New York City authorities in 2006 formulated a policy requiring that medical data from all diabetics in the City be stored in a centralized registry. This diabetic registry is the first in the nation to require collection of personal testing data for the purpose of monitoring treatments for a noninfectious disease. The registry represents an important step on the path toward better understanding and managing of the disease.
Nonetheless, establishment of the registry threatens privacy in a number of ways. Many individuals are open about their diabetes, but others prefer to keep that information to themselves, whether because of concerns for discrimination in the workplace or for ramifications in custody disputes. Although New York City’s regulation includes a confidentiality provision, privately identifiable information may be divulged through the notification process set up by the City, under which both physicians and patients are notified when their hemoglobin tests are dangerously high; through subpoenas in criminal and family court actions, and through use of the information by public health researchers to conduct epidemiological research. Regulators have already indicated that, despite the confidentiality provision, they intend to use the registry to conduct public health research that can only be attained by combining registry information with other statistics about the individuals covered. Moreover, there is no confidentiality provision at all for physicians, and operation of the registry may intrude upon the sanctity of the physician/patient relationship by providing physicians with troubling incentives either to circumvent the reporting requirements or to ensure that their patients appear healthier than they are. After considering the ways in which implementation of the registry potentially compromises privacy, the article concludes with a list of specific recommendations for both the NYC and future registries targeted at noninfectious diseases. In short, we recommend making the confidentiality provision more explicit, limiting secondary uses of the information obtained, protecting diabetics from adverse insurance consequences due to operation of the registry, and protecting the privacy of physicians.