This chapter introduces the privacy management framework as a means of studying patient-centered e-health. The chapter raises some important issues in regards to the privacy domain of e-health and offers a privacy framework to look at the issue that addresses some of the concerns people and industries have regarding privacy. The framework does not neglect the important distinction between the different interests affected by e-health. It acknowledges the voluntary nature of the way in which individuals have surrendered control over personal information in exchange for the benefits that information technology brings. Because the applications of information technology are logically malleable, there are sufficient strategic reasons to suggest that privacy management as a concept and practice will survive, and that to ignore privacy issues might be fatal for the success of PCEH.
TopIntroduction
Transactional and interactive patient-centered e-health (PCEH) has many direct impacts on health service. Most e-health Web sites are pitched publicly as tools that give individuals greater control over their lives and their healthcare. Electronic health information on the Internet can be easily accessible to many different people. A health provider’s ability to quickly access a customer’s entire medical record, assembled from various sources, can facilitate diagnosis and eliminate medical errors, such as prescribing incompatible medications. Health records are kept and shared for diagnosis and treatment of the customer, payment of healthcare services rendered, public health reporting, research, and even for marketing and use by the media. Individuals can interact with doctors and other participants in chat rooms and by e-mail, and they can obtain healthcare services, such as second opinions and medical consultations, and products such as prescription drugs, online (Choy, Hudson, Pritts, & Goldman, 2001).
Unfortunately, such information practices may conflict with individuals’ desires to be shielded from unauthorized use of their personal information. All of these activities involve the exchange of information with or without the consent of the individual, and with or without their knowledge. Mouse clicks and keystrokes are frequently recorded by online health organizations. That means information about which Web sites he or she visits, how long he or she stays there, and where he or she goes afterward are recorded. The majority of data exchange is visible to the individual, but there are many methods through which a Web site can gather information without the individual being aware, including cookies and data-mining. Whenever he or she visits a Web site, a large amount of information may easily become available to the Web site. When transactions are stored and exchanged using electronic services, personally identifiable information become more widely accessible and potentially vulnerable. Even when a customer orders a medicine from an online pharmacy, transactional information about the purchase is recorded, and information about that particular transaction can be (and frequently is) used for future business decisions and actions (Järvinen, 2005).
The ability to provide differentiated, consistently superior service on the Internet will be crucial to the survival of healthcare providers and affiliated organizations, and the customer vulnerability is exceptionally high, due to the sensitive nature of information. The protection of individuals’ personal health information is not an option but a necessity, but the study of 39 U.S. health providers’ privacy policies submits that health providers’ Web sites are still at relatively early stages in their privacy issue evolution (Järvinen, 2005). Many practices suggest privacy is not a fundamental priority for those organizations. Most Web sites do not meet fair information practices—such as providing adequate privacy notice, giving customers some control over their information, and holding business partners to the same privacy standards. Every analyzed Web site had a privacy policy, but the responsibility is left to the customer to read and understand the entire privacy policy at every visit. Many of the analyzed privacy policies contained technical and confusing language (i.e., unnatural language) that makes it difficult for the customers to fully understand what they are agreeing to.