Confidentiality and testing

Published 13, Aug, 2013

Ken Monteith lives in a province where HIV testing is non-nominal (does not have a name attached that is reported to Public Health) but sees that his routine bloodwork and other records bear his name. So how confidential is his status?

Confidentiality and testing

Every now and then, here in Québec, we get all worked up over how HIV tests are reported to public health authorities. If I am not mistaken, Québec is the only jurisdiction in Canada where HIV testing remains non-nominal — meaning that a name is not attached to the positive result when it is sent to the public health authorities. In an attempt to have better HIV surveillance and eliminate the counting of second tests as new diagnoses, we changed our system in 2002, making use of an encoded (and undecodable) version of the health insurance number of a person to attach to the test results along with certain statistical information that would help to characterize the epidemic. At least as far as positive tests can paint a portrait of the epidemic in a context where a significant portion of the infected are not tested and some “new” diagnoses are of people who were likely infected many years ago.

This system was adopted in order to satisfy the requirements of a privacy watchdog that we have here that responded positively to concerns raised by the community and found a way to address the problem (duplicate results being counted twice) without necessarily going down the “easy” path of collecting more information than necessary. I should point out, too, that this system is also paralleled by the possibility of doing your test anonymously, which surprisingly few people do, at least surprisingly few with positive tests.

This question rears its ugly head as a controversy each time someone proposes going a step further and making the reporting nominal. It happened when we realized that newly arrived immigrants and refugees, who don’t have health insurance coverage at the beginning of their stay, were being missed in the statistics. There is some kind of work-around in place now to avoid counting any of their results more than once, but I still have a vague sense of unease that we now have two different levels of protection of our identities, just like we have two (or more) levels of consent to testing in the first place (the only choice offered to immigrants and refugees is test or stay away, while most of the rest of us have to give our explicit consent for a test).

One of the objections raised is that people may avoid getting tested if they know their name will be attached to the result. There seems to be some worry about the capacity of our public health system to keep these things confidential, but I’m not sure if that particular worry is founded. You see, once we get our positive test and start on our regular medical follow-ups and monitoring, our names get attached to a bunch of things including, as you can see from my surreptitious photo (left) at my last viral load test, on the label that gets attached to the tube of my blood and sent to the lab. It’s plainly there: my name and the test to be conducted (HIV viral). And I really have no worries about that.

I also have no worries about the fact that, when I was diagnosed at the end of 1997/beginning of 1998, I “qualified” for the status of “AIDS” and my name was sent in and figures on a list somewhere to that effect. No one has since knocked on my door or otherwise singled me out for different treatment based on that list. And I haven’t been playing any kind of game of changing my identity and address either — I still live in the same apartment with the same phone number and everything. And no witch hunt!

Does this mean that I’m ready to roll over and concede that our HIV reporting should become nominal? Not in the least. I might not fear, in my context as one of thousands of people with HIV in our largest city, that the system has any weaknesses with regard to protecting my confidentiality, but my experience of the system is not everyone’s experience of the system. If you really want to start keeping extra information, especially in an era where some people have a disturbing tendency to leave flash drives lying around or in their unprotected automobiles and others have develop mad skills in hacking secure systems, you are going to need to justify your reasons. Then we can explore together just how you might be able to achieve the result that you are seeking without keeping that extra information. The burden of proof is on the one who seeks to invade our privacy and not the other way around.

We see a similar question playing out in terms of internet security and government surveillance. Those who object to the monitoring of their activities are being told that they have nothing to fear if they are not doing anything wrong. This, from institutions that refuse to make their own activities public and prosecute those who might leak information to the rest of us. Right US government? Bradley Manning? Edward Snowden?

Even if every act cannot and should not be portrayed as a nefarious plot to expose our most personal details, we need to start from a place of protection of all of our information, subject only to those limits that can really be legitimately justified.