Skip to main content

The health care information directive



Developments in information technology promise to revolutionise the delivery of health care by providing access to data in a timely and efficient way. Information technology also raises several important concerns about the confidentiality and privacy of health data. New and existing legislation in Europe and North America may make access to patient level data difficult with consequent impact on research and health surveillance. Although research is being conducted on technical solutions to protect the privacy of personal health information, there is very little research on ways to improve individuals power over their health information. This paper proposes a health care information directive, analogous to an advance directive, to facilitate choices regarding health information disclosure.

Results and Discussion

A health care information directive is described which creates a decision matrix that combines the ethical appropriateness of the use of personal health information with the sensitivity of the data. It creates a range of possibilities with in which individuals can choose to contribute health information with or without consent, or not to contribute information at all.


The health care information directive may increase individuals understanding of the uses of health information and increase their willingness to contribute certain kinds of health information. Further refinement and evaluation of the directive is required.


As health care enters the 21st Century, information technology (IT) is assuming greater importance for clinical care and health delivery systems. IT promises rapid access to the health information required for clinical decisions and management of the health care system, leading to improved health outcomes and more efficient use of resources. Efforts to integrate information technology into health care continue to rise at a rapid rate. In many settings and for many types of services, such information systems are indispensable for health care.

The widespread dissemination of information technology raises several problems. While one of the most heralded areas of health information technology is the electronic patient record, they also draw the most concern [1]. Since medical records are highly personal, many fear loss of confidentiality and privacy [2]. Fair information principles, ethical codes and studies of patient's preferences all support the importance of preserving confidentiality and privacy [35].

The uses of health information extend beyond the clinical domain [6]. Health services research, disease registries, and population epidemiology rely on data collected and archived in administrative databases. Such data reservoirs can be linked and are a rich source of knowledge on patterns of health care. The advent of electronic health records could greatly enhance the quality, availability and timeliness of such data sources. Studies based on these records are integral for providing feedback to clinicians and administrators as well as to health care consumers. For example, such studies form the basis of initiatives, based on public demand, for greater accountability in the health care system through the use of report cards.

While such initiatives require access to personal health information, privacy protection initiatives have also become part of public policy, hindering such efforts. Recent legislative initiatives in Canada such as the federal government's Bill C-6 and the province of Ontario's Bill 159 promise to have an impact on the use of health information for health administration, research and clinical care. In Minnesota, a change in the legislation concerning the access to health records required health providers to notify all patients in writing that records could be released for research purposes and to obtain a written authorization for the use of medical records for research [7]. In the United Kingdom, the Data Protection Act of 1998 (assumed force of law, March 2000) placed restrictions on the processing of health information and enhanced privacy conditions [8]. Such initiatives are commendable in that the privacy of individual information is of paramount importance.

These legislative initiatives, though, may have unfortunate adverse consequences. Depending on the stringency of the legislation, many research and audit functions such as health services research and cancer registries may be at risk. It is unclear how informed both the population and legislators are concerning the uses of health information. The media has consistently emphasized the Orwellian dimensions of large databases [9]. There is evidence from the literature that strict consent laws can introduce a potentially crippling authorization bias [1013]. Authorization bias occurs when patients who release personal health information for health research differ from those who do not in important characteristics relevant to the interpretation of health data. Such a bias, applied at a population level results in an inaccurate estimate of the health status of the population.

Recent articles have underlined the challenges of keeping health records both accessible and private [14,15]. These studies have largely confined attention to systems level interventions focused on technical methods of health data protection. To our knowledge, little has been done to develop tools to improve patient knowledge and understanding of health information, its uses and the manner in which it is protected. It is unclear how systems initiatives alone will increase patient understanding of health information uses, or empower them in their choices with respect to health information usage.

Innovative models, therefore, are required to meet the demands of the information age. Research on patient decision aids suggests that they improve knowledge, reduce decisional conflict and stimulate patients to be more active in decision-making [16]. We suggest that an intervention analogous to a decision aid could be developed to enable health consumers to more appropriately specify the level of sharing they wish to have for their personal health information. The advance directive, used in end of life care, is a type of decision aid that can provide a template for such an aid, which we propose to call a 'health care information directive' [17].


Table 1 shows the proposed health information directive. The health information directive seeks to integrate sensitivity of data with ethical validity of use. It presents the permutations and combinations of sensitivity and usage in a matrix that forms a table, similar to an advance directive. The goal of the health information directive is to allow individuals to make informed choices regarding how their health information can be used. Currently, models of consent for the use of health information derive from consent for clinical interventions. These are discrete and time limited. However, health information, particularly those items that are stored in electronic databases exist almost timelessly and have a multitude of uses. It may be impossible to determine all possible uses in advance, but it is possible for individuals to define the range of possible usages of their health information and to specify the form of data acceptable to them.

Table 1 Schema for a health information directive

The row headings of the health information directive move from "most essential to most discretionary" uses, based on Mullen and Laverey. They state:

To illustrate, the following uses of electronically stored patient data might be placed along a continuum to reflect ethical validity in access or use (acknowledging that the placement of these various interests is debated by different players), where the informing criterion is the proximity of the potential user to the data generator (patient) and their potential benefit/harm in the disclosure of information [18].

The column headings illustrate the types of data from most identifiable to most anonymous. The matrix forms a range of options from most sensitive to least sensitive types of data with most necessary to most discretionary uses of information. Definitions of the column headings immediately follow the table.

Individuals can then, as in advance directives, block out which uses and types of data they do not wish to contribute. They may also specify the range of issues for which they are willing to contribute data, but only with explicit informed consent. There will be some areas that must be blocked out because no discretion is permitted, such as for accounting purposes.

Clearly, the health information directive will require a significant educational effort. It is unlikely to succeed as a stand-alone intervention. Educational programs will be necessary to supplement the decision aid. Computer-based educational modules or videodiscs could be employed to this end.


The health information directive has face validity as it integrates the important elements of health information that have been discussed in the literature. From an ethical perspective, the directive increases patient autonomy, facilitates patient control over information, fosters openness and transparency and respects several of the ethical principles articulated by Kluge [19]. Whether an information directive would increase or decrease authorization for the use of health care information remains unknown and the topic for a future empirical study. It may exert a differential effect by increasing the use of some forms of information while reducing the access for other uses. The legal status of such documents is presently unclear, but it is hoped that bringing the concept forward for discussion may stimulate legal scholarship on this topic. How should the directives best be distributed and administered? As the health care field becomes increasingly based on information technology, it should not be difficult for individuals to be able access the directives either on the Internet or on intranets. These issues, as well as the acceptability of the directive to patients, and the educational component that will need to accompany it, will be further refined and evaluated empirically.

The empirical evaluation and refinement will consist of the following steps. Following the process outlined by Berry and Singer for Cancer Specific Advance directives, key informant interviews will be conducted with stakeholders involved in ethics, law and electronic privacy issues such as Privacy Commissioners [20]. This process will create a directive with both face and content validity. Focus groups with lay volunteers will provide input from the consumer perspective. Educational materials will be developed and refined. The directive will then be evaluated in a randomised study to determine whether the directive can increase individual's sense of empowerment and security over their health information.


  1. Hodges J: Legal issues concerning electronic health information:privacy, quality and liability. JAMA. 1999, 282: 1466-1471.

    Article  Google Scholar 

  2. Advocacy and Communication, Canadian Medical Association Canadians highly value the privacy and confidentiality of their health information. Available:. (accessed 2000 November 9). []

  3. Organization for Economic Co-operation and Development. Guidelines on the protection of privacy and transborder flows of personal data. Paris: The organization,. 1981

  4. Gostin L, Hadley J: Health services research: public benefits, personal privacy and proprietary interests. Ann Intern Med. 1998, 129: 833-5.

    Article  CAS  PubMed  Google Scholar 

  5. Policy and Planning Division, Saskatchewan Health. Consultation Paper on Protection of Personal Health. Available: (accessed 2001 April 16, 2001).

  6. Knox G: Confidential medical records and epidemiological research. BMJ. 1992, 304: 727-8.

    Article  CAS  PubMed  PubMed Central  Google Scholar 

  7. Melton LJ: The threat to medical-records research. New Eng J Med. 1997, 337: 1466-9. 10.1056/NEJM199711133372012.

    Article  PubMed  Google Scholar 

  8. Al-Shahi R, Warlow C: Using patient-identifiable data for observational researchy and audit. BMJ. 2000, 321: 1031-1032. 10.1136/bmj.321.7268.1031. [,2001]

    Article  CAS  PubMed  PubMed Central  Google Scholar 

  9. Garfinkle : Samson. Database Nation: The Death of Privacy in the 21st Century. Chapter 6. To Know Your Future. Accessed. 2001, []

    Google Scholar 

  10. Yawn B: The impact of requiring patient authorization for use of data in medical records research. The Journal of Family Practice. 1998, 47: 361-365.

    CAS  PubMed  Google Scholar 

  11. Jacobsen S: Potential effect of authorization bias on medical record research. Mayo Clinic Proceedings. 1999, 74: 330-338.

    Article  CAS  PubMed  Google Scholar 

  12. McCarthy D: Medical records and privacy: empirical effects of legislation. Health Services Research. 1999, 34: 417-425.

    CAS  PubMed  PubMed Central  Google Scholar 

  13. Woolf S, Rptemich S, Johnson R, Marsland DW: Selection bias from requiring patients to give consent to examine data for health services research. Arch Fam Med. 2000, 9: 1111-1118. 10.1001/archfami.9.10.1111.

    Article  CAS  PubMed  Google Scholar 

  14. Scheonberg R, Safran C: Internet based repository of medical records that retains patient confidentiality. BMJ. 2000, 321: 1199-1203. 10.1136/bmj.321.7270.1199.

    Article  Google Scholar 

  15. Mandl K, Szolovits P, Kohane IS: Public standards and patient's control: how to keep electronic medical records accessible but private. BMJ. 2001, 322: 283-7. 10.1136/bmj.322.7281.283.

    Article  CAS  PubMed  PubMed Central  Google Scholar 

  16. O'Connor AM, Rostom A, Fiset V, Tetroe J, Entwhistle V, Llewellyn-Thomas H: Decision aids for patients facing health treatment or screening decisions: systematic review. BMJ. 1999, 319: 731-4.

    Article  PubMed  PubMed Central  Google Scholar 

  17. Singer PA: Disease-specific advance directives. Lancet. 1994, 344: 594-596. 10.1016/S0140-6736(94)91971-2.

    Article  CAS  PubMed  Google Scholar 

  18. Mullen M, Lavery J: Ethical and legal issues in electronic health information systems: Report of the University of Toronto Joint Centre for Bioethics Working Group.20 April 1998. 2001, []

    Google Scholar 

  19. Kluge EH: Professional codes for electronic HC record protection: ethical, economic and structural issues. Int J Med Inf. 2000, 60: 85-96. 10.1016/S1386-5056(00)00107-6.

    Article  CAS  Google Scholar 

  20. Berry S, Singer PA: The cancer specific advance directive,. Cancer. 1998, 1570-1577. 10.1002/(SICI)1097-0142(19980415)82:8<1570::AID-CNCR20>3.3.CO;2-K.

    Google Scholar 

Pre-publication history

Download references

Funding Acknowledgements

Dr. Upshur is supported by a Research Scholar Award from the Department of Family and Community Medicine, University of Toronto and a New Investigator Award from The Canadian Institutes of Health Research. This project was supported by HEALNet (Health Evidence Application and Linkage Network) a member of the Networks of Centres of Exellence Program which is a unique partnership among Canadian Universities, Industry Canada and the federal Research granting councils.

Author information

Authors and Affiliations


Corresponding author

Correspondence to Ross EG Upshur.

Electronic supplementary material


Definitions: This file contains definitions on personal health information, registry information, de-identified individual information and statistical and aggregate information. (DOC 20 KB)

Authors’ original submitted files for images

Below are the links to the authors’ original submitted files for images.

Authors’ original file for figure 1

Rights and permissions

Reprints and permissions

About this article

Cite this article

Upshur, R.E., Goel, V. The health care information directive. BMC Med Inform Decis Mak 1, 1 (2001).

Download citation

  • Received:

  • Accepted:

  • Published:

  • DOI: