A simple question...
Recently somebody asked me if it would be legal for a (mental) health care professional, e.g. Robert Smith, to send a client, e.g. John, the following e-mail:
Dear John,
Thank you for submitting your homework.
I have read it and added some comments
to it. You can read the comments on the
following site:
https://secured.site.example/login?id=ao87fsadfalksdf8usaflj
Robert Smith
And as additional question: does it matter if Robert Smith omits his family name?
... with a simple answer ...
In the Netherlands this mail would be illegal in almost all cases. The mere fact that John is under treatment by Robert Smith can contain information over the medical status of John. So that information should be protected according to the Dutch law on medical secrecy (for Dutch: that is part of the 'Wet op de Geneeskundige Behandel Overeenkomst', WGBO). And an e-mail is in the Netherlands not considered to be protected enough. The professionals family name is irrelevant here: with or without name the mail will reveal the relation.
... and a lot more to it.
But looking at it on a higher level, there is something fundamental underneath this question. The whole concept of medical secrecy is based on idea that a patient can sneak into the treatment room and that whatever happens in the treatment room stays in there. The introduction of e-health and e-mental health solutions changes the concept of treatment: you do parts of the treatment at home, or any other place where you happen to be. The world is now becoming one big treatment room, smashing the idea that we can keep information nicely controlled inside the treatment room. Even when both the health care professional and client do their best to keep the content of the treatment confidential (what is quite well possible), the fact that the treatment is going on, is almost impossible to hide. And protecting the content of the treatment itself will be hard in e-health settings. It needs a lot of work and knowledge from patient too.
So does e-health mean the end of medical secrecy? That would be a cynical paradox. Medical secrecy is important to ensure anybody feels free to ask for help, whatever the problem is. E-health can also vastly lower the barriers to ask for help. Killing medical secrecy would be an undesirable by-product of e-health.
This paradox once more underlines the need to rethink the concept of privacy. We can't keep information to our selves, it is out there whether we want it or not. We need to go back to the question why we want information about ourselves to be secret. From there on we might redefine 'privacy' from centered around 'having information' to centered around 'acting on information'. It is the only way to go.