Protecting PAMS Participants’ Privacy – Group Asks Participants to Share Private Information (Week 9)

Foundation of Privacy Rights Image

The establishment of protections for personally identifiable information security in healthcare and human subjects research through the Health Insurance Portability and Accountability Act (HIPAA) establishes rights of control, disclosure, and informed consent for the collection and use of said information for the person the information pertains to (United States Department of Health and Human Services [HHS], 2013). Protection of this information becomes increasingly more complicated when electronic records are involved, transmission or sharing of protected information occurs, or when the use of information is for purposes secondary to the collecting practitioner use in treatment (Schweitzer, 2011). Difficulty or complexity in maintaining the integrity of personally identifiable information is accepted as a challenge, however, sanctions against violation of rights concerning health and personal information exist and are a significant financial and criminal liability with additional liabilities potentially levied on a state by state basis (Schweitzer, 2011; Pritts, 2007). In order to ensure that every effort is made to protect both the subject of the information and the organization or researcher collecting the information for use in research or providing care, Institutional Review Boards Human Subjects Committees (IRBs) and specific requirements for Risk Analysis and Management within all health organizations, programs, and clinics (Nass et al., 2009).

How is PAMS affected?

Private Arrangement Milk Sharing (PAMS) is a complex practice. Part of that complexity arises from the frequent nature of the agreements being “Contract Implied in Fact” arrangements involving individually identifiable information and/or the exchange of health information. A Contract Implied in Fact “Consists of obligations arising from a mutual agreement and intent to promise where the agreement and promise have not been expressed in words. Such contracts are implied from facts and circumstances showing a mutual intent to contract, and may arise by the conduct of the parties. A contract implied in fact is a true contract” and is entered into upon exchange of milk in a PAMS relationship. The exchange of milk in PAMS fulfills requirements of conduct illustrating “an unambiguous offer, unambiguous acceptance, mutual intent to be bound, and consideration.” A critical part of this contract obligation is the use of the donated milk and information regarding health and lifestyle of the donor obtained during screening be used for the purpose of providing for the recipient infant/family and that infant/family alone, and this is supported by the claims of each of the major PAMS networks.

All of the major milksharing networks make clear their stance to be uninvolved in the specific between party agreements involved in PAMS including questionnaires and screening tools (Eats On Feets), asserting that all individuals take complete responsibility for outcomes of milksharing as individuals (Human Milk 4 Human Babies). This explicit maintenance of non-participation ensures that as networks, they are not included in provisions requiring adherence to HIPAA. These organizations provide description of their belief that information collected for research or analysis should not be undertaken by the networks, presumably for both philosophical and practical conflict of interest reasons. Encouragement to violate this foundation of expectation by soliciting third party information is counter productive to the specified intent and spirit of milk sharing as a private arrangement strictly between the donor and recipient, and undermines the security in providing information confidentially. So who is intentionally asking that this expectation and potentially contractual obligation to honor privacy in the PAMS agreement be violated?

MIDAS

The Milksharing Incident Database and Survey (MIDAS) is described on their website as “…a grassroots public health program created by World Milksharing Week.”* Neither the survey nor the incident reporting options provides an informed consent document, indication of data security, intended use, authority to collect such data, de-identification procedures, or information regarding data security and storage. There is no IRB approval for any of the actions undertaken by this organization. In the frequently asked questions tab of the website, it is stated that there is absolutely no follow up on any information provided, and that all information is provided anonymously. On the same page, follow up is discussed as occurring in “severe and very severe” instances, with a medical professional that MIDAS chooses. No information is provided regarding vetting of medical professionals, authority for them to contact respondents, and certainly not to contact individuals who’s personal information was obtained through a third party without consent. So, if the reporting is anonymous, how does the follow up occur? The answer is likely that this website is an integrated WordPress account, as it is hosted by Bluehost, and WordPress has the capability of tracking the IP addresses of users who interact with websites. Not particularly anonymous, or secure.

Necessity?

No evidence or foundation based on the current level of knowledge concerning PAMS is provided by the creators of MIDAS. The efforts are redundant, as my own research and that of several other teams operating in the US and Canada are collecting practice information and participant beliefs. These research endeavors are being conducted under approved IRB circumstances, and with full disclosure to all participants. Considering this information is being collected in such a way that it cannot be used for legitimate research, it is likely that such a site poses more harmful potential than benefit for any efforts to generate policy and evidence regarding PAMS.

Closing Thoughts

The PAMS community and participants are operating under very biased and intensive scrutiny from existing health authorities. Concerns about the cavalier attitude of those participating and the presumed ignorance of those involved is frequently discussed. A site clearly not manned by an experienced researcher or data manager, seeking information from third parties without any right to do so and potentially in violation of individual state and federal regulations regarding protected information and contract law, and without recourse for those who may be seriously wronged in this process certainly does not refute these views of PAMS. It is deeply disturbing to me, personally, to see otherwise well respected researchers who would certainly be expected to understand their inability to be associated with such an undertaking per their involvement with research institutions already are being named as partners in this endeavor through World Milksharing Week.

* The milksharing network Human Milk 4 Human Babies and Modern Milksharing are included in the committee responsible for the creation of MIDAS. This involvement and endorsement is in direct opposition to stated intentions to stay removed from involvement and to support individual accountability of participants on their networks and sites.

References

Nass, S. J., Levit, L. A., Gostin, L. O. (2009). Beyond the HIPAA privacy rule: Enhancing privacy, improving health through research. Washington, D.C: National Academies Press.

Pritts, J.L. (2007) Federal efforts to impose uniformity on state healthcare laws. Health Law and Policy. Vol. 20 (2). Pp 20-23.

Schweitzer, E. J. (2012). Reconciliation of the cloud computing model with US federal electronic health record regulations. Journal of the American Medical Informatics Association : JAMIA, 19(2), 161-165. doi:10.1136/amiajnl-2011-000162

Advertisements

4 thoughts on “Protecting PAMS Participants’ Privacy – Group Asks Participants to Share Private Information (Week 9)

  1. Angie, thanks for your incredibly interesting post. Being new to the whole concept of formally arranged milk sharing (i.e. through a website), and working with a client that I am trying to find donor milk for, I am grateful to learn more about what is going on with this issue. Of course, I went to the MIDAS and WMW sites to better understand your concerns. It seems like the principals involved want to show transparency in sharing survey information but I can see how information seems vulnerable, i.e. anonymous reporting, but how do they contact participants who have had severe reaction vs those who do not? Have you voiced your concerns to anyone in the MIDAS group? Or at least brainstormed with women in your sharing community, to see how they feel about the process, and then pass on any concerns? This is definitely so new that everyone needs to proceed cautiously. Best of luck with your work!

    • I have, to several current and one passed member. The response has been to mind my business. Incidentally, minding my business is exactly what I am doing, as I am not only a researcher but also a donor. While it isn’t a personal concern that a report may be made on me, there have been a handful of isolated incidents where serious accusations have been made on pages about donor or recipient conduct. In those cases, situations have bordered on libel, and in a couple of situations it put foster parents at risk of no longer being able to provide homes for infants. The consequences are serious. In light of there being absolutely no practical use for any of this information coupled with the misrepresentation of this project as a health program makes this a potentially devastating collection of information. Considering the scrutiny that PAMS is under from the medical community in general and the media, is it likely that infant illness would not be publicized widely and immediately? A 6 month lag in providing information in a situation where a potentially dangerous donor might be identified risks exposing how many more recipients? None of the fundamental questions of research have been addressed in this endeavor, and it is disappointing, to say the least.

  2. This issue is fascinating and completely complex. An area of privacy concern and PAMS is within the hospital setting. Women come in with privately donated milk to prevent formula supplementation. It is happening with increased frequency as women more educated on the health risks associated with formula. Before writing the order to allow privately donated milk to given to a baby, the pediatrician and hospital risk department will require documented health history of the donor including a blood panel for communicable diseases. This requirement is, of course, to protect the baby as well as the physician, nurses, and hospital from liability; however, it does mean a disclosure of the donor’s private information. The donor information then enters the patient’s chart where it could be accessed when the patient chart is opened. At my hospital, our legal and risk departments are working quickly to create policy and protocol to cover this situation as right now it tends to be quite a mess when it happens.

    • Agreed. I have donated to at least one mother in your hospital, so my information may have been part of your mess! What I provide to my donors is the most recent blood donation screening, which covers all of the big bad and ugly associated with PAMS. With HIPAA and the general pace of care in the hospital setting, I am far less concerned with information being shared among medical professionals. Most donors know that their milk will be going to the hospital and recipients will let them know where the information will be used, so it is a very informed consent and respectful situation. With this MIDAS survey, there is no attempt made at privacy or respect of the laws governing transactions that vary from state to state and internationally. Greater even than health records is the invitation to provide incidences of social interactions deemed adverse. It is hard enough to ensure the integrity of donors and recipients when the practice is social media based and the pages manned by dedicated and completely uncompensated volunteers. There doesn’t need to be a third party forum for accusations to be made when a private arrangement does not work out as all parties had assumed it would.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s