PREAMBLE

Codes of professional ethics serve several purposes:

1. To provide ethical guidance for the professionals themselves.

2. To furnish a set of principles against which the conduct of the

professionals may be measured.

3. To provide the public with a clear statement of the ethical

considerations that should shape the behaviour of the

professionals themselves.

A Code of Ethics for Health Informatics Professionals (HIPs)should therefore be clear, unambiguous, and easily applied inpractice. Moreover, since the field of informatics is in a state ofconstant flux, it should be flexible so as to accommodate ongoingchanges without sacrificing the applicability of its basic principles.It is therefore inappropriate for a Code of Ethics for HIPs to dealwith the specifics of every possible situation that might arise. Thatwould make the Code too unwieldy, too rigid, and too dependenton the current state of informatics. Instead, such a Code shouldfocus on the ethical position of the Health Informatics specialist as a professional, and on the relationships between HIPs and thevarious parties with whom they interact in a professional capacity.These various parties include (but are not limited to) patients,health care professionals, administrative personnel, health care

1

institutions as well as insurance companies and governmentalagencies, etc.

The reason for constructing a code of ethics for HIPs instead ofmerely adopting one of the codes that have been promulgated bythe various general associations of informatics professionals is thatHIPs play a unique role in the planning and delivery of health care:a role that is distinct from the role of other informatics profes-sionals who work in different settings.

Part of this uniqueness is centred in the special relationshipbetween the electronic health record (EHR) and the subject of thatrecord. The EHR not only reveals much about the patient that isprivate and should be kept confidential but, more importantly, itfunctions as the basis of decisions that have a profound impact onthe welfare of the patient. The patient is in a vulnerable position,and any decision regarding the patient and the EHR must acknowl-edge the fundamental necessity of striking an appropriate balancebetween ethically justified ends and otherwise appropriate means.Further, the data that are contained in the EHR also provide theraw materials for decision-making by health care institutions,governments and other agencies without which a system of healthcare delivery simply could not function. The HIP, therefore, byfacilitating the construction, maintenance, storage, access, use andmanipulation of EHRs, plays a role that is distinct from that ofother informatics specialists.

At the same time, precisely because of this facilitating role, HIPsare embedded in a web of relationships that is subject to uniqueethical constraints. Thus, over and above the ethical constraints thatarise from the relationship between the electronic record and thepatient, the ethical conduct of HIPs is also subject to considera-tions that arise out of the HIPs’ interactions with Health CareProfessionals (HCPs), health care institutions and other agencies.These constraints pull in different directions. It is therefore impor-tant that HIPs have some idea of how to resolve these issues in an

2

appropriate fashion. A Code of Ethics for HIPs provides a tool inthis regard, and may be of use in effecting a resolution when con-flicting roles and constraints collide.

A Code of Ethics for HIPs is also distinct from an account oflegally conferred duties and rights. Unquestionably, the law pro-vides the regulatory setting in which HIPs carry out their activi-ties. However, ethical conduct frequently goes beyond what the lawrequires. The reason is that legal regulations have purely juridicalsignificance and represent, as it were, a minimum standard asenvisioned by legislators, juries and judges. However, these stan-dards are formulated on the basis of circumstances as they obtainhere and now; they are not anticipatory in nature and therefore canprovide little guidance for a rapidly evolving discipline in whichnew types of situations constantly arise. HIPs who only followedthe law, and who only adjusted their conduct to legal precedent,would be ill equipped to deal with situations that were notenvisioned by the lawmakers and would be subject to the vagariesof the next judicial process.

On the other hand, a Code of Ethics for HIPs is grounded infundamental ethical principles as these apply to the types ofsituations that characterize the activities of the Health Informaticsspecialist. Consequently such a Code, centring in the very essenceof what it is to be an HIP, is independent of the vagaries of thejudicial process and, rather than following it, may well guide it;and rather than becoming invalidated by changes in technology oradministrative fashion, may well indicate the direction in whichthese developments should proceed. Therefore, while in many casesthe clauses of such a Code will be reflected in corresponding juridi-cal injunctions or administrative provisions, they provide guidancethrough times of legal or administrative uncertainty and in areaswhere corresponding laws or administrative provisions do not exist.At a more general level, such a Code may even assist in theresolution of the problems posed by the technological imperative.

3

Not everything that can be done should be done. A Code of Ethicsassists in defining the ethical landscape.

The Code of Ethics that follows was developed on the basis ofthese considerations. It has three parts:

1. Introduction. This part begins with a set of fundamental ethical

principles that have found general acceptance. Next is a brief

list of general principles of informatic ethics that follow from the

fundamental ethical principles when these fundamental ethical

principles are applied to the electronic gathering, processing,

storing, communicating, using, manipulating and accessing of

health information in general. These general principles of

informatic ethics are high-level principles and provide general

guidance.

2. Rules of Ethical Conduct for HIPs. This part lays out a detailed

set of ethical rules of behaviour for HIPs. These rules are

developed by applying the general principles of informatic ethics

to the types of relationships that characterize the professional

lives of HIPs. They are more specific than the general principles

of informatic ethics, and offer more particular guidance.

3. Explanation. This third part provides detailed explanation of the

ethical reasoning that underlies the various clauses of the Rules

of Ethical Conduct for HIPs. Its purpose is to give some insight

into how the various clauses are derived, what they mean, and

thus to assist HIPs in applying the general principles of

informatic ethics to situations that are not specifically dealt with

in the Rules.

It should also be noted that the Code of Ethics and the accompa-nying set of Rules of Ethical Conduct do not include what might becalled ‘technical’ provisions; that is to say, they do not make ref-erence to such things as technical standards of secure data com-

4

munication, or to provisions that are necessary to ensure a highquality in the handling, collecting, storing, transmitting, manipu-lating, etc. of health care data. This is deliberate. While the devel-opment and implementation of technical standards has ethicaldimensions, and while these dimensions are reflected in the Codeand the Rules as ethical duties, the details of such technical stan-dards are not themselves a matter of ethics.

5

PART I

INTRODUCTION

A. Fundamental ethical principles

All social interactions are subject to fundamental ethical principles.HIPs function in a social setting. Consequently, their actions arealso subject to these principles. The most important of these prin-ciples are:

1. Principle of Autonomy. All persons have a fundamental right to

self-determination.

2. Principle of Equality and Justice. All persons are equal as

persons and have a right to be treated accordingly.

3. Principle of Beneficence. All persons have a duty to advance

the good of others where the nature of this good is in keeping

with the fundamental and ethically defensible values of the

affected party.

4. Principle of Non-Malfeasance. All persons have a duty to

prevent harm to other persons insofar as it lies within their

power to do so without undue harm to themselves.

5. Principle of Impossibility. All rights and duties hold subject to

the condition that it is possible to meet them under the

circumstances that obtain.

7

6. Principle of Integrity. Whoever has an obligation, has a duty to

fulfil that obligation to the best of her or his ability.

B. General principles of informatic ethics

These fundamental ethical principle, when applied to the types ofsituations that characterize the informatics setting, give rise to gen-eral ethical principles of informatic ethics.

1. Principle of Information Privacy and Disposition. All persons

have a fundamental right to privacy, and hence to control over

the collection, storage, access, use, communication,

manipulation and disposition of data about themselves.

2. Principle of Openness. The collection, storage, access, use,

communication, manipulation and disposition of personal data

must be disclosed in an appropriate and timely fashion to the

subject of those data.

3. Principle of Security. Data that have been legitimately collected

about a person should be protected by all reasonable and

appropriate measures against loss, degradation, unauthorized

destruction, access, use, manipulation, modification or

communication.

4. Principle of Access. The subject of an electronic record has the

right of access to that record and the right to correct the record

with respect to its accurateness, completeness and relevance.

5. Principle of Legitimate Infringement. The fundamental right of

control over the collection, storage, access, use, manipulation,

communication and disposition of personal data is conditioned

only by the legitimate, appropriate and relevant data needs of a

8

free, responsible and democratic society, and by the equal and

competing rights of other persons.

6. Principle of the Least Intrusive Alternative. Any infringement of

the privacy rights of the individual person, and of the individual’s

right to control over person-relative data as mandated under

Principle 1, may only occur in the least intrusive fashion and

with a minimum of interference with the rights of the affected

person.

7. Principle of Accountability. Any infringement of the privacy rights

of the individual person, and of the right to control over person-

relative data, must be justified to the affected person in good

time and in an appropriate fashion.

These general principles of informatic ethics, when applied to thetypes of relationships into which HIPs enter in their professional

9

Relationship Between Fundamental Ethical Principles, General

Principles of Informatic Ethics, and Rules of Conduct for HIPs

Rules of Conduct for HIPs

Types of InformaticSituations

Types of InformaticSituations

Types of InformaticSituations

General Principles of Informatic Ethics

Ethical Principles

lives, and to the types of situations that they encounter when thusengaged, give rise to more specific ethical duties. The Rules ofConduct for HIPs that follow outline the more important of theseethical duties. It should be noted that as with any ethical rules ofconduct, the Rules cannot do more than provide guidance. The pre-cise way in which the Rules apply in a given context, and the precisenature of a particular ethical right or obligation, depends on thespecific nature of the relevant situation.

10

PART II

RULES OF ETHICAL CONDUCT FOR HIPS

The rules of ethical conduct for HIPs can be broken down into sixgeneral rubrics, each of which has various sub-sections. The gen-eral rubrics demarcate the different domains of the ethical rela-tionships that obtain between HIPs and specific stakeholders; thesub-sections detail the specifics of these relationships.

A. Subject-centred duties

These are duties that derive from the relationship in which HIPsstand to the subjects of the electronic records or to the subjects ofthe electronic communications that are facilitated by the HIPsthrough their professional actions.

1. HIPs have a duty to ensure that the potential subjects of

electronic records are aware of the existence of systems,

programmes or devices whose purpose it is to collect and/or

communicate data about them.

2. HIPs have a duty to ensure that appropriate procedures are in

place so that:

a. electronic records are established or communicated only with

the voluntary, competent and informed consent of the

subjects of those records;

11

b. if an electronic record is established or communicated in

contravention of clause A.2.a, the need to establish or

communicate such a record has been demonstrated on

independent ethical grounds to the subject of the record, in

good time and in an appropriate fashion.

3. HIPs have a duty to ensure that the subject of an electronic

record is made aware that:

a. an electronic record has been established about her/him;

b. who has established the record and who continues to

maintain it;

c. what is contained in the electronic record;

d. the purpose for which it is established;

e. the individuals, institutions or agencies who have access to it

or to whom it (or an identifiable part of it) may be

communicated;

f. where the electronic record is maintained;

g. the length of time it will be maintained;

h. the ultimate nature of its disposition.

4. HIPs have a duty to ensure that the subject of an electronic

record is aware of the origin of the data contained in the record.

5. HIPs have a duty to ensure that the subject of an electronic

record is aware of any rights that he or she may have with

respect to:

a. access, use and storage of her or his electronic record and

of the data contained in it;

12

b. communication and manipulation of her or his electronic

record and of the data contained in it;

c. quality and correction of her or his electronic record and of

the data contained in it;

d. disposition of her or his electronic record and of the data

contained in it.

6. HIPs have a duty to ensure that:

a. electronic records are stored, accessed, used, manipulated

or communicated only for legitimate purposes;

b. there are appropriate protocols and mechanisms in place to

monitor the storage, accessing, use, manipulation or

communication of electronic records, or of the data contained

in them, in accordance with clause A.6.a;

c. there are appropriating protocols and mechanisms in place to

act on the basis of the information under clause A.6.b as and

when the occasion demands;

d. the existence of these protocols and mechanisms is known

to the subjects of electronic records;

e. there are appropriate means for subjects of electronic

records to enquire into and to engage the relevant review

protocols and mechanisms.

7. HIPs have a duty to treat the duly empowered representatives

of the subjects of electronic records as though they had the

same rights concerning the electronic records as the subjects of

the record themselves, and that the duly empowered

representatives (and, if appropriate, the subjects of the records

themselves) are aware of this fact.

13

8. HIPs have a duty to ensure that all electronic records are

treated in a just, fair and equitable fashion.

9. HIPs have a duty to ensure that appropriate measures are in

place that may reasonably be expected to safeguard:

a. the security of electronic records;

b. the integrity of electronic records;

c. the material quality of electronic records;

d. the usability of electronic records;

e. the accessibility of electronic records.

10. HIPs have a duty to ensure, insofar as this lies within their

power, that an electronic record or the data contained in it are

used only:

a. for the stated purposes for which the data were collected; or

b. for purposes that are otherwise ethically defensible.

11. HIPs have a duty to ensure that the subjects of electronic

records or communications are aware of possible breaches of

the preceding duties and the reason for them.

B. Duties towards Health Care Professionals

Health Care Professionals (HCPs) who care for patients depend onthe technological skills of HIPs in the fulfilment of their patient-centred obligations. Consequently, HIPs have an obligation to assistthese HCPs insofar as this is compatible with the HIPs’ primaryduty towards the subjects of the electronic records. Specifically, thismeans that:

14

1. HIPs have a duty:

a. to assist duly empowered HCPs who are engaged in patient

care in having appropriate, timely and secure access to

relevant electronic records (or parts of thereof), and to

ensure the usability, integrity, and highest possible technical

quality of these records;

b. to provide those informatic services that might be necessary

for the HCPs to carry out their mandate.

2. HIPs should keep HCPs informed of the status of the informatic

services on which the HCPs rely, and immediately advise them

of any problems or difficulties that might be associated or that

could reasonably be expected to arise in connection with these

informatic services.

3. HIPs should advise the HCPs with whom they interact on a

professional basis, or for whom they provide professional

services, of any circumstances that might prejudice the

objectivity of the advice they give or that might impair the

nature or quality of the services that they perform for the

HCPs.

4. HIPs have a general duty to foster an environment that is

conducive to the maintenance of the highest possible ethical

and material standards of data collection, storage,

management, communication and use by HCPs within the

health care setting.

5. HCPs who are directly involved in the construction of electronic

records may have an intellectual property right in certain formal

features of these records. Consequently, HIPs have a duty to

safeguard:

15

a. those formal features of the electronic record in which the

HCP has, or may reasonably be expected to have, an

intellectual property interest; or

b. those formal features of the data collection, retrieval, storage

or usage system in which the electronic record is embedded

in which the HCP has, or may reasonably be expected to

have, an intellectual property interest.

C. Duties towards institutions/employers

1. HIPs owe their employers and the institutions in which they

work a duty of:

a. competence;

b. diligence;

c. integrity;

d. loyalty.

2. HIPs have a duty to:

a. foster an ethically sensitive security culture in the institutional

setting in which they practice their profession;

b. facilitate the planning and implementation of the best and

most appropriate data security measures possible for the

institutional setting in which they work;

c. implement and maintain the highest possible qualitative

standards of data collection, storage, retrieval, processing,

accessing, communication and utilization in all areas of their

professional endeavour.

16

3. HIPs have a duty to ensure, to the best of their ability, that

appropriate structures are in place to evaluate the technical,

legal and ethical acceptability of the collection, storage,

retrieval, processing, accessing, communication, and utilization

of data in the settings in which they carry out their work or with

which they are affiliated.

4. HIPs have a duty to alert, in good time and in a suitable manner,

appropriately placed decision-makers of the status of the security

and quality of the data-generating, storing, accessing, handling

and communication systems, programmes, devices or procedures

of the institution with which they are affiliated or of the employers

for whom they provide professional services.

5. HIPs should immediately inform the institutions with which they

are affiliated or the employers for whom they provide a

professional service of any problems or difficulties that could

reasonably be expected to arise in connection with the

performance of their contractually stipulated services.

6. HIPs should immediately inform the institutions with which they

are affiliated or the employers for whom they provide a

professional service of circumstances that might prejudice the

objectivity of the advice they give.

7. Except in emergencies, HIPs should only provide services in

their areas of competence; however, they should always be

honest and forthright about their education, experience or

training.

8. HIPs should only use suitable and ethically acquired or

developed tools, techniques or devices in the execution of their

duties.

17

9. HIPs have a duty to assist in the development and provision of

appropriate informatics-oriented educational services in the

institution with which they are affiliated or for the employer for

whom they work.

D. Duties towards society

1. HIPs have a duty to facilitate:

a. the appropriate collection of health care data that are

necessary for the planning and providing of health care

services on a social scale;

b. the appropriate storage of health care data that are

necessary for the planning and providing of health care

services on a social scale;

c. the appropriate communication of health care data that are

necessary for the planning and providing of health care

services on a social scale;

d. the appropriate use of health care data that are necessary

for the planning and providing of health care services on a

social scale;

e. the appropriate manipulation of health care data that are

necessary for the planning and providing of health care

services on a social scale.

2. HIPs have a duty to ensure that:

a. only data that are relevant to legitimate planning needs are

collected;

b. the data that are collected are de-identified or rendered

18

anonymous as much as possible, in keeping with the

legitimate aims of the collection;

c. the linkage of databases can occur only for otherwise

legitimate and defensible reasons that do not violate the

fundamental rights of the subjects of the records;

d. only duly authorized persons have access to the relevant

data.

3. HIPs have a duty to educate the public about the various issues

associated with the nature, collection, storage and use of

electronic health data and to make society aware of any

problems, dangers, implications or limitations that might

reasonably be associated with the collection, storage, usage

and manipulation of socially relevant health data.

4. HIPs will refuse to participate in or support practices that violate

human rights.

5. HIPs will be responsible in setting the fee for their services and

in their demands for working conditions, benefits, etc.

E. Self-regarding duties

1. HIPs have a duty to recognize the limits of their competence,

2. HIPs have a duty to consult when necessary or appropriate,

3. HIPs have a duty to maintain competence,

4. HIPs have a duty to take responsibility for all actions performed

by them or under their control,

19

5. HIPs have a duty to avoid conflict of interest,

6. HIPs have a duty to give appropriate credit for work done, and

7. HIPs have a duty to act with honesty, integrity and diligence.

F. Duties towards the profession

1. HIPs have a duty always to act in such a fashion as not to

bring the profession into disrepute.

2. HIPs have a duty to assist in the development of the highest

possible standards of professional competence, to ensure that

these standards are publicly known, and to see that they are

applied in an impartial and transparent manner.

3. HIPs will refrain from impugning the reputation of colleagues but

will report to the appropriate authority any unprofessional

conduct by a colleague.

4. HIPs have a duty to assist their colleagues in living up to the

highest technical and ethical standards of the profession.

5. HIPs have a duty to promote the understanding, appropriate

utilization, and ethical use of health information technologies,

and to advance and further the discipline of Health Informatics.

20

PART III

EXPLANATION

A. Subject-centred duties

Introduction

The purpose of this section is to give a more detailed explanation ofthe subject-centred duties of HIPs. However, before actually doingso, it is important to clarify what is meant by saying that the healthinformatics specialist is a professional. The reason this is important isthat the ethical considerations that are relevant for professionals aredifferent from those that apply to individuals who are merely employ-ees. Specifically, a professional’s obligations are fiduciary in nature,and are owed to the individual who is the recipient of the professional’sservices even when this recipient is not the one who pays for the ser-vices in question. Moreover, a professional’s obligations go beyondmerely doing what is explicitly stated in the agreement that forms thebasis of the professional’s actions but extends to doing what is in thebest interests of the individual even when no specific directives in thisregard exist. On the other hand, the obligations of an employee arepurely contractual in nature, and are wholly and completely circum-scribed by the clauses of the contract itself. Consequently, considera-tions of best interests do not enter the picture.

Health Informatics specialists are professionals even when theyare in the employ of an institution or corporate entity. This fol-lows from the definition of a profession itself.

21

Education, social service and organization

That is to say, in sociological terms, a profession is characterizedby several features, most of which are shared by all professions. Forexample, the work that the members of a profession perform usuallyhas a significant intellectual component and has an impact on thewelfare of society. As well, members of a profession usually haveundergone a specialized form of education, frequently at the post-secondary level, and membership of the group may require a cer-tification of proficiency or expertise where the nature and level ofthis proficiency is usually determined by the group itself. Moreover,a profession may also be accorded the right of self-governance, andmay be granted a legally recognized practice monopoly or exclu-sivity of practice. In that eventuality, only individuals who arelicensed and have been certified by the organizational structure ofthe group may engage in the activities in question (Bayles, 1989;Friedson, 1970, 1986; Parsons, 1954). Finally, professions are oftenorganized into associations or groups of associations that representthe profession to society, and the conduct of a profession’s mem-bers is often governed by a more or less formalized set of rules ora code of conduct promulgated by the profession itself.

It is not necessary that a profession exhibit all of these charac-teristics. Thus, legal recognition and exclusivity of practice are mat-ters of law and depend on the juridical framework in which theprofession functions. Therefore, whether a given profession enjoysthis status depends on the national legal framework within whichit operates. For example medicine, which is a paradigm of a pro-fession (Friedson, 1986; Parsons, 1954), did not attain to legalrecognition and exclusivity of practice until fairly recently and otherindividuals such as barber surgeons, midwives, herbalists, nuns,priests, etc. were at liberty to provide medical services.2 Likewise,

22

2. On a global scale, the high-water mark of this development was the release ofthe Flexner Report in 1910; see Flexner (1910, 1912).

nursing has been recognized as a profession for quite some time,yet there are many jurisdictions in which nursing does not enjoy alegally recognized service provider monopoly, and where Sisters ofMercy or other individuals who essentially have only lay standingmay function in a nursing capacity.

On the other hand, advanced and specialized education has beena universal characteristic of all professions, even historically. Thus,lawyers and physicians were expected to have advanced educationeven in the Middle Ages – an expectation that was (briefly) trans-lated into a matter of law in the 13th century3 and re-instituted inthe 20th. Health Informatics shares this characteristic. HealthInformatics specialists, in order to function in a professionalcapacity, require advanced and special education – usually at thepost-secondary level.

As well, Health Informatics has in common with other profes-sions that it provides a socially important service. Moreover, it alsoshares the characteristic that its members are frequently organizedinto associations that impose rules of conduct on their members.4

Fiduciary nature of the health informatics–patient relationship

However, much more important than any of this is the fact that, likephysicians, Health Informatics specialists stand in a fiduciary rela-tionship towards the individuals who are the subjects of their services.

3. See the 1231 law of Frederic II of Hohenstauffen which, in article 45, statedthat ‘In view of the severe consequences and the irremediable harm that mayresult when inexperienced physicians engage in practice, we order that hence-forth no-one may dare to practice medicine under the title of physician if hehas not previously been approved in an open disputation by the professors ofthe University of Salerno.’

4. For example, the American Medical Informatics Association, the BritishComputer Society and the Canadian Organization for the Advancement ofComputers in Healthcare.

That is to say, the Health Informatics specialist stands at the atthe centre of a web of interlocking relationships between the sub-ject of the electronic record and a series of interested parties whoseendeavours focus on the welfare of the patient and who all share aneed for patient-relative information. These other parties includethe HCPs who provide patient care, the institutions or agenciesthat employ the HIPs, insurance companies and governmentalagencies that gather data for health care planning purposes, etc.The reason HIPs occupy this unique position is that neither HCPsnor anyone else can function without the data that are containedin the electronic record, and it is the HIPs who provide the nec-essary technical expertise that makes the development, access, use,manipulation and communication, etc. of these data possible.

In this web of relationships, the relationship between the HealthInformatics specialist and the subject of the electronic record is mostimportant. One of the reasons for this lies in the unique connec-tion between the electronic record and the subject of the recorditself. Not only does the record contain sensitive data that the sub-ject reveals or otherwise makes available only on the understand-ing of confidentiality; it also plays a crucial role in the delivery ofhealth care to the subject. Therefore, not only is privacy an over-whelming concern, but so are the following: availability – the recordmust be available when it is needed; quality – the record must bematerially usable by whoever provides the relevant health care;integrity – the record must not have been altered in an unautho-rized fashion or by an unauthorized person; and usability – whichis to say, the record must be in such an electronic form that it canactually be retrieved and used by the current software programs ofthe duly authorized user. Unless the Health Informatics specialistacts in a professional manner, none of this will be possible.

Trust

However, the fiduciary nature of the relationship between the HIP

24

and the subject of the electronic record derives only in part fromthese factors. Fundamentally and above all, it is grounded in anexpectation of trust on part of the subject of the record, and in the expectation of professional competence that the subject of theelectronic record has – or is entitled to have – towards the HIP.

For instance, the patient trusts that the data that will be gatheredabout him or her will be gathered in an ethically appropriatemanner, and that they will be available in good time, to the appro-priate person and in usable form as and when they are needed forhealth care related purposes. Further, the patient trusts that the datawill be secure from unauthorized access, deletion, modification,manipulation, etc. In the institutionalized setting in which the HIPtypically functions, this trust cannot be satisfied by the HCPs oranyone else. While the latter have information-relative duties thatare important in their own right, and while these have traditionallybeen recognized by the respective professions, these duties do notextend to the development, maintenance and general safe-guarding,etc. of the material basis of the electronic data and data-systemsthat form such an integral part of the modern institutionalizedhealth care setting. Instead, this trust is centrally focussed in theHIP, whose professional actions underwrite the very possibility ofcontemporary health care planning and delivery.

In most instances, this trust is de facto rather than being explic-itly and overtly directed towards the HIP. That is to say, in mostcases patients may not even be aware of the existence of the HIPor the role that the HIP plays in the institutionalized setting; norwill the patient have entered into a direct and personal relationshipwith the informatics professional. Nevertheless, conscious or other-wise, the patient’s trust is centred in the HIP.

By way of explanation, it may be appropriate to point out thatthis situation is no different from the one that obtains in the case of a specialist consultant in a particular area of health care –say, in radiology – and the patient when the specialist is consulted

25

by the primary care physician or by the patient’s health care teamon a particularly complex issue. When the consultant offers anopinion as to how the care of the patient ought to proceed, thefact that the consulting specialist may never have met the patient– and, indeed, may never interact with the patient on a direct and personal level – does not diminish the fiduciary nature of therelationship between the consulting specialist and the patient. The patient’s trust, although mediated through the person of theprimary care taker and not overt, is still there and is still warranted.It is precisely because there is this element of trust that the patientmay accuse a consultant of breach of trust if the professional doesnot act in a fiduciary fashion. With due alteration of detail, thesame considerations apply to the relationship between the HIP andthe patient.

Institutionalized expectation

Moreover, the modern institutionalized health care setting is struc-tured in such a way that each professional plays a particular role inthe functioning of the system as a whole. The patient may notknow anything about how the system functions; nevertheless, thepatient approaches the health care setting with the expectation that,however it may be structured, the setting as a whole will provideappropriate services in good time, and that it will keep personalpatient information private and secure. In functional terms, theinstitution delegates this trust to the employees and associates whoactually carry out the work of the institution itself. Therefore, whilethe patient’s trust may be explicitly and overtly directed towardsthe institution, the fact remains that, through the institution’sstructures and mechanisms, it devolves to the professionals whowork within that institutional setting.

The Health Informatics specialist is one such professional. Theoperations of the HIP are integral to the operation of the healthcare setting itself because it is through the agency of the HIP that

26

the informatic needs of the institution as well as those of the HCPswho work in the institution are met. It is in the fulfilment of heror his professional role that the HIP’s fiduciary duty towards thepatient arises: it grows out the institutionalized functioning of theHIP in relation to the unique nature of electronic record in theinstitutionalized setting.

This fiduciary relationship expresses itself in a series of dutiesthat the HIP incurs as agent of the institution. In general terms,when a patient is not in a position to determine some record-relatedissue having ethical implications and a decision about storage,manipulation, access, etc. has to be made – and this will usually bethe case, since most of the informatically relevant actions in aninstitution go on behind the scenes – the HIP must use her or hisbest professional judgement about how to proceed in this sort ofsituation. In deciding on how to proceed, the HIP must follow thesame pattern as other professionals who are in fiduciary relation-ships: the HIP must be guided either by the values of the subjectof the record if these are known – for example, when the patienthas given explicit instructions as to who should and who shouldnot have access to her or his record; or, in cases where these valuesare not known (as will most often be the case) or where such valuesor instructions would otherwise be inappropriate (for instance, inthe case of incompetent persons or children), the HIP must beguided by the values that would be used by the objective reason-able person.

Moreover, it follows from the fiduciary nature of this relation-ship that there may be occasions when the HIP may have a moralduty to engage suitable legal machinery in order to ensure thatelectronic patient data are dealt with in an ethically appropriatefashion. For example, this would be the case when the professionalhas reasonable grounds to suppose that a particular informaticundertaking is ethically inappropriate, where the professional hasexhausted all internal avenues for dealing with such issues and no

27

other option for dealing with the situation remains. Furthermore,the HIP must do so irrespective of whether this means challenginga HCP, the institution in which the informatics professional works,or the next-of-kin.

At the same time, it is important to note that the HIP’s domainof operation should not necessarily to be identified with the spatialsetting in which the HIP works. In fact, identifying it in this waymay be dangerous. It would ignore the fact that what is importantabout the domain of operation of a professional is not the materialplace in which the actions of professional take place but the func-tional structure of the setting in which the professional carries outher or his task. As soon as this functional structure involves theactivities of the professional as professional, it is a professionalsetting.

In other words, and in general terms, the relationship betweena professional and a client is triggered when the would-be cliententers into the domain of operation of the professional and inter-faces with the more or less formalized functioning of the profes-sional in that setting. In more particular terms that are specific tothe HIP–patient relationship, this means that the HIP’s domain ofoperation in the institutionalized setting is the general informaticframework of the institution as a whole. It includes the totality ofcomputers, diagnostic machinery, wiring, programs, processes,procedures etc. that form the basis of the data-gathering, handlingand communication capacity of the institution within which thevarious operations of the institution are carried out. It is in thisframework that the data that form the basis of the informationcontained in the various records of the institution (inclusive of theelectronic record) are generated and manipulated. Therefore, thismeans that, as soon as the patient enters into, or interfaces with,an institutionalized structure in this extended sense, the relation-ship between the HIP who is employed by the institution and thepatient is triggered.

28

Implications

The fiduciary nature of the HIP–patient relationship also has otherimplications: implications that go beyond issues that immediatelyand directly concern an electronic record on a given occasion. Someof these implications are procedural in nature. For instance, theHIP has a duty to ensure, as best as he or she is able: that thereare procedures and structures in place to ensure that electronicrecords will be available, in usable form, to the right person in theright way at the right time within the institutional setting; thatthere are appropriate means for developing patient-relative data inkeeping with the mandate of the institution; that there are appro-priate safeguards to protect the privacy, security, integrity, materialquality, etc. of the electronic record, and so on. These duties obtaineven if the institution in which the informatics professional workshas no procedures in place to deal with such concerns. In fact, partof the fiduciary duty of the professional is to initiate the develop-ment and deployment of appropriate measures precisely when theinstitution has failed in this regard. Moreover, the relationship alsoentails that the professional must ensure that these measures aremonitored and evaluated on a current basis and, if necessary, adjust-ed to meet the changing needs of the moment.

Specific subject-centred duties

The various duties that were indicated above derive from the fidu-ciary relationship in which the HIP stands to the subject of theelectronic record or to the subject of the electronic communicationthat is facilitated by the HIP through her or his professional actions.

1. HIPs have a duty to ensure that the potential subjects of

electronic records are aware of the existence of systems,

programmes or devices whose purpose it is to collect and/or

communicate data about them.

29

This clause provides for a duty to alert the subject(s) of electronicrecords to the possibility of data collection and communication,and stipulates the duty to inform the subject(s) that such proce-dures, systems or devices may be engaged on a particular occasion.These duties derive from the Principle of Information Privacy andDisposition – privacy is infringed when person-relative data are col-lected – and from the Principle of Openness.

It should be noted that the duty enunciated in this clause is dis-tinct from the duty to disclose the fact that data have actually beengathered, etc. – the reason being that the potential subjects of data-gathering might not wish to have health care data gathered aboutthem and, if they knew about this, would adjust their behaviourto avoid such data being gathered. For example, such individualsmight then avoid using public health care facilities or eschew con-sulting health care providers who employ data-gathering modali-ties. While this might – and indeed probably would – seriouslyreduce the possibility of such persons receiving appropriate and nec-essary health care, they do have that right.5

2. HIPs have a duty to ensure that appropriate procedures are in

place so that:

a. electronic records are established or communicated only with

the voluntary, competent and informed consent of the

subjects of those records;

b. if an electronic record is established or communicated in

contravention of Clause A.2.a, the need to establish or

communicate such a record has been demonstrated on

independent ethical grounds to the subject of the record, in

good time and in an appropriate fashion.

30

5. Within certain limits that will be explained later on.

This clause deals with the process of actually establishing, main-taining and communicating electronic records. It deals with theprocedural safeguards that are necessary to ensure that patientrecords are established and communicated only in an ethicallyappropriate fashion. The general duty that is enunciated in the firstpart of this clause derives from the Principle of Information Privacyand Disposition. It means that an HIP cannot simply assume thatthe data retrieval and processing systems with which she or he oper-ates meet ethical requirements of informed consent on part of thesubjects about whom data are being gathered, used or communi-cated. Instead, the professional has a positive duty to satisfyher/himself that this is indeed the case. In other words, it entailsthat an HIP cannot simply adopt a passive and accepting stance inthis regard. Moreover, it also entails a positive duty to correct thesituation if indeed the appropriate safeguards are not in place.

The second part of this clause is based in the Principle of LegitimateInfringement, the Principle of Accountability and the Principle of LeastIntrusive Alternative. It focuses on the ethical limitations of the pro-cedures under Clause A.2.a. It is predicated on the fact that all per-sons are embedded in a social context, and as such receive benefitsfrom that embedding. This is especially clear in the context of healthcare: health care would be impossible if society as a whole did notco-operate in its planning and delivery. Public health measures, healthcare training and education, health research, etc. are all implicated.Since all of this depends on the availability of data, the very possi-bility of having health care depends on the ability to gather and usedata. Therefore, since everyone benefits, it follows that everyone hasa duty to allow a limited infringement of this otherwise absolute right to privacy. However, such infringement must always be to theleast degree necessary for achieving these otherwise legitimate aims and, moreover, must always be justified to the subjects of thedata that are being gathered so that the subject may challenge thisinfringement if it should be ethically appropriate to do so.

31

3. HIPs have a duty to ensure that the subject of an electronic

record is made aware that:

a. an electronic record has been established about her/him;

b. who has established the record and who continues to

maintain it;

c. what is contained in the electronic record;

d. the purpose for which it is established;

e. the individuals, institutions or agencies who have access to it

or to whom it (or an identifiable part of it) may be

communicated;

f. where the electronic record is maintained;

g. the length of time it will be maintained;

h. the ultimate nature of its disposition.

While Clause 2 deals with the procedures involved in setting upand handling electronic records, this clause deals with the actualimplementation of the data-gathering and utilization proceduresmentioned under Clause 2. It derives from the Principle of Opennessand the Principle of Accountability. It does not mean that on eachoccasion that data are gathered or used, the subject of the data mustbe apprised of this fact by the HIP. That would be impossibly oner-ous, and hence would violate the general and fundamental ethicalPrinciple of Impossibility, which is to the effect that no-one can havea duty to the impossible. Instead, it means that HIPs have a dutyto ensure that the procedures that are mentioned under Clause 2function appropriately.

4. HIPs have a duty to ensure that the subject of an electronic

record is aware of the origin of the data contained in the record.

32

This clause derives from the informatic Principle of Openness. It isbased on the fact that data are not always gathered or communi-cated in the same way. Some of them are gathered or communi-cated through telemetry, others through interviews with thirdparties, still others through personal history-taking or medicalexamination, etc. Since the way in which the data are gathered mayaffect their accuracy, validity or relevance, and since it may alsoreflect on the appropriateness of the process itself that is used toderive the data, it is ethically appropriate that the subject of thedata be aware of their origin so that he or she may exercise therights that follow from the Principle of Information Privacy andDisposition, as outlined in the preceding clauses.

5. HIPs have a duty to ensure that the subject of an electronic

record is aware of any rights that he or she may have with

respect to:

a. access, use and storage of her or his electronic record and

of the data contained in it;

b. communication and manipulation of her or his electronic

record and of the data contained in it;

c. quality and correction of her or his electronic record and of

the data contained in it;

d. disposition of her or his electronic record and of the data

contained in it.

Clauses 1 to 4 have outlined a series of rights that are possessed bythe subjects of electronic records and that HIPs are bound to safe-guard. However, the subjects of electronic records cannot exercisethese informatic rights if they are unaware that they have theserights. Therefore ignorance in this regard would have the effect ofstripping the subjects of electronic records of their informatic rights.

33

Clause 5 addresses this fact. It states that HIPs have a positive dutyto ensure that the subjects of electronic records are aware of theserights. Quite aside from the fact that the data that are containedin electronic records may be important to their subjects from a per-sonal perspective – the Principle of Information Privacy andDisposition is here implicated – they may also have economic, legaland other significance for their subjects. Among other things, there-fore, this clause, will assume increasing importance in an era of bio-logical, medical and genetic engineering. Other informaticprinciples that are involved are the Principle of Access and thePrinciple of Openness.

6. HIPs have a duty to ensure that:

a. electronic records are stored, accessed, used, manipulated

or communicated only for legitimate purposes;

b. there are appropriate protocols and mechanisms in place to

monitor the storage, accessing, use, manipulation or

communication of electronic records, or of the data contained

in them, in accordance with clause A.6.a;

c. there are appropriating protocols and mechanisms in place to

act on the basis of the information under clause A.6.b as and

when the occasion demands;

d. the existence of these protocols and mechanisms is known

to the subjects of electronic records;

e. there are appropriate means for subjects of electronic

records to enquire into and to engage the relevant review

protocols and mechanisms.

The preceding clauses have dealt with the rights of subjects ofelectronic records and with the corresponding duties of HIPs.However, merely enunciating these rights and duties is insufficient

34

to guarantee that they are in fact being honoured, nor is establish-ing information handling systems in an ethically appropriate fash-ion in the first instance any guarantee that these systems willcontinue to function in an ethically appropriate fashion. Clause 6is intended to remedy this lack. It states that there should be appro-priate protocols to monitor, on an ongoing basis, the establishment,storage, accessing, use, manipulation or communication, etc. ofelectronic records and of the data contained in them so as to ensurethat the relevant ethical considerations are in fact being followed.Further, in keeping with clause 4, it states that HIPs have a dutyto make sure that the existence of these protocols, and the meansof engaging them, are known to the subjects of the electronicrecords. In that sense, its purpose is to ensure that the rights andduties that have been outlined in the preceding clauses are in factoperationalized.

7. HIPs have a duty to treat the duly empowered representatives

of the subjects of electronic records as though they had the

same rights concerning the electronic records as the subjects of

the record themselves, and that the duly empowered

representatives (and, if appropriate, the subjects of the records

themselves) are aware of this fact.

The importance of this clause cannot be overestimated. It not onlyassists HIPs in understanding their duties towards next-of-kin orother duly empowered proxy decision-makers for incompetentpersons, but also helps to avoid the conflicts that sometimes arisebetween HCPs and the next-of-kin who may have to make decisionsfor or on behalf of the incompetent person.

That is to say, clauses 1 to 6 have been based on the assump-tion that the subjects of electronic records are competent persons who can exercise their rights on their own behalf, and theexplanations of these clauses have followed that assumption.

35

However, this is not necessarily correct. Sometimes people becomeincompetent – either because they come to suffer from dementia,or because they are unconscious, or for a variety of other reasons.The people who thus become incompetent do not cease to be per-sons and do not lose their rights just because they are now incom-petent. Instead, substitute or proxy decision-makers step in andexercise their rights for them, whether that be in matters of financeor matters of health care. This follows ethically from the Principleof Equality and Justice, and is well recognized in law.

This notion that substitute or proxy decision-makers take over theexercise of the rights of the incompetent person is very important ingeneral, because it recognizes the continuing ethical status of theincompetent individual as person. Nowhere is this more importantthan in health care. Modern medical ethics has come to accept that– except in an emergency and no other choice being available – theduly empowered proxy decision-maker for an incompetent person isnot the physician or any other HCP: it is the next-of-kin; and thelaw has identified a strict order of proxy decision-makers which, indescending order of priority, goes from the spouse, then if there isno spouse to the children, then the parents, and so on.

In the present context, the precise order of proxy decision-makersis not important. What is important is that, whoever the proxydecision-maker happens to be, that person – ethically as well aslegally – has both the right and the duty to make decisions onbehalf of the incompetent person. That includes making health caredecisions – which of course requires access to what is contained inthe electronic record just as it would for the incompetent personif that person were competent. However, it also extends to the otherinformatic rights that the incompetent person would normallyexercise on her or his own behalf. For, unless the proxy exercisesthe incompetent person’s rights on her or his behalf, that personwill lose these rights by default. That would be to discriminate onthe basis of disability – and hence would be unjust.

36

At the same time, not all persons who are now incompetent havepreviously been competent. For example, children are persons, butthey have never been competent. The same thing is true of personswho have been born with a severe mental disability. As persons,they all have the same rights as every other person, the fact thatthey cannot exercise these rights on their own behalf notwith-standing. That is again why both ethics and law recognize the needfor appropriately placed proxy decision-makers. For present pur-poses, it does not matter exactly who the duly empowered proxydecision-maker may be; what matters is that this proxy decision-maker again has both the right and the duty to exercise the incom-petent person’s rights on that person’s behalf. This includes notonly the duty to make health care decisions – which of course entailsthe right of access to the incompetent person’s record – but alsothe duty to exercise the whole panoply of rights that belong to allpersons insofar as they are persons. Informatic rights are hereincluded.

Consequently, the Principle of Equality and Justice entails that,even in the case of children or congenitally incompetent persons,HIPs have a duty to treat the duly empowered representatives ofthese persons as though they had the same rights concerning theelectronic records as the subjects of the record themselves wouldhave if they were competent; and in keeping with clause 5, therelies a duty on part of the HIP to ensure that the duly empoweredrepresentatives are aware of this fact.

8. HIPs have a duty to ensure that all electronic records are

treated in a just, fair and equitable fashion.

This clause follows from the Principle of Equality and Justice: Allpersons are equal as persons. Consequently all persons have thesame rights.

However, it would be a mistake to assume that this means that

37

all electronic records should always be treated in the same fashion.That would be to confuse equity and fairness with sameness.Ethically relevant differences between persons require specialaccommodation. To give an illustrative example: some people arephysically so severely disabled that they cannot walk but insteadhave to move around in wheelchairs. If society treated people inwheelchairs the same way that it treats people who are not thusdisabled, it would not construct wheelchair-accessible entrances topublic buildings or make other relevant accommodations. This, ofcourse, would mean that persons in wheelchairs would not havethe same opportunities to access these buildings, to use public trans-portation, etc. This, in turn, would mean that although the per-sons in wheelchairs would be treated the same as all other persons,it is this very sameness of treatment that would be discriminatory.Therefore, sometimes, to treat all people the same is to violateequity and fairness.

Or, to take another example, all persons have the right to securityof the person. However, persons in high public office – for example,Ministers of the Crown, who are exposed to special dangersprecisely because of their position – are entitled to special protec-tion. In other words, the fact that the Minister is in a high positionof public service constitutes an ethically relevant difference thatmerits special action.

Transferred to the arena of electronic records, this means that,while all persons have the right to expect the same diligence andcare from HIPs, persons who occupy an ethically distinctiveposition have the right to expect that special measures will be takenin their case. Rather than violating equality and justice, this followsfrom the Principle of Equality and Justice itself because in their casespecial adjustments must be made in order to accommodate thespecial needs that their position of public service carries with it.

To sum up, the Principle of Integrity entails that HIPs have aduty to do their best for each and every persons. However, the

38

Principle of Equality and Justice entails that if there is an ethicallyrelevant difference between individuals, then this difference mayrequire an adjustment in the actions of the HIP.

9. HIPs have a duty to ensure that appropriate measures are in

place that may reasonably be expected to safeguard:

a. the security of electronic records;

b. the integrity of electronic records;

c. the material quality of electronic records;

d. the usability of electronic records;

e. the accessibility of electronic records.

The preceding clauses have established that the subjects of electronicrecords have certain informatic rights. Clause 9 requires HIPs toensure that appropriate hardware, software and protocols, etc. arein place to operationalize these rights. This clause follows from theinformatic Principles of Information-Privacy and Disposition andSecurity and clause 7, as well as from the general ethical Principlesof Integrity, Beneficence and Non-Malfeasance.

It is important, however, to note what Clause 9 does not say: Itdoes not say that HIPs have a duty to ensure that integrity, security,material quality, etc. in fact are safeguarded no matter what, andthat HIPs have failed in their duty if in fact an untoward infor-matic event does occur. The reason it does not say this is that itwould be impossible to fulfil such an absolute duty. Even when theprofessionals do their best, it is still possible that someone will com-promise the security of the patient records: hackers are a fact oflife. Similarly, there is no way that HIPs can prevent unforeseen –and unforeseeable – accidents from compromising the quality orusability of records. Accidents do occur – as do disasters. The bestthat HIPs can do is plan for such eventualities, to do their best in

39

planning, and to try to minimize any untoward effects when suchan event occurs. That is all that the Principle of Integrity candemand. If the HIP has done the best that is possible under thecircumstances that obtain and the unforeseen and unforeseeabledoes occur, the Principle of Impossibility will exonerate the HIP.

10. HIPs have a duty to ensure, insofar as this lies within their

power, that an electronic record or the data contained in it are

used only:

a. for the stated purposes for which the data were collected; or

b. for purposes that are otherwise ethically defensible.

This clause follows from the Principle of Information Privacy andDisposition, the Principle of Legitimate Infringement and the Principleof the Least Intrusive Alternative. Specifically, the Principle ofInformation Privacy and Disposition entails that patients have a rightto privacy and to control of the data that are gathered about them.Patients have a certain understanding when they agree to thecollection of data about them, and to the establishment of elec-tronic records. As was indicated in Clause 3, that understandingderives from the statement-of-purpose that should always precedethe collection of patient data. Therefore any use of the data thatgoes beyond the limits of this statement-of-purpose constitutes aviolation the Principle of Information Privacy and Disposition. Thefact that these data may be extremely useful for other purposes, andthe fact that it may be quite efficient simply to use the data thathave thus been developed, does not alter the fact such usage wouldbe unethical. Convenience and ease of operation do not trumpethics.

At the same time, the planning and delivery of health care is asocial enterprise that is data-dependent. Therefore there may besituations where it may be appropriate to use patient data that have

40

been gathered for one purpose in a manner that was not mentionedin the statement-of-purpose for the initial gathering of the data. Anexample of such extraneous use might be bona fide research, orepidemiological and planning purposes that go to the commonwelfare. However, it bears repeating that any such extraneous usemust always be justifiable on ethical grounds, and that it must be in keeping with the Principle of Legitimate Infringement and thePrinciple of the Least Intrusive Alternative. HIPs are in a betterposition than anyone else to be aware of such extraneous data use.Hence their fiduciary duty towards the subjects of electronic recordsentails that they have an obligation not to participate in extrane-ous data use that is not ethically defensible, and to make certainthat if there are ethically defensible reasons for using them in thisway, the data are as de-identified as possible. Further, they have aduty to do the best they can to ensure that, all other things beingequal, the subjects of the data are made aware of such extraneoususe – preferably before any such ethically defensible extraneous useoccurs, and preferably on the basis of an informed consent to thisadditional usage.

11. HIPs have a duty to ensure that the subjects of electronic

records or communications are aware of possible breaches of

the preceding duties and the reason for them.

HIPs have a duty to do the best they can, and to take the greatestpossible care in their work. However, sometimes it is impossible toprovide the best possible service simply because the relevantresources are not there or circumstances conspire to diminish thequality of their services. Moreover, HIPs may be aware of devel-opments or circumstances that might compromise their ability toprovide as secure, as efficient and qualitatively as good a service asotherwise might be expected. If HIPs have reasonable grounds tobelieve that such a possibility obtains, the fiduciary relationship

41

to the subjects of electronic records entails that the HIPs shouldmake certain that the subjects of the electronic records whose devel-opment, communication or usage they have occasion to facilitateare aware of these limitations. This duty follows from the generalethical Principles of Beneficence and Integrity, but also from the infor-matic Principle of Accountability.6

B. Duties towards Health Care Professionals

There are two major reasons why HIPs have ethical obligationstowards Health Care Professionals (HCPs):

1. the primacy of HCPs in the delivery of health care;

2. the informatic dependence of HCPs on HIPs.

That is to say, providing modern health care, whether at the hands-on level or at the planning stage, is an information-intensive enter-prise, and the reason that health information is gathered, stored,communicated and manipulated is not for its own sake: It is toassist in the delivery of health care. In fact, without electronic datagathering, manipulating, storing and communication technologyHCPs would be hard pressed to fulfil their mandate. The imple-mentation and use of this technology relies on HIPs. At the sametime, while HIPs thus play an important role, they are supportiveand not the primary players in the delivery of health care. The mainrole belongs to the HCPs who actually deliver the care. This pri-mary role of HCPs in actually providing care, coupled with theirdependence on the technological support that HIPs provide, cre-ates a series of obligations on part of HIPs towards HCPs. Theseduties towards HCPs may be expressed as follows:

42

6. For a corresponding duty towards HCPs, employers and institutions, see below.

1. HIPs have a duty:

a. to assist duly empowered HCPs who are engaged in patient

care in having appropriate, timely and secure access to

relevant electronic records (or parts of thereof), and to

ensure the usability, integrity, and highest possible technical

quality of these records;

b. to provide those informatic services that might be necessary

for the HCPs to carry out their mandate.

The duties that are enunciated in this clause derive from the gen-eral ethical Principle of Integrity. In practice, this not only meansthat HIPs should provide efficient service but also that they shouldbe proactive in identifying and developing technologies that mightassist HCPs in carrying out their mandate. A deviation from thisduty would also constitute a violation of the general informaticPrinciple of Security.

The next clause derives from this dependence relationshipbetween HCPs and HIPs, and is grounded in the Principle ofIntegrity:

2. HIPs should keep HCPs informed of the status of the informatic

services on which the HCPs rely, and immediately advise them

of any problems or difficulties that might be associated or that

could reasonably be expected to arise in connection with these

informatic services.

Since HCPs rely on health data and on electronic instrumentationto carry out their mandate, it is important for them to be aware ofanything that might interfere with the availability or usability ofthese services, so that they can take appropriate steps to minimizeany adverse effects that might result from the fact that the servicesmay be unavailable, or from any technical problems that might arise.

43

This clause also recognizes a proactive duty on the part of HIPsto constantly monitor the effectiveness and reliability of the infor-matic services that are provided in the setting in which they areprofessionally active, and to assist HCPs in planning ways of deal-ing with any difficulties that might arise. Like the preceding clause,Clause B.2 finds its basis in the Principle of Integrity.

3. HIPs should advise the HCPs with whom they interact on a

professional basis, or for whom they provide professional

services, of any circumstances that might prejudice the

objectivity of the advice they give or that might impair the

nature or quality of the services that they perform for the HCPs.

Health Informatics is such a complex and vibrant field that HCPs,who are hard-pressed to keep up with burgeoning developments intheir own areas, can scarcely be expected to be familiar and aucourant with developments in Health Informatics. Hence HCPshave to rely on HIPs for advice, whether that be with respect tosoftware, hardware, informatic methodologies, etc. It is thereforeimportant that HCPs be aware of anything that might influencethe objectivity of the advice that HIPs might give them.

For example, it would be important for an HCP to know thatan HIP had a financial or similar interest in a corporation that pro-vided (or was expected to provide) an informatic service or device,since there exists the possibility that under such circumstances, theHIP might have difficultly forming an objective opinion about thesuitability, reliability or quality of the service or device. Similarly,it may well be important for the HCP to know that the HIP hadwritten a particular program or was responsible for a particularinformatic technique since again, that might influence the HIP’sobjectivity. In a worst-case scenario, this might have serious resultsfor patient care.

It should be noted that this duty is not unique to HIPs. It is

44

merely a specific instance of the general duty that all professionalshave to alert their clients, or the persons with whom they interactin a professional capacity and who rely on them for professionalservices, of any possibility of conflict of interest. It is thereforegrounded not only in the Principles of Beneficence and Non-Malfeasance, but also in the Principle of Integrity.

4. HIPs have a general duty to foster an environment that is

conducive to the maintenance of the highest possible ethical

and material standards of data collection, storage, management,

communication and use by HCPs within the health care setting.

There is an old saying that unless an institution has a security cul-ture, security measures will not work very well. What underlies thissaying is that if security is not second nature to the people whowork in the institution but is something that is delegated to a spe-cific individual or group of individuals, the general work environ-ment will not be security-conscious. This, in turn, means that errorsand lapses in security are much more likely to occur.

The same thing is true about ethical standards of data collection,use, management, communication, etc. Unless an institution hasan ethical informatics culture, ethical informatics standards aremuch more likely either not to be observed at all (because they aresimply not integral to the working environment) or it will beassumed that the HIPs will look after the matter. Of course, HIPsare eminently well placed to deal with such matters. However, HIPscannot be expected to supervize all uses of informatic services; andonce a lapse has occurred, it may well be too late to do anythingabout it. At the same time, HIPs are in a good position to fosteran ethical informatics environment so that HCPs can be aware oftheir own duties in this regard, and so that lapses in informaticethics are minimized. Moreover, unless HCPs are trained in properinformatic protocols by HIPs, the HCPs will be unaware of how

45

to behave – and may well run into ethical (and even legal) diffi-culties. Therefore HIPs would be remiss in their duties towardsHCPs if they did not try to foster an environment where the ethicaltreatment of electronic records becomes almost second nature.

Likewise, HIPs are uniquely placed to assist HCPs in using thebest material standards of data collection, storage, management,communication, etc., and in the most appropriate manner. Indeed,since HCPs rely on HIPs for technical support in this regard, anHIP’s neglect to assist an HCP in this connection concerns thePrinciple of Integrity and amounts to a failure of duty, and may wellinvolve a violation of the Principles of Beneficence and Non-Malfeasance. Consequently, HIPs should encourage not only anethical informatics culture but also an informatics culture that takesit for granted that every HCP will seek the cooperation of an HIPto utilize the best informatic techniques in the best possible way.

5. HCPs who are directly involved in the construction of electronic

records may have an intellectual property right in certain formal

features of these records. Consequently, HIPs have a duty to

safeguard:

a. those formal features of the electronic record in which the

HCP has, or may reasonably be expected to have, an

intellectual property interest; or

b. those formal features of the data collection, retrieval, storage

or usage system in which the electronic record is embedded

in which the HCP has, or may reasonably be expected to

have, an intellectual property interest.

In and by themselves, health data are meaningless. They becomemeaningful only when they are identified, correlated and connect-ed with each other. As well, there may be different ways ofcollecting, sorting or manipulating data, where these different ways

46

may have a significant impact on how the data become meaning-ful. In fact, how health data are collected, correlated, structured,stored, organized, manipulated or presented may be as importantas the data themselves.

These various aspects of an electronic record may be referred toas its formal features. While patients have a dispositionary right overthe data that are contained in their electronic records, their formalfeatures belong to the person who developed them and constitutethat individual’s intellectual property. On occasion – for instancewhen it comes to diagnostic algorithms, unique ways of structur-ing data and the like – this intellectual property right may haveconsiderable market value.

Normally HCPs, when developing health records, will usestandardized tools and methodologies that have been developed bysomeone else. In such a case, the dispositionary right over the for-mal features of the record belong to that other party. However,sometimes HCPs are sufficiently expert to develop their ownmethodologies and tools. In such a case, unless there has been anexplicit agreement between the HCP and the patient, or the HCPand the institution with whom the HCP is affiliated, the formalfeatures of these methodologies and tools are proprietary to theHCP and the HCP has an intellectual property right in them. Inthese sorts of cases, the HIP must make certain that the disposi-tionary rights of the HCP are identified and protected. Failure todo so constitutes negligence and involves the Principles of Integrity,Beneficence and Non-Malfeasance.

C. Duties towards institutions/employers

There lies a general presumption that HIPs, as professionals, willonly enter into service contracts with employers who are engagedin an ethically legitimate enterprise. That being said, once HIPs

47

have accepted employment, they stand in a contractual relationshiptowards whoever employs them, and the contract that seals therelationship usually spells out the types and the extent of servicesthat are expected.

However, no contract can stipulate all possible details of whatmight happen or what sorts of situations might arise. Here the dutyof loyalty that professionals in general owe their employers – andhence that HIPs owe those who employ them – becomes relevant:Employers have a general right to expect that HIPs will do theirbest to advance the employer’s interests insofar as this does not con-flict with the duties the HIPs owe towards the subjects of therecords or towards other professionals – in particular HCPs – whocarry out their own professional activities in the institutional setting.

This last clause is important: All other things being equal, thesubject of an electronic record has the primary dispositionary rightover it, and it is ethically to be expected that unless special condi-tions have been agreed to by the subject of the electronic record,or unless some other supervenient condition arises, when the rightsof the subject come into conflict with the interests of whoever uses it, the rights of the subject take priority. Likewise, when thelegitimate interests of third parties who have a duty towards thesubjects of the records – for example, HCPs – require that theycarry out certain actions or that the HIPs assist them in certainways, then the interests of the employer must take second place.

Nevertheless, these exceptions aside, employers or institutionshave the right to expect that HIPs will do their utmost to safeguardtheir legitimate interests. This is rooted in The Principle of Integrity:the institution or employer must be able to trust that the HIP willcarry out the informatic functions and deliver the informaticservices for which the HIP was hired, and that the HIP will do soin the best way possible under the circumstances that obtain.

Again, this last clause is important. Under the Principle ofImpossibility, it would be unfair to expect HIPs to provide services

48

for which there are inadequate resources, or to adhere to standardsthat cannot be adhered to given the resources that obtain. Thereforethe institutional setting in which HIPs operate sets certain materiallimits that the HIPs cannot transcend – and should not be expect-ed to transcend. At the same time, if these limits are likely to actas barriers or impediments to proper professional action, then theHIPs have a duty to apprise the employer or institution of this fact.The individual clauses in Section C spell out the various duties inmore detail. Incidentally, many of the duties that are identified inthis section parallel an HIP’s duties towards the subjects ofelectronic records. This should not be surprising, since both froman individual professional as well as from an institutional perspec-tive, it is the subject of the electronic record – the patient – whois of central concern.

1. HIPs owe their employers and the institutions in which they

work a duty of:

a. competence;

b. diligence;

c. integrity;

d. loyalty.

As has already been mentioned, the conditions that are enunciat-ed in this clause are not unique to HIPs: they derive from a gen-eral duty of Integrity that governs everyone who is employed by, orstands in a contractual relationship to, another party. Among otherthings, this clause entails that HIPs have a duty:

• to keep current and proficient in their areas of expertise, under-going re-training and up-grading as and when the occasiondemands;

49

• to alert their employer when a task exceeds their abilities ortraining;

• to work effectively, efficiently and diligently on their employers’behalf;

• to advise their employer when the working conditions do notallow them to carry out their professional mandate in a profi-cient and satisfactory manner.

It also means that HIPs have a duty:

• to alert their employer or institution of any threat to the efficientand successful informatic operations of their employer or insti-tution, whether that threat be externally or internally based;

• to maintain confidentiality with respect to proprietary infor-mation and any data that would normally be considered confi-dential, even after their affiliation with their employer orinstitution has been severed.

The major ethical Principles that are involved in these various dutiesare those of Integrity, Beneficence and Non-Malfeasance.

2. HIPs have a duty to:

a. foster an ethically sensitive security culture in the institutional

setting in which they practice their profession;

b. facilitate the planning and implementation of the best and

most appropriate data security measures possible for the

institutional setting in which they work;

c. implement and maintain the highest possible qualitative

standards of data collection, storage, retrieval, processing,

accessing, communication and utilization in all areas of their

professional endeavour.

HIPs are experts in Health Informatics and as such have duty,

50

rooted in the Principle of Integrity, to do their best in their profes-sional environment and in carrying out the duties for which theyare hired. Obviously, this involves carrying out their mandated tech-nical tasks in the best possible way. However, the best possible wayfor HIPs to meet the informatic requirements of their institutionsand their employers is not merely by striving for excellence in theirown work but by trying to foster an ethically sensitive informaticsecurity culture, and by attempting to instil an appreciation andexpectation of informatic quality not merely in themselves but alsoin others who work in the same setting. This will involve all aspectsof the informatic life of the institution or professional setting.

At the same time, it is important for HIPs to recognize that noteverything is possible in every setting. Resources may be limited,and other limiting conditions may obtain. The Principle ofImpossibility entails that one cannot be expected to do theimpossible. Therefore HIPs would not be acting unethically if theyrecommended distinct measures for different institutional settings,consistent with the resources that were available. However, nomatter what the limitations may be, HIPs still have a duty to dothe best they can with the means at their disposal. Moreover, thePrinciples of Integrity and Beneficence as well as Non-Malfeasanceentail that if HIPs encounter conditions of limitation that mayinterfere with the possibility of achieving the best possible standards,they have a duty to identify these limits to responsible persons with-in the institution and to point out their implications.

Finally, informatic quality is very much a creature of obsoles-cence. Consequently, HIPs have a duty not only to monitor thequality of the informatic services relative to the existing resourceswithin the institution, but to continually survey the field ofinformatics relative to the informatic needs of their institutions oremployers. This will assist the latter in achieving the informaticaspects of their mandate.

51

3. HIPs have a duty to ensure, to the best of their ability, that

appropriate structures are in place to evaluate the technical,

legal and ethical acceptability of the collection, storage,

retrieval, processing, accessing, communication, and utilization

of data in the settings in which they carry out their work or with

which they are affiliated.

This clause builds on the preceding. It is impossible to be sure thatthe informatic infrastructure of an institution functions properly andin the way best suited to meet its informatic needs – and, more-over, that it functions in an ethically and legally appropriate man-ner – unless there is some way to evaluate and monitor its operations.HIPs therefore have a duty, rooted in the Principles of Integrity,Beneficence and Non-Malfeasance, to evaluate their institutions’ infor-matic infrastructures in this regard and to assist in developing andimplementing whatever measures are necessary to ensure that appro-priate standards are met. At the same time, this duty is limited. Itextends only to the use of those measures that are ethically accept-able. Therefore HIPs should never lend their expertise to the devel-opment and deployment of measures that are ethically indefensibleand that are not in keeping with the Principle of Autonomy andRespect for Persons and the Principle of the Least Intrusive Alternative.

4. HIPs have a duty to alert, in good time and in a suitable

manner, appropriately placed decision-makers of the status of

the security and quality of the data-generating, storing,

accessing, handling and communication systems, programmes,

devices or procedures of the institution with which they are

affiliated or of the employers for whom they provide professional

services.

The best quality assurance programme in the world is useless ifthose who are in decision-making authority are unaware of its

52

results. This clause stipulates that HIPs have a duty not merely toensure that evaluating and monitoring programmes are in place andfunctioning, but that decision-makers are made aware of the results.Normally, this means that HIPs have a duty to follow establishedreporting procedures within their respective institutions or for theirrespective employers. However, there may be occasions – forinstance, when following these procedures may take too long, betoo involved, or for some reason be unlikely to result in appropri-ate action – when HIPs may have a duty to directly approach theresponsible decision-maker(s) and provide them with the relevantinformation. This may have difficult repercussions for the HIPs;however, ethically, under such circumstances HIPs have no choice.Even so, under such circumstances HIPs are entitled to expect theprotection of their respective institutions or employers, since theywould be acting out of integrity and within their ethical mandate.

5. HIPs should immediately inform the institutions with which they

are affiliated or the employers for whom they provide a

professional service of any problems or difficulties that could

reasonably be expected to arise in connection with the

performance of their contractually stipulated services.

This duty parallels similar duties that HIPs have towards HCPsand towards the subjects of electronic records. That is to say, insti-tutions and employers have the right to expect that those on whomthey rely for contractually stipulated services will actually performthese services in the agreed-upon manner. However, there may beoccasions when HIPs have reasonable grounds to believe that it will be impossible for them to live up to such expectations, or toprovide the relevant services either in an appropriate manner or atan appropriate level. In such a case, HIPs have an obligation to inform their employers or institutions of this fact, and to do so in good time. External, internal as well as personal problems are

53

implicated in this context, as is the possibility of conflict of interest.This obligation is again rooted in the Principle of integrity. However,it also finds an ethical basis in the Priciple of Non-Malfeasance, sincefailure to perform the expected and contracted services, or to per-form them in the required manner, may interfere with the institu-tions’ abilities to meet their obligations towards their clients. Thusit may cause harm not merely to the institutions themselves butalso to third parties. In fact, without adequate and timely warnings,institutional administrators cannot make appropriate decisions, andtheir ability to abide by the general principles of informatic ethicsmay be seriously impaired. This clearly constitutes harm.

6. HIPs should immediately inform the institutions with which they

are affiliated or the employers for whom they provide a

professional service of circumstances that might prejudice the

objectivity of the advice they give.

This duty is grounded in the Principles of Integrity and Non-Malfeasance. Specifically, institutions and employers rely on HIPsfor informatic advice. If this advice is not objective, it may resultin inappropriate decisions being made, possibly having seriousnegative repercussions. Among other things, this means that HIPshave an obligation to disclose possible areas of conflict of interestprior to giving any advice. It also means that HIPs have a duty toapprise those who rely on their services of any physical, social, per-sonal or psychological factors that might reasonably be expected toaffect the objectivity of the advice they may tender.

7. Except in emergencies, HIPs should only provide services in

their areas of competence; however, they should always be

honest and forthright about their education, experience or

training.

54

This duty finds its basis in the Principles of Integrity, Non-Malfeasance and Autonomy and Respect for Persons. Specifically, ifHIPs are not honest and forthright about their education,experience and training, institutions and employers may well makeinappropriate choices either in hiring or in assigning tasks to them.This, in turn, may have serious negative consequences because theHIPs will be unable to fulfil the requisite tasks, or will be unableto fulfil them in the requisite manner. Moreover, it would go againstthe duty of fidelity that HIPs owe their employers.

The only condition under which HIPs may provide services beyondtheir area of education, expertise or training is when the failure to actwould (foreseeably) lead to a greater harm than would otherwiseobtain. However, even here HIPs have a duty to be forthright andhonest about their limitations, so that those in authority may makean informed decision whether to ask the HIPs nevertheless to act.

8. HIPs should only use suitable and ethically acquired or

developed tools, techniques or devices in the execution of their

duties.

The first part of this clause needs no further explanation, since itis firmly rooted in the Principle of integrity and the general duty ofloyalty that HIPs owe their employers. As to the second part, itderives from the Principle of Equality and Justice as well as thePrinciple of Non-Malfeasance. That is to say, the Principle of Equalityand Justice entails that HIPs should not deprive others of the fruitsof their labour or of the credit that is their due. Consequently HIPsshould never use tools, techniques or devices that have not beenacquired in an ethical fashion. Moreover, the Principle of Non-Malfeasance is implicated because the failure to follow this injunc-tion may have negative consequences not only for the HIPsthemselves but also for their institutions or employers – for instance,with respect to copyright and patent violations.

55

9. HIPs have a duty to assist in the development and provision of

appropriate informatics-oriented educational services in the

institution with which they are affiliated or for the employer for

whom they work.

This clause makes explicit what is implicit in Clause C.2 but goesbeyond it: While Clause C.2 focuses on security and quality con-siderations, Clause C.9 states that HIPs have a duty to assist theirinstitutions or employers in initiating and providing appropriateinformatics-oriented services. The underlying Principles here are thisof Beneficence, Non-Malfeasance and Integrity. Institutions andemployers benefit if those who provide the relevant services are asknowledgeable as possible about informatic developments in theirrespective areas – hence Beneficence. The absence of appropriateknowledge and training may lead to mistakes being made, oppor-tunities not being exploited, etc. – hence Non-Malfeasance. Finally,all of these reasons are contained in the general duty of loyalty –which follows from the Principle of integrity.

D. Duties towards society

The duties of HIPs towards society derive from three sources:

• the fact that HIPs are embedded in a social context;• the fact that HIPs deal with sensitive personal data;• the fact that HIPs are professionals.

The first of these entails that HIPs are subject to the same ethicalprinciples that govern all social behaviour. Of course, everyone wholives and works in a society is embedded in a social context; there-fore this is true of everyone in society. However – and this intro-duces the second source of obligation – this is not true of everyoneto the same degree and in the same way. Not everyone is in the

56

same position of trust, or has access to the same sensitive data asHIPs. Therefore the social duties of HIPs are different from, say,the social duties of soldiers, architects or petroleum engineers.Moreover – this is captured by the third point – these fundamen-tal ethical principles bind HIPs more stringently than people whoare not professionals because society expects more from persons whohave a greater degree of training and expertise, who are in sensitivepositions, and who hold themselves out as being responsible indi-viduals whom society can trust.

However, the duties HIPs have towards society in general mayconflict with the duties that HIPs have towards identified otherparties such as patients, institutions or HCPs. For example, theprivacy rights of the individual patient may conflict with the infor-mation needs of society when contact tracing or epidemiologicalplanning is carried out. Therefore there has to be some means ofresolving such conflicts of rights.

Ethically, and in general terms, a conflict resolution schema isacceptable if and only if it respects fundamental principles and isconsistent with the basic rationale of the service that gives rise tothe conflict in the first place. In this case, since the conflicts wouldcentre around electronic records, it means that the resolutionschema would have to respect fundamental ethical principles whileat the same time being consistent with the underlying rationale ofelectronic records. The rationale for electronic records is to facili-tate the provision of patient-centred health care. Therefore, sincepatients are also embedded in a social context, the test for ethicalacceptability is twofold:

• Is the infringement necessary to carry out a duty towards thepatient?

• Is the infringement necessary to fulfil an otherwise supervenientduty towards others, e.g., to prevent harm to third parties?

If the answer to either of these is ‘Yes’, then it will be ethically

57

acceptable to infringe on the rights of the subjects of the electron-ic records for this reason and on this occasion, in keeping with thePrinciple of the Least Intrusive Alternative.

On this basis, the following rules govern the conduct of HIPs:

1. HIPs have a duty to facilitate:

a. the appropriate collection of health care data that are

necessary for the planning and providing of health care

services on a social scale;

b. the appropriate storage of health care data that are

necessary for the planning and providing of health care

services on a social scale;

c. the appropriate communication of health care data that are

necessary for the planning and providing of health care

services on a social scale;

d. the appropriate use of health care data that are necessary

for the planning and providing of health care services on a

social scale;

e. the appropriate manipulation of health care data that are

necessary for the planning and providing of health care

services on a social scale.

This clause appears to contradict the informatic Principle ofInformation Privacy and Disposition. However, it is justified by theethical Principle of Impossibility, which becomes the Principle ofLegitimate Infringement in the informatic context: without access tothe relevant patient data, society cannot plan for and provide healthcare services.

With due alteration of detail, the same considerations apply tothe private insurance sector – for example, private health care insti-tutions, private health care professionals or insurance companies.

58

These also need data to engage in appropriate planning.Consequently, even in the private setting, and within the limitsindicated, HIPs have a duty to facilitate the collection, storage,communication, usage and manipulation of the relevant health caredata even if the affected subjects of the electronic records wouldotherwise be unwilling to participate in such actions.

Moreover, since private health care providers and consumers arealso embedded in a social context – for example, public health careand epidemiological measures are here implicated – the Principle ofLegitimate Infringement also entails that if the relevant data in theprivate sector are demonstrably necessary for appropriate socialhealth care planning, society has the right to access them for suchlegitimate purposes. The key condition, of course, is that of neces-sity – which introduces the next clause:

2. HIPs have a duty to ensure that:

a. only data that are relevant to legitimate planning needs are

collected;

b. the data that are collected are de-identified or rendered

anonymous as much as possible, in keeping with the

legitimate aims of the collection;

c. the linkage of databases can occur only for otherwise

legitimate and defensible reasons that do not violate the

fundamental rights of the subjects of the records;

d. only duly authorized persons have access to the relevant

data.

This clause identifies the limits within which HIPs may participatein activities that are allowed under Clause D.1. These limits aredefined by the Principle of the Least Intrusive Alternative, and arevery strict: there must be a demonstrable need for the data, and

59

every effort must be made to make it impossible to link the datawith identifiable individuals except for independently justified legit-imate purposes. Further, HIPs should participate in the linkage ofdatabases if and only if there is a demonstrable need, and only withduly authorized persons who are legally bound to confidentialityregarding the relevant data.

3. HIPs have a duty to educate the public about the various issues

associated with the nature, collection, storage and use of

electronic health data and to make society aware of any

problems, dangers, implications or limitations that might

reasonably be associated with the collection, storage, usage

and manipulation of socially relevant health data.

This clause extends the duties of HIPs into the arena of publiceducation. The reason for this is simple. People have a wide vari-ety of disparate opinions about the benefits and dangers of elec-tronic records and about the use to which the data that arecontained in them may be put. At the one extreme, there are thosewho consider electronic records an infringement of their right toInformation Privacy and Disposition; at the other extreme, there arethose who think that collecting electronic health data andestablishing databases poses no problem, and so on. Not all of theseopinions are properly informed or reasoned. Since public opinionstrongly determines the political process, this may lead to inap-propriate decisions being made that may have severe effects onsociety’s overall ability to plan and deliver health care. HIPs, becauseof their unparalleled knowledge and training, are uniquely placedto explain to the public the various issues that are associated withelectronic records. Without such information, society cannot makean informed choice. In ethical terms, without such information,society cannot exercise its right of informatic autonomy, and thePrinciple of Information Privacy and Disposition would be applied

60

in an inappropriate fashion. Therefore the Principles of Beneficenceand Non-Malfeasance entail that HIPs have a duty to educate societyon these matters.

4. HIPs will refuse to participate in or support practices that violate

human rights.

HIPs are embedded not only in their immediate social contexts butalso in society at large – including global society. This gives rise tothe general duty that is stated in Clause D.4. This duty is ground-ed in the Principle of Non-Malfeasance. More specifically, the datathat are contained in electronic records can be used in all sorts ofways, both for good and for evil. In particular, they can be used tofacilitate violations of human rights through torture, to identifyvulnerable persons or groups targeted for persecution, to developand implement unethical ethnic policies, and so on. HIPs have amoral duty to refuse participation in any undertaking that foresee-ably might be used in such ways, i.e. in any undertaking that mightbe used in support of any violation of human rights, whether thatbe in their own social setting or in the context of society on a globalscale.

5. HIPs will be responsible in setting the fee for their services and

in their demands for working conditions, benefits, etc.

Professionals – and HIPs are no exceptions – have a right to appro-priate recompense for their services. Sometimes it happens that theprofessionals are not satisfied with the rate at which they arerecompensed or with the benefits that they enjoy, and considertaking what might euphemistically be referred to as ‘job actions’.Such actions are the more successful, the greater their impact onemployers, institutions and society at large. From this perspective,HIPs are in an immensely powerful position because they essentially

61

control the data flow in the health care sector. However, when usingthat power, HIPs should keep in mind their comparative positionvis-à-vis other, similarly placed professionals in society, and shouldbe guided by the Principles of Beneficence and Non-Malfeasance. Inother words, they should be responsible in their demands, andshould not endanger either individual or public welfare throughtheir actions.

E. Self-regarding duties

HIPs are not only professionals but also moral agents. As such, theirmajor concern should always be to act in an ethically appropriatefashion. Therefore, even in situations that involve no clear dutytowards others, there may still be duties that obtain for the HIPbecause failing to act in an appropriate fashion may diminish theHIP as a moral agent. These, then, are self-regarding duties – dutiesthat HIPs have towards themselves as moral beings. They framehow HIPs situate themselves ethically in the professional world.

1. HIPs have a duty to recognize the limits of their competence,

2. HIPs have a duty to consult when necessary or appropriate,

3. HIPs have a duty to maintain competence,

4. HIPs have a duty to take responsibility for all actions performed

by them or under their control,

5. HIPs have a duty to avoid conflict of interest,

6. HIPs have a duty to give appropriate credit for work done, and

7. HIPs have a duty to act with honesty, integrity and diligence.

62

The duty to recognize the limits of one’s competence is importantbecause it asks HIPs to adopt an attitude of critical self-examinationin their professional lives; it asks them to be authentic persons inthe ethical sense of that term – to be individuals who do not lie tothemselves, and who are genuine in what they think and do. Amongother things, it means that HIPs should be willing to declineinvolvement in tasks that transcend their competence. It is anattitude that goes hand-in-hand with a willingness to consult withcolleagues who are better qualified, or who are better placed toprovide the relevant service.

The duty to maintain competence has already been encounteredin the context of duties towards institutions, employers andpatients, where it is grounded in the principles of integrity and non-malfeasance. However, it is also a duty that HIPs owe themselves,because HIPs are also persons in their own right. Because they arepersons, the principle of respect for persons also applies to them –which means that, because they respect themselves, HIPs shouldstrive to realize their full potential as professional agents.Consequently, HIPs should see themselves as life-long learners notmerely because they owe it to those who rely on them, but alsobecause they owe it to themselves.

The last four duties – Clauses E.4 to E.7 – again focus on theattitude that HIPs should bring to their professional work. Takingresponsibility for their actions, or for actions performed under theircontrol, goes to the very heart of what it is for HIPs to be respon-sible persons, because it recognizes that everything that HIPs do ina professional capacity has consequences, and that it would beunethical to ‘shift the blame’. As to the duty to avoid conflicts ofinterest, this duty focuses on the fact that HIPs who allow them-selves to be caught in a conflict of interest have failed to recognizethe truth of the age-old maxim that one cannot serve two mastersat once. Inevitably, one set of interests will have to be compromised– and possibly both. A moral outlook that is not sensitive to this

63

fact is an outlook that guarantees moral failure. It is also an out-look that places little value on moral integrity, thereby violating theHIP’s duty of moral authenticity – the duty to respect oneself asperson.

Likewise, the failure to give credit where credit is due reflects afundamental failure to incorporate the Principle of Autonomy andRespect into one’s moral life, both relating to oneself as well asrelating to one’s colleagues. Authenticity once again is implicated.Ethically speaking, deceit – and the failure to give credit wherecredit is due is really a form of deceit – harms both the other personas well as the deceiver her/himself. That is why the moral life ofHIPs should be authentic: It should be shaped by the attitudes ofintegrity, honesty and diligence – not only because HIPs owe thisto other parties, but because they also owe it to themselves.

F. Duties towards the profession

The duties that fall under this rubric are duties that HIPs owe theirprofession. The reason these are owed the profession is that it is theprofession that really validates the position of HIPs in society. Perhapsthe most important of these duties is the first, because it goes to thevery ability of Health Informatics to function as a profession:

1. HIPs have a duty always to act in such a fashion as not to

bring the profession into disrepute.

That is to say, when HIPs act in a professional capacity, they arenot merely acting as discrete persons. They are also acting asindividuals who belong to the profession of Health Informatics.Inevitably, therefore, how HIPs conduct themselves has repercus-sions on how the profession as a whole is perceived – which in turnhas implications for the ability of other HIPs to carry out their pro-

64

fessional activities. Consequently, if HIPs act in an inappropriatemanner, whether that be ethically or otherwise, this may have severeconsequences on the lives of other members of the profession.

Not only that: a negative perception of the profession may alsohave critical consequences on how the discipline of health careinformatics may be viewed by the rest of society. This, in turn, maymean that certain opportunities of service that would otherwise existmay become closed, and that areas of operation that might other-wise be available might become restricted. All of this would havenegative consequences on the planning and delivery of modernhealth care; consequently it would be a clear violation of theprinciple of non-malfeasance.

2. HIPs have a duty to assist in the development of the highest

possible standards of professional competence, to ensure that

these standards are publicly known, and to see that they are

applied in an impartial and transparent manner.

This duty centres in the fact that as informatics professionals, HIPshave a better sense than anyone else of what constitutes competentprofessional behaviour. This is reflected in the fact that society relieson HIPs not only when informatic issues are involved in healthcare planning, but also when expert witnesses are called upon inevaluating whether a particular professional informatic action waswithin the bounds of competence. While this places HIPs in a posi-tion of advantage, it also imposes on them a burden: the Principleof Integrity demands that HIPs exhort their profession to developthe highest standards of competence, so that society may be servedin the best possible way. It also entails that HIPs should do theirbest to ensure that these standards are publicly known, so thatsociety has some understanding of what can (and what cannot)reasonably be expected from individual HIPs and from HealthInformatics as a profession.

65

Finally, it entails that when the situation so demands, HIPsshould be willing to see this knowledge and these standards appliedimpartially (lest the reputation of the profession be brought intodisrepute) and in a transparent manner, so that no hint of impro-priety attach to the profession’s peer evaluations.

3. HIPs will refrain from impugning the reputation of colleagues but

will report to the appropriate authority any unprofessional

conduct by a colleague.

Unprofessional conduct harms not only those who are directlyaffected by it, but also the profession; hence the general duty, enun-ciated in Clause F.1 not to bring the profession into disrepute. Thatduty applies directly to each HIP. However, there is a second sideto that duty: there lies a duty to take appropriate steps when acolleague engages in unprofessional behaviour. This duty is rootedin the Principle of Non-Malfeasance in the following way: harm canbe produced either directly by actually engaging in some sort ofactivity, or indirectly by refraining from doing something that ismandated. The concept of negligence here finds its basis. Whensomeone is negligent, it is not that the individual has done some-thing, but that the individual has failed to do something.

Failing to take appropriate steps when a colleague engages inunprofessional conduct falls into this category: it constitutesnegligence. Therefore HIPs who become aware of unprofessionalconduct by colleagues would be negligent if they did not reportsuch behaviour to an appropriate authority. Indeed, they wouldshare in the responsibility for any harm that might result fromfailing to report the conduct. After all, if the conduct had beenreported, the harm would have been prevented.

Of course, the Principle of Non-Malfeasance also has a corre-sponding side to it: unfounded accusations can easily ruin thereputation of a colleague. Therefore HIPs should be careful in

66

making accusations, and should have reasonable grounds beforeundertaking any actions in this regard. Moreover, the sort of actionthat is taken – for instance, how the unprofessional conduct isbrought to the attention of the appropriate authorities, and indeedto whom the conduct is reported – is also ethically important. ThePrinciple of Equality and Justice is here implicated. Everyone has theright to be treated fairly, and fairness demands not only that HIPshave reasonable grounds before undertaking the relevant actions,but also that the actions they choose are commensurate with theproblem at hand.

4. HIPs have a duty to assist their colleagues in living up to the

highest technical and ethical standards of the profession.

Human beings being what they are, it sometimes happens that HIPsneed help in living up to the relevant standards and expectations.If colleagues are not willing to assist each other in this regard, thefailure to do so would constitute negligence, and would set the stagefor harm to occur in two ways: once to those who fail to receivethe proper services because of the inappropriate conduct itself; andonce to the individual who, if he or she had been helped, wouldnot have engaged in that inappropriate conduct in the first place.By the same token, an opportunity for doing good would have beenlost.

Therefore this clause is based on the Principles of Beneficence andNon-Malfeasance. That is to say, Clause F.3 enunciated the duty totake appropriate steps when there are reasonable grounds to sup-pose that a colleague is guilty of unprofessional conduct. ClauseF.4 recognizes that colleagues may need help in living up to thehighest professional standards, either in a technical or an ethicalsense. The reason this duty is owed the profession is that the rep-utation of the profession as a whole will suffer if its practitionersdo not practice their profession in a uniformly excellent way.

67

5. HIPs have a duty to promote the understanding, appropriate

utilization, and ethical use of health information technologies,

and to advance and further the discipline of Health Informatics.

The profession of Health Informatics is grounded in a disciplinethat has a tremendous amount to offer to society; however, it can-not fulfil its promise unless society is aware of what it can do. ThePrinciple of Beneficence therefore entails that HIPs owe it to societyas well as to their profession to promote a proper understanding ofthe potential contributions that Health Informatics can make. Atthe same time, this potential will be undermined if the disciplinedoes not explore new possibilities, extend its horizons and keep upwith developments in related areas. Consequently, HIPs should dotheir best to advance the discipline so as to do their part in mak-ing the world a better place.

68

REFERENCES

Anderson, J.G. and Goodman, K.W. (2002). Ethics andInformation Technology. A Case-based Approach to a Health CareSystem in Transition. New York: Springer.

Bayles, M. (1989). Professional Ethics. Belmont, CA: Wadsworth.

Beck, U. (1992). Risk Society: Towards a New Modernity.London: Sage.

Flexner, A. (1910). Medical Education in the United States andCanada, Bulletin No. 4. New York: Carnegie Foundation forthe Advancement of Teaching.

Flexner, A. (1912). Medical Education in Europe. New York:Carnegie Foundation for the Advancement of Teaching.

Freidson, E. (1970). The Profession of Medicine: A Study of theSociology of Applied Power. New York: Harper and Row.

Freidson, E. (1986). Professional Powers: A Study of theInstitutionalization of Formal Knowledge Chicago. IL:University of Chicago Press.

Kluge, E.-H. (2001). The Ethics of Electronic Patient Records.New York: Peter Lang.

Parsons, T. (1954). Essays in Sociological Theory. Glencoe, IL:Free Press.

69

GLOSSARY

code of ethics: collection of principles and rules that govern ethicalconduct of organized groups of individuals.

duty: correlative of right; a task someone must perform if the con-ditions under which the duty holds are in fact realized. Duties dif-fer fundamentally from rights in that rights allow right-holders touse their discretion about whether or not to exercise the right,whereas duties involve no choice. When the relevant conditions aremet, those who have the duty must carry out the relevant task.

electronic record: electronically held health data about a particularperson. The record may be distributed, as when the various dataare stored in different locations, or it may be centralized, as whenall the data are stored in one location.

ethical principle: basic moral rule that governs social interactions ingeneral.

fiduciary: a relationship that centres in trust. Person a stands in afiduciary relationship to person b if b can trust a that a will alwaysact in the best interests of b and will do everything that is reason-ably within a’s power to advance the legitimate interests of b.

formal features: the purely logical features of a health care record,or of the electronic or material system in which it is maintained.

HCP: acronym for ‘Health Care Professional’; any individual who,

71

directly or indirectly, provides health care at the hands-on level ina professional capacity.

HIP: acronym for ‘Health Informatics Professional’; any individualwho deals in a professional capacity with health information.

institution: any formalized administrative structure or system. Aninstitution may be physically localized in a building or set of build-ings, or it may be distributed and physically located in variousplaces.

right: correlative of duty; a justified claim. Rights may be exercisedat the discretion of the right-holder. In this they differ from duties.Duties are tasks that the individuals who have the duty must per-form if the conditions under which the duty holds in fact obtain.

72