From OR to EMR: Informed Consent’s Rocky Transition to Data

Hackable Part 4

A hyper-focus on informed consent as the primary tool to ensure autonomy represents some lapses in the field of bioethics. To me, informed consent is more valuable in traditional clinical care or medical research than in engagement with big data. Yet consent is the operational tool behind widespread data collection and the prevailing framework for big data. Consent opens the floodgate to permissible data uses and leads to vulnerability to both nonconsensual and unexpected uses. Perhaps informed consent is shifting responsibility, making people bear risk for what should be a corporate responsibility.

Informed consent seems like something that acknowledges people’s freedom to choose and is presented as person-centric or empowering. I question that assumption and look at the role of consent in making a system work conveniently and easily, chronicling a permission that may be used as protection from liability, yet not always in the interest of society, or of the person seeking care or whose data is collected. Rather than being consistently mutually beneficial, informed consent in the context of medical and wellness data may be a convenience connecting records to insurers, allowing for electronic medical records as well as search histories and purchasing preferences that indicate health conditions, and feeding large pools of aggregated data. Informed consent can protect the body from unwanted touch but is not as adept at protecting people’s data. That is, informed consent alone is insufficient to empower people in the collection and use of data, yet hospitals, radiology centers, web-based applications and ecommerce, and practitioners ask more of it than of other principles.

In the OR

Photo 18341396 / Consent Form © Brad Calkins |

The term “informed consent” emerged in the 1950s. The concept arose from much earlier cases where people seeking medical care were subjected to bodily intrusions to which they did not consent. See for example, Mohr v Williams (surgeon operated on left ear when plaintiff had agreed to surgery on the right), Pratt v Davis (nonconsensual hysterectomy), and Schloendorff v Society of New York Hospital (nonconsensual hysterectomy). In Salgo v. Leland Stanford, Jr. University Board of Trustees (1957), the court first used the term” informed consent”. Canterbury v Spence (1969) took a patient-centered view of informed consent, requiring disclosures of certain risks. Doctors must include small risks of severe harms, yet, to be disclosable, risks must be known. Informed consent became the assurance that doctors must respect patient autonomy, a concept arguably eroded by competing interests and limited in certain circumstances like emergency medicine. Yet it was around well before modern technology and big data. It did not come from a tradition of protecting data. It arose from a tradition in the doctor-patient relationship having to do with bodily acts. Is the same old informed consent enough to protect consumers, especially consumers of healthcare, in light of data mining?

Informed consent is a valuable first-line protection, but it is more meaningful in surgical or clinical settings when the subject of the consent is the medical procedure or medicine than when used for data collection, high-tech radiology or digitized results, or electronic medical record storage, where model language exhibits its role in preventing liability.

Consent as a Quid Pro Quo

As noted in a post about voluntariness, to be realistic, consent should be viewed as a condition of participation rather than as fully voluntary. Consent is a quid pro quo and may bar future complaints—it is seen as a waiver. It is an entry fee to receiving medical care, to being able to use certain websites, and to access the healthcare system in its current form.

Anne Zimmerman CC-BY-NC

Electronic Medical Records (EMR), Images, and Big Data

For example, I will give you consent if you will give me an MRI. When the consent form says my data will be shared with an insurance company and used for medical research, I sign in exchange for the MRI. The person may assume the medical research is secure, in-house, and limited to deidentified data, and it may be. The medical research may be added to public research databases, access to which is often password protected. In this case, let’s say it is a brain MRI. It is possible to identify people from MRIs using facial recognition technology. Consent, while it may be fully informed or somewhat informed based on the person’s understanding of technology, does not prevent identifiable imagery or digitized faceprints from making their way to less secure and even global research portals, and eventually, in a deidentified format, to data miners. It also does not prevent genetic discrimination based on the results as the mere collection of the data may create a vulnerability. Ultimately, consent does not control data very well.

In the data context, the consent merely leads to collection and storage of data in ways governed by other policies, laws, and practices. As a side note, HIPAA also was not designed to protect data as much as to create rules surrounding the portability and accessibility of data. In medical ethics, the good of the data (“beneficence”) is the ability to learn more about people, diseases, and health. Rather than viewing privacy alone, the medical research community sometimes weighs risks to privacy against the benefits that may derive from the data with an eye to maintaining deidentified secure pools of data. Many privacy laws as computers were developed focused on certain characteristics, distinguishing personal data from nonpersonal, anonymous, or deidentified data. Resolutions concerning data privacy often are dual purposed. For example, the Madrid Resolution of 2009 approved by the International Conference of Data and Privacy Protection Commissioners aims to protect personal data and facilitate the flow of personal data “in a globalized world.”

Breaches Operate Outside of Informed Consent

In medicine, if a person consents to surgery understanding the risks, and one of the predictable risky events happens, the consent may serve as an appropriate waiver of the right to sue, or even to complain. Well, you knew the risks. Even when consent seems involuntary and is viewed through the lens of access to care, the realistic quid pro quo, it is a good ethical cornerstone in medical care. Informed consent’s liability protection may end where medical malpractice occurs. In cybersecurity, even if the person knows some of the risks, there is reason to question the ethics of how the person is interacting with the technology, and how vulnerable society and people are to harms that exist outside of consent.

The data world is larger than the operating room. The risks are of a totally different nature from the physical risks, or mental and emotional risks of physical harms from medical care. The onus should not be on the person consenting.

Data and Non-Bodily Harm

Anne Zimmerman CC-BY-NC

The harms that exist regardless of informed consent can be categorized as illegal acts, accidental or negligent data leaks, and financial injustices. Privacy categorically cuts across all three.

The Illegal

First, some are actual inappropriate and illegal actions like hacking, ransomware attacks, foreign adversaries using data for strategic advantage, extortion plots, identity theft, bullying, and stealing by hacking bank accounts and financial data. Ransomware attacks could hurt those seeking care as hospitals may be unable to see encrypted medical records, something potentially dangerous for people experiencing medical emergencies. Hacking is nonconsensual — it operates outside of consent. Consent at the point of collection creates the vulnerability. Cybersecurity is arguably protective, yet we observe crippling effects of ransomware attacks or data breaches fairly often. Assuming that everything is hackable would make people reconsider what information they share and how. Maybe this “hackable assumption” would reel in certain behaviors and highlight a lapse in privacy law and policy. That is, people’s permission, or explicit informed consent, is not enough to protect them.

The Mistakes

Second, unintentional data leaks or inadvertent security lapses by medical systems, hospitals, or insurers may expose people’s personal data and financial data that hospitals collect. Employees may save data in a non-secure way or temporarily put data on a phone without someone’s consent. Leaks that reflect purchases or search history may also divulge personal medical issues and would not be protected by privacy laws specific to health care. Consent does not allow poor storage, yet it is not powerful in preventing it.

The Unfairness

Third, there is financial unfairness when industry profits from marketing and advertising using the data. With or without consent, the profit problem exists. In the medical setting, the informed consent paperwork does not mention that the person signing would be waiving the right to compensation for the use of the data, the deidentified data, or even a faceprint, which is not deidentifiable. It is just assumed that any piece of the data would be given by the person seeking health care for free, that the hospital can use it for research with consent, and will sell what it is permitted to sell, and that MRI or other radiology businesses, pharmacies, online stores or website owners, medical businesses, biotech firms, and device sellers can sell more broadly to data miners as they are less constrained by regulation. In Barcode Me, I assert that I would like compensation for my data.

Key to Solutions

Privacy Enforcement Occurs After the Damage

The law covers privacy problems both by punishing after the fact and by requiring efforts to protect the data. The HIPAA “Privacy Rule”, created to meet the Fair Information Privacy Practices, is enforceable various ways. For example, if personal health information is leaked, the Office of Civil Rights (OCR) can fine wrongdoers. The Department of Justice (DOJ) also has enforcement authority. And the Federal Trade Commission (FTC) can enforce. Most enforcement options concern “deceptive” or “unfair” practices yet there have been many fines for software flaws and security failures. But the enforcement solutions do not protect people in advance and often “best efforts” are not enough.  The principles behind privacy laws could fill in where informed consent stops protecting. Laws that balance portability, data sharing, and convenience do not account for people’s rights as well as principles of fairness, transparency, and use and collection limitations would.

Higher-Level Public Policy

At a higher level, regulations and best practices could alter incentives that encourage data resale and overuse at many levels. For example, pharmaceutical companies’ desire to purchase prescriber identifying information for marketing, especially for detailing from data miners may not be ethically justified—and if marketing and advertising were regulated more stringently, the data would become less valuable to them, disincentivizing its purchase. (Although, for now, free speech protects some marketing tactics.)

Also, laws surrounding liability influence consent. I would assert the consent should not preclude a cause of action concerning data. Holding organizations to cybersecurity standards could lead to improved technology, innovations in the cybersecurity space, and an increased role of collection limitation to reduce risk of liability. People consenting to collection, use, or storage are not really taking the risk in a meaningful way—they merely are asking for participation in the care, radiology, or purchase, or they are wishing to share information for medical research. Of course, they expect best efforts to keep data safe. Consenting to data collection, storage, and use does not do the same task as consenting to surgery. Much data collection that involves health and wellness, especially in the online ecosystem of purchase and search history, could be governed without the “cookies” nonsense. Rules about data collection could govern, allowing people to freely use websites (generating profits for businesses) and guaranteeing them that no extra data is collected, or that it would not be sold. The same holds true for the quasi-medical consumer businesses like radiology outlets or pharmacies. Companies could purchase people’s data explicitly. That is, the whole thing could be turned on its head.


People and the population at large do not have a perfect avenue for protection from those harms to which consent is irrelevant. As a matter of the general welfare or national security, reimagining informed consent would be valuable considering its failure to operate neatly outside of traditional medicine and scenarios that involve the body. The framework of consent for the collection and use of machine generated images, data, purchase history, and electronic medical records is insufficient. It is clunky and allows a universal shrug—you consented, you accepted cookies, you submitted the school form, you permitted the use for research. Other laws pick up the pieces after a breach. Principles like collection and use limitations may need to be pushed to the forefront of data ethics and operate without a simple waiver. Once the door to participation is opened by “informed consent”, a body of protections should be in place that elevates the other principles, especially financial fairness. The aggregated, sold, and resold data is a vulnerability. And it is unclear that consent would make any difference.

Photo 125171698 / Doctor © Sergey Tinyakov |

Resilience: The Role of Reactive Critical Thinking in Bouncing Back from Disasters and Disruptors

Resilience is a form of political capital and a necessary element for health and wellbeing. A resilient democracy might weather distress, just as a resilient person might, but what are the prerequisites of such resilience? The ability of physical, political, economic, and social structures and people to bounce back from socioeconomic, political, climate-related, or health disasters is crucial. Key elements include common sense, the ability to learn from past mistakes, and operationalizing multiple solutions. It is crucial not to plan exclusively for one scenario only to face a different one. Government resilience is generally steeped in preparedness. But even with the best preparation, unexpected events can be catastrophic. “What if?” can be followed with seemingly far out, unpredictable events (what if a meteor hits New York City right now?) and with likely events (what if low lying coastal land floods again during this hurricane season?). The problems can be sociopolitical: what if the US experiences a civil war? or a sudden economic crisis? Increasing uncertainty as we witness rapidly changing technology, severe climate events, and global sociopolitical flux requires bringing certain constructs together.

Beyond Preparation

We cannot always apply a “what if” strategy – some things will not be predicted, some predictions will not be societally accepted preventing devoting resources to preparing for them, and some things are so unlikely that diverting resources from likely problems would not be ethically justified. Using hindsight, a much more robust program (like the Predict program of USAID) to identify potential viruses that stem from the animal population would have been a good use of funds had it prevented or provided easy correction to the pandemic. Learning from preparation mistakes would lead to better ways of dealing with expected events, whether likely or unlikely, but, importantly, analyzing the best way to think when addressing a disaster could inform a framework for reacting to the unexpected.

Illustration 200090202 © Dizain777 |

“Emergency preparedness” is not equipped to protect in the best ways, especially when political structures and cultural traits combat the ability to immediately follow a core group of experts. Early action also could falter if the route followed is incorrect, like failing to mask and contact trace early in the pandemic. E. William Colglazier argues that following the “consensus assumptions” has led to high-cost mistakes. I would argue some approaches to unexpected events, disasters, or revolutionary discoveries interfere with resilience: overreacting and then overcorrecting; failing to react in time; and over-planning exclusively for one scenario while failing to plan at all for the less likely but potentially harmful scenarios.

Part of the purpose of this critical thinking bioethics website is to explore ways we think through problems. Many problems are new and complex, like problems arising from social media, facial recognition, unpredictable weather in a predictably changing climate, or conflict and war. Others are longstanding like age-old fights for healthcare autonomy in a system where the vestiges of paternalism endure. In approaching problems in the ethical space, especially those affecting health and the environment, problem-solving techniques must be adaptable, and accessed from and used across many disciplines. Critical thinking skills allow a better framework for analyzing normally unrelated issues that prove to be interwoven.

climate resilience
Photo 65451037 / Climate Change © Sjors737 |

For potentially catastrophic weather events, detection systems like those measuring oceanic earthquakes can serve to save populations from tsunamis. Moving to less dangerous living conditions can prevent harm, but has its own costs, both emotional and economic. Protection of the vulnerable is first and foremost. Using the language and philosophy of “no natural disasters” highlights preparedness, but philosophies that extend to resilience must offer more. We were not prepared for X. Now what?

Disruptors, Catastrophes, and Tipping Points

Photo 96584778 © Jonathan Weiss |

Disruption is a buzzword in the tech industry. Blockchain technology is a disruptor, as is cryptocurrency. Amazon and Uber are disruptors – they changed how we do business– government entities were unprepared to deal with their ability to upend traditions and as a result, the conveniences and needs they filled came at a cost. A trend of workers becoming independent contractors with little protection, taking loans to buy their own cars or other materials, and getting low pay without benefits has a societal cost.

social media
Photo 111361857 / Social Media © Rawpixelimages |

Identifying social actions as disruptors is helpful. For example, social media, a known disruptor in tech, had a snowball effect of being a cultural disruptor. As a tech disruptor, it created a new market with billions of customers. As a cultural disruptor, it sowed unrest by allowing news to travel faster, people to find their “tribe” easily, and as a result it plays a role in fracture and polarization. It can hurt young people who feel excluded and is associated with increased depression and it may decrease attention span. But it also connects people with long-lost friends and keeps families in touch.

The fall of governments, violence between regimes, and ensuing mass migration can also be viewed through the lens of disruption. Normal processes and systems of government can end in a quick motion—the change in Afghanistan’s rule, where now barbers have been asked not to trim men’s beards, the assassination of the President of Haiti, where turmoil ensued, and the challenges immigrants face in multiple unwelcoming countries like Haitians leaving Chile only to be turned away by the US. Some countries also are failing to maintain their democratic ideals. To shore up the resilience of democracy, the roles of governmental structures that empower people must be explored. To shore up the social fabric and economic sustainability of non-democracies, failed states may need access to humanitarian aid from international organizations.

climate change hurricane
Photo 140342494 © Mariusz Burcz |

While climate change is somewhat steady and predictable, harsh weather events and their fallout are not. Climate migration is in many ways a science—experts predict it. But the impact of Hurricane Ida in New Jersey left social systems strained, disrupted local economies, and caused death. The preparation was lacking and the precursors for resilience were not in place, making bouncing back take longer. At the community level, once the bad thing happens, resilience-minded thinkers can contribute. Sometimes picking up a broom and clearing a roadside drain is the commonsense measure necessary. Attributing all fault to and expecting all solutions to flow from government will not lead to maximum resilience.

The new restrictive abortion laws may be a disruptor in a sense. If permissible, restrictive laws will inevitably disempower women. Resilience will require creating new networks, exploring political avenues, private sector solutions, and non-profits. Women historically tend to be very adept at resilience. To contextualize women’s rights and disruptors, resilience would mean a democratic voice, choice, and possibly compromise. As another example, emergency contraception was a disruptor enabling people to prevent pregnancy after intercourse. As of 2015, over 20 percent of women of age  15 to 44 had used emergency contraception like Plan B. But it has been the topic of debate among those who harbor religious beliefs opposing it, and in some locations, pharmacists have resisted supplying it. Resilience among advocates, women’s groups, and organizations offering medical care can shore up constitutional rights and prevent governments from intruding on personal decisions.

Similarly, to me, District of Columbia v. Heller changed the Second Amendment suddenly and drastically and mass shootings increased after it. The jurisprudence was slow to show resilience, but over time, some new state laws have pushed back, and they aim to improve safe gun storage, use, and oversight. The Second Amendment itself may not return to its former iteration, which was more limited – it is difficult for supporters of sensible gun laws to be resilient when the highest court makes a significant change in jurisprudence. Even with three branches of government, new ideas may be necessary to stop one branch from overreach.

Brexit was a movement that appeared to take the global economic community by surprise, although it corresponded with increasing nationalism and populism in many countries. The literature notes EU resilience and some efforts to improve supply chain resilience in the UK.

The China Roads and Belts initiative is changing a global power structure and may lead to a tipping point. China’s power over regional supply chains will trickle down and could hurt countries edged out of new markets as well as hurt the self-sufficiency goals of developing countries. Countries need to be resilient to counter China’s influence.

The US, state, and local government and agencies need to exhibit resilience after the January 6, 2021 attack on the capital, the protests in the wake of the killing of George Floyd, and hurricane Ida with local deaths in areas prone to flooding. A resilient electorate may depend on public trust. Trust in institutions like the CDC, FDA, police forces, OSHA, NOAA, etc. would improve resilience when the US faces rapid change or unrest. Without trust, bouncing back is more difficult.

Thinking Skills, Generalism, and Common Sense

Knee-jerk reactions in crises have problematic consequences. But what about thought-out solutions that fail? Colglazier cites the Afghanistan exit as chaos that was grounded in consensus expert advice. In the COVID-19 pandemic, vaccination is the global consensus solution, but the obstacles, both predictable and unexpected, are impeding its use as a strategy for resilience.

Vikram Mansharamani asserts “seemingly unrelated developments may impact each other,” arguing in favor of generalists and malleable skill sets. Mansharamani favors “breadth” over “depth.” Taking his advice and applying it to reacting to unpredicted events, dynamic viewpoints and open-mindedness will allow for new strategies to face problems and successfully achieve ethical solutions. Generalism is needed to link specialists—those who study many areas can be helpful to combat the focus that often leads to experts overemphasizing their field’s role in disaster relief, preventing resilience. Specialization may be tied to the consensus view failures Colglazier refers to where disasters are approached by going all in on one solution.

If many people trained the same way devise the proposed solution, there can be a funnel effect where they validate each other, as seen in US public health. If different fields participate, there can be a broadening of solutions to try. For example, resilience or the ability to bounce back from the pandemic to some degree depends on vaccination rates and achieving herd immunity. Many articles in public health discussed scientific misunderstanding alone, depicting people as gullible, possibly inflaming them rather than winning them over. The social sciences more broadly exhibited understanding and approaches to hesitancy.

In addressing the many impending potential tipping points and uncertainty, we need common sense and critical thinking. Rather than preparing for every possible contingency (and in addition to preparing for those for which that makes good sense) that can happen whether to do with war, health, immigration, or climate, a thinking skill set and a coalition of strong thinkers in positions of power is needed.

Personal Resilience & Critical Thinking

Resilience is the ability to manage stress, adapt to change, and “return to a state of mental wellbeing.” Resilience can be physical, emotional, mental, and social. There are tools in psychology to help people develop more resilience. While we may see that as toughening up, it is also the ability to take time to be creative, think, and become comfortable with change.

Illustration 172885244 © VectorMine |

Personal resilience also requires making sense of things—I argue that critical thinkers accept the unorganizable and organize and influence what they can. They avoid failed strategies and have a willingness to try unproven strategies yet the common sense to try multiple solutions at once rather than put every resource into one solution. They are aware of many choices, pros, and cons, but are also decisive, even if the decision is to employ more than one strategy.

Personal resilience informs societal, governmental, and global resilience. Large societal and even global structures need to toughen up; and they need to include creative ideas and apply old ideas that work and new ones that might work.

Societal Resilience

Include the Spectrum of Ideas

Partisanship interferes with resilience, yet so does complacency and a failure to challenge the assumptions of those in power. Polarization hurts the open roundtable discussions. A climate change denier and a tree-hugging environmentalist who will not touch disposable paper products at all and uses only a solar panel for electricity each will have more trouble appreciating the views of the other side if they are the only two in the room. Centrism, or even the consideration of all viewpoints along a spectrum, is a frustrating listening task but appears to be the only route to positive debate and common sense. If twenty subtly different views along a political continuum are voiced and respected, it is unlikely a polar view or a stalemate will prevail.

Look to Local, Federal, and International Components

Resilience often includes strong communities. In a flood, communities are never sure whether and when FEMA will come (and FEMA is crucial in emergencies) but a few neighbors and bags of sand help. Communities shore up local infrastructure and are the place where neighbors react together. That initial coming together after an emergency is itself an act of resilience. New York City after September 11 exemplified every type of resilience: community, buildings and structures, businesses, transportation, real estate, and education all eventually bounced back. Resilience is about clean up, building back better, strengthening infrastructure, and rising above.

Eliminate conflicts of interest

Government would be more resilient if people had public trust and confidence in government and corporations. The COVID-19 vaccine arguably would have been accepted by more people sooner if they had confidence in the CDC, FDA, Pfizer, Moderna, and Johnson & Johnson, and the media.  

Think Big, Link Specialties, Generalize

Nonspecialized critical thinking and common sense may be effective tools to foster resilience after unexpected events. Individual and societal resilience may rely on the same characteristics making individual thinkers an important part of collective solutions. Looking outside specialties would allow different frameworks to contribute to solutions. Many minds would bring creativity and perspectives that may better identify risks of linear strategies produced by those educated in the same field. Bioethics can have an important role in ethical responsible outcomes by applying critical thinking across relevant disciplines like environmental science, immigration, law, technology, political science, economics, social work, and policies affecting the social determinants of health.

Feature Photo 119240864 © F11photo |

COVID-19 Vaccine Hesitancy: The “Misunderstanding Science” Issue Is Just a Symptom

COVID-19 vaccine hesitancy requires a trust-based solution. A response to societal problems should be steeped in social solutions. Science does the most good if it coexists with public trust. A focus on misunderstanding science as a primary reason for refusal to get a COVID-19 vaccine distracts from failing to believe scientists and the other reasons for hesitancy. This post is a follow-up to one examining religious refusals. Arguably, no science is necessary to absorb the number of deaths, the nature of the emergency, and even to assess the role of the vaccine in decreasing severe cases.

Highlighting the Danger of COVID-19 Vaccine Hesitancy

bioethics mother vaccine hesitancy
Photo 29457499 © Evgenyatamanenko |

Vaccine hesitancy can reflect reasonableness and rationality, protective parenting, and precautionary behaviors. It is worth assuming the logic that supports some hesitancy as a start to repair some of the distrust. One misconception is that all hesitancy is bad. Bernice L. Hausman recognizes hesitancy as an appropriate check on scientists and government and in her book, Anti-Vax, voices and backs up with evidence many of the rational reasons for which people question vaccines or require additional information. She asserts in an age of “helicopter parenting” discomfort with the many vaccines expected or required at very young ages is predictable and often comes from well-educated adults. Addressing them with an understanding stance and asking for a small sacrifice for the public good makes sense in the hesitant population. The best argument may acknowledge that some vaccinations are less justifiable and the ethical arguments in favor of those are weaker, but the COVID-19 vaccine speaks to an ethical imperative to save your neighbors and yourself.

vaccine hesitancy science
Photo 111134338 © Kwanchaidt |

Some Hesitancy is Consistent with Science as Usual

Waiting for data aligns with science—so those waiting for more data should be recognized as having views completely consistent with science as usual, yet inconsistent with the unusual speed of the pandemic and the degree of risk of remaining unvaccinated. The same scientific community that assures people pharmaceutical safety is worth the long wait must reconcile the crucial difference: the pandemic is an emergency. Common sense makes it clear—but science is devised purposely to hold clinical trials and observe and record results over time. The discrepancy in methodology, the need to rush, must be framed explicitly with a focus on the risks of the disease compared to the risks of the vaccines. Depicting those who wish for more clinical trials as “misunderstanding science” is not exactly correct, although they likely misunderstand the gravity of the disease or are unconvinced by the available safety data.

Understanding Science is an Unnecessarily Tall Order

If misunderstanding science were the root cause, then simple science lessons would win everyone over. Importantly, some people dislike vaccines for reasons that operate outside of science. Never before have we associated an understanding of the science with medical care to the degree we do now. It seems to me when I was permitted to sign off on my child’s stem cell transplant with a certain degree of understanding, I met others signing off who grasped much less of the science. We were all able to “consent”. It is refusal, as usual, that is at issue. Rather than expecting people to understand new mRNA vaccines and the science behind them, trust is the missing feature: I trusted the doctors at the time of the stem cell transplant.

vaccine hesitancy
Photo 26363875 / Confused © Martin Applegate |

While misinformation and a failure to understand or appreciate vaccine science continue to plague the discussion of hesitancy, that line of reasoning implies a scientific education solution to what is essentially a social failing. Social problems call for social solutions. Why do so many people either fail to understand or succumb to misinformation?

Distrust Due to Health Care and Partisanship

One study recognizes that where hospitals failed to meet the public’s needs in the pandemic, vaccination hesitancy is higher. Where healthcare delivery is worse, public trust is generally and predictably worse. But at a higher level, where health is made unachievable or impediments to health exist and flow from government policy, public trust is rightfully eroded as well. People feel left behind. Yet also, in the US, areas with less access to high quality or specialized care also may have more people who vote Republican, a trait correlated with a failure to get the COVID-19 vaccine. “Partisanship is the strongest predictor of COVID-19 response.” Political affiliation is correlated with COVID-19 vaccine refusal and government mandates like masks and social distancing. There are many causes of distrust.

Distrust Due to Psychology and Media

vaccine hesitancy bioethics
Photo 89411633 © Dunca Daniel |

Republicans who watch Fox News were less likely to become vaccinated than other Republicans. Media is influential in voting patterns. Polarization and a group mentality are societal problems that this time happen to concern science, leading to wrongly identifying COVID-19 vaccine hesitancy as primarily a lapse in the ability to understand science. The assumption that scientific literacy is the primary issue implies that people would individually leave their herd if they received scientific data from outside the group. They sometimes do—so the assumption that misunderstanding is partly to blame is partly correct —but there has been too much public health messaging that is correct to assume that better scientific messaging would win them over. Rather, they do not trust the other sources and do not want to deviate from their social group or media loyalty. Rather than relegate the problem to a failure to understand science, the failure I would identify is a failure of public health to appreciate how much people distrust institutions and the reasons for the distrust.

The desire to misunderstand the science may exist– motivated reasoning, attitudes deeply rooted in social mechanisms, and a desire for validation lead people away from objectively approaching facts.

Toward Solutions

The social controversy operates on the plane of individual rights, community ethics, and corporate power in society. At one level, a patient (rationally or irrationally) may distrust big pharma or their own doctor to a certain degree. Similarly, a consumer of information might distrust the media, or certain media outlets. Separately still, people may wish to exercise rights that go beyond those accepted as reasonable in civilized society historically, also regardless of science. Trust in institutions must become a shared goal to be achieved both by persuading the public to engage and learn and by institutions maintaining or developing trustworthiness. Both the supply of and demand for truthful information should grow.


STEM education is great, and likely would contribute to people understanding science, but it will not solve a problem of distrust or polarization. A good social sciences paper might address important topics: Why is a COVID-19 vaccination mandate not a sign of authoritarianism, but instead a codification of a presumed or desirable moral social compact? What are the distinguishing traits and the proper emergency powers of government, and how can we protect against the abuse of those powers? How was the erosion of the credibility of institutions that provide primary scientific research during the Trump presidency a sign that democracy is vulnerable to ignoring science and to extreme views of individual rights? How do a distrust of media, economic and social discontent, and appeals to those who are feeling left out to join fringe groups with extreme viewpoints impact society?

If a failure to understand the science is viewed as a public trust issue, then shoring up the institutions that provide trustworthy research should be an important goal. I would assert a journey from FDA commissioner to venture capital firm that financed Moderna is bad for public trust. The delivery of second-hand spin on talk shows and social media snippets reflects the financial agenda of media giants and confirms that the media influences the public and furthers the misinformation. The ability to distinguish valid trustworthy research and to discern which organizations consistently provide verifiable valid research stems from understanding institutions, democracy, processes, history, and political and social sciences as well as some natural science. Science is most impactful when more people in the general population know which organizations to trust and how to find reliable evidence. A movement away from two myths (that all vaccines are equally good and that no vaccines are any good) is giving way to an opportunity to understand the relationship between hesitancy and trust and between rights and rules.

Hackable: Children’s Digital Literacy and Voluntary Disclosure

(Part 3 of series)

Children and young adults spend significant time online using apps that collect massive amounts of information, but they may lack digital literacy. Schools also collect much more information than they used to. The voluntarily divulged information in an online profile plus any hackable identifiable data make children vulnerable to future and current ethical breaches. I am concerned about whether the first prong of privacy, confidentiality, will remain meaningful. For a claim of confidentiality to be ethically (and usually legally) enforceable, people must reasonably expect confidentiality. Because adults often do not supervise children’s use of apps, creators of digital platforms, especially social media should be legally compelled to ensure sharing is within groups. The easy ability to share to the public undermines any future claim of confidentiality. Children who become adults and wish to erase their social media footprint will encounter difficulty and have no law or arguably even ethical basis to claim privacy violations.

Photo 139053109 © Bigtunaonline |

The open issue that is also problematic is the relationship between confidentiality and constitutionally protected privacy or a right to be left alone. (A previous post explains two aspects of privacy.) Louis Brandeis referred to a “right to be let alone” before becoming a Supreme Court Justice. He predicted that things meant to be “whispered in the closet” may truly be shouted from “house-tops” as new technologies arise. While he was referring to rudimentary cameras, social media has brought new meaning to shouting from the house-tops.

When a Young Adult Wants a Past Kept Private

Young people generally have less digital literacy and are not contemplating how information could later be incriminating. Many have sizable digital footprints. There are many examples of problematic digital breadcrumbs hurting young adults. For example, a transgender young adult who could not erase evidence and pictures of a younger self that were gender specific may suffer from the permanency of the digital footprint. Having released information, people cannot control its perpetual existence and internet footprint. Many people have had college acceptances revoked due to inappropriate, racist, or offensive social media posts. The digital landscape also makes sexual or inappropriate pictures “go viral” ruining reputations and causing harm. (Societal views destigmatizing sexuality may be helpful in that context.) Cyber-bullying brings another ill-motivated way to attack a peer. Pictures, videos, and posts can become collateral in elaborate schemes.

Despite the risks, children and young adults divulge information online, on social media, and send pictures electronically. The ethics of the public digital footprint of young people must be contextualized. Social media eliminates the ability of young people to make the learning mistakes that pre-social media generations could make. Changing societal standards, even political correctness, can make well-meaning posts become obsolete and offensive. The ever-changing way that Americans discuss race, ethnicity, gender, and politics makes last year’s acceptable remarks next year’s prohibited remarks. Since such remarks may be posted on social media, adults must address the ethical issues arising when society holds children’s past remarks to a current level of perfection. Last year’s woke statements will not seem woke in another few years.

Photo 181237204 © Boumenjapet |

Digital Literacy or Creating Best Practices for Adults?

Approaches to voluntary disclosures by children must incorporate complex concepts:

  • Is the disclosure truly voluntary? (social media is pervasive)
  • How can privacy’s other prong (freedom from government and other (private) intrusion) be harnessed to mitigate the harm of losing the confidentiality prong of privacy?
  • How can we consider (and predict) future consequences, harm to future adults?
  • Turning it all on its head, can society destigmatize some of the words and behaviors depicted on social media? (sexy, spoke about race in a term later outdated, cultural appropriation that was accepted at the time, strong political views expressed with childish enthusiasm in tweet lengths, commentary on current events without enough information)
  • What is the role of adults in behaviors that shame children and adolescents who post viewpoints formed when they were young, vulnerable to peer pressure, or mimicking parental views that they later reconsider as adults, etc.? (e.g. racist posts by young people may signify a parenting lapse, but the child will pay years later if running for office and applying to jobs.)
  • Can standards of fairness surround social media “mistakes” made by young people? Could government and employers enforce fairness? (The media is probably the worst, most judgmental, least forgiving entity.)

An approach to children’s digital footprint must be broader than the tech community, yet the burden cannot be placed on parents to oversee every letter typed in and every picture posted. Engaging broader society in forming cultural acceptance of mistakes made publicly would help provide children with the ability to learn from mistakes. As things are, the costs are too high. Evolving viewpoints and regrettable outfit choices are a valuable part of growing up. Shaming based on public disclosures that used to be private (unless someone snapped a picture and used it years later to incriminate) should not be tempting to adults. Adults engaging in virtue signaling exacerbate the issue, yet perhaps they can be rebranded as bullies.

feature Photo 85888318 © Marcel De Grijs |

Compromise: The Purpose of and Limitations on Religious Exemptions

Vaccine mandates, arguably the most preventive and protective measure to address COVID-19 and to prevent death, require a more organized ethical analysis, streamlined to include the considerations appropriate for government, employers, or other stakeholders, yet broad enough to incorporate largescale considerations like the potential political cost. This post examines the role of religious exemptions viewed as a moral controversy not merely a scientific one. The focus is reasoning and thinking, not conclusions or recommendations.

Legal Backdrop

The First Amendment prevents government infringement of the free exercise of religion. While it is a changing area of law, religious exemptions to otherwise required actions sometimes apply when a person has a sincere religious belief, and a law places a substantial burden on acting on the belief. Even so, a compelling state interest, or separately, an emergency act, could override the religious objection to a restrictive or strict law. The Court has upheld neutral laws even if they impact religious communities adversely, but the Court’s willingness to continue to do so is unclear. In Employment Division, Department of Human Resources of Oregon v. Smith, a 1990 landmark decision, the Court approved denying unemployment benefits to workers who violated a prohibition on using peyote because the law was neutral.

During the COVID-19 pandemic, courts hashed out the role of religion caselaw in the emergency setting (Justice Gorsuch applied Free Exercise caselaw rather than Jacobson v. Massachusetts in the context of a law capping church service attendance), creating a disparate body of law, uncertainty around whether a law is neutral (In Roman Catholic Diocese of New York v. Cuomo Justice Kavanagh claimed the executive order restricting religious services was not neutral), and a lack of clarity about free exercise trumping other caselaw traditionally governing emergency measures.

The much older Jacobson v. Massachusetts case gives deference to public health officials in times of emergency and arguably still governs the ability to adopt and execute emergency orders without the need to rely on Smith. Many cases brought against COVID-19 vaccine mandates have failed to succeed in proclaiming employer or government mandates illegal although it is early with more cases to come.

A New York federal court did temporarily enjoin New York from enforcing its mandate. Wrongful termination cases for failure to vaccinate generally fail because so much employment is at-will. A Texas healthcare workers’ case arguing that to require the vaccination when the vaccine had only emergency use authorization would violate human subjects research standards also failed. The Biden Administration emergency plans include an executive order requiring vaccination of many federal employees and government contractors and a forthcoming OSHA-based initiative to adhere to safe working conditions. The OSHA emergency temporary standards are expected to include an option for weekly testing instead, but the Biden executive order for federal employees and government contractors will not. The Biden plan will have religious and medical exemptions.

Separating Rights, Science, and Religion


There are three distinct issues in the vaccination hesitancy or avoidance realm: rights, understanding science, and the role of religion. I use rights to broadly categorize freedoms from government intrusion. By their nature, individual liberties go beyond those things where the “result will be good.” We are experiencing a contraction of slander, libel, and truth-telling laws (like truth in advertising or consumer protection laws) and an expansion of free speech. It is increasingly difficult to regulate untruthful speech, challenges to gun control, and corporate speech, and there is generally a narrowing of the ability of government to protect people from those who believe exercising rights must trump pandemic protection measures. The protection of ideas, assembly, speech, and religion allows diverse views, and prevents the law from codifying or privileging a majority or elitist view. While anyone can ignore the data or prioritize rights and health differently (one may prefer death by sickness over any risk associated with the vaccine), rights do not stretch to include the right to endanger neighbors, colleagues, and greater society. The unvaccinated are 11 times more likely to die of COVID-19, but the ethical argument that vaccination protects others is stronger than the argument that government is protecting you from your own bad decisions. Government as a babysitter is less accepted than government as providing for the general welfare. Having just attended a funeral of a tragic COVID-19 death of an unvaccinated person (who was well educated in science and chemical engineering), I do wish people would protect themselves, and I would suggest that an employer mandate would have done two things in his case: outraged him and possibly saved him. But the future political or social cost of widespread outrage is unpredictable.


The “understanding science” issue (to be discussed in a separate post) calls for public health messaging about the science, which requires public trust in the organizations researching, tabulating, and delivering data. The religious rights issue is distinct from the issue of misunderstanding science.

Religion: Rights and Where They End

This section assumes the most ethically justified argument: that freedom of religion cannot endanger others, but that it can to some degree, and maybe to a great degree, harm the adult religious person exercising the freedom.

The religion issue must be approached culturally with social sciences in mind without judgment about or rationalization of religion itself. The role of freedom of religion in liberal society is different from the role of religion itself. I would prefer that public health messages and bioethicists not investigate religious doctrine and use it against believers. For example, clarifying the degree to which the Johnson & Johnson vaccine relied on an old stem cell line developed from aborted fetuses and noting that even “the Catholic Church has said this relationship is so distant as to not be a problem[.]” invades a religious space unnecessarily. Generally, those refusing the vaccine should not do so based on a faulty interpretation of their own church’s teachings, yet both the nature of religion and the issue of why the US has freedom of religion should inform the narrative. Bioethicists and public health officials should try to understand the freedom rather than the religion.

We don’t have religious refusals because they make religious sense. Religion does not follow the rules of logic. Freedom of religion does not require or expect the religious to follow scripture, religious sermons, or teachings, although when evaluating the sincerity of a deeply held religious belief, the level of adherence may be relevant.

Religious freedom is a type of freedom that democracies have found necessary to their success. It does not need to be broad necessarily. It is part of a bucket of individual civil liberties, none of which are absolute. Authoritarian states impose one religion or prohibit religion altogether as a means of controlling the populace. Imposing a system of beliefs on everyone is inconsistent with liberal democracy and would undermine freedom. Yet, religious freedom is not nearly absolute. If herd immunity can be reached with a religious exemption, a limited carve-out could serve to stem the outrage that many strong supporters of rights take up on behalf of the religious. (Separately, some fraudulently claim religious exemptions when philosophical ones are not available.) Furthermore, we do not know whether vaccination as a condition of participation in social events, public transportation, and restaurants will be effective in reaching herd immunity, further decreasing the need for mandates that do not allow exemptions.

But when religious objectors are the source of community spread, the right to remain unvaccinated is rightly challenged, and a public health approach that prevents spread is morally required. Yet, there are alternatives to mandates. Those claiming religious exemptions may face daily testing, mask requirements, social distancing requirements, and even unpaid leaves. The mandates that allow exemptions have such built-in controls.

When the exercise of an individual liberty poses a danger during an emergency, the authority to use emergency powers at all levels (presidential, federal, state, and local) increases. However, whether it is wise to use them and which way to use them matter. There are societal, political, and practical costs to invoking police and public health powers. Even when the constitution supports the infringement on usually exercisable freedoms, evaluating whether strict orders without any religious exemption are wise, ethically compelled, or ethically permissible, requires a look at latent effects.

The Latent Costs of a Mandate Without a Religious Exemption

Healthcare Worker Shortage

If healthcare workers would rather quit than become vaccinated, an employer mandate would exacerbate an already existing shortage. Yet a mandate with a religious exemption could allow for community-wide herd immunity (the healthcare facility workers might be a microcosm of the broader area) without sparking the added angst from those claiming free exercise of religion. Any mandate will face lawsuits and criticism – the perception of rights absolutism goes beyond religion. The Biden Administration and OSHA federal rules and the New York State Department of Health’s Public Health and Health Planning Council (PHHPC) August 26 emergency regulations give workers a few weeks to become vaccinated. New York State is currently enjoined from enforcing its mandate. It might be that a strict religious exemption would have avoided the lawsuit and still yielded significant additional vaccination.

In the context of a healthcare worker shortage, new evidence emerged that understaffed nursing homes prescribe antipsychotic drugs for the residents at higher rates. If a stricter mandate causes more people to quit, even more over-prescribing or other practices that conflict with person-centered care and emphasize convenience and reflect scarcity could prevail. If a well-managed exemption helped the public perception of the mandate, healthcare facilities may find that enough workers become vaccinated that if those remaining unvaccinated would mask, test, use other precautions, and socially distance when possible, a safe community can be established. If the rates are too low and a large percentage claim the religious exemption to the detriment of the community, it would have to be revoked.

Allowing healthcare workers to work unvaccinated poses a health risk to which David Hoffman offers a creative hypothetical approach. But I wonder whether healthcare workers would be less likely to quit if there were a religious exemption or if religious people could opt for twice weekly, or even daily, testing and subsequent quarantining than if there were no exemption. A limited-time experiment allowing an exemption and assessing herd immunity could be worthwhile.

Fueling Future Political Power

Mandating the vaccine with exemptions, especially since it is beyond the emergency use authorization, is arguably ethically justified based on the risk of death and severe disease, the need to prevent spread, and the moral impetus to protect the community. Mandating it without exemptions may do more to fuel a rights-based extremism narrative than mandating it with a reasonable, narrow exemption.

Political polarization has threatened centrism in the US. Consensus building around vaccination is the best approach to depoliticize it. It may take quiet from the scientific community – it should not explain people’s own religion to them or shame people who seek more data and are (or were) appropriately hesitant. A policy that will achieve an end to the pandemic fastest with the least political backlash is preferable.

The Republican governors who have not mandated vaccination will be overruled by the OSHA rules and the Biden executive order to some degree, so people in deeply Republican states will have safer communities as vaccines are mandated. Politically, the governors can publicly oppose measures that will save lives in their own states, pleasing the freedom extremists, while benefiting from the results of those federal measures. Continuing an effort to bring those Republican governors to the table to make reasonable measures that initially include a religious exemption may be wise. But it may be too late. My first (and hopefully last) COVID-19 funeral confirms that even scientists may prefer rights extremism, and to them, that is the cost of freedom.

Conclusion-Religion, Science, and Rights

Analyzing the reasoning behind liberal democracies’ commitment to freedom of religion and their limitations on such freedom can avoid the intricacies of the reasonableness of any particular religious doctrine. Bioethicists and public health officials should incorporate public trust and understandable skepticism, delivering a respectful fact-based narrative that admits to the unknowns and transparently provides research including that on the side effects of the vaccine. The overall rights narrative must look to societal forces that trigger extreme views of rights, acknowledging that a failure to vaccinate endangers others. Seeking to understand opposing viewpoints could lead to common ground and improve vaccination rates among those initially hesitant. While there are many valid arguments to support a universal vaccine mandate with no exemptions at all, (a pro-life stance for sure!), an organized analysis of the true cost of eliminating religious exemptions would be a welcome body of research.

Many Considerations & Thought Questions

Cost of religious exemptions in additional lives lost. Additional lives saved without a religious exemption.

Cost of strict mandates without exemptions in sparking additional political extremism. (is a loud minority worth worrying about?)

Would people become vaccinated or quit jobs, quit society? Are there accurate predictors?

How should we look at spread within insular religious communities? Are people endangering each other or should they be seen as a community of objectors endangering themselves? (They would endanger healthcare workers.)

What is the fundamental explanation for freedom of religion? (As a thought experiment, how would we as a society do without it?)

What if religious organizations and schools lost their tax deductions?

Is there a responsibility to save people from themselves? (Government as a babysitter or reserved to be an arbiter of competing freedoms–does yours end where mine begins?)

Is democracy by its nature dangerous—why have so many societies not encountered so much extreme vaccine resistance?

What makes the US freedom of religion broader, the system more fragile and susceptible to rights extremism? How does the January 6 invasion of the US Capitol inform a discussion of rights and religious freedom in the US, and should that inform vaccine policy?

Would education change the nature of religion in the US?

Do religious people truly operate autonomously?

**As an avid atheist, and a vaccinated person, I do not aim to favor religion and I strongly assert that all states with religious exemptions should have philosophical ones as well.

Voluntariness— Empowering Informed Consent in Medicine, Technology, and Data Privacy

Voluntariness at the time one provides data is an important, overlooked part of providing informed consent. In medicine, informed consent requires voluntariness, yet the on-the-ground experience may reveal pressures to comply. The new landscape of responsible technology, while it incorporates certain types of consent like clicking to accept cookies, needs more definition and clarity around voluntariness. A new threshold for voluntariness would improve the ability to keep things private by distinguishing quid pro quos from times that people voluntarily wish to provide information. In medicine, voluntariness is part of informed consent, yet it is often not meaningfully achieved.

Defining Voluntariness

At its best, voluntariness means there are no strings attached, that information is freely provided. Data is itself not a neutral thing. For example, to make a doctor’s appointment, I must give some insurance information. Many doctors will not allow you to schedule and have no ability to price their services or products until they know which insurer will be paying. Is it voluntary if it is in exchange for the privilege of making the appointment?

Photo by i yunmai on Unsplash

Some people do not want to divulge their weight, even to the doctor. While it is medically relevant, hopping on the scale, creating a data-bite, is not exactly voluntary. It seems required by a doctor or nurse who appears to be in a position of authority. Many people do not understand their right to opt out of providing various types of information in the medical context, an important form of refusal.

Principles of Choice and Consent in Privacy

Some privacy frameworks refer to “choice” as a principle, often also “choice and consent”. Choice supports systems that include decisions about whether to accept cookies, but choice does not speak explicitly to voluntariness. Some choices are futile – if people are barred from access to websites or from choosing certain medical treatments, then they may feel there is no choice regardless of providing informed consent that is defined as voluntary. Many privacy frameworks behind technology ethics, international organizations’ privacy guidelines, medicine, and consumer data laws refer to either choice or consent, but the scales with which to measure voluntariness are missing. The quid pro quos range: in exchange for chemotherapy, people sign off and consent to take on huge risks; in accepting cookies people allow companies to track some of their browsing habits and data in exchange for use of websites. While different, both have an element of pressure, undermining voluntariness.

Photo by AbsolutVision on Unsplash

Adding a Voluntariness Principle

Transparency, fairness, respect, use limitation, collection limitation, choice, and consent, and the other principles often associated with technology do not cover voluntariness adequately. A voluntariness principle would shift the attention to the person providing personal data and the point of collection. The lived experience of those filling out “paperwork” in a doctor’s office or clicking to allow cookies, anonymized data, or deidentified medical or health data reflects that consent is a box to check, often seen as a way that doctors avoid liability.

While clearly people consent to medical treatments and acknowledge risk commonly, there are also many times they experience duress and feel like they have no real choice. Consent is the cost of participation. Rather than assuming people voluntarily consented to providing data, the burden could shift. It seems possible that informed is more prominent than voluntary in the characteristics of consent surrounding data, tech, or medical treatment. Consent forms center on an understanding of treatments and risks over an understanding of rights to refuse or voluntariness. The ability of doctors to exert power or the patient perception of physician power, and the ability of websites to create required fields that one must fill in to proceed undermine true voluntariness. A scale of voluntariness and an exhaustive list of considerations would help consumers of health care and other goods and services reflect on the differences between voluntariness and forced acceptance of conditions of participation that the consumers did not take part in shaping.

Example: Facial Recognition Technology and Discrimination

 A doctor uses facial recognition technology to determine a risk for a genetic debilitating disease. The person seeking care for a headache signed many documents, some HIPAA, some consents to have an MRI that is also corroborated with the facial recognition technology. A boilerplate consent form said some MRIs are combined with facial recognition technology software. The paperwork said deidentified MRIs may be used for research purposes. The patient supplied insurance data prior to the appointment. The insurer finds out the genetic diagnosis because the hospital in good faith seeking reimbursement copies the insurer on the facial recognition technology report. The insurer drops the patient or charges more claiming there is a preexisting condition. GINA does not cover genetic information gathered this way so it would not prevent genetic discrimination in this case.

Some thoughts: Whether consent was voluntary depends on both an understanding of the complexity and the breadth and ability of FRT to make a genetic diagnosis, the on-the-ground pressures of just signing documents when you need an appointment or MRI, and the inability to access diagnostic tools or treatments without signing papers, giving insurance information, or creating a profile. Are there considerations, a measurement or scale, or a best definition of voluntariness?

Feature Photo by Romain Dancre on Unsplash

Hackable: Schools and Children’s Private Medical Records

Part 2 in a series on privacy

The ethics literature on cybersecurity rarely focuses specifically on children’s data stored by or for schools. Critical analysis should inform an ethics debate over the collection, storage, and use of children’s medical records at the foundational level. Hackers have breached vulnerable websites of labs, insurers, and hospitals. While the cybersecurity ethical space applies multiple principles, critical analysis of pediatric data collection, use, and storage may call for a stronger application of the collection limitation principle. Additional considerations should inform an analysis of the data in education and the special vulnerability of children to wrongdoers who abuse or misuse personal information.

This post focuses on schools rather than on the ability of doctors to collect what is needed or even what is optimal for medical treatment.

Bioethics, cybersecurity, genetic data
Photo by Alexander Popov on Unsplash

Genetic and Medical Data in the Wrong Hands

The important ethical issues are wide-reaching: what is the extent of the ethical duty to keep records safe and confidential of society, parents, the medical community, education community, and government? The issues include whether children and young adults identify privacy differently or value it less (discussed in the next post); whether practicality is being used as an ethics consideration in school medical record-keeping; and the ethics of what medical information is collected, required, and stored, and where, and why.

Use-Based Concepts: Genetically Informed Education or Detrimental Tracking?

While few articles explore risks specific to genetic and cognitive data, one article addressing the use of genetic psychological and neurocognitive medical information in an education setting highlights the potential for abuse. An educational interest in predicting behavioral or cognitive differences that impact learning or engaging in the social aspects of school is arguably legitimate. But I argue educational legitimacy is not enough to justify collection, storage, or access to sensitive information by schools or electronic medical record.

The potential harms to students are too severe. They include bias and discrimination. The genetic disposition toward schizophrenia, low IQ, learning difficulties, aggressive or hyperactive behaviors does not make acquiring the condition inevitable. For example, some syndromes are highly linked to ADD or bipolar behaviors. Yet when not associated with syndromes, those behaviors tend to have many causes often involving multiple genes as well as environmental factors. Adapting the curriculum or adding special services may limit academic opportunities before symptoms appear. Even well-meaning proponents of genetically informed education could increase polarization and inequality. The concept of providing extra services early is proven in some areas, but is not consistently demonstrated in behavioral genetics. Early intervention for learning or physical disabilities commonly occurs after diagnosis normally sparked by symptoms.

One danger is that teachers could act on odds of success rather than personal performance. By having lower expectations when they know there are genetic predispositions toward behavioral problems that interfere with learning, schools could use the information to categorize people unfairly. Combining the data with other adverse circumstances could worsen the discrimination. For example, someone in poverty who is food insecure and has a genetic predisposition to depression, aggression, or ADHD may benefit from early attention to potential issues or they may be subjected to disparate treatment, singled out, and relegated to less competitive classes. In the end the latter approach could impede success. The genetic information could even increase the school to prison pipeline. Absent distinct symptoms, genetic data should not be used to warrant disparate treatment. If and when symptoms appear, parents, schools, and doctors may agree on a plan.

bioethics, school medical forms
Photo by Kelly Sikkema on Unsplash

Education Discrimination

Education discrimination may result from stored (non-genetic) data that includes neuro-psych reports, treatments for neuro-cognitive conditions, and encounters with school psychologists. The exposure to mandatory reporters like school physical, occupational, and psychological therapists could increase due to recommended interventions. Interaction with mandatory reporters increases the likelihood of unnecessary parental surveillance.

The issue of what information to divulge to schools is overlooked as the prevailing assumption is that the school medical forms are an acceptable imposition or exception to privacy. That is, providing some information is the proper exchange for the ability to attend school. The system originated to protect the public from contagious diseases. The development of concussion baselines or neuro-psych reports push the rationale beyond public health and require different ethical justification. Critical thinking calls for questioning the assumption that the school needs quite so much health information. Records on special needs can be helpful for parents seeking the help of the school in organizing and providing services and could be provided at the parents’ discretion. But neurocognitive or neuro-psych evaluations may expose children to discrimination.

Often, parents provide such data in exchange for extra time on tests. That relatively new development can create stigma or a new status quo with its own set of issues. (For example, the data is unclear concerning whether the extra time phenomenon is related to learning and career success.)

On a relatively small scale, over 800 schools store health records with Magnus health in North Carolina. While they speak to cybersecurity and safe recordkeeping, like almost every data storage mechanism, the information might be or become hackable. Many cities store health records for public school systems and NYC has a vast vaccine records database. Throughout the country, all student medical forms are due annually plus there are seasonal sports forms and a few other permissions.

FERPA protects some medical records from being released to those other than medical professionals at schools although there are exceptions. HIPAA, adopted well after FERPA, exempted schools. FERPA and HIPAA are rights-based data privacy laws. Medical record cybersecurity is an ethical issue different from the general privacy that FERPA and HIPAA seek to protect. That is, the acts tend to require a level of care in keeping records secure, but allow for some record sharing and dictate what call for privacy. They are not foremost cybersecurity laws. Most of the new, stronger consumer data protection acts (that exclude health data) address privacy and cybersecurity and include liability provisions.

As with all data in a hackable world, people must consider the possibility of the entirety being hacked and identifiable. Whether held in a ransomware plot or simply dumped onto the internet, the private can become public. That worst case scenario highlights the need to justify the collection and storage of pediatric medical data for schools.

The AAP, Medical Records, and Storage

The American Association of Pediatrics recognizes vulnerability to ransomware and other cybersecurity risks and has genuine concern for patient privacy. The AAP tends to evaluate personal health records by their value to healthcare quality, a measure that is important as many people would consent to data collection for their own health. Yet even with a focus on consumer empowerment and privacy, organizations focusing on health may overlook the privacy risks and long-term consequences of a breach. By framing the potential for ransomware attacks as an inconvenience to doctors (or worse a danger to patients) needing to access files, some of the literature does not cover the special harms to children associated with misuse of data and inflates the value of convenience. (Future posts in this series cover additional personal harms of privacy breaches.)

Bioethics, medical records, cybersecurity
Photo by National Cancer Institute on Unsplash

Convenient Access to Records is a Topic of Logistics Not Ethics

The bioethics literature often weighs the practicality, convenience, and efficiency against the risks. I argue the framework should allow information storage for medical and bodily safety, but not solely for physician or school convenience. Some of the privacy frameworks do not adequately protect vulnerable children. I suggest that a framework for schools collecting data must consider wide-ranging principles in light of potential harms. The following are considerations:

  • There is a limited legal protection preventing sharing certain forms submitted with school employees and teachers (as per FERPA) (FERPA does not address parents’ ability to discuss child’s medical or neurocognitive conditions with teachers as their discretion.)
  • Need for ethical parameters for defining a “legitimate educational interest”.
  • Could there be a larger role for parental or student explicit consent for schools to access medical records stored for schools? (e.g., should the nurse be able to access each child’s Magnus health records or just know that Magnus has the records…)
  • Ethical justification is needed for each entry on the school medical form beyond immunization for communicable disease and activity clearance.
  • Zero trust model of cybersecurity in schools.
  • Openness principle must apply.
  • The principle of accountability: who bears responsibility for a leak?
  • Principled liability should ensure recordkeeping companies achieve cybersecurity. Security safeguards must be much more than “reasonable”, possibly best efforts. Objective standards from new privacy laws should be applied. (“Security safeguard principle” is not enough as it requires “reasonable”.)
  • A data collection limitation principle must be applied to schools, but may not be right for doctors or in a patient’s best interest.
  • Does a fear of liability underlie the increased pool of data required by the schools’ forms?

Revisiting FERPA, HIPAA, school, municipal, and state policies, these consideration reflect critical analysis. Whether a change in practice occurs, rethinking the rationales for schools’ collection and use of medical data is timely in light of increased hacking, cybercrime, and ransomware attacks. The opening for discrimination must not be forgotten in the drive to address non-school related social or medical problems at school. Access to medical care, universal preschool, healthy diets, and high quality air each may have a role in limiting the value of stored medical records to educators.

Feature photo by CDC on Unsplash

Hackable: The New Privacy Ethics

(a six-post series)

Privacy & Disclosure of Personal Data

As people spend more time online and using apps that collect massive amounts of information, government entities grapple with how to define and protect privacy through regulation. To deem privacy waived by a click that allows access, e.g., by acknowledging cookies, seems unprincipled. But there is a give and take, and due to an improving body of law, there are now ways to limit cookies to the “strictly necessary” and reject the collection of additional trackable data and to reject commercial uses. Completely opting out may bar access to a website. The EU “cookie law” (ePrivacy Directive) governs cookies and other trackers (anything that stores, accesses, or uses data from an individual’s device) using an informed consent approach.

The US does not have federal laws requiring consent for cookies. Consent fatigue occurs when people simply click as a reaction to the pop-up and to get to the information or webpage they want without much thought about the privacy of their data. People continue to exchange privacy for access without understanding how much personal data they are divulging, who can use that data, and for what purposes the data may be used. While cookies are an example of a permissions approach to data use, there are infinite types and pieces of data across devices that make a permissions-based approach naïve and unlikely to achieve many ethics-based goals like fairness and privacy.

privacy computer
Photo by Elisa Ventur on Unsplash

Privacy and Unexpected Uses of Data

The ethical questions arise from the reason people click-to-continue, the amount of unexpected extra information being collected, and the way the information can be paired with public records or other purchased data to create a personal profile. The profile predicts behaviors but also allows wrongdoers to blackmail, pigeonhole, or harm personal reputation. With so much data collected and stored, hacking is more profitable, tempting, and pervasive, and ransomware attacks continue to bring victims’ operations to a halt. Through selling data as well as using it as a marketing tool, companies also profit from the data without compensation to the people whose data is used, something I addressed in Barcode Me.

This post will address the distinction between constitutional privacy and confidentiality as an aspect of privacy. The next few posts will cover pediatric data, FBI concerns (crimes and cybersecurity), discrimination and bias, how corporations use data for a competitive edge, and the use or abuse of data in international politics.

Privacy laws and books.
Photo by Iñaki del Olmo on Unsplash

Two Laws Attempt to Protect Confidentiality: Are They Solving the Correct Problem?

The European Union General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) were enacted in 2018, with the CCPA becoming effective January 2020. (Other states are also tackling privacy law.) The CCPA was enacted to promote the ability of consumers to choose to protect their privacy and to resolve some issues surrounding the inadvertent waiver of privacy. Its purpose was not necessarily to keep data private, but to allow consumers more control over both privacy and use. The act governs companies who make money selling data and who collect significant amounts of data. (It does not apply to a host of small businesses.) The GDPR and the CCPA differ in that the CCPA allows consumers to opt out of certain data uses (although consent is not necessary for companies to collect and process the data) while the GDPR specifies legal uses of data preventing companies from harvesting data for other means without consent. GDPR gives consumers a right to prior consent while CCPA merely gives them rights over the proscribed uses. (Also, note that the CCPA does not apply to data already available in the public sphere or to health data that is covered by other laws.)

In all jurisdictions, people can click to waive rights. Some argue that one of the primary flaws in both GDPR and CCPA is that the laws still allow data collection and processing. Once data is stored, it is vulnerable to hackers. As cybersecurity improves, hackers adjust. The sophistication of hackers is constantly improving.

The consumer data protection laws focus on data collection and use, and intend to protect confidentiality, one aspect of privacy. Confidentiality is important for many reasons like protecting a bank account or credit card number that could be stolen, keeping embarrassing purchases, searches, or website visits private, or maintaining trust in the doctor patient relationship. TikToc, Facebook, Instagram, and Snapchat users waive their privacy regularly. People also use GPS features and have the ability to click share on social media after making a purchase on any number of shopping websites. It becomes difficult to argue that a person in favor of divulging so much information has a legitimate interest in confidentiality. Yet people continue to be surprised when they realize how much data is collected and how it is used. A framework to address confidentiality must recognize the willingness, preference, and ability of people to waive confidentiality.

Two-Pronged Privacy

Privacy incorporates a “right to be left alone” and confidentiality. Absent confidentiality, the right to be left alone may shrink or continue amid uncertainty, losing its value. Privacy is therefore broader in context than mere confidentiality.

While I do not support devaluing confidentiality, I assert that ethicists should recognize a two-pronged privacy. Many people want to make data privacy a human right, yet the degree to which people value confidentiality varies. Those concerned with privacy are also willing to store data on computers, websites, and apps where the data may be tracked, collected, used, abused, and hacked. Privacy as a human or constitutional right will stem from protection from government intrusion and protection of a “sphere of privacy” rather than from confidentiality for its own intrinsic value or for practical reasons. The US Constitution and the United Nations value privacy because of the imperative to protect people from surveillance, not for the mere sake of confidentiality itself. The distinction between privacy from government intrusion and confidentiality is crucial.

I would go further and assert that the importance of confidentiality has more to do with surveillance and protection from government, corporate, or criminal wrongdoing than mere secret-keeping.

Privacy and constitution flag
Photo by Robin Jonathan Deutsch on Unsplash

Constitutional Privacy

Privacy protects actions from government infringement (constitutional privacy) and it also serves to keep some actions or data confidential (colloquial privacy). This section addresses whether privacy will remain meaningful if confidentiality is no longer part of it. That is, will information be adequately protected from intrusion regardless of the ability of hackers, government, and marketing firms to access, analyze, and act on the data? Rationales for limits on government surveillance and the right to be “left alone” might become weaker if the type of data collected is generally released by a click anyway. The CCPA and the GDPR both presuppose private data and do more for confidentiality on its face than for true protection from surveillance or intrusion.

The constitutional right to privacy is not explicit. It is found in the First, Third, Fourth, Fifth, Ninth, and Fourteenth Amendments and broadly applies to freedom of speech, freedom from unlawful search and seizure, and decisions or actions generally expected to be private or personal in liberal society. In general, there must be a “legitimate expectation of privacy” as would be necessary in applying the Fourth Amendment prohibition against search and seizures to internet driven data. In the sphere of data stored on computers, typed into websites, and generally disclosed in some way, the expectation of confidentiality may be unrealistic depending on methods that are generally unknown to the user (whether a website collecting your data uses edge or cloud computing, blockchain technology to confirm transactions, cybersecurity software, etc.).

In Sorrell v. IMS, the US Supreme Court struck down a Vermont statute prohibiting the sale or transfer of prescriber identifying data without consent. The data in question was collected by pharmacies and sold to IMS, a data firm, then resold to marketing firms. The Court’s rationale was that because the government could access the data for certain uses pursuant reporting requirements, it was no longer confidential. Therefore it could be used for corporate purposes under the guise of free speech. There is something especially alarming about Sorrell v. IMS: The Court held that the data was less worthy of protection because of required confidential reporting to a state government agency, not because it was voluntarily disclosed. Under that logic, all data subject to any reporting or required for a purpose (even where privacy has legal protections like data given to a health insurance company, online stores, or schools) becomes fair game for other uses. If it were never truly confidential, both government and companies would consider it unprotected.

privacy hacker
Photo by Florian Olivo on Unsplash

Hacking has become so commonplace that we must wonder whether courts will eventually find that any data stored where it is hackable is no longer private. While the law rightly tries to punish hackers and corporations that allow data to be vulnerable, some laws are not attempting to protect data deemed public that used to seem private. Social media and apps have changed public perception of privacy raising public concerns but the willingness to publicize seemingly private information has also increased. Socializing in person was traditionally private. Socializing on social media is not. A lack of protection would apply to the confidentiality part of privacy and would not itself allow for government intrusion or use of the data. But the collection of data can lead government to increase surveillance, a problem in free society. For example, data from public cameras in New York City are used by law enforcement.

Examples of Using Data for Agenda Marketing

To further apply that logic, if an entity used data entered voluntarily or web-browsing and search data (or if a hacker accessed data) that indicated someone used or googled a medical abortion pill or emergency contraception, a corporation with permission tracking personal data may market certain goods and services to that person. But also, an anti-abortion legality group might market its agenda to the person. The person may have expected confidentiality and see that as a breach. But privacy as freedom from government intrusion becomes murky. If authoritarianism were to come about and abortion rights were repealed, retroactive punishments of individual “suspects” could ensue. The confidentiality aspect of consumer privacy is the precursor to the protection from government interference currently protected under the constitutional privacy umbrella.

There are many examples of harmless cookies resulting in large pools of deidentified data that make the population vulnerable to corporate marketing and government surveillance.

Privacy and Ethical Considerations

While a framework that emphasizes control over data may serve consumers well, ethical privacy policies must provide protection of confidentiality and protection from government intrusion in private matters. Placing a two-pronged privacy in a responsible technology framework that includes all stakeholders and looks to the societal risks of an end to traditional privacy may inform new approaches that go beyond ethical frameworks of duties, rights, fairness, virtues, and utility. Transparency and consent will not cover the societal stakes.

It may be futile to stop the collection of data. So much is already in the hands of both government and corporations. Controlling its use could become the only practical approach. Data is not neutral. Nor is it used neutrally. Those using it can shape societal preferences affecting habits, health, employment, and political agendas. Such a responsibility calls for broad ethical considerations, not merely weighing the benefits of opting in or out of cookies.

Feature Photo by Kristina Flour on Unsplash

Virtue Signaling in the Medical Arena: An Impediment to COVID-19 Vaccination

Virtue signaling is disingenuous behavior; sometimes it is doing the right thing for the wrong reason. Virtue signaling’s chilling and polarizing effects are far broader than a few politically correct topics demonstrate. When people take a position vocally in public for the purpose of expressing their moral rightness, moral superiority, or virtue, they close the door on valuable arguments.

Virtue Signaling or Genuine Support?

Examples of virtue signaling include vocal support for a cause on social media, protest signs that suggest one cares more than others about morally charged issue, and essentially humblebrags about certain righteous topics. For example, loudly supporting things on social media like the Women’s March of January 2017 or race protests in the wake of George Floyd’s death, without attending, donating, or sincerely supporting the cause may be virtue signaling. It also may be genuine support. In the context of nonprofits, virtue signaling often takes the form of words without donations. Yet the same actions are considered building awareness and not necessarily devoid of value to the cause or the organizations supporting it. Rather than doubt everyone’s sincerity, and question people’s motives, this post focuses on virtue signaling in the bioethics arena and its chilling effects.

When some people take an extreme view, or a strong view but their support for it harnesses virtue, then all other arguments have the uphill battle of proving the virtue of their side. In some contexts, the virtue is controversial, not universal. To pick which virtue you represent and then stay with it is tribalism. Barack Obama has commented that maybe some people are too “woke” and they “call people out” for not supporting certain practices, policies, or movements, or for failing to express things in a politically correct way. They incorporate virtue signaling and use shaming. The people on both sides of a political spectrum use similar shaming, with many people claiming virtue in their patriotism or enthusiasm for constitutional liberties, and others (the more typically accused) claiming virtue in the realm of diversity and inclusion. In the pandemic, virtue signaling politicized vaccination, undermining its reach.

What About Two Legitimate Sides?

Virtue signaling in bioethics stops important conversations. There are many examples of the medical community using virtue to quiet legitimate questions and criticisms. The arguments seem childish: If you criticize widespread use of antidepressants and anxiety medications, then you must wish people to remain depressed and anxious or be indifferent to death by suicide. If you criticize the overreach of child protective services resulting in lost custody, you must not care about child abuse. If you do not want your child to use opioids during a surgical recovery, you must not care about her pain. If you criticize a recycling program, you must not care about the earth. The challenge in each of these areas is more difficult because they are unnecessarily framed as challenges to the “virtue” of caring about individual or societal well-being.

So how would we reconcile this analogy to those statements? If you criticize vaccination for COVID-19, you must want to kill people or risk your own life. You must not care about individuals, neighbors, and community. There has been significant virtue signaling in the COVID-19 precautions. How does the vaccination analogy differ from the other “you must wish X” attacks? Does it differ? The risk of COVID-19 would increase, especially when someone forgoes vaccination as well as masks or distancing. But people wore masks when they would not have been exposed as either an extra precaution or virtue signaling. COVID-19 public health policy is about managing risk. A failure to recognize or appreciate the other side’s virtue created an adversarial relationship, undermining proper risk assessment, a factual and predictive endeavor that involves models, assumptions, and estimates. The data on transmissibility should inform public policy. Virtue signaling interrupts the flow of information.

The debate over mandatory COVID-19 vaccination pits the virtue of protecting oneself and all of those with whom one comes into contact (community protection as a virtue) against those to whom freedom is a virtue and an essential aspect of patriotism. Some of those who were quick to get the vaccine and who distinguish themselves from the regularly un-masked, have been virtue signaling all along. Social media pictures of people proudly displaying stickers saying they were vaccinated were thought to bolster vaccination rates but also evidence virtue signaling. Why would adults post themselves wearing silly stickers other than for the sake of likes? Virtue signaling generally enrages the other side, fosters the appearance of two teams of Americans. One sure sign of virtue signaling (or laziness) is remaining masked in open outdoor areas without people nearby. The debate between public health and personal choice, and to me, between public and private morality, is undermined when virtue is used to suggest everyone who is not vaccinated lacks virtue.

Virtue Signaling or Risk Management

Along the lines of Jonathan Haidt’s, The Righteous Mind, a sophisticated argument that allows for competing virtues or even different ways of ranking well-recognized virtues would clarify which public health approaches would be best received. Then, that information must complement public health policy, helping outline which approaches would be most effective against the virus. If we were authoritarian, we might eliminate risk through strict measures like tracking everyone’s every move, shutting all businesses and public spaces, or strictly quarantining the entire country, but that is obvious overkill. Managing risk ethically requires using the least restrictive means to control the pandemic. The failure to control the pandemic through vaccination and masking indicates a need to move toward more restrictive means like mandatory vaccination and mandatory masking. If vaccination is not mandatory, it would be beneficial to have those who refuse to get the vaccine test often and implement a test-and-quarantine-if-positive system. Mandates should not be seen as representative of or contrary to virtue.

One of the biggest problems with attaching virtue to vaccination is that it is counteracted by other “virtue” arguments. The Arkansas governor jumped on the virtue bandwagon when he passed a law that banned state and local mask mandates. Now the state, with its 37 percent vaccination rate, has fewer tools and would need to go through a legislative process to change the law. If schools start without masks, the spread will continue. A greater cost would be closing schools altogether if masks cannot be required in them.

Had the governor not associated freedom with virtue and not been combating virtue rather than just public health tools, the predicament could have been avoided. Governors are in the distinct position to reasonably assess pros and cons, yet governors like Asa Hutchinson in Arkansas and Ron DeSantis in Florida take the bait of those virtue signaling and engage in signaling the virtue of freedom. With hospitals filling and deaths increasing, DeSantis is sticking to virtue, and the virtue of protecting “jobs and small businesses.” Once virtue is involved, it is more difficult to compromise. Any compromise looks like a compromise of a fundamental principle rather than what it is: simple policy changes that reflect the science and are reasonable like encouraging or requiring vaccination and/or masks.

In the struggle for herd immunity, we would do well to replace “virtue” with reasonable rules that place scientifically warranted limits on those who are vaccine-eligible but remain unvaccinated. If ever there were a time to mandate a vaccine, it is now. While extreme views of liberty are an impediment, virtue signaling has proven that even the smallest compromise is made more difficult when it is a compromise of virtue.

Frameworks for Countering Virtue-Based Arguments

Appealing to public morality while recognizing private morality, and accepting commonality—we all appreciate freedom although some of the bioethics literature is sounding as though one side does not—we all tend to care for family and friends and we wish to reduce risk for ourselves and others—would bring two sides together. From early on, I encouraged recognizing that there is a difference in degree of the enthusiasm for liberty, and a difference in the methodology one uses to help one’s community, rather than an all-or-nothing acceptance of either freedom or public health, never both. The vast majority believes in a social compact. The compact differs but there is an underlying shared virtue in both freedom and there are many ways to demonstrate caring for community.

Finding common virtues and narrowing the controversy would promote productive conversations. Leaving virtue out of public health and medical data would be best—I am not a believer in doctors as ethicists, and the scientist may not be the best person to deliver advice on virtue. A presentation of facts, of what is known and what is not yet known, and of policies to minimize risk, is the proper role of public health. As physicians and public health experts have dabbled in social sciences information on human behavior, their scientific approach and agenda undermine their goals.

Community leaders, especially in Arkansas and Florida, must emphasize common virtues like protecting family and community and sacrificing small freedoms to enjoy more freedom later. The medical and bioethics community must speak to vaccination in a less politically charged way. Rather than encouraging pride in vaccination, public health officials and bioethicists could just let vaccination go unrewarded. Then encouraging vaccination might come off as appropriate medical advice rather than charged commentary on virtue.

Facial Recognition Technology in Medicine: A Use-Based Ethical Framework

Facial recognition technology is everywhere. Pew Research found more than half of adults trust law enforcement with facial recognition but fewer trust tech companies, advertisers, and landlords. The data signifies not only that the user matters, but that use matters. Tracking facial reactions to public ads and displays was the least popular use cited by Pew with only 15 percent approval. Technology makes society over-protective. Small- and large-scale surveillance are now common. The go-out-and-play generation of children has been replaced by a generation tracked by parents, findable on snap maps and find my iphone. Privacy even in the wilderness is difficult to achieve. But in the healthcare setting, the surveillance model is especially fraught with unsettling ethical dilemmas.

Safety or Surveillance?

In medicine, facial recognition technology uses vary considerably from check-in at an appointment to genetic analysis. App developers and proponents argue facial recognition is a patient safety tool. There is an alarming precursor to that—are there enough patient mix-ups to justify such a need? I would assert that hospital bracelets, bar codes, and check-in processes like a signature are effective. If a hospital is mixing up patients regularly, there are likely underlying causes and many more pressing ethical problems. Presumably, such a hospital would be sanctioned, shut down, or unable to afford the high-tech solution.

Facial recognition technology emotion
Photo by Anh Nguyen on Unsplash

Facial Recognition Technology in Surveillance of Emotion

Doctors could use facial recognition technology to better gage the mood and emotional state of patients, parents, or caregivers. “Another case is to use facial recognition to evaluate facial cues to interpret the emotional state of patients including emotions such as anger, fear, disgust or sadness to aid in providing appropriate assistance.” To me, such a use would further tip an already unlevel playing field. The hospital or doctor would have data beyond that which they could discern just by looking (perceptive people sense anger and disgust without the need for facial recognition technology). The person seeking or refusing care, receiving a diagnosis, or their caregivers would not be equally equipped. In the relationship between the doctor and the person seeking or refusing care, the patients, parents, and caregivers would not be able to assess the doctor’s mood or emotional state other than by using their senses and social skills, the old-fashioned way.

I consider mood and reactions to medical information private. Doctors tend to want to deliver results in a responsible way. In bioethics, a paternalistic notion that physicians should worry about patient reaction and possibly protect them by releasing less information or withholding some incidental genetic results is a prevailing theme, an open dilemma. In bioethics literature and many discussions, a common thread of “what would they do with the information?” confirms the old-school view that doctors steeped in knowledge must be gatekeepers of information relevant to another person’s body. One article asserts that “normative rationality” and a lack of “genetic literacy” should counteract the “soft-paternalism” requiring disclosure of certain incidental findings. Adding facial recognition to assess the person as a receiver of information, doctors might release a more complete picture to someone who is confirmed to be objective, happy, and complacent than someone who is inquisitive, angry, or sad.

It is unclear how any organization would gather consent to facial recognition technology used in this way. Without consent, it seems deceitful. Hospitals could assess a waiting room full of people and determine that some are more anxious, sad, or angry, and then use the data to prep the doctor delivering a diagnosis or surgical recap. I suspect no caregivers would consent to that. As a nonmedical use, non-consensual facial recognition to assess anyone’s mood seems to violate ethics and privacy. If what is essentially a security camera is used to assess emotion, HIPAA is arguably inapplicable.

Photo by Mitchell Luo on Unsplash

Similarly, facial recognition technology could identify healthcare worker burnout, fatigue, or depression, but such workers may want privacy and to shield themselves from overbearing places of work. It may be to their disadvantage if an employer forces a leave of absence,  mental health assessment, or a change in position.

In the medical use realm, HIPAA covers pictures and images and essentially covers facial recognition technology to a degree. It is not clear whether HIPAA provides enough protection and whether there is a safe enough way to store personally identifiable images or templates. But in the arena of ascertaining mood or emotional state HIPAA would generally not govern. HIPAA is more for the patient seeking care and diagnosis and not for circumstances of unexpected surveillance.

Facial Recognition Technology and Patient Surveillance

The use of facial recognition technology in monitoring patient medication compliance or safe habits at home or in nursing homes and hospitals through apps expands the surveillance state and must be approached cautiously. While some people living alone might welcome such surveillance, many would not if they were aware of how much information were collected and how. Consent is crucial to invasive uses.

Facial recognition technology man relaxing wellness
Photo 112100107 / Facial Recognition Technology © Kaspars Grinvalds |

How Medical Data Mixes with Wellness, Lifespan, and Cosmetics

Wellness programs within medicine may want to identify longevity markers in the broad population and in people seeking care. Facial recognition technology can assess weight, BMI, and blood pressure but so can a scale, some math, and a blood pressure cuff. Facial averageness, facial adiposity, and skin condition contribute to health information as well as arguably detrimental psychological information. For example, “attractiveness” is linked to facial adiposity and skin condition. Yet adiposity also is a measure of certain health outcomes like severe or frequent colds and flu, blood pressure, longevity, BMI, and women’s physical and psychological health. Facial recognition technology could increase demand for cosmetic surgery if studies continue to link societal standards of attractiveness to data collected to predict health or diagnose disease.

Improved Genetic Diagnosis

Algorithms to detect minor facial features associated with a genetic disorder are more effective than the trained eye of a physician. Face2gene is an app that allows doctors to identify genetic differences. Genetic syndromes like Cushing’s Syndrome, Cornelia de Lange syndrome, Mowat-Wilson syndrome and  many others could be diagnosed without a human interaction. When facial recognition is used to diagnose genetic differences, syndromes, or diseases, people would have the opportunity to consent. Genetic Information Nondiscrimination Act (GINA) does not cover genetic data from facial recognition. It is unclear whether the Americans with Disabilities Act would protect people diagnosed by facial recognition technology. Privacy would become even more important to prevent employment discrimination.

Facial recognition technology replace doctor
Photo by Online Marketing on Unsplash

In the future, people may just check a “smart mirror” or look into a screen for broad diagnostics and a doctor, if one were assigned at all, would play a smaller personal role in diagnostics. The algorithms behind facial technology outperform clinicians. To some people (probably me), the ability to see a machine instead of a doctor would be a welcome development. To many others, machine diagnosis would feel impersonal. In the genetics realm, where informed consent is easily achieved, better diagnosis, especially when a cure is available, is a welcome addition to the tools at the disposal of both doctor and patient.

How to Create a Use Test—What Ethical Parameters Matter?

Diagnosis and Treatment

Not every use of facial recognition technology fits a simple category and within categories, some uses will be better than others. One test of moral validity of the use of facial recognition must be whether the use would diagnose and cure a disease more efficiently than or at least with equal efficiency to a current diagnostic tool. That is, alleviating human suffering is a clearly better use than encouraging cosmetic change or adding to the widespread surveillance state already in place. People must have the opportunity to control how the image or template is stored as it cannot be deidentified.

Within this category of use test, doctors must consider alternate ways to obtain the information. Facial recognition technology has less bodily intrusion than blood tests or physical examinations. It could be costly to implement. But it could save money as eventually it may lead to less need for clinicians and diagnosticians. The future of work arguments will apply, but for now, doctors use the technology and it seems biometrics, bioinformatics, and jobs that mix medicine and tech are increasing.

For wellness, people should have the opportunity to consent if they would like their doctor to analyze their longevity potential or the many crossovers between health and beauty. If they agree to use facial recognition technology, the person must be able to control what data is collected.

The Big Picture: Facial Recognition Technology and Surveillance

As a society, it is important to push back against widespread surveillance. In the healthcare setting, if a waiting room or a doctor’s office has facial recognition technology, people seeking care, parents, and caregivers must be alerted to the fact their images could be collected, especially for an unwanted analysis of emotion. Law enforcement, corporations, and hospitals have different priorities, yet each can be complicit in the others’ motives. Hospitals wanting emotional information or wanting to keep patients safe by tracking their every expression may find themselves subpoenaed or forced to aid law enforcement. Monitoring people is serious business. In the healthcare realm, monitoring for anything outside the scope of medicine without the express consent of the person surveilled would undermine trust and respect.

Feature Image ID 207892406 © BiancoBlue |