Privacy During the Pandemic
Privacy Plus+
Privacy, Technology and Perspective
Privacy During the Pandemic. This week, we consider individual privacy against public health as we begin to weather the rapid developments associated with the spread of the COVID-19 virus.
In the United States, health privacy is generally recognized in terms of the relationship between patients and their doctors, who have legal and ethical obligations to keep health information confidential. Under both HIPAA and the Texas Health & Safety Code § 181, “covered entities” have a duty to take reasonable steps to keep protected health information (“PHI”) confidential consistent with their patients’ preferences. Still, HIPAA’s Privacy Rule permits covered entities, like doctors, to disclose PHI to public health authorities without a patient’s consent for the purpose of preventing or controlling disease. See 45 CFR 164.512(b)(1)(i).
The reasoning behind this exception, of course, is that the State's interest in preventing the spread of disease outweighs an individual’s interest in protecting his or her personal privacy. In essence, personal privacy is subject to the safety, health and welfare of the community.
This exception makes sense, especially now, when we are in the early days of the pandemic’s spread. At this early stage where containment is urgent, we can all agree that individual privacy concerns are outweighed by the importance of preventing “community spread.” Our public health officials already are already tracking those who have had contact with an infected patient in order to determine who should self-quarantine, and we, along with millions, are following their reports and advice with interest.
Let’s look ahead, though.
First let’s consider a point in the near future where in some communities, the contagion may spread so pervasively that the community becomes saturated. At that point, shouldn’t individual privacy “return” to its previous level of importance, or should public health considerations continue to prevail? If the latter, should a balancing test start to apply? It would seem that when the virus has already spread throughout a community, the State’s compelling interest in tracking individuals throughout that community becomes less compelling, therefore making privacy more compelling at that time. On the other hand, we wonder whether the State’s interest might become even more compelling because of the risk of people moving from the saturated community to less-infected ones.
Let’s also consider a sunny day in the future when the virus will have run its course – for now anyway. What happens to privacy then? Will we have inadvertently set a precedent, or established a “custom,” that all you have to say is “public health!” and privacy interests, including PHI protections, will be subordinated?
Right now, we believe that all of us should be thinking about what we are (and are not) willing to sacrifice in effort to stay healthy and prevent others from getting the virus. Do we want to know whether others are sick or not? Do we want others to know whether we are sick or not? Do we want our government to track our whereabouts even after community spread reaches its point of saturation?
Last month, China launched a “close-contact” app that alerts its citizens if they have come in close contact with people who either have or are suspected to have COVID-19. To read more about that app, you can follow this link:
https://abcnews.go.com/Business/china-launches-app-combat-coronavirus-spread/story?id=68907706
Even as privacy advocates, we are not immune to liking the idea of knowing whether or not we are a risk of illness through close contact with an infected person. However, where testing, presumably, will soon be widely available, perhaps prudence requires that we chose privacy over panic by opting for a test to confirm illness, rather than an app to confirm our risk? Or perhaps we should all try to stay home?
We should think about all of this carefully. In doing so, we should acknowledge the slippery slope that may follow the monitoring of our health and whereabouts.
---
Hosch & Morris, PLLC is a Dallas-based boutique law firm dedicated to data protection, privacy, the Internet and technology. Open the Future℠.