Author / Contributor
image for Brian Schrag
Brian Schrag More Posts
Paper or Plastic? From Paper Records to Electronic Database

Added05/22/2006

Updated08/31/2011

Authoring Institution Association for Practical and Professional Ethics (APPE)
Show More Show Less
Contributor(s) Brian Schrag
Notes Brian Schrag, ed., Research Ethics: Cases and Commentaries, Volume 6, Bloomington, Indiana: Association for Practical and Professional Ethics
Share with EEL Yes
Rights The Association for Practical and Professional Ethics (APPE) grants permission to use these case and commentary material with the citation indicated above.
Year 2002
Publisher provided Keywords and Confidentiality Data of Privacy storage
Publisher Association for Practical and Professional Ethics
Sort By
  • Brian  Schrag

    Posted 13 years and 1 month ago

    Deborah G. Johnson 

    University of Virginia


    In the initial description of the case, none of the behavior of the people involved seems grossly, ethically problematic. When patient records are moved from paper to electronic mode, important changes occur in the accessibility of the data. However, that alone is not problematic as long as steps are taken to protect the accessibility of the data and the identity of the individuals.


    As the case proceeds, protecting the identity of the patient/subject records comes into focus as an important issue. Before addressing this issue, however, there is another very subtle issue here. Dr. Edwards is soliciting data to help beta test Medusa. Presumably the data he is soliciting have been collected for research that meets the consent requirement for research with human subjects. However, the subjects agreed to participate in research and did not agree to have their data used to beta test a database management system. The lack of consent here becomes even more important as the case unfolds and we learn that the privacy of individual participants will be exposed to increased risk because the data are being used to test Medusa.


    As the case continues, we have a straightforward situation of wrongfully balancing convenience over risks to subjects. Amy has access to the complete patient files, and she should know (and should have been instructed about) the importance of confidentiality of medical/research records. Indeed, the system has an encryption function that allows users to remove the identity of patients. However, the encryption function is cumbersome and slow, and Amy doesn't use it when she demonstrates her progress on the database to members of the lab.


    Amy's behavior violates the patients'/subjects' trust in researchers when they agree to participate in research. The central importance of trust to the research endeavor should be clear. If trust in researchers is violated, over time individuals will begin to refuse to participate in research. In fact, this case illustrates a number of factors in achieving trust. For one thing, it illustrates that trust is a function of multiple actors. Achieving trust involves more than a single researcher or team of researchers. All who handle research data must behave properly. The researchers who collected the data allowed them to move out of their hands and be stored in a database that they no longer controlled. To ensure the privacy of their subjects, they should have asked for assurance that the data would be treated confidentially and without revealing identity.


    Technology also plays a role, which takes us back to the difference between paper and electronic records. The change from paper to electronic storage of records is what allows and facilitates movement of data from one place to the next. Thus, the technology calls upon us to create appropriate norms of behavior around it - norms that protect the trust of research participants.


    From: Graduate Research Ethics: Cases and Commentaries - Volume 6, 2002 

    edited by Brian Schrag

  • Brian  Schrag

    Posted 13 years and 1 month ago

    From: Graduate Research Ethics: Cases and Commentaries - Volume 6, 2002 

    edited by Brian Schrag


    Scientists are always searching for better ways to test their hypotheses, to ask smarter questions and to get the most out of their data. Today, not only does the science drive the technology, but the technology drives the science, as well. That is especially true in the case of computers, with their increasing speed and sophistication, which allow us to ask bigger, more complex questions about the data we generate and collect. In this case, Edwards tries to take advantage of the technology for the benefit of his patients and colleagues.


    Since the advent of computers, questions and fears have been raised about their role in our lives and their potential for harm. The line between benefit and harm can be blurry, and a balance must be struck. Edwards, with his development of Medusa, must make a host of decisions in which the "right" answer is not necessarily clear.


    Is there a substantive difference between paper records and Medusa?


    Concerns have long been voiced about the ill uses to which computers might be adapted. Concerns about privacy and security continue. The main issue in this case, I think, is not so much the security of medical information in isolation - in my experience, paper records are often no more secure than electronic ones - but rather the power of medical information when used in the context of a broader scheme of information collection or database mining (DG Johnson 2001). Presumably, Edwards will ensure that his patients' data are adequately protected from unauthorized access over the network, as well as unauthorized direct terminal access.


    Is Edwards justified in his use of patient information for database development and promotion? Why or why not?


    Two major issues must be addressed here: informed consent and conflict of interest. The issue of informed consent is a tricky one because it is understood that one's physician will keep a thorough and accurate medical history for each patient. While historically such records have been kept in manila folders in file cabinets, it does not follow that technological advances ought to be ignored. The question then, is whether database development constitutes "research." It may seem clear that if Edwards were to begin to mine the database in an attempt to ask questions about his patient population as a whole, it would be appropriate and required that he formally enroll his patients as participants in a study - with appropriate consent. However, what if he wants to ask whether patients with different income levels have significantly different health outcomes? Is it clear that this question goes outside the bounds of his duty as a physician to provide the best possible care to his patients? Where does one draw the line? Does the mere development of the capacity for such queries constitute a need for consent?


    In regard to the potential conflict of interest, it cannot be assumed that Edwards's obvious perceived conflict of interest is, in fact, a real conflict of interest about which his patients ought to be concerned. It may be reasonable to give him the benefit of the doubt, to assume that he is driven by a genuine desire to help present and future patients through the development of his database. Medusa certainly has the potential to allow elaborate and unwieldy data analyses and lead to valuable findings that significantly impact science and medicine. That is not to say that Edwards ought to be absolved of responsibility, only that we cannot assume that he is acting out of pure self-interest - the situation is likely far more complex than that.


    Given this additional information, do you feel differently about Edwards's use of patient information in the development and promotion of Medusa? Why or why not?


    Edwards has clearly failed to think through the implications of his actions in regard to the distribution of the encryption key. As their physician, it is his responsibility to protect the confidentiality of his patients' information. He might have preempted this sort of behavior by having all persons receiving the encryption key read and sign a statement of confidentiality and/or participate in some sort of training related to working with sensitive information.


    Some people may suggest that despite the difficulties, Edwards ought to have created a mirror database, with fake names and information; however, it is important to keep in mind that Edwards's primary interest is in getting Medusa out there, in use and serving patients, physicians and scientists. Again, that is not to absolve Edwards of responsibility, but only to show that this case is much messier than one might think at first blush.


    References



    • Johnson, D. G. Computer Ethics. Englewood Cliffs, N.J.: Prentice Hall, 2001.

Cite this page: "Paper or Plastic? From Paper Records to Electronic Database" Online Ethics Center for Engineering 5/22/2006 OEC Accessed: Thursday, July 11, 2019 <www.onlineethics.org/Resources/gradres/gradresv6/paper.aspx>