Balancing privacy and societal benefit

One common retort to claims of privacy infringement from government and industry is that in prevents or impairs  a societal benefit.  The most oft cited example is the alleged dichotomy of security versus privacy. Another incarnation is in the debate over black box recorders in consumer vehicles and whether the public policy should favor detailed tracking to reduce auto fatalities over the lost privacy of drivers. However, not every public policy debate has settled in favor of reducing social harm to the determent of privacy.

Consider sexually transmitted diseases.  Health information is one of the special classes of personal information that the US has deemed fit to grace with one of it’s sectoral laws, HIPPA. Public policy in the United States favor strong protection for health data. However, HIPPA only covers health care providers and their business associates. What about private individuals who come into knowledge of health information about another person? May they disclose a persons health condition to the public at large? Generally, the answer is yes, as long as it is truthful. However, this is not always the case. Many states have a privacy tort for public disclosure of embarrassing private facts. The elements of proving such a tort are

  • There must be public disclosure of the facts
  • The facts must be private facts, not public ones
  • The matter made public must be one which would be offensive and objectionable to a reasonable person of ordinary sensibilities.

In some cases, the revelation must not be newsworthy or a matter of public interest. One’s condition of having an STD would seem like the prototypical private fact that one would seek to keep from disclosure. But from a public policy perspective, there is an argument to be made that in order to prevent the spread of the communicable diseases, infection with an STD should be public knowledge to prevent potential partners from becoming infected. However, to my knowledge, no US state requires mandatory public disclosure (to the public at large). They may require reporting to a government agency by health providers or require disclosure of status by an individual to a potential sexual partner. Failure to do so may be criminally or civilly punishable. The decision to reveal one’s status publicly remains in the control of the individual, even when the law requires revelation to those at risk (an STD infected individual’s sex partners).  This is by no means a closed debate.

Privacy is often pitted against societal benefits and the debate framed as an individual‘s right to privacy versus this particular social good.  Privacy rarely comes out ahead because the societal benefits of privacy are hard to quantify in terms of lives, money, or some other enumerable figure that can be directly compared against. But protection of privacy does have societal benefits. Selective disclosure allows people to building trusting relationship. Financial privacy prevents targeting and theft, making society more productive. Anonymity is critical to a society free speech less speakers be judged for controversial or unpopular thoughts. A lack of privacy impedes risk taking and chills the activities of people. Ultimately, privacy is about decision making and the autonomy of the individual to make those decisions for themselves. Without that autonomy, one does not have a free society and all the benefits that liberty brings.
We can not allow ourselves to fall into the trap that any social good which implicates privacy interests outweighs the privacy harms. If we’re going to take a economic approach we have to find a way to quantify privacy harms as a social costs.


Please note that this blog post is not mean to be a treatise on the intricacies of privacy law as they relate to health data, in general, or sexually transmitted diseases, in particular. For some additional information see





What privacy issues can inform us about the health care debate in the US.

Health Care is singled out in the United States as one of the industries which needs significant privacy protection. Health information disclosed without permission of the data subject can result in embarrassment, stigmatization and discrimination.  Today, I’d like to consider the discriminatory aspects of health information privacy. More specifically the potential in insurance price discrimination. In designing a privacy preserving system, some information must be kept and utilized. Doctors need access to your prior health history in order to assist them in diagnosing your condition. Insurance companies need to know what they are paying for and want to know your history to price your policy based on your risk.

Consider for a moment two scenarios on the extreme side of things.  In the first, let’s assume that with perfect knowledge, an insurance company could predict with absolute certainty what ailments would befall you and how much of a cost you’ll impose in the future on the insurance company.  In the second, we assume that the insurance company can have no information on you and thus everybody is a blackbox; the only information the insurance company can use to price their service is on the overall health of society.

In the second scenario it’s obvious the insurance company knows nothing about you, but I would submit that in both scenarios privacy in perfectly protected from adverse discrimination. But how can that be, you say? In the first, the insurance company knows EVERYTHING about me.   Insurance is about pooled risk.  In the former scenario, there is no pooled risk. The insurance company collects payments from you in exact proportion to the cost burden you impose on the company.  You’re just funneling your money through an insurance carrier so they can take out their profit margin and forward payment to your health care provider.  In this case, the justification for the insurance company is naught and they just go out of business, leaving no discriminatory pricing privacy concerns.

Unfortunately, we don’t exist at either extreme but rather somewhere in the middle.  Insurance companies know something about us (our gender, our age, etc) but don’t have perfect knowledge and if they had perfect knowledge, they don’t have perfect predictability.  However, both options remain in terms of being privacy protective: provide insurance without any discrimination or eliminate insurance companies from them equation.  As long s you try to play somewhere in the middle, it will be a struggle of the needs/desires of insurance carrier to acquire information about the insured and the desire of the insured to hide the information.  Of course, you also run into the problem of adverse selection.  Those with pre-existing conditions or risky markers want the insurance company ignorant but those who are healthy want to provide that information to insurance companies for a beneficial rate reduction.  Then the presumption by the insurance company is that if you don’t proved you’re not a risk, you’re assumed to be in the higher risk category thus obscuring the need of the insured to hide that information.

Stepping outside the privacy issues, from a health policy debate, what distinguishes the conditions of egalitarian insurance (whereby everyone pays the same rates) and eliminate of insurance (whereby everybody pays for their own heath).  Many people favor a social policy whereby people are not subject to the lottery of life. In other words, the fact that you were born with a propensity for some ailment shouldn’t matter: we as a society should step up to the plate and help out those who lost. Fewer people are as sympathetic to those whose adverse health is caused by behavior (such as smoking).  If we agree as a society to bear the burden of the former but not the latter, the question moves to how and what about when the former causes the latter.  Is a propensity for addictive behavior a sympathetic enough condition that perhaps we should pay for lung cancer treatment of smokers? Or what about the case where lack of action (failure to get regular checkups) results in catching cancer at later and more costly to cure stages?  Is that the sympathetic genetic condition or the behavioral failure to get checked up and thus who bears the burden of payment?  Do we then reach a society that is even MORE privacy invasive because we must monitor your actions to make sure you aren’t costing society more that the expected cost because of your actions (fining you for not getting an annual check up, monitoring your urine to make sure you ate your daily vegetables and drank enough water)?

I think there is another problem to the ignorant insurance company scenario and that’s one of a failure of third party payers being able to keep health care costs in check.  If no one is questioning whether a particular test is necessary, the incentive for the doctor is to order it.  No harm, no foul, more money in their pockets.  This could be over-come by giving money directly to the insured based on their known ailments and let them allocate it to their health care according to the expected costs. We just have to be fine with knowing some may buy beer and cigarettes rather than pay for a proctology exam.

Ultimately, I think a solution is achievable IF (and it’s a big IF) we can agree no the principles we want our society to adhere to and not get stuck in the weeds arguing the minutia.