Author / Contributor
image for Brian Schrag
Brian Schrag More Posts
The Company That Cared Too Much
Secondary Title Company Information Disclosure



Authoring Institution Association for Practical and Professional Ethics (APPE)
Show More Show Less
Contributor(s) Brian Schrag
Year 2002
Share with EEL Yes
Rights The Association for Practical and Professional Ethics (APPE) grants permission to use these case and commentary material with the citation indicated above.
Language English
Publisher Association for Practical and Professional Ethics
Publisher provided Keywords and Cases Confidentiality Consent Corporate Firm Government Human Hypothetical Informed Privacy research Setting: Small Subjects Type: University
Sort By
  • Brian  Schrag

    Posted 14 years ago

    Brian Schrag 

    Indiana University

    This case is more about the professional responsibilities of health professionals, particularly their obligation to safeguard the confidentiality of medical and health information, than about issues in research ethics. However, the case does suggest some issues for research ethics in the private sector.

    Suppose a private corporation decides to conduct research to determine what it can do to improve employees' health as a means of enhancing the corporation's productivity. Imagine, for example, that a company surveys its employees to determine whether its workforce is experiencing significant sleep deprivation. The company might intend to use such information to plan educational programs for employees on the importance of adequate sleep. Or, to take quite a different example, perhaps the corporation conducts marketing research involving human subjects to determine interest in a product line it is considering developing.

    In general, scientific research conducted by private corporations is not legally subject to federal guidelines for research ethics. The exceptions include instances in which the corporation uses federal funds in the research; is developing drugs, which must pass FDA guidelines; or hires outside researchers who are themselves subject to federal guidelines. If the researchers are interested in publishing their results in certain journals, New England Journal of Medicine, for example, they may also be required to show the research was conducted ethically under guidelines comparable to the federal guidelines (also referred to as the Common Rule) in order for the paper to be accepted for publication.

    Even if the company is not subject to federal research guidelines, however, one can certainly argue that such research guidelines are morally obligatory, even if not legally required. The moral arguments for the Common Rule still apply; they are not predicated on the guidelines being required by law. Discussing a case such as this is a useful antidote to those might think that legal compliance and moral obligation are one and the same; if there is no legal requirement to follow research guidelines, then there is no moral obligation to conduct research in accordance with accepted moral guidelines.

    So, for example, a company would be morally obliged to obtain informed and voluntary consent from its employees in order to conduct research on them. Obtaining voluntary consent might be tricky, since workers are in a vulnerable position when their company "invites" them to participate in a research project. The company would also be morally obliged to follow all other relevant ethical guidelines for conducting research on human subjects. The exact content of those guidelines may differ somewhat from those in the natural sciences and may be more akin to those accepted in social science research on human subjects.

    From: Graduate Research Ethics: Cases and Commentaries - Volume 6, 2002 

    edited by Brian Schrag

  • Brian  Schrag

    Posted 14 years ago

    From: Graduate Research Ethics: Cases and Commentaries - Volume 6, 2002 

    edited by Brian Schrag

    Most companies in the United States spend a great deal of time and energy collecting data on their employees; whether it is demographic data about workers' ages or work histories, or health data about injuries and illness that workers may experience on the job. Since the Occupational Safety and Health Act was implemented in 1970, the Department of Labor has required companies to keep track of certain work-related health problems that employees experience, in addition to certain treatments, and whether or not time off from work was required as a result of injuries. However, only rather recently have companies utilized these data to implement prevention strategies and health care programs. This case study is intended to generate discussion about how a company handled a very sensitive issue about confidentiality of health information.

    Brock Plastics has been described as a company that is well known for its great benefits and bonuses. In addition, the company provides an on-site fitness club and health unit that is staffed with professionals to assist employees with their diet, stress and personal health issues. Brock Plastics has gone above and beyond what is required in the United States by the Occupational Safety and Health Act. However, this company has followed a common trend in corporate America where companies have begun to see the positive impact in profits by treating their employees as valuable commodities. Companies that have happy and healthy employees are more likely to have highly productive employees.

    Occupational health professionals are trained to keep all health information about an employee confidential. Only in circumstances where a health issue is related to a workplace exposure is an occupational health professional permitted to share health information with the employee's manager. For example, if Lynda missed work due to back problems related to her job, occupational health professionals would be allowed to share that information with Lynda's manager in order to improve Lynda's work environment. However, if Lynda missed work due to back problems unrelated to her job, the occupational health professionals would not be allowed to share that information with anyone within the company without Lynda's permission.

    According to these rules, did Mary violate confidentiality by sending health promotion information to Lynda through intra-office mail? Technically, no, because Mary did not explicitly share with others the information that Lynda's mother was severely depressed. However, the message contained the implied message that Lynda has a problem with depression. When Mary sent the information without permission, she risked breaching confidentiality. If co-workers opened the letter or saw the information on Lynda's desk, they may have suspected that Lynda was having problems with depression. Therefore, Mary and her staff changed their practice of targeted mailings, ensuring that they obtained permission to mail information before doing so.

    The second significant issue in this case is the use of computerized health data in order to plan needed prevention programs by the company. Should Brock Plastics be responsible for sharing information with its employees about how their personal data are being used and stored? Should employees be informed that their personal health information is being used to plan programs? The company's intentions are good. Regardless of the fact that they want to care for the health of their employees in order to safeguard the bottom line, the end result is still the same. The employees are well cared for. However, Brock Plastics has not been forthright with its employees regarding the use of the data. If the company asked employees to provide permission for the use of personal data, they probably would find that some employees would not allow it to be used.

    In the past five years, Congress has debated the issue of whether people should be informed about how their health information is utilized and stored by hospitals, insurance companies and corporations. In April 2001, the Department of Health and Human Services promulgated the Privacy Rule. Most health plans and health care providers that are covered by the rule must comply with the new requirements by April 2003. This measure will provide employees with more control over their health information by setting boundaries around the use and release of health records. In addition, it will establish appropriate safeguards that health care providers and others must observe to protect the privacy of health information. Lastly, it holds violators accountable, with civil and criminal penalties that can be imposed if they violate patients' privacy rights. For employees, it means that they will be able to make informed choices about how their personal health information is being used.

    It is a positive move for companies like Brock Plastics to invest in the emotional and physical well being of their employees. However, companies must respect employees' rights with regard to their personal health information. Brock Plastics did the right thing by asking its employees if they wanted to have health information sent to them through intra-office mail. However, they still need to implement the process of informed consent for the use of their employees' health data.

Cite this page: "The Company That Cared Too Much" Online Ethics Center for Engineering 5/23/2006 OEC Accessed: Monday, August 3, 2020 <>