Big Brother, Big Bucks
MEDICAL RECORD PRIVACY HANGS IN THE BALANCE.The New Physician
Should patient medical data be for sale? It is. Should police be able to search medical records without a warrant? That has been proposed. And what if a drug company offered discounted medical records software, provided they could access patients’ medication lists? It’s happening now.
Laying Down the Law -- We have called privacy “the right to be let alone.” Others have defined it as the right to determine when, how and to what extent information is communicated about us to others. Still others have said it’s not our control of the information that’s important, but what people do to us with it.
There is no clearly defined “right to privacy,” but there is support for it in the Constitution, case law and in a patchwork of state and federal legislation. The Constitution addresses governmental intrusions in the Fourth Amendment (against unreasonable search and seizure) and in the 14th (against depriving people of liberty without due process).
Most states have laws against unauthorized disclosure of medical information, but if you ever have to go to the emergency room and want your insurance to pay for the visit, you’ll probably have to sign a release form that says, “I authorize release of medical information including mental health, substance abuse and HIV/ AIDS to my insurance carrier.” Alarms should be going off now, because the release doesn’t limit itself in terms of relevant information or time. Plus, rarely is there any restriction against subsequent re-release or sale of your data. That’s why these laws are not enough.
Why Now? Although we have been struggling with this for decades, medical privacy is a particularly contentious topic now. There are four reasons for this.
First, there is the advance and deployment of technology—particularly databases, the Internet and the Human Genome Project.
Second, there is the increasing power of big business and its influence on our government. For example, new privacy risks may have resulted from the recent passage of the Financial Services Modernization Act, which permits mergers between insurance companies and other types of financial institutions. The medical privacy section of that act, fortunately removed before the bill’s passage, would have allowed a bank to review an individual’s medical data from a related health insurer before deciding on a loan application. It’s still not clear yet whether the remainder of the act permits this.
Third, the Department of Health and Human Services (DHHS) is working on privacy standards that apply to electronically stored, personally identifiable health data that HMOs, health insurance companies and care providers electronically transmit. Data only stored in paper form is not covered by the standards. They also offer no federal oversight for how researchers, life insurance companies and public health officials use and transmit the data. Only Congress can fill in these gaps.
Fourth, reports of abuses are increasing public fear. Twenty-seven percent of the public believes that they have been the victim of an improper release of health information, according to a 1999 Louis Harris & Associates poll. As a result of perceived abuses, patients and physicians are taking action to circumvent a flawed system. Patients are paying out-of-pocket to see physicians outside their insurance plan, or they’re asking physicians not to record certain information on their medical chart. Some physicians are skewing diagnoses, reporting incomplete information or maintaining shadow records unseen by insurers.
Uses and Abuses -- The proper uses of health data may be divided into three categories: patient care, public good and commerce. Patient-care providers generate most of the data—for the good of the patient—which then flows to management systems for monitoring and payment. This data may also be used for the public good in areas of law enforcement, research and public health.
Medical data is also for sale, and this is where commerce comes into play. It’s a fuzzy area of innocent use vs. abuse. For example, marketing services will sell mailing lists of 150,000 impotent men to anyone. The services frequently say the data was gathered by a voluntary patient survey, but much of the trafficking is less innocent.
The main abusers of health data are individuals, Big Brother and Big Bucks. Individuals can be abusers in many ways. For example, a Florida public health employee mailed a list of HIV-positive patients to a local newspaper, and fortunately the paper didn’t print it. Such an action is often illegal, and thus it tends to be disregarded in the privacy debate. Although existing law already covers these situations, there are other policy implications. Technology may need restrictions because the bigger the database, the more potent the stored information, the easier the retrieval—the more likely someone will pay the price to get it. Distribution may need restrictions too, because the more widely information is spread, the more people are given the opportunity to abuse it.
As an abuser, Big Brother represents the flip side of the “public good.” Those who believe we have a perfectly benevolent government may wish to make criminals easier to catch by gathering DNA samples and retinal scans on the entire population. But would this information always be used for the common good? Would the Civil Rights Movement, which was actively resisted by numerous law enforcement groups, have succeeded under even more severe scrutiny?
As for Big Bucks’ abuses, 35 percent of Fortune 500 companies use employee health information in hiring and promotion decisions, according to an unpublished 1996 study by privacy expert David Linowes. The situation is particularly hazardous when a large employer self-insures and contracts directly with physician groups. Without an intermediary, employers are in a better position to determine which diseases and employees are costing them the most—making it possible for them to rewrite insurance policies to omit the costly diagnoses. The physicians, then, are ethically caught in the middle.
Risk Reduction -- Individual abusers can be reduced through more elaborate security measures, particularly in electronic medical records. Another approach is to create an electronic audit trail of all personnel who view a patient’s data. The audits would be reviewed by patient privacy advocates or the patients themselves.
As for Big Brother and Big Bucks, many believe the primary cause of the trouble is patients’ loss of control over their own data due to involuntary release authorizations required by health-care payers. Hence, some privacy groups say that personally identifiable health data should only be released for use outside of direct patient care and with patients’ voluntary informed consent—except in emergency cases involving law enforcement and public health. They also say that release forms should restrict the data released and prohibit subsequent re-release.
Under such privacy policies, research and public health procedures would have to change, but their functions could be preserved by “de-identifying” the data when it leaves patient-care providers. Names and other information would be removed from the data and an identification number attached. This must be done carefully, since de-identified data containing a zip code and birth date can be matched to publicly available voter registration information to re-identify the records.
Another approach to reducing Big Bucks’ abuses is to convert to a single-payer health-care system. Private payers want detailed data on every patient encounter to control their costs, thus creating the privacy abuse risk. A public health system could be prohibited by law from releasing identifiable personal data for uses besides patient care.
Finally, some risks may be best avoided by restricting the enabling technologies. If a national database doesn’t exist, it can’t be misused.
New DHHS Regulations -- The final regulations are expected in late 2000. A strength of the current draft is that patients would gain a national right to see and copy their records, a regulation that’s absent in several states. Furthermore, truly voluntary patient authorizations would be required for all purposes other than treatment, payment and “health-care operations.” On the other hand, the regulations would also allow law enforcement access to medical records without a warrant and help the government create a national health database.
Get involved -- As we struggle to find the right balance between privacy and public good, the flood gates are wide open, allowing increasing flows of personal medical information into government and the market. Better to slam the flood gates shut now—and slowly open them for public good—rather than be too timid and watch our data rush down the spillway toward unknown destinations. But don’t take my word for it. Get educated, write your legislators and help shape the continuing debate.
New Physician contributing editor Rick Stahlhut is a medical informatics writer and consultant.