Today is 1st December, World AIDS Day. Each year, people around the world unite to commemorate this day, to raise awareness, to show support for people living with the human immunodeficiency virus (HIV), and to remember those who have died from AIDS (Acquired Immunodeficiency Syndrome) and HIV-related illnesses. Since 2020, we have all experienced what it is like living in a world dominated by a medical privacy-related concern: the Coronavirus/Covid-19.
Founded in 1988, World AIDS Day was the first ever international day for global health. Every year, United Nations (UN) agencies, governments, and civil society come together to campaign around specific HIV/AIDS-related themes, such as this year’s theme, Let Communities Lead. According to the UN Secretary-General, “AIDS-related deaths have fallen by almost 70 per cent since their peak in 2004, and new HIV infections are at the lowest point since the 1980s.” But HIV/AIDS is still here and has serious implications for people’s lives not just in terms of their health, but also in terms of their privacy. The link between HIV/AIDS and privacy involves various aspects, primarily related to medical information and sensitive personal information regarding people’s health status.
HIV/AIDS has been historically associated with a plethora of misconceptions, myths, and social stigma. Individuals living with HIV/AIDS may face social ostracisation, prejudice, and discrimination. Protecting the privacy of individuals diagnosed with AIDS helps prevent unnecessary disclosure of their health status, reducing the risk of discrimination, and safeguarding their dignity. Privacy is a fundamental right, and in the context of HIV/AIDS, it becomes crucial due to the stigmatisation associated with the disease.
Medical privacy and confidentiality of medical information under PIPA
HIV/AIDS is an example of a medical condition with privacy impact. The personal information of individuals who have been diagnosed with HIV, which can lead to AIDS, is sensitive medical information. Medical professionals are bound by professional codes of conduct to protect patient information and keep it confidential. Protecting the confidentiality of individuals’ HIV status and related health information is crucial. Ethical considerations dictate that personal health information must be kept confidential; ethnical guidelines and codes of conduct often specify how healthcare providers, researchers, and public health agencies should handle and share sensitive personal information related to HIV/AIDS.
In the context of public health, governments and health organisations may collect and analyse data related to the prevalence of a particular medical condition, testing rates, and treatment outcomes. While individual privacy is essential, there are situations where public health reporting is necessary to track and manage the medical condition and related diseases. However, even in these cases, efforts must be made to de-identify data and maintain confidentiality to the extent possible. It is crucial to anonymise and aggregate such data to protect the privacy of individuals. Striking a balance between collecting meaningful data for public health purposes and safeguarding privacy is a key consideration. Respecting confidentiality, adhering to legal protections, promoting responsible handling of people’s sensitive personal information, and safeguarding the dignity and privacy of those affected are integral components of any public health initiative.
Many countries, including Bermuda, have legal frameworks in place to protect the privacy of individuals. When it comes to health, these legal protections aim to balance organisations’ obligations and individual privacy rights with public health interests. Privacy laws emphasize the importance of keeping such information private and confidential. Disclosing someone's health status without their consent is a breach of not only medical privacy, but also of privacy laws. Privacy law violations often have legal consequences.
Starting 1 January 2025, the Personal Information Protection Act (PIPA) will come into effect, giving individuals privacy rights about how their personal information – including medical information – is used. Under PIPA’s Section 19, individuals have privacy rights. These rights include the right to access their personal information; to have inaccurate personal information corrected, completed and/or updated if it is incomplete and/or out of date; to have their personal information blocked, erased, or destroyed; and to access their medical records. For more details, see our Guide to PIPA.
In addition, under Section 7, PIPA specifies certain types of information as being especially “sensitive”. This means that special protections are in place for individuals’ personal information relating to physical or mental health, physical or mental disability, place of origin, race, colour, sex, sexual life, religious beliefs, biometric and genetic information, and other types of personal information. Sensitive personal information can be used only in more limited circumstances. Under subsection 7(2), organisations are forbidden from using sensitive personal information to discriminate against any person contrary to any provision of Part 2 of the Human Rights Act 1981.