At the beginning of July 2020, the COVID-19 cases and deaths were about 12 million and 500,000, respectively, worldwide. These grim statistics have various implications for affected individuals, communities, governments and the health system. It is not uncommon for hitherto recognized rules and regulations to be set aside during pandemics and public health emergencies. Despite the justification for such precedents, it is important to consider the short- and long-term effects of such measures on patients and the health system.
One such issue is the disregard for patient privacy, which is a recognized human right. Since the onset of COVID-19 in China in December 2019, issues of neglect of patient privacy have been rife in social media. The sharing of private data and information about an infected individual and sharing of their pictures or clinical data have been shared around the world. Patient privacy is the cornerstone of clinical medicine. Without confidentiality, most patients would be unwilling to share their clinical history or come forward with information vital to curbing the spread of infectious diseases like COVID-19.
The importance of privacy is the justification for the privacy regulations such as the General Data Protection Regulation (GDPR) and Health Insurance Portability and Accountability Act (HIPAA); and confidentiality is an important principle in clinical ethics and ensures the right of patients to privacy in their dealing with health care providers. Nearly all countries have privacy laws in their health and social system. However, the onset of COVID-19 offers several examples of disregard for these laws by individuals and governments, with several short- and long-term consequences.
In Europe and North America, there have been numerous calls to ensure that monitoring apps or contact tracing do not breach patient privacy laws. In Nigeria, for instance, cases of individuals whose COVID-19 test were announced by the government were common. In one of these incidents, the patient did not consent to publicly sharing her results but heard about it from social media. This was also similar to the announcement of the first cases of COVID-19 cases in Indonesia, in which several patients received their results through the news media. In India, the government published the names and addresses of 19,240 international passengers to keep track of them.
Additionally, recent calls for digital contact tracing presents new challenges. The move from an era of manual to digital contact tracing highlights issues of potential breach in privacy and patient data exposure. Although the use of the app is voluntary, it is not clear how the data generated would be protected and whether the providers would abide by ethical principles of confidentiality and appropriate use of data. Despite the anticipated advantages of the digital tracing apps, controversy and questions have erupted over how they will operate — will they leave users at the mercy of app developers?
A breach of patient privacy for infectious diseases has many consequences. We have lessons from the stigma against persons with HIV and the many unintended consequences such as death, denial of treatment and even refusal of available treatment. For COVID-19, deviating from privacy laws may lead to stigma and discrimination against infected persons. The individuals affected face dire personal consequences, including psychological trauma, which may lead to future mental health problems. Also, the stigma faced by individuals could lead to apathy or uptake for testing and treatment out of fear of public scrutiny. On Twitter, the World Health Organization Western Pacific region shares the #SolidarityNotStigma and calls for greater action to end stigma on account of COVID-19.
To preserve patient privacy in the face of COVID-19, we recommend the following:
Governments must issue strong statements that declare and reinstate their commitment to preserving patient privacy in all matters, especially in relation to the management of COVID-19.
Health care providers must commit to preserving patients’ privacy, in line with the medical regulations that guide confidentiality and use of multi-factor authentication systems to protect patient data for e-health services.
Media organizations must responsibly report on matters that could potentially breach privacy laws and regulations in countries where they operate.
Continuous information and education on the importance of patient privacy must be made available to the public.
App developers must provide a multi-factor authentication system and commit to ensuring patient data safety, as well as collect and use data responsibly and in line with data protection regulations.
The importance of privacy laws goes beyond pandemics; it is a human right. The COVID-19 pandemic might come and go, but lessons must be learned, especially from the breach of privacy laws and their many consequences.
Ikenna D. Ebuenyi, MBBS, PhD is a postdoctoral researcher at Assisting Living & Learning (ALL) Institute, Department of Psychology Maynooth University, Ireland.
Soumitra S. Bhuyan, MPH, PhD, is an assistant professor at Edward J. Bloustein School of Planning and Public Policy, Rutgers University and a faculty associate at Rutgers Urban & Civics Informatics Lab.