Data Mining and Data Matching: Regulatory and Ethical Considerations Relating to Privacy and Confidentiality in Medical Data

Author:Thilla Rajaretnam
Pages:294-310
JICLT
Journal of International Commercial Law and Technology
Vol.9, No.4 (2014)
294
DATA MINING AND DATA MATCHING: REGULATORY
AND ETHICAL CONSIDERATIONS RELATING TO
PRIVACY AND CONFIDENTIALITY
IN MEDICAL DATA
Thilla Rajaretnam*
Associate Lecturer, School of Law,
University of Western Sydney (UWS), NSW Australia,
E-mail: t.rajaretnam@uws.edu.au
Abstract. The application of data mining techniques to health-related data is beneficial to
medical research. However, the use of data mining or knowledge discovery in databases, and data
matching and profiling techniques, raises ethical concerns relating to consent and undermines the
confidentiality of medical data. Data mining and data matching r equires active collaboration
between the medical practitioner and the data miner. This article examines the ethical management
of medical data including personal information and sensitive information in the h ealthcare sector.
It offers some eth ical and legal perspectives on privacy and the confidentiality of medical data. It
examines the international landscape of health information privacy protection, relevant Australian
legislation and recommendations to improve the ethical handling of medical data proposed by the
Australian Law Reform Commission.
Key words: Data mining, data matching, medical data, ethics, privacy, regulation
1 Introduction
Over recent decades concerns about health and the promotion of wellbeing has become of paramount
importance to individuals and governments in al l societies.1 The World Health Organisation defines health as a
‘state of complete physical, mental and social well-being and n ot merely the absence of disease or infirmity’.2
Health has come to mean the attainment of a state of wellbeing and the attainment of physical fitness, and
psychological stability. Protection of the body becomes synonymous with the protection of the self.3 Individuals
can experience feelings of deep violation of the self when the body is under threat, not only from di sease but
also when there is a profound sense of invasion of a sphere of their lives over which they have no control.4 The
principle of autonomy dictates that individuals deserve respect concerning the choices that they make, both
about what happens to their bodies and, in the modern world, to their personal data.5 The autonomy and dignity
of individuals is recognised in the duty of confidentiality.6 In the medical context, patient-related data has
* LLB (Hons) (Lond.), CLP (Malaysia), LLM (UWS), PhD (UWS).
1 Laurie, Graeme (2002) Genetic Privacy: A Challenge to Medical-legal Norms, Cambridge University Press, p. 12.
2 The World Health Organisation, Constitution, adopted by the International Health Conference held in New York from 19
June to 22 July 1946, signed on 22 July 1946 by the representatives of 61 States (Off. Rec. Wld Hlth Org., 2, 100), and
entered into force on 7 April 1948. Amendments adopted by the Twenty-sixth, Twenty-ninth, Thirty-ninth and Fifty-first
World Health Assemblies (resolutions WHA26.37, WHA29.38, WHA39.6 and WHA51.23) came into force on 3 February
1977, 20 January 1984, 11 July 1994 and 15 September 2005 respectively and are incorporated in the present text.
3 Laurie, Graeme (2002) Genetic Privacy: A Challenge to Medical-legal Norms, Cambridge University Press, p. 12.
4 Danish Council of Ethics, (1993) Ethics and Mapping the Human Genome (Copenhagen, Notex) p. 52, as cited in Laurie,
Graeme (2002) Genetic Privacy: A Challenge to Medical-legal Norms, Cambridge University Press, p.12.
5 Laurie, Graeme (2002) Genetic Privacy: A Challenge to Medical-legal Norms, Cambridge University Press, p. 203.
6 McMahon, Marilyn (2006) ‘Re-thinking Confidentiality’ in I Freckelton and K Petersen (eds), Disputes and Dilemmas in
Health Law, Federation Press, p. 563, 579.
JICLT
Journal of International Commercial Law and Technology
Vol.9, No.4 (2014)
295
traditionally been recorded in doctors’ surgeries and hospitals. This meant that patients knew exactly what
information they had confided in their doctors, and doctors and hospitals, being bound by ethical and
professional codes of conduct, maintained the confidentiality of patients’ medical data.7 Today, however,
advances in in formation technology and particularly the use of innovative information-harvesting technologies
mean that data collection generally has become almost indiscriminate. Some of these technologies are also being
used in the medical sphere.
Two methods used by agencies and organisations to collect, process an d analyse information are data
matching and data mining.8 Data matching is ‘the large scale comparison of records or files …collected or h eld
for different purposes, with a view to i dentifying matters of interest’,9 while data mining has been defined as ‘a
set of automated techniques used to extract buried or previously unknown pieces of information from large
databases’ about individuals from a number of unknown sources th at may be un authorised.10 In the medical
context, health service providers such as doctors and hospitals are using data matching and data mining
technologies to monitor their patients’ health. Medical researchers are also using such techniques. A growing e-
health industry har vests medical data using sensing and monitoring technologies such as bio-sensing
technology,11 radio frequency identification (‘RFID’) technology12 and smartphones.
Developments in information processing technologies, its use by healthcare providers and the handling of
sensitive healthcare information by healthcare service pr oviders have heightened patient concerns r egarding
privacy in the medical context.13 For example the use of data mining and profiling techniques has raised
concerns about the ethical collection, use and disclosure of data generally and the privacy and confidentiality of
individuals’ personal information, sensitive information and health information.14 As government agencies and
private sector organisations collect and store vast amounts of information generated by the everyday activities of
individualsfor example, surfing the net or renting a car, using an ATM machine or a debit or credit card for
purchases, using a Medicare card when visiting a doctor or hospital, having a prescription filled at the pharmacy
or purchasing medication over the counterthese concerns arise in an ever wider context.
This article examines the ethical management of data including personal information, sensitive information
and health information in the healthcare sector. It offers some ethical and legal perspectives on the privacy and
confidentiality of medical data. The article then considers guidelines and conventions dealing with the pri vacy
of medical information in the international sphere, the current situation under Australian law, and
recommendations of the Australian Law Reform Commission for pr oposed law reform in relation to the ethical
handling of medical data.
2 Data Matching and Data Mining in the Medical Context
7 Laurie, Graeme (2002) Genetic Privacy: A Challenge to Medical-legal Norms, Cambridge University Press, p. 19.
8 Australian Law Reform Commission, (2008) For Your Information: Australian Privacy Law and Practice (ALRC Report
108), vol 1 p. 402.
9 Australian Law Reform Commission, For Your Information: Australian Privacy Law and Practice (ALRC Report 108)
(2008), vol 1 p. 402-4 [9.48]-[9.54]; Office of the Federal Privacy Commissioner, The Use of Data Matching in
Commonwealth Administration: Guidelines (1998), [14].
10 Information and Privacy Commissioner Ontario, (1998) Data Mining: Staking a Claim on Your Privacy, p. 4.
11 A biosensor is a detection device that combines a biological component with a physicochemical detector component. For
example, the use by miners of a canary in a cage to warn of gas could be considered a biosensor. Many biosensor
applications today similarly use organisms which respond to toxic substances at a much lower concentration than humans
can detect to warn of the presence of the toxins. This technology has application in the healthcare, agri-food, environment
and security sectors: <http://www.news-medical.net/health/Biosensors-What-are-Biosensors.aspx> (accessed 15 November
2013).
12 Radio frequency identification is any method of identifying unique items using radio waves, most usually by means of a
small electronic device consisting of a chip and an antenna.
13 Laurie, Graeme (2002) Genetic Privacy: A Challenge to Medical-legal Norms, Cambridge University Press, p. 19.
14 These terms are defined in s 6(1) of the Privacy Act 1988 (Cth): for definitions see 5.2.1 of this article.

To continue reading

Request your trial