European and Anglo-American healthcare consider patient empowerment of great importance. The patient is involved in the decision-making process about his health and patient-centeredness has become a fundamental premise for what is considered high-quality care. The question arises how to match the development and inclusion of phenomena that characterise the predominant ethos in modern healthcare systems based on big data, machine learning, and artificial intelligence, such as e-health and personalised medicine, with the concepts of autonomy, privacy and data protection. The successful adoption of ICT in healthcare also depends on how the public’s concerns about data protection, privacy, confidentiality, security and autonomy are addressed.
Because modern healthcare systems are characterised by technology that requires the processing of patients’ personal data, considering the legal framework protecting the patient as a data subject proved essential. Three protective and empowering legal mechanisms proved especially relevant: informed consent, anonymisation and purpose limitation.
An assessment of the conditions to valid informed consent as formulated in the field of bioethics showed that informed consent as a legal basis for the processing of personal data is harmful when not meaningful. Whether dynamic, tiered, broad or specific, informed consent fails as an empowering mechanism when the data subject is unable to express a choice due to a lack of alternatives, an imbalance of power, or because the consequences of the processing are too difficult to understand, the data controllers fail to specify the purpose of the processing, or consent is reduced to a mere formalisation of an agreement.
Traditionally, there was a tendency amongst healthcare professionals to obtain informed consent from the patient or rely on anonymisation. Increasingly, however, attempts at re-identification proof successful even when identifying and quasi-identifying attributes were removed, replaced or hidden. Additionally, the need for linkability characterises healthcare. When the link between the data and the data subject is removed, patients are deprived of learning opportunities resulting from the processing of data that concerned them. Generally, neither of the parties desires this outcome.
The purpose limitation principle, finally, is a cornerstone principle in data protection law that protects data subjects from unrestrained or unpredictable usage of their personal data, on the one hand, by stressing limitations to the use of data and, on the other hand, imposing requirements on the specification of the purpose of data processing. Today, resistance against further use is an important cause for broadness in the specifications of primary purposes. Relaxing the requirement on purpose specification would leave the data subject uninformed, unprotected, and, consequently, dependant rather than empowered. Accepting a more flexible approach to the use limitation principle, however, may address the issue. Nevertheless, the level of flexibility should not be lowered when informed consent is the legal basis for primary processing. In that case, further processing should be covered by re-consent.