The facts of the case are damning.
Twenty-seven-year-old Germanwings pilot Andreas Lubitz, who allegedly crashed a plane into the French Alps and killed all 150 people on board, had a history of depressive episodes and took a break from pilot training earlier due to the illness. His condition had gotten worse recently.
Per several news reports, he had searched online for methods to commit suicide and researched cockpit doors days before the crash. He had also been shopping around for doctors and was “very afraid” of losing his flying license. Investigators found torn up medical notes that prohibited him from working on the day he crashed the airline.
What’s more, his medical certification from Lufthansa contained a warning that his license would be terminated if depression symptoms returned.
In fact, the tragedy could have been averted if Lubitz’s medical condition had been reported to Lufthansa. But European privacy regulations treat healthcare data as personal data. This means that such data is afforded the same set of protections as personal data and is not subject to mandatory disclosure. For example, sexual orientation and physical address are both forms of personal data and are not subject to required reporting. Disclosure of such data can only be done by the individual or requires explicit individual consent.
In light of the recent tragedy, is it time to re-evaluate these regulations?
Personal data problems
Given what we know about the Germanwings case, the argument against privacy of healthcare data falls flat. But there are still several good reasons to restrict the publishing of such data.
For example, mandatory disclosure of healthcare information to employers could introduce another wrinkle in the already-complicated phalanx of employment laws, at least in America. As an example, consider that one in four Americans meets the diagnosis for mental disorders as defined in DSM-IV. But they do not commit crime at a higher rate than supposedly “normal” individuals. It follows then that not all mentally-imbalanced people will commit crimes. Thus, rejecting an employment application based on a history of mental illness could be tantamount to discrimination.
There is also the danger that insurance companies could take advantage of common statistical data across large subsections of the population to increase or decrease coverage costs based on medical conditions. For example, the company could selectively increase coverage costs based on disclosure of healthcare data and provide advertiser access to such data. Finally, there is the danger of medical information theft. This is already prevalent in the system through incidences of medical fraud.
An exceptional case
The key question to ask ourselves, in this case, is whether public considerations trump an individual’s desire for privacy in certain professions. In certain cases, that turns out to be a valid argument.
The head of a large, multinational corporation is one such case. The financial well-being of a number of company shareholders depends on the health of a chief executive officer. Ill health can impair the CEO’s ability to function normally and, consequently, cloud their judgement and decision-making processes. Both are important attributes to run a successful company. For example, rumors of Steve Jobs’ ill-health affected Apple’s stock performance, eventually forcing the charismatic founder to admit that he had cancer.
The airline industry is another case. Part of the social contract between airlines and passengers is the promise of a safe flight. A passenger’s safety depends on the physical and mental well-being of a single person. While exact statistics are not available, pilot errors have been repeatedly cited as the number one reason for crashes. For example, the Air France crash in the Atlantic Ocean was caused to an error in judgement. In that case, however, the error was not deliberate.
Lubitz allegedly caused the plane to crash deliberately and with full knowledge of the consequences. If that is true, it makes his case a combination of suicide and murder (similar to the 9/11 hijackers). His action is also a failure of the airline’s responsibility toward its passengers, who trusted the airline’s system enough to entrust their lives with it.
Privacy is the right to be left alone. But that right is forfeited when it is attached to the responsibility (as in the case of a chief executive officer of a large corporation or an airline pilot). It is time to change healthcare privacy laws to better reflect this reality.