The notion of institutional advocacy most commonly arises when there is no natural constituency for a certain perspective. For example, there are many short-term incentives for exploiting the environment for economic reasons, but few similar incentives to refrain from exploiting the environment. Thus, the Environmental Protection Agency was established in large part to reduce this imbalance.
In the domain of health care, there are similarly many incentives to use patient information, and very few to refrain from using it. The issues involved with health care privacy are also complex and highly conditional and situational. Under these circumstances, some privacy analysts suggest that an institutional advocate is needed to help balance the scales. Indeed, there are today chief privacy officers in many corporations that deal with personal information on a large scale. The role of such officers is to ensure that adequate attention to privacy is paid in decision making that might have an effect on privacy, and HIPAA itself stipulates that organizations covered by the act must designate a “privacy official” responsible for the “development and implementation” of the policies and procedures necessary for compliance with the HIPAA privacy requirements.
Similar arguments could be made on a larger scale as well. On this view, issues related to medical privacy are too complex for the average consumer to understand, let alone take informed action about. Thus, an institutional advocate for medical privacy in the U.S. government, or in state governments, would help to ensure that adequate attention to privacy is paid in policy making that might have an effect on privacy.
Although the questions surrounding privacy have been discussed for years in the context of individual health information, it is not clear that any of the issues in this area are either less controversial or less murky as a result. The traditional approach, in which the privacy of the patient could be controlled by that patient’s doctor and in which the information about that patient was kept in files owned and controlled by the doctor and not easily shared physically, is no longer a viable model. This model has been made impractical by changes in how the information itself is stored and how medical treatment is paid for and delivered. Adding in the growing realization that medical information traditionally regarded as private holds promise for changing the way the science of medicine can be conducted, it is clear that there are additional pressures on the traditional notions of medical privacy and that the rules of practice relevant to medical information will continue to evolve.