Protecting Confidentiality in the Digital Ecosystem of Humanitarian Aid

Photo by AbsolutVision on Unsplash
INTRODUCTION
Social media, news headlines, and podcasts implicitly and explicitly remind us of the digital misinformation maelstrom we navigate every day to understand the truth of current events. Misinformation feeds off the topics that impact our lives and draw our attention – war, health, politics, identity, fear, and empathy. Misinformation has a digital reach faster and wider than true information based on its nature of novelty and emotional instigation.[1] It draws from data leakages, twists the truth, incites emotional responses, and can undermine real efforts to protect and aid vulnerable communities. Many of the places and events targeted by misinformation are sites of humanitarian crises such as Gaza, Yamen, and Ukraine among many others. Humanitarian groups conceived to provide relief to vulnerable communities are susceptible to personal harm and impeded aid because the organizational structure is not equipped for misinformation and data security breaches. While propaganda and misinformation did not emerge in the contemporary, their scope, speed, and impact have exponentially increased as the world’s use of digital media for communication developed. The current state of misinformation and data leakages are threats to humanitarian efforts, especially the vital and nuanced task of humanitarian medical aid that now simultaneously relies on the digital information ecosystem.
ANALYSIS
Humanitarian efforts center on the four main principles of humanity, neutrality, impartiality, and operational independence. The United Nations Refugee Agency specifies that ‘humanity’ refers to addressing human suffering wherever it is found to ensure health and respect, ‘neutrality’ is to not engage in political, racial, religious, or ideological controversies, ‘impartiality’ is to provide aid based on need alone without bias and priority, and ‘operational independence’ is to conduct aid autonomous from agendas or actors in sectors such as political, economic, or military.[2] Medecins Sans Frontieres explicitly states neutrality, impartiality, independence, bearing witness, and accountability in their code of principles. Their statement on medical ethics is much more vague. It aims to “carry out our work with respect for the rules of medical ethics, in particular the duty to provide care without causing harm to individuals or groups. We respect patients’ autonomy, patient confidentiality, and their right to informed consent.”[3] Confidentiality is mentioned, but in the nondescript sense that could refer to confidentiality outlined in any number of medical ethics contexts.
Three most commonly referred to ethical codes in Western medicine are the Declaration of Helsinki, the Belmont Report, and the Code of the American Medical Association (AMA). The Declaration of Helsinki places confidentiality in the context of research and was written pre-digital age in the 1960s.[4] The Belmont Report does not mention confidentiality or patient privacy in its summation of medical ethics from 1978.[5] Lastly, the AMA’s Code of Medical Principles upholds that physicians “shall respect the rights of patients, colleagues, and other health professionals, and shall safeguard patient confidences and privacy within the constraints of the law.”[6] This AMA principle was adopted in 1957 and revised in 2001, still before the onset of widely accessible digital media. These three medical ethics codes are the standard of Western medicine, and yet they are decades obsolete when facing the harm of digital misinformation and data leakages. Humanitarian aid organizations cannot afford to rely on outdated medical ethical codes amid digital misinformation and data leakages.
Medical humanitarian relief groups such as Medecins Sans Frontiers, the International Medical Corps, the WHO Global Health and Peace Initiative, and the International Committee of the Red Cross, rely on the medical ethics defined in the aforementioned guides in addition to their humanitarian foundation. These codes, while useful, were written prior to the digital age. And, as our methods of communication, medical delivery, and global action have evolved and digitized, the ethics guiding medical practice should be updated to reflect this dramatic change. Humanitarian medical organizations need the digital ecosystem to store metadata for medical services such as patient history, blood type, metrics on locations in need of aid, missing person searches, and funding. The levels of data vulnerable to misconstruction and hacking exist on the personal and organizational levels. Individual providers and the organizational body should prioritize confidentiality. Thus humanitarian medical ethics should adapt to the reality of the digital age to not endanger the populations receiving aid and to not propagate harm.
Misinformation and data leakage can lead to microtargeting, defamation, provider endangerment, and other harms preventing medical service. The European Data Protection Supervisor details how the personal information collected by organizations, such as medical, can be stolen or misconstrued to affect microtargeting, placing individuals in the direct path of echo chambers, digital tracking, and manipulation.[7] The International Broadcasting Trust released a report in 2018 detailing the extent to which misinformation was impacting the humanitarian aid groups it broadcasts to.[8] For example, the report shared that rumors spread by right-wing political groups in 2017 falsely circulated that humanitarian groups in the Mediterranean were collaborating with child trafficking rings.[9] After causing defamation, the right-wing group sent a boat to block and detain the humanitarian group’s search and rescue boat. This was one incident among many where providers and patients were put in harm’s way through misinformation and the misuse of location data. Other disinformation campaigns can be carried out by governments as well; in Syria and Ukraine, the Russian government has been specifically targeting Red ross and White Helmets.[10] Beneficial medical services cannot be delivered if providers and patients are targeted. In January of 2022, the International Association of the Red Cross was hacked. Approximately 515,000 vulnerable persons’ data was leaked and became inaccessible to the IARC providers.[11] If an organization cannot protect access to its digital ecosystem, humanitarian medical aid efforts can be rendered ineffective.
Additionally, misinformation and breached data cause the less immediate but more widely impactful harm of distrust. Stakeholders and funding sources can withdraw from supporting medical humanitarian aid organizations. Beneficial medical services cannot be offered if there is no monetary backing. Providers and patients also have their own digital devices and means of communication which can lead to sensitive information being shared online or with non-neutral parties. If a patient cannot trust their provider or the organization a provider acts in the name of, medical services can be refused. Beneficial medical service cannot be conducted if the trust of the patient is compromised by humanitarian groups failing to prioritize patient confidentiality. Confidentiality should be prioritized in humanitarian medical aid to safeguard against the extended harms of data leakage, misinformation, and malintent.  
Some critiques may postulate that due to the uniqueness of each community aided by medical humanitarian organizations, over-standardization from rigid ethical codes may occur, that standardization can lead to inflexibility with communities and render aid strategies ineffective. However, the reality is that ethical frameworks make sure that individual actors are not monolithic – they allow for collaboration and joint work. The WHO Global Health and Peace Initiative’s recent adoption of conflict sensitivity, along with other organizations’ additions of similar language, ensure that there is a feedback loop incorporated into the ethical code to mitigate unintended harm. Thus, ethical codes are helping providers to respond in unprecedented situations with consciousness to harm propagation. In events of limited time and of crisis, comprehensive ethical codes are especially beneficial because we rely on habits and pre-established information banks.
CONCLUSION
Humanitarian medical ethics should include a specific guide for confidentiality. Without forethought and the integration of traditional and digital confidentiality as a main tenant, medical humanitarian organizations will continue to act retrospectively. Trust in stakeholder-provider-patient relationships will continue to disintegrate. The current status quo of medical ethics in the humanitarian aid sector poses multiple risks for providers and patients whereas adopting stronger confidentiality language is a tangible step towards the protection of vulnerable communities from the harms of digital misinformation and data leakage.
-
[1] Vosoughi, Soroush, Deb Roy, and Sinan Aral. “The Spread of True and False News Online.” Science 359, no. 6380 (2018): 1146–51. https://doi.org/10.1126/science.aap9559. 
[2] “Conflict Sensitivity and the Centrality of Protection.” The Global Portection Cluster , March 2022. https://www.globalprotectioncluster.org/sites/default/files/2023-03/220318_gpc_-_conflict_sens.pdf. 
[3] “Our Charter and Principles.” MEDECINS SANS FRONTIERES - MIDDLE EAST. Accessed December 24, 2023. https://www.msf-me.org/about-us/principles/our-charter-and-principles#:~:text=We%20give%20priority%20to%20those,of%20governments%20or%20warring%20parties.&text=The%20principles%20of%20impartiality%20and%20neutrality%20are%20not%20synonymous%20with%20silence. 
[4] “WMA - The World Medical Association-WMA Declaration of Helsinki – Ethical Principles for Medical Research Involving Human Subjects.” The World Medical Association. Accessed December 24, 2023. https://www.wma.net/policies-post/wma-declaration-of-helsinki-ethical-principles-for-medical-research-involving-human-subjects/.
[5] Office for Human Research Protections (OHRP). “ The Belmont Report.” United States Department of Health and Human Services , September 27, 2022. https://www.hhs.gov/ohrp/regulations-and-policy/belmont-report/read-the-belmont-report/index.html.
[6] American Medical Association . “The Code .” AMA principles of Medical Ethics. Accessed December 24, 2023. https://code-medical-ethics.ama-assn.org/principles.
[7] “EDPS Opinion on Online Manipulation and Personal Data .” European Data Protection Supervisor. Accessed December 24, 2023. https://edps.europa.eu/sites/edp/files/publication/18-03-19_online_manipulation_en.pdf. 
[8] Robin. “Faking It: Fake News and How It Impacts on the Charity Sector.” International Broadcasting Trust, March 13, 2020. https://www.ibt.org.uk/reports/faking-it/. 
[9] Reed, B. “Charities Colluding with Traffickers? Fake News.” The Guardian, February 15, 2018. https://www.theguardian.com/global-development/2018/feb/15/charities-aid-agencies-fake-news-says-report. 
[10] Sant, Shannon Van. “Russian Propaganda Is Targeting Aid Workers.” Foreign Policy, August 1, 2022. https://foreignpolicy.com/2022/08/01/russia-disinformation-ukraine-syria-humanitarian-aid-workers/ .
[11] International Committee of the Red Cross. “Hacking the Data of the World’s Most Vulnerable Is an Outrage.” International Committee of the Red Cross, October 27, 2022. https://www.icrc.org/en/document/hacking-data-outrage.  


INTRODUCTION
Social media, news headlines, and podcasts implicitly and explicitly remind us of the digital misinformation maelstrom we navigate every day to understand the truth of current events.Misinformation feeds off the topics that impact our lives and draw our attention -war, health, politics, identity, fear, and empathy.Misinformation has a digital reach faster and wider than true information based on its nature of novelty and emotional instigation. 1 It draws from data leakages, twists the truth, incites emotional responses, and can undermine real efforts to protect and aid vulnerable communities.Many of the places and events targeted by misinformation are sites of humanitarian crises such as Gaza, Yamen, and Ukraine among many others.Humanitarian groups conceived to provide relief to vulnerable communities are susceptible to personal harm and impeded aid because the organizational structure is not equipped for misinformation and data security breaches.While propaganda and misinformation did not emerge in the contemporary, their scope, speed, and impact have exponentially increased as the world's use of digital media for communication developed.The current state of misinformation and data leakages are threats to humanitarian efforts, especially the vital and nuanced task of humanitarian medical aid that now simultaneously relies on the digital information ecosystem.

ANALYSIS
Humanitarian efforts center on the four main principles of humanity, neutrality, impartiality, and operational independence.The United Nations Refugee Agency specifies that 'humanity' refers to addressing human suffering wherever it is found to ensure health and respect, 'neutrality' is to not engage in political, racial, religious, or ideological controversies, 'impartiality' is to provide aid based on need alone without bias and priority, and 'operational independence' is to conduct aid autonomous from agendas or actors in sectors such as political, economic, or military. 2Medecins Sans Frontieres explicitly states neutrality, impartiality, independence, bearing witness, and accountability in their code of principles.Their statement on medical ethics is much more vague.It aims to "carry out our work with respect for the rules of medical ethics, in particular the duty to provide care without causing harm to individuals or groups.We respect patients' autonomy, patient confidentiality, and their right to informed consent." 3 Confidentiality is mentioned, but in the nondescript sense that could refer to confidentiality outlined in any number of medical ethics contexts.
Three most commonly referred to ethical codes in Western medicine are the Declaration of Helsinki, the Belmont Report, and the Code of the American Medical Association (AMA).The Declaration of Helsinki places confidentiality in the context of research and was written pre-digital age in the 1960s. 4The Belmont Report does not mention confidentiality or patient privacy in its summation of medical ethics from 1978. 5 Lastly, the AMA's Code of Medical Principles upholds that physicians "shall respect the rights of patients, colleagues, and other health professionals, and shall safeguard patient confidences and privacy within the constraints of the law." 6This AMA principle was adopted in 1957 and revised in 2001, still before the onset of widely accessible digital media.These three medical ethics codes are the standard of Western medicine, and yet they are decades obsolete when facing the harm of digital misinformation and data leakages.Humanitarian aid organizations cannot afford to rely on outdated medical ethical codes amid digital misinformation and data leakages.
Medical humanitarian relief groups such as Medecins Sans Frontiers, the International Medical Corps, the WHO Global Health and Peace Initiative, and the International Committee of the Red Cross, rely on the medical ethics defined in the aforementioned guides in addition to their humanitarian foundation.These codes, while useful, were written prior to the digital age.And, as our methods of communication, medical delivery, and global action have evolved and digitized, the ethics guiding medical practice should be updated to reflect this dramatic change.Humanitarian medical organizations need the digital ecosystem to store metadata for medical services such as patient history, blood type, metrics on locations in need of aid, missing person searches, and funding.The levels of data vulnerable to misconstruction and hacking exist on the personal and organizational levels.Individual providers and the organizational body should prioritize confidentiality.Thus humanitarian medical ethics should adapt to the reality of the digital age to not endanger the populations receiving aid and to not propagate harm.
Misinformation and data leakage can lead to microtargeting, defamation, provider endangerment, and other harms preventing medical service.The European Data Protection Supervisor details how the personal information collected by organizations, such as medical, can be stolen or misconstrued to affect microtargeting, placing individuals in the direct path of echo chambers, digital tracking, and manipulation. 7he International Broadcasting Trust released a report in 2018 detailing the extent to which misinformation was impacting the humanitarian aid groups it broadcasts to. 8For example, the report shared that rumors spread by right-wing political groups in 2017 falsely circulated that humanitarian groups in the Mediterranean were collaborating with child trafficking rings. 9After causing defamation, the right-wing group sent a boat to block and detain the humanitarian group's search and rescue boat.This was one incident among many where providers and patients were put in harm's way through misinformation and the misuse of location data.Other disinformation campaigns can be carried out by governments as well; in Syria and Ukraine, the Russian government has been specifically targeting Red ross and White Helmets. 10eneficial medical services cannot be delivered if providers and patients are targeted.In January of 2022, the International Association of the Red Cross was hacked.Approximately 515,000 vulnerable persons' data was leaked and became inaccessible to the IARC providers. 11If an organization cannot protect access to its digital ecosystem, humanitarian medical aid efforts can be rendered ineffective.
Additionally, misinformation and breached data cause the less immediate but more widely impactful harm of distrust.Stakeholders and funding sources can withdraw from supporting medical humanitarian aid organizations.Beneficial medical services cannot be offered if there is no monetary backing.Providers and patients also have their own digital devices and means of communication which can lead to sensitive information being shared online or with non-neutral parties.If a patient cannot trust their provider or the organization a provider acts in the name of, medical services can be refused.Beneficial medical service cannot be conducted if the trust of the patient is compromised by humanitarian groups failing to prioritize patient confidentiality.Confidentiality should be prioritized in humanitarian medical aid to safeguard against the extended harms of data leakage, misinformation, and malintent.Some critiques may postulate that due to the uniqueness of each community aided by medical humanitarian organizations, over-standardization from rigid ethical codes may occur, that standardization can lead to inflexibility with communities and render aid strategies ineffective.However, the reality is that ethical frameworks make sure that individual actors are not monolithic -they allow for collaboration and joint work.The WHO Global Health and Peace Initiative's recent adoption of conflict sensitivity, along with other organizations' additions of similar language, ensure that there is a feedback loop incorporated into the ethical code to mitigate unintended harm.Thus, ethical codes are helping providers to respond in unprecedented situations with consciousness to harm propagation.In events of limited time and of crisis, comprehensive ethical codes are especially beneficial because we rely on habits and pre-established information banks.

CONCLUSION
Humanitarian medical ethics should include a specific guide for confidentiality.Without forethought and the integration of traditional and digital confidentiality as a main tenant, medical humanitarian organizations will continue to act retrospectively.Trust in stakeholder-provider-patient relationships will continue to disintegrate.The current status quo of medical ethics in the humanitarian aid sector poses multiple risks for providers and patients whereas adopting stronger confidentiality language is a tangible step towards the protection of vulnerable communities from the harms of digital misinformation and data leakage.