[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CPT letters to NYT

To: James Love <love@Essential.ORG>
Subject: Re: CPT letters to NYT
From: Robert Gellman <rgellman@cais.cais.com>
Date: Mon, 20 Nov 1995 22:20:13 -0500 (EST)
cc: Multiple recipients of list <med-privacy@Essential.ORG>
In-Reply-To: <Pine.SUN.3.91.951120191701.3845A-100000@essential.essential.org>

>       Bob, in our comments to the Senate, we said that the insurance 
> companies should not be permitted to use the records except for purposes 
> of authorizing payment.  Once payment is authorized, companies should 
> destroy or return records.  I don't mind if insurers ask for consent to 
> put records into databases to be used for other purposes, nor do I object 
> to the data being de-identified and used by the insurers.  I do object to 
> the insurance company maintain personally identified records of everyone 
> they insure, or hiring someone to maintain these records for them, unless 
> they obtain non-coercive consent.  

I'm confused.  Insurance companies get records with consent.  Do you want 
them to revise their consent forms to request permission to put data in 
computers?  If required, they will do so and patients will sign the 
consents blindly just like they sign consents to disclose "any and all 
information" to their insurance company.  What will this accomplish?  If 
patients had the ability to negotiate with their insurance companies, 
some would negotiate better terms today.  I am not aware that this is a 
widespread event today.

>    The insurer obtains the records for payment authorization - fine.  A 
> record is made that payments have been made.  If further oversight is 
> needed, let them go back to the source, and take a second look at the 
> records.  They shouldn't be given an automatic right to maintain vast 
> databases of all medical information, including items which the doctors 
> and patients want private.

So all of the other users (cost containers, auditors, fraud investigators)
have to go back to the doctor and hospital to collect the same records
that were just disclosed to the insurance company.  But since all of these
other uses are authorized by law and are going on today, your proposal
will increase the demand on doctors and hospitals.  It will be less
efficient, cost more, and not result in any few records being disclosed. 
An alternative is to just amend the old consent form so that the
information can be passed around by the insurance company.  If you object
to cost containment and fraud control, then say so directly.  Why make an
important process less efficient?  The real issue is use and not access 
because they have access today.

>     I couldn't disagree more.  The automation of records is extremely 
> important, in terms of privacy.  Increased efficiency of records 
> management is usually not good for privacy.

So who should be prohibited from maintaining computerized records? 
Doctors, labs, pharamcists, hospitals?  Can everyone have their own
computer and print out information to pass on to the next person who then
rekeys it?  Do you want to ban computerized patient records?  They are not
required by the bill, but are being developed independently.  Computerized
records will save billions.  Just how far do you want to carry this
anti-computer position?  Should we all stop sending email because of the
possibility of privacy violations and start sending snail mail? 

>      Bob, I have written two rather long sets of comments about this, nov
> 2 and nov 14.  In each set, I have identified areas of the Bennett bill
> which provide too much in terms on access without consent, and I have also
> said that in some cases, persons shouldn't be allowed to search automated
> records, when those records are identified.  For example, I don't think
> that law enforcement should use these databases as investigative tools. 
> Even though I would not object in general to the right of police to seek
> access to some records directly from providers, with appropriate burdens
> for cause, and privileges for mental health.  Getting the records from
> Equifax or AT&T is something different in terms of efficiency, and it will
> lead to far more access. (these companies don't make money by limiting 
> transactions on records).

Which database do you think that law enforcement should not be able to use
for health fraud investigations?  If they can't get automated data from
the insurance companies (and they probably don't today in any event), can
they get the data from the hospitals?  If they can get the data, why is
the source important?  If you think that doctors and hospitals are going
to protect your privacy, then why are investigators and cost containers
getting records so easily today.  I don't see a lot of doctors going to
court to block access.  Investigative demands are commonplace today,
whether anyone likes it or not.  Health care fraud is big business.  And 
so is investigating it.

The Bennett and Condit bills provide NEW PROTECTIONS against law
enforcement access.  Today, health fraud investigators can obtain records
without consent or notice and use the records against patients.  Under the
bills, access is limited, notice is required for subpoenas, and USE OF
INFORMATION AGAINST PATIENTS IS PROHIBITED except for health care fraud. 

The bill impose greater restrictions on law enforcement access and use of 
records than exists today.  Do you dispute that?

> 
>     The technology is not neutral, with regard to privacy.  It makes it 
> easier to search for information, to retrieve information, and to 
> disseminate information.  This is a fundamental problem with computers 
> today.  If this hasn't occurred to you, I'm a bit surprised, given your 
> background on privacy issues. 

Computers also make records more accessible, and they reduce the cost of 
health care.  A recent poll showed that the vast majority sees the trend 
toward computer based patient records as either very beneficial (40%) or 
somewhat beneficial (45%).  People also think it is very important to use 
computerized patient records to identify bad doctors (79%), reduce fraud 
(76%), reduce cost (74%).  People are also very willing (40%) or somewhat 
willing (40%) to have their medical records in a computerized system if 
there is a privacy code.  Today, records are computerized and there is no 
code!!

Railing against computers is barking up the wrong tree.  

Bob

+ + + + + + + + + + + + + + + + + + + + + + + + +
+   Robert Gellman          rgellman@cais.com   +
+   Privacy and Information Policy Consultant   +
+   431 Fifth Street S.E.                       +    
+   Washington, DC 20003                        + 
+   202-543-7923 (phone)   202-547-8287 (fax)   +
+ + + + + + + + + + + + + + + + + + + + + + + + +

Follow-Ups:
- Re: CPT letters to NYT
  - From: Gordon Cook <gcook@tigger.jvnc.net>
- Re: CPT letters to NYT
  - From: Stanton McCandlish <mech@eff.org>

References:
- Re: CPT letters to NYT
  - From: James Love <love@tap.org>

Prev by Date: Notes on Industry Support for S. 1360
Next by Date: Corporate Crime and CDT Funding on behalf of so-called medical privacy
Prev by thread: Re: CPT letters to NYT
Next by thread: Re: CPT letters to NYT
Index(es):
- Date
- Thread