Keywords

FormalPara Learning Objectives

  • Define several considerations for informatics and ethics.

  • Explain frameworks used in conducting bioethics evaluations.

  • Analyze the role of ehealth within bioethics constructs.

1 US Health Care: Background

The COVID-19 pandemic is currently affecting virtually every part of the world, and the United States has been among the hardest hit countries in terms of incidence, morbidity and mortality with more than 600,000 deaths due to the disease. It has exposed vulnerabilities and inefficiencies in the health and health care enterprise which, if not unsuspected, had not been aggressively addressed in the past. Acknowledged problems prior to the pandemic included inadequate public health resources and planning arising from the focus on treatment rather than prevention of disease. Other factors include disparities and inequities in access to health resources, high costs, large numbers of uninsured people and poor performance on many measures reflective of individual and societal health. It is hoped and predicted by many that the pandemic will lead to much-needed improvements in the organization and delivery of health services, efforts toward which are expanding and likely to grow in the foreseeable future. Health informatics will play key roles in these changes.

A description of the current state of US health care will be useful as we contemplate the role of informatics and ethics in the health sector of the economy. Data from the US Centers for Disease Control and Prevention (CDC)Footnote 1 reflect the massive scope and impact that the health sector has, accounting for nearly $3.5 trillion in 2017 and estimated to be at ~$4 trillion in 2020. This is equivalent to nearly 18% of total US Gross Domestic Product (GDP) and corresponds to an average annual health expenditure of ~$10,700 per person. An estimated $2.96 trillion of the 2017 total (~85%) was spent on health care of individuals, primarily for hospital care, drugs and professional office and clinic visits. These total and per capita expenditures significantly exceed those of other developed countries including the 11 member states of the Organization for Economic Co-operation and Development (OECD), with which we are often compared.Footnote 2, Footnote 3 In addition, health care accounts for ~12% of total American workforce employment.Footnote 4, Footnote 5

While the US can point to historically high rates of preventive measures such as breast cancer screening and flu vaccination in the elderly, many other measures of population health show significantly worse performance. For example, life expectancy, rates of suicide, drug use disorders, obesity, chronic disease burden, physician visits and access to timely appointments are all worse than in comparably developed countries. Similarly, the US has higher rates of avoidable deaths and hospitalizations for preventable illnesses like diabetes and hypertension.Footnote 6 Other areas of concern are pregnancy-related maternal illness (morbidity) and death (mortality) and child well-being and death, areas in which the US performs worse than many other developed countries [1].Footnote 7 The ongoing COVID-19 pandemic in the US has shown worsening of some of these measures, including the reduction of average life expectancy by a full year after the first 6 months of the pandemic [2].

So, the question must be asked “Given these statistics, what are the causes and solutions to the problems of health and well-being of the people of the United States?” The causes are broad and deep. Systemic and structural injustice, that is, conditions such as the “social determinants of health”—housing, nutrition, education, employment, access to health services—which contribute to poorer health in vulnerable populations undoubtedly play roles.Footnote 8 Other important factors are related to how our health care system evolved, especially after World War 2 [3], a focus on disease rather than wellness and prevention, the limited collaboration among various entities providing care, the incentives built into financing models and a host of others. Recent COVID-19 experience has revealed resistance by significant numbers of the population to mask mandates and calls for vaccination against the disease; these attitudes have resulted in persisting or worsening incidence of disease. While overall progress is being made, skepticism and mistrust of science-based recommendations in the future may portend worse individual and population health outcomes in the future.

Of course, the quality of the health care itself plays a critical role, and it has been found in need of significant improvements. According to the National Academy of Medicine (NAM), in a landmark series of reports examining the quality and safety of health care in the US beginning with “To Err Is Human” in 1999 [4], errors in the course of receiving health services contribute significantly to patient death and other harms. Mortality from such errors was estimated in that report to cause between 44,000 and 98,000 annual deaths. Some subsequent studies have disputed whether the number is higher or lower, and, while the actual number remains unknown, there is agreement that there is a significant amount of preventable harm. Solutions were proposed in the original and follow-up NAM reports, but progress has been slow in spite of a sense of urgency and strong consensus recommendations to make health care “safe, effective, patient-centered, timely, efficient, and equitable” [5].

Besides the National Academy of Sciences, Engineering, and Medicine, many government agencies and non-government groups have joined in the mission to improve health care and have had important influences in these efforts. Among especially important ones are the federal Agency for Healthcare Research and Quality (AHRQ), the National Quality Forum (NQF), the Institute for Healthcare Improvement (IHI) and the health care accrediting agency, The Joint Commission (TJC).

By now, you may be asking yourself, “What is the point of reviewing all of this information as a preface to a discussion of ethics and health Informatics?” The reason is that the future of our entire approach to health and health care, from the health of individuals living in communities to the points of patient encounters with health care entities to public policy at the national and international levels will depend substantially on the data, tools and methodologies of health informatics.

Ethics, the understanding and evaluation of morality and its influence on conduct, has special significance in health care at least since the time of the ancient Greek physician, Hippocrates, whose oath identified obligations of physicians to their patients and defined certain standards of behavior to fulfill them.Footnote 9 Many of the elements of that oath now guide the work of the individuals and institutions who carry out the work of health care, clinicians as well as health information professionals (HIPs), executives as well as health planners, vendors of health care products and services as well as health policy makers, researchers as well as educators. Furthermore, ethics is considered one of the core competencies of health informatics.Footnote 10

2 Nexus of Informatics and Ethics

Organizations which provide health-related services, whether for-profit or not-for-profit, are guided by mission, vision and values statements which articulate the reasons for the organizations’ existence. In virtually all cases, the statements place patients, ill or potentially ill persons, at the focal point of those intentions. Service to the sick and injured is a, if not THE, primary driving force for the work of these entities. It is not only manifested in direct patient services; research, education, public health and other areas are also influenced by similar values. The same may be said of individuals who pursue work in fields related to health and health care. Most hold values of service to the well, ill and injured, whether in promoting health, providing direct care, participating in research, education, health policy and other related fields. Underlying the values of all involved in these efforts are certain standards of behavior and expectations that give primacy to the interests of those being served. Ethics is the study of morality and how our understanding of moral concepts of right and wrong translates into behavior.

The American Medical Informatics Association (AMIA) defines medical informatics as “the science of how to use data, information and knowledge to improve human health and the delivery of health care services,” and relies on health information technology to focus on computer, cognitive and social sciences to achieve these goals.Footnote 11

It has become clear in recent decades that acquisition and management of information is a critical piece of all health and health care-related activities, but also that the nature of that information has changed and expanded dramatically. No longer the mere repository of the health records of patients, the electronic health record (EHR) is the foundation of what is termed eHealth, which refers to a complex of digital information and communication technologies aimed at facilitating, enhancing and improving the provision of high quality and safe care. eHealth also recognizes that the data of the EHR can be the basis for research and education. With these dramatic changes, the role of the health informatics professional has changed from one primarily of technical support for the clinical electronic record to that of a manager of all facets of that engine of the entire health enterprise, the EHR database.

Further, the field also is also critical to institutional administration and business management, planning and public policy, as well as how various technologies which are used in those activities are designed, developed and applied.Footnote 12 A comprehensive but perhaps not exhaustive list of areas of informatics falling under the rubric of eHealth which are ripe for consideration of ethical issues includes the following [6]:

  • Clinical assistive resources such as decision support, prognostic scoring systems, artificial intelligence, ePrescribing, digital order entry, image archiving and retrieval

  • Structure, content, accessibility, security and privacy of electronic health records

  • Government regulation of health informatics and technology tools

  • Technology of informatics and communication

  • The Internet as a resource for professionals and patients

  • Structure and management of laboratory, radiology and other diagnostic and therapeutic resources

  • Mobile health resources

  • Provider-clinician/patient relationships

  • Remote technology for health, wellness and health care (telehealth, wearables and web-enabled medical devices)

  • Research and education

  • Robotics, digital/virtual companions

  • Safety, quality, and evaluation of care

  • Professional credentialling

  • Social networking

  • Patient control of their health information

  • Artificial intelligence tools

  • Software engineering

  • Health information exchanges, collection and use of mega-data,

  • The “virtual hospital” and “hospital of the future”

  • Computational biology

  • Institutional management including financial planning

Additionally, healthcare informatics is expanding to play larger roles in government and public policy, including national security. The current COVID-19 pandemic illustrates the international impact of that disease, and the importance of efforts to determine origin and understand patterns of spread of the SARS-CoV-2 causative agent are on-going. Individual countries have both common and competitive interests in the impact and management of this disease (and others throughout history). These differing interests contribute to cooperation and lack thereof in efforts to fully understand all aspects of diseases, primarily infectious, with propensity to spread. Meanwhile, the COVID virus is mutating into more virulent and worrisome strains which can have implications for national and world economies as well as national security.

While the COVID pandemic has raged, a serious security breach of information systems of numerous US government agencies and private companies took place and was revealed in December, 2020. Although the extent of the damage has yet to be fully characterized, it has been reported that health information systems at the US National Institutes of Health were penetrated.Footnote 13 This breach as well as the rising numbers of “hacks” of health care institutions’ information systems point to the vulnerability of and threat to the security and privacy of individuals, groups and societal health information, leading to potentially far-reaching economic and political implications.

3 Ethics 101

As previously stated, ethics is a general term encompassing the study of morality and how our understanding of moral concepts of right and wrong translates into behavior. There are a number of sub-categories within the discipline. Normative ethics seeks norms, rules and principles to be used to determine what we ought to do and why. Practical or applied ethics uses the norms, rules and principles to address specific instances or problems in professional, public policy and institutional spheres [7].

Bioethics lives in the realm of practical ethics insofar as it provides guidance toward solving moral problems encountered in fields relating to biology and biologic systems, including health and health care. It arose in the mid-twentieth century in response to growing concerns over the conduct of research on humans, initiated by revelations of the Nazi prisoner experiments at the Nuremburg War Crimes Trials in 1946–1947 and subsequent reports of improper conduct in other research settings in the US and elsewhere [8, 9]. In addition, advances in genetics, molecular biology and neurosciences prompted discussions in religious and public fora on subjects such as abortion, euthanasia, organ transplantation, rights of research subjects and informed consent [10]. It became apparent that the traditional ethical codes and guidelines for physicians did not adequately address those matters and others such as patient rights, equity and injustice, research practice, conflicts of interest, public health matters and, by the late 1970s,Footnote 14 the corporatization of health delivery.

There are a number of frameworks or moral theoretical constructs used in conducting bioethics evaluations and making ethical judgements, that is, deciding on a right course of action [11]. Those in most common use today include principlism, consequentialism/utilitarianism, deontology, rights/obligations, virtue ethics and the related ethics of care. Less frequently encountered are communitarianism, casuistry and others. It should be noted that the framework chosen to address a particular problem or situation may lead to a different end point or ethical result compared to another framework. There are obviously nuances in the facts of a particular situation which would influence the application of these frameworks to those facts and the results.

Principlism

is one of the predominant approaches to evaluating and resolving ethical dilemmas today. It derives from the work of Beauchamp and Childress [12] who first promulgated this method in the late 1970s and has gained wide acceptance since then. The four ethical principles from which the name of the framework derives and the actions required to fulfill them are as follows:

  1. 1.

    Principle of Autonomy—requires us to avoid impairing individuals’ free exercise of actions they deem in their best interest (allowing for certain constraints under special conditions such as for those who lack decision-making capacity) and to treat individuals with respect by appropriately informing, educating, encouraging, and assisting, if needed, to facilitate their decision making.

  2. 2.

    Principle of Beneficence—requires that we act to benefit the patient by actively promoting their well-being and doing what is in the patient’s best interest.

  3. 3.

    Principle of Non-maleficence—requires us to prevent harm directly, minimize risk of harm or remove or remediate potentially harmful conditions.

  4. 4.

    Principle of Justice—requires fair and equitable treatment in the provision of benefits and burdens, without discrimination on the basis of non-relevant characteristics—equity not equality.

Consequentialism and utilitarianism

are related frameworks which both look to the consequences of an act as determinative of its rightness. Actions are right or wrong depending on the net balance of the resulting good and bad consequences. In these formulations, intentions, history and other concerns have no bearing on the rightness of an act. In its original form as described by JS Mill and others, the good being sought was happiness, often equated with pleasure. The consequentialist framework judges the rightness of an act solely on whether the outcome is better than the available alternatives. If so, then it is right. Utilitarians judge the rightness of an act on whether it achieves the greatest good for the greatest number. These frameworks are applied in many circumstances where pleasure is not the goal. Rather, some other good(s) may be desired when considering the proper course of action. The specification of the desired good can influence the arguments to be made and the outcome to be accomplished. Public health is often seen as reliant on utilitarian theory.

Deontology

derives from the Greek word meaning duty or obligation. This framework does not look to consequences to determine the rightness of an act. A rigorous explication of this framework was articulated by the eighteenth century German philosopher, Immanuel Kant. The essence of his approach imputes to us a desire to do the right thing which, in turn, requires that we know what the right thing is. According to Kant’s formulation, moral rules or “maxims” are guides to what is right and wrong. These maxims can originate from external forces—religion, government, institutions—or can be derived using our intellect from our intrinsic notions of what is right. Furthermore, one must act according to the rule out of a sense of obligation to respect the moral rightness of the rule, not out of fear of the consequences of acting otherwise. Kant named his concept of the reasons for a required behavior the “categorical imperative.” To meet the criterion of a categorical imperative, a rule must be accepted as universal, requiring that everyone follow the rule under all circumstances, without exception. For example, “do not lie” qualifies as a universal. We would not want a world where lying was accepted because we would never know whom and when to trust. There are, of course, famous challenges to the maxim of “do not lie.” Consider the circumstance where a gunman comes to Mary’s door asking if John is home and states “I intend to shoot him.” John is home, but Mary answers “no” to protect him. Is such a lie acceptable?

Kant also promulgated another formulation of the categorical imperative which prohibits acting toward another person or persons in a manner that treats them solely as a means to our (or others’) ends, rather than as deserving respect and dignity in and of themselves. This particular formulation has been interpreted to support a principle of respect for individual autonomy.Footnote 15

Another useful framework for ethical decision-making derived from deontology is one based on consideration of rights and obligations. The concept of rights is inextricably bound up with the concept of obligations. A right is a claim for which an entitlement exists such that an entity recognizing the claim owes an obligation (or duty) to the claimant or bearer to fulfill it. Rights can originate from a number of sources, including natural law, i.e., be inherent due to some attribute of the rights bearer. For example, being human has been construed to confer rights inherent to that status. The natural law concept has been articulated by thinkers from Aristotle to Aquinas to Kant and more recent thinkers. A feature of this theory is the primacy of the individual, the rights bearer and claimant. Rights are frequently framed as positive or negative. A positive right entitles the bearer to receive something from the duty-bearer, e.g., and individual, the state or some other entity. A negative right requires freedom from interference, abrogation or infringement of the claim.

Virtue ethics

in Western tradition derives from the ideas of ancient Greek philosophers including Plato and his student, Aristotle, who lived c.350–450 bce, the Stoics (c.200 bce and later) and others. Their explorations of the origin, nature and reasons for moral conduct have been influential to the present day. Aristotle’s Nichomachean Ethics is one of the touchstones from those ancient concepts [13]. The original impetus for that and other related works of the period was to understand what was meant by “a good life” and how to live one. From those considerations came answers to questions about what constituted good character and moral behavior. In brief, Aristotle held that being virtuous was essential to achieving “happiness” or eudaimonia, translated as flourishing or well-being. Being virtuous meant cultivating and possessing certain qualities of character, among them patience, modesty, justice, courage, righteousness, friendliness, wittiness, generosity, temperance.Footnote 16 The virtuous person must also be motivated to want to be virtuous, not merely to possess the traits. The individual who possesses and exercises the traits according to the proper motivation would then be of good character and, in consequence, make good and right decisions to guide proper actions. It should be noted that the concepts of virtue ethics are not unique to Western societies. For example, the virtue-based ethics of Confucius, who lived in the fifth to sixth century bce, were derived from the cultural values expected of the leadership class of an earlier Asian tribal group, the Zhou (1045–256 bce) [14].

Arising out of virtue ethics, care ethics theory developed in the second half of the twentieth century, taking its philosophical base from concepts of caring that are inherent in the nature of medicine, nursing and related health fields and inform the actions of those professionals. Such caring is considered to be a virtue which incorporates characteristics of sympathy, compassion, trustworthiness, fidelity and more. It has been argued by Gilligan and others that care ethics represents a manifestation of gender differences in attitudes toward moral thinking in which women tend to respond by considering needs and taking care of others, whereas men tend to emphasize rights and justice to a greater extent. Of course, these modes are not unique or specific to each gender, and there is a great deal of overlap. Applying different theoretical models in settings where ethical judgements and decision-making are taking place can aid in resolving ethical conflicts [15].

Communitarianism

is another framework for ethical decision-making that places community interests above those of individuals. This approach is seen in cultures which value the welfare of the community above any single individual’s welfare and considerations of individual justice. Private and public spheres have no sharp demarcation.

There are other frameworks for ethical analysis and decision-making—casuistry, feminist ethics and more—which provide useful approaches to ethical decision-making, but they will not be discussed further here. An excellent review of the many approaches to medical ethics is found in the text edited by Sugarman and Sulmasy [16].

4 Physician Oaths

Having reviewed some of the commonly used frameworks for examining ethics, let us now turn to oaths and codes of ethics. As noted previously, standards of behavior for physicians which have come down to us were first promulgated in ancient Greece with the Hippocratic Oath required of students at the school of Hippocrates. That oath is divided into two sections. The first section describes ways in which the student will honor his teacher and the profession—by treating the teacher as he would treat his parents, share sustenance, teach the art to the teacher’s children and teach the art only to those “bound by stipulation and oath to the law of medicine …” The second portion defines responsibilities toward patients and personal integrity, committing to the benefit and avoidance of harm to patients, abjuring actions beyond the physician’s skill set and promising to keep in confidence those matters learned in the course of care “that should not be spoken of abroad.”Footnote 17

The Oath fell into obscurity and was largely unknown for centuries until it was encountered by German scholars in the sixteenth century. Consistent with the religious influences of the times, its references to Greek gods were replaced with Christian terminology, and modified versions were slowly adopted by some European medical universities for their graduates. Usage and spread of various versions of the Oath waxed and waned over a few more centuries until it gained traction after World War Two when the World Medical Association, reacting to the horrors perpetrated by Nazi physicians, promoted the use of a revised version of the Hippocratic Oath to medical students as a reminder of the traditional values physicians were expected to take on. While the language of the ancient Hippocratic Oath is no longer the preferred formulation of commitment to the practice of medicine, a survey of US and Canadian medical schools published in 2018 found that of the 111 US schools responding, 99% administered an oath at commencement or other ceremony at the start of a medical career [17]. All of the oaths drew on at least some of the precepts and sentiments of the original.

5 Codes of Ethics

A code of ethics is a statement of ideals and rules, drafted by an authoritative individual or body, intended to guide the values and behavior of a profession or group. The specified guidance may be affirmative, prohibitive or both. One of the earliest known codes of ethics for physicians originated in what is now China in the middle of the first millennium ce The first recorded code of ethics in European tradition is thought to be one created for its members by the Royal College of Physicians in 1555. The modern concept of a physician code of ethics is represented by that of Sir Thomas Percival published in 1803. Entitled “Medical Ethics, or, A Code of Institutes and Precepts Adapted to the Professional Conduct of Physicians and Surgeons,” Percival’s Code stated moral duties which were intended to apply to anyone who held himself (virtually always male) out to be a physician or surgeon. It specified duties to patients, medical colleagues and the general public; it was applicable to hospitals, physician practices and apothecaries. In addition to ethics, it also addressed some legal matters.Footnote 18

Percival’s medical ethics code soon crossed the Atlantic Ocean to be adopted in part by physician organizations in New England where it was used for governance of the profession and to resolve disputes among physician members. Over a few ensuing decades, sections describing moral obligations to the sick were adopted by the Medical Society of the State of New York, the Medical-Chirurgical Society of the City of Baltimore and, in 1847 at its organizational meeting, by the American Medical Association (AMA). Over the next 150 years, that AMA Code and principles based on it underwent numerous revisions and changes to arrive at its current format of nine principles, last revised in 2001.Footnote 19

Since the mid twentieth century, numerous health care-related professional societies and associations as well as international non-governmental bodies, recognizing the need for commitment to practice their professional activities ethically, have promulgated codes of ethics or guides to ethical practice. Besides the AMA code of 1847, selected organizations’ codes and their dates of origination of interest to us here include the Nuremburg Code of Research Ethics (1947), World Medical Society (1949), the American Nurses Association (1950), Association for Computing Machinery (1966), American Hospital Association (1974), American College of Healthcare Executives (1995), International Medical Informatics Association (IMIA, 2003), American Medical Informatics Association (AMIA, 2007), Health Information Management Systems Society Code of Conduct (2020).

Many of the themes in these health care codes of ethics and/or conduct reflect ideas and obligations stated in the Hippocratic Oath, specifically, acting with beneficence toward patients, avoiding or preventing harm, maintaining privacy and protecting the confidentiality of information obtained in the provision of medical services.

Ethical standards in informatics are important because of the centrality of the electronic health record (EHR) and the privacy, confidentiality and welfare interests of the often-vulnerable patients or subjects whose information makes up the content of those records. The codes of ethics in health care informatics are grounded in ethical principles, as distinct from legal principles, and recognizing that ethics may require higher standards of conduct based on human rights and moral duties than mere legal requirements.

The IMIA and AMIA are two important professional organizations which have promulgated codes of ethics for health informatics professionals (HIPs). The codes specify the ethical duties and expectations that apply to their work.Footnote 20, Footnote 21, Footnote 22 While the codes apply specifically to the members of the respective organizations, they also serve as standards of conduct for HIPs in general.

The purposes of the Codes are: (1) to provide ethical guidance; (2) to describe principles against which to measure professional conduct; and (3) to inform the public of the ethical considerations that should guide conduct of health informatics professionals. The codes must be clear, unambiguous, easily applied to the many ethical challenges arising in the course of the work and flexible in order to adapt to the rapidly changing landscape of informatics. Another purpose is to facilitate relationships between the various parties involved in the provision of health and health care services, including patients, individual and institutional providers of care, administrators, insurers, government agencies, researchers, educators and others.

Following the structure of many codes of ethics, the codes of interest to HIPs open with a general statement that describes the purpose of the code and rationale behind its creation, followed by statements regarding foundational principles which in turn form the basis for the obligations and expected actions and conduct.

The IMIA code specifically references and incorporates the four fundamental principles of Beauchamp and Childress cited above—autonomy, beneficence, “non-malfeasance”,Footnote 23 and justice—to which it adds two more principles considered fundamental—those of impossibility and integrity. The principle of impossibility requires adherence to the four fundamental principles so long as it is possible to do so under the conditions that exist; the principle of integrity requires that one who has an obligation must fulfill that obligation to the best of their ability.

The IMIA code derives general principles from the fundamental principles and defines them as follows:

  1. 1.

    The Principle of Information Privacy and Disposition specifies the individual patient’s or subject’s right to privacy and to control all aspects of handling of [their] personal health information to include its “collection, storage, access, use, communication, manipulation and disposition.”

  2. 2.

    The Principle of Openness asserts the individual’s right to know how [their] information will be handled with respect to all of those activities cited in 1.

  3. 3.

    The Principle of Security requires that the individual’s information be protected by all “reasonable and appropriate means” from loss, mishandling, unauthorized access, use, alteration and transmission.

  4. 4.

    The Principle of Access grants a right of unencumbered access and a right to correct the record with respect to its accuracy, completeness and relevance.

  5. 5.

    The Principle of Legitimate Infringement establishes an exception to the individual’s absolute control over [their] record specified in Principle 1, in cases of legitimate, appropriate and relevant needs of others or society.

  6. 6.

    The Principle of Least Intrusiveness requires that any infringement on the privacy right specified in Principle 1 may only occur in the least intrusive fashion and with a minimum of interference with the rights of the affected individual or subject.

  7. 7.

    The Principle of Accountability mandates timely and appropriate justification to the individual or subject for any infringement of [their] of control granted by Principle 5.

These principles generate rules of ethical conduct for HIPs to fulfill their duties to the various stakeholder groups who may have legitimate interests in the records and other areas of HIPs’ responsibilities. A brief summary of the rules follows. Details are available in the respective codes of ethics and accompanying explanatory documents cited above [5, 16, 17].

Specific rules derived from these principles define ethical conduct in several categories of stakeholder groups, namely to patients or subjects (such terms also include their authorized representatives), to colleagues and other health care workers, to institutions and businesses related to provision of health and health care, to society, and finally, to oneself as an informatics professional.

For the patient/subject-oriented obligations, there are several key elements which HIPs are duty-bound to honor:

  1. 1.

    Patients have a right to know that

    1. (a)

      systems and processes exist for the purpose of collecting, handling and communicating their personal health information (PHI),

    2. (b)

      such collection, handling and communication may only be done with their voluntary and informed consent;

      • there may be exceptions to this provision required by law or other circumstance in which case the need will be evaluated on independent grounds to determine if and how the exception will be allowed. The patient will be advised of such of such action and outcome.

    3. (c)

      in the course of their health care, a record will be established and maintained and know

      • who has established the record and where and how it will be maintained;

      • what is to be held in the record and how it will be obtained;

      • the purpose(s) to which the information will be put;

      • who will have access and to whom it will be communicated;

      • the length of time it will be maintained;

      • the ultimate nature of its disposition.

    4. (d)

      they have the authority to create, manage and maintain their own personal health records using a platform of their choice.

    5. (e)

      they will not be misled about the handling and uses to which the information may be put

    6. (f)

      they have a right to access, review and correct the information they provided or was generated on their behalf, no matter the source.

    7. (g)

      safety, reliability, security and confidentiality of the information is of paramount importance as is compliance with applicable laws, regulations, policies and standards.

    8. (h)

      inappropriate use and disclosure of PHI is a serious matter with potential for significant harm.

    9. (i)

      If breaches of security, privacy or confidentiality have occurred.

  2. 2.

    HIPs must ensure that PHI, personally identifiable information (PII) and other biomedical information will be collected and handled in a safe, reliable, secure and confidential manner consistent with applicable laws, policies and standards.

  3. 3.

    HIPs must never knowingly disclose PHI, PII or other biomedical data in violation of the applicable laws or accepted practices or in ways inconsistent with what the patient was told about disclosure.

With respect to obligations to colleagues, team members and other health care professionals (HCPs) whose needs are served by HIPs, duties include:

  1. 1.

    Assist and support such HCPs in accomplishing their work in patient care, research and education, as appropriate;

  2. 2.

    ensure timely and secure access to the EHR;

  3. 3.

    identify and advise colleagues of problems with systems, processes and other factors which could impair fulfillment of any of the prior specified obligations related to handling of data, PHI or other information;

  4. 4.

    anticipate such problems and have corrective action plans in place to be implemented in a timely response;

  5. 5.

    institute timely and effective solutions to such problems when they arise.

HIP leaders have special obligations to those they supervise in order to assure their own ability to lead effectively and ethically and to facilitate that conduct in others. They must model and communicate ethical values to those they supervise.

Regarding obligations to institutions, employers, business partners and clients, HIPs must understand and fulfill their duties and obligations to those entities as well as be cognizant of the obligations those entities have to various constituencies, first and foremost to patients but also to the public, regulatory and government agencies, shareholders, vendors and others. These duties include:

  1. 1.

    to act with competence, diligence, integrity and loyalty;

  2. 2.

    to facilitate an ethically sensitive security culture;

  3. 3.

    to implement and maintain the highest possible quality standards for all informatics-related activities;

  4. 4.

    to anticipate and recognize potential or actual conflicts requiring measured responses to find optimal resolution;

  5. 5.

    to advise when policies or practices might violate ethical or legal obligations, contracts or agreements with patients.

  6. 6.

    to appreciate potential and actual consequences of change and innovation in high-complexity environments in order to avoid or minimize adverse intended or unintended outcomes.

  7. 7.

    to monitor such changes in order to promptly respond to conditions requiring intervention;

  8. 8.

    to be responsible for informatics education services for HIPs, HCPS and others as needed;

  9. 9.

    to strive to be objective and act in unbiased ways when carrying out professional duties.

Societal obligations

include those related to facilitating the institution’s role in the community as well as those related to research and the protection of human subjects in compliance with accords and principles such as the Universal Declaration of Human Rights, the Declaration of Helsinki, the Belmont Report as well as relevant laws and policies.Footnote 24 HIPs must:

  1. 1.

    facilitate ethical and appropriate collection and handling of data used in planning and provision of health care services to the community and larger society;

  2. 2.

    in research settings, exercise a duty of care to colleagues and subjects even if not specifically included in documents governing research such as Institutional Review Board (IRB), vendor and other materials.

  3. 3.

    balance the good for society and the individual when planning, carrying out, analyzing and reporting conclusion of research.

  4. 4.

    contribute to the timely dissemination of new knowledge.

  5. 5.

    always act with honesty and integrity.

  6. 6.

    ensure appropriate safeguards for individual health information are in place using tools such as anonymizing and otherwise protecting patient identities.

Finally, self-regarding duties as a HIP require:

  1. 1.

    acting ethically and with professionalism;

  2. 2.

    maintaining competence and a commitment to life-long learning;

  3. 3.

    using evidence-based methodologies to improve health and health care;

  4. 4.

    avoiding conflicts of interest

  5. 5.

    refraining from impugning the reputations of colleagues

  6. 6.

    conducting oneself to reflect favorably on the profession.

It can be seen that the obligations specified in these codes reflect high standards of behavior on the part of informatics professionals. It is worth noting though that many of the obligations imposed on HIPs are, in fact, carried out by clerical and other frontline staff far from the loci of HIP work. The clerks who obtain general consent for treatment often are not aware of the detailed information in the forms which they ask patients to sign, let alone take the time to explain details and nuances involved in describing the systems, programs, devices, collection and handling of patient records mandated in the codes. If these obligations are taken seriously, and they must be, substantial effort must be exerted by HIPs to “ensure” that those who actually engage with patients or surrogates at their time of vulnerability and anxiety can and do carry out their responsibilities as required. These staff are, in effect, agents of the HIP and as such are obligated to perform to the same ethical standards in these particular responsibilities of their jobs.

Another point to be made is that there will be occasions when conflicts arise out of duality of obligation on the part of HIPs when trying to act in the best interests of parties with different or competing values and objectives. In those situations, consideration of the various ethical platforms described above may offer fruitful approaches to resolving ethics conflicts.

These few examples illustrate there are great opportunities and challenges in ethics and informatics facing us today and in the future. Let’s consider a few more.

6 Looking Ahead

With our understanding of the ethical obligations required of HIPs, let’s consider some of the opportunities and challenges presented by the spectrum of activities in the realms of eHealth. Recall the six domains of health care quality from the NAM studies referenced above, i.e., health care should be safe, effective, patient-centered, timely, efficient and equitable.Footnote 25 These continue to represent the goals we have yet to fully achieve.

Individual performance factors are certainly important contributors to harm from medical errors, but the NAM reports cited above concluded that system factors played a much greater role in sub-par performance, errors and poor quality and safety than individual performance factors. Their conclusion was that “mistakes can best be prevented by designing the health system at all levels to make it safer—to make it harder for people to do something wrong and easier for them to do it right.”Footnote 26 Certainly, the EHR is a pervasive and critical system factor, with tremendous potential to impact the quality of care; therefore, it should be a major focus for improvement.

Autonomy of decision-making is important to the exercise of an individual’s self-determination, but in the realm of health informatics, the fundamental principles of beneficence, non-maleficence and justice will likely have a greater impact on improving the quality and safety of health care as well as realizing fair and equitable treatment in the provision of benefits and burdens which must be among our highest priorities. The challenge is to determine how to apply the resources of HIT to bring these about. Certainly, one of the driving forces behind mandates to achieve wide use of electronic health records via federal laws such as the Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009 was the belief that such technology would improve the health of patients by facilitating the collection, handling and use of health care-related data. It was also anticipated that access to large amounts of data would enable identification of problems and guide efforts at improving the design and function of systems of care, not to mention the power of aggregate data from patients and populations to reveal patterns of disease and related matters.

The Office of the National Coordinator for Health Care Technology (ONC) lists the following advantages of EHRs:Footnote 27

  • Providing accurate, up-to-date, and complete information about patients at the point of care

  • Enabling quick access to patient records for more coordinated, efficient care

  • Securely sharing electronic information with patients and other clinicians

  • Helping providers more effectively diagnose patients, reduce medical errors, and provide safer care

  • Improving patient and provider interaction and communication, as well as health care convenience

  • Enabling safer, more reliable prescribing

  • Helping promote legible, complete documentation and accurate, streamlined coding and billing

  • Enhancing privacy and security of patient data

  • Helping providers improve productivity and work-life balance

  • Enabling providers to improve efficiency and meet their business goals

  • Reducing costs through decreased paperwork, improved safety, reduced duplication of testing, and improved health.

For each of these putative advantages, the situation in practice is one of, at best, partial accomplishment. This has been particularly frustrating to physicians. Consider the matter of “accurate, up-to-date and complete information” in the EHR. Numerous studies have shown that information of many types in EHRs are inaccurate—medications lists [18], diagnoses [19], cut-and-paste documentationFootnote 28 and many others [20]. With regard to errors, reports examining technology-related factors in malpractice claims found EHRs to be frequently associated with significant numbers of medical errors [21, 22].

EHRs are now in use in nearly 90% of US health care settings. Those that are prone to incompleteness or poor usability or contribute to errors simply must be fixed, but the incentives have not favored the end users or patients. The complexity of EHRs and their proprietary nature has meant that vendors have had a great deal of control over their intellectual property, often to the detriment of clients and patients. Contracts have imposed stringent limits on what users can modify, and the costs of changing vendors is usually too great to consider such an action. These issues have led to legislative remedies, one of the most recent being the twenty-first Century Cures Act of 2016, to encourage medical research and improve care across the entire spectrum of activities related to health in order to achieve ease of access, exchange and use of electronic health information (EHI).

A key attribute of the Act is its focus on the patient’s perspective and experience. Final Rules, specifying the regulations that will govern implementation of the Act, became effective in April of 2021. Hospitals are feverishly working to comply with the law and implement the user-/patient-friendly components. These will likely have a very significant impact on software vendors by limiting anti-competitive practices and requiring vendors to improve standardization and interoperability. It also mandates incorporation of features in the EHRs which will give patients access to all of their EHI, structured and/or unstructured, at no cost, such access to be readily available through smartphone apps and other patient-facing tools to encourage their participation in the mobile economy. With some exceptions, there are specific prohibitions against blocking the exchange of data between and among health IT systems, patients and providers.

These features will ease the fulfillment of HIPs’ ethical obligations to promote patient access to their health information. While patient portals were a starting point for such access, patients’ experiences have not met the original promise as they have proven to be cumbersome to use, limited in the information available to patients and lacking timeliness [23]. The twenty-first Century Cares Act aims to fix those deficiencies.

Considering the characteristics of EHRs listed above and others which contribute to their sub-optimal performance as judged by patients, clinicians, administrators and HIPs, it is incumbent on the designers, vendors and all of us users to advocate for their improvement on many of the ethical grounds articulated in the codes of ethics as well as on practical grounds. Business values and business ethics cannot be relied on to achieve the kinds of changes needed to make certain the EHRs function to allow HIPs to fulfill their ethical obligations. Those values of HIPs must drive involvement in decisions regarding EHRs at every level from design to purchase to functionality, security and privacy. Evaluation of EHR performance compared to the expected goals must be frequently performed and problems communicated to the decision-makers and vendors to assure they make the needed improvements.

Another area of ethical obligation and concern is related to the security of information systems, whether or not related to privacy and confidentiality of patient health records. In 1996, the Health Insurance Portability and Accountability Act was enacted to improve the efficiency and effectiveness of health care systems. Privacy protections were incorporated into the law to gain greater security for PHI and PII. HIPAA was an important though challenging advance in managing health information, but in recent years, new threats to the security of health information have arisen in the form of outsiders penetrating hospital information systems. The nefarious intent often appears to be disruption of hospital activities in exchange for ransom paid to allow systems to resume working, but the potential for outside access to and misuse of medical records remains a concern. Constant vigilance and innovation dedicated to improving security our information systems for the benefit of the patients will be required to fulfill our ethical obligations.

Related to data ethics, consider this. Most health care institutions are facing the need to address how they manage the IT and informatics questions that arise in the course of operations and planning. The handling of data—financial, managerial, quality, etc.—throughout the organization must conform to policies and procedures which address the same issues of security, privacy, integrity, usability and availability as arise with the EHR. Some examples are (1) how to respond to requests by an outside organization with which the health care organization wants to cultivate a business relationship, when access to anonymized patient data is requested for analysis or even commercial purposes; (2) how to manage and use information in a health information exchange or other external repository to compare patient outcomes within and among institutions; (3) how to answer questions from an institutional review board (IRB) related to proper management of data acquired in a research project; (4) considering whether it is possible to completely anonymize or de-identify patient or other critical data, and if so, how? And more critically, if not, how to proceed. All of these have ethical implications and organizations must develop policies and procedures to address these kinds of issues. The HIPs must know their limits and when to recruit and convene additional expertise or establish internal resources like data integrity committees to assist in developing policies for these kinds of concerns.

In the realm of new technologies with foreign policy and national security implications, a question was recently posed as to how to protect PHI acquired by foreign-owned commercial laboratory interests under a contract for laboratory services with a company owned by a foreign government. As reported on “60 min”, shortly after the first cases of COVID-19 were identified in the US, a large Chinese biotech company with ties to the Chinese government and Communist Party made aggressive efforts to contract with the State of Washington to perform COVID testing for the state.Footnote 29 The possibility of access by a foreign government to such a potentially large pool of Americans’ biodata raised alarm within the US defense and intelligence establishments, speculating that biodata had significant national security implications. While the offer was rejected, the episode continues to fuel concerns over the privacy and security of health information on a scale not contemplated in the past.

The COVID-19 pandemic has opened up many approaches to expanding access to care that had been ignored or exploited only to a limited extent. An explosion in the use of telemedicine has occurred which has created opportunities and challenges for HIT professionals to assist in adapting and improving the usability, security and effectiveness of the technology. A recent comprehensive review of ethical issues in tele-health provides guidance in this area [24].

There is much more to be said about the ethical challenges posed by new technologies, new diseases, innovations and just plain human behaviorFootnote 30 which will confront health care institutions in the future—artificial intelligence, telehealth, genomics, proteomics, microbiomics, robotics, predictive analytics and especially improving efficiency and efficacy while assuring high quality of care. It is to be hoped that, as we gain experience with them, the ethical and informatics implications will become clearer as will our understanding of how to address them. Our touchstone must always remain that which is in the patients’ best interests.

Finally, the 2020–2025 Federal Information Technology Strategic PlanFootnote 31 describes priorities and goals for the foreseeable future. Citing patient-centered care as the guiding principle, the plan’s focus is on empowering patients to “take greater control of their health, improve health behaviors, manage chronic conditions, engage in shared decision-making and use bi-directional exchange of data to communicate with healthcare providers.” It will serve as the federal government’s road map for HIT and HIPs for the next 5 years and a prelude to the years beyond.

7 Conclusion

Informatics and information technology are central to reaching the goals articulated in the NAM reports of 20 years ago—that health care must be safe, effective, patient-centered, timely, efficient, and equitable. This cannot be overstated, and it should be clear that HIPs will have important roles in reaching them with resultant benefits to patients and society. Many advances and innovations now gaining traction in twenty-first century health care will raise new ethical questions or require us to look at old ones in new and different ways. While we have an obligation to incorporate useful new tools and ideas into our armamentarium, the benefits will undoubtedly come with risks. Ethics will be our guide to making the best choices to meet the needs of our evolving health system and our patients.