Summary of Concerns: SDFA Townhall on Medical Privacy

The SDFA sent the following letter to university administrators on August 20th requesting an extension of the date to register in the “Work and Health Management” process. It is still open for signatures. As of August 23, 2020, we have not received a response, but will share it with all signatories when we do.

 

On August 19, 2020, SDFA convened a townhall to discuss recent policies requesting UCSD employees to create an Employee Medical Record in EPIC, the UCSD Health Patient Data system. The following is an overview of concerns raised. This document is meant to share concerns with concerned stakeholders and assist those working to improve Return to Learn and campus operations.

 

We write these concerns with a shared purpose in doing research, teaching, and service to the community in a way that is safe and builds the trust needed to navigate our collective path through this pandemic. 

 

If you feel that an important perspective from the town hall is missing and should be added here, please email sdfa.assist@gmail.com with suggested additions and we will respond to you within 24 hours. We will update this document should we receive responses from campus leadership to these concerns. Last update: Aug 22, 2020

 

Free testing should not be contingent on consenting to an Employee Health EPIC record

Free COVID testing is a basic workplace safety measure in support of Return to Learn and Research Ramp Up, rather than a “free benefit” of participating in Return to Learn as an intervention. Those without work-provided health insurance, such as non-Senate faculty, or those without good transportation options will suffer most from this requirement and feel least free to assert their rights towards their employer. 

 

Informed consent

A significant portion of the townhall consisted of participants comparing communications through Academic Senate webinars and with relevant administrators attempting to understand the details of how employee records would be organized, made available, and deleted in the present and future. Participants felt that the lack of clarity around how personal health data would be stored, for how long, and how/if it would be made available to researchers in the future impeded their ability to offer informed consent to having an employee medical record in EPIC. Further, there was a lack of clarity on whether employee data would be used for biomedical research by UCSD health researchers or by private companies contracted by (or in partnership with) UCSD and whether employees would be given the opportunity to consent to contributing their data to such projects. 

 

County/State Public health requirements versus Return to Learn intervention needs

Public health data requirements for the county and state may be distinct from the possible data needs of Return to Learn interventions. Faculty would like more clarity on the distinction in all stakeholder communications. Because campus communications imply that Return to Learn data collection and testing strategies are the very same as state/county public health needs, participants reported feeling stigmatized for having privacy concerns about Return to Learn efforts even though they wished to fully participate in state and county public health requirements. The concern is that the scope of Return to Learn data collection, present and future, is unclear at the moment. The fear is that the R2L intervention will lead to or justify requests for unknown amounts of data justified by the public health crisis and campus implementation of health measures. 

 

Campus authorities obscured the availability of an option for a non-EPIC health record

This obscuring may have been by intention or by accident. However, at the meeting it became clear that another option was available only to those who read the fine print and then on a hope emailed the Campus Privacy Officer. Those who stated to the Campus Privacy Officer that they did not consent to an EPIC health record were given an option of storing their testing data in an HR database. By obscuring this option, administration erodes trust between employees and the institution.

 

Academic Senate webinars should show all questions being asked, rather than only questions that are being answered.

Senate is a space where faculty value hearing from other faculty as well as senate leadership and administration. Several faculty members expressed frustration at asking questions that were invisible to others. They reported having to reask the question. We realize webinar administrators may not intend to censor, but it may appear this way to participants. Webinar administrators can build trust by allowing for all questions to appear. 

 

The Return to Learn team needs to demonstrate and communicate clearly about how they are practicing data minimization. 

Corollary: Employee health data should not be kept past the pandemic requirements

We commend the EVC Principles on Personal Data, one of which is data minimization. When emergency situations demand quick responses that risk intrusions into privacy and liberty, a reasonable principle is to intrude only as much as is necessary to fulfil the purposes that justify the intrusions. As such, any information collected for purposes other than determining whether it is safe for employees to come to campus or whether employees are eligible for screening or treatment should be entirely voluntary.

 

A clearly outlined process for faculty governance of the data policy changes and oversight is required. 

The current policy is that use of data will be governed by the data policies in effect at the time the data are used, not the policies in effect at the time the data are collected.  Given that privacy policies and laws governing data use are liable to change, faculty are in fact given little assurances about how the data may be used in the future.

 

Social Security Number is checked off by default, even though it is optional and very sensitive data

Social Security Numbers are highly sensitive data that should not be provided lightly, on unprotected networks, or when not legally required. Designing SSN as the default for the registration process form means that employees do not have to actively consent to providing their SSN.  

 

Leave a Reply

Your email address will not be published. Required fields are marked *