[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Bob Gellman and me

To: James Love <love@essential.org>
Subject: Re: Bob Gellman and me
From: Robert Gellman <rgellman@cais.cais.com>
Date: Tue, 21 Nov 1995 10:15:04 -0500 (EST)
cc: Multiple recipients of list <med-privacy@essential.org>
In-Reply-To: <Pine.SUN.3.91.951120234440.7568J-100000@essential.essential.org>

On Tue, 21 Nov 1995, James Love wrote:

> My response:
> 
> The following language is what we want added to S. 1360, Sec.
> 202.
> 
>      Sec. 202 (e) Disclosure for Payment. -- A health
>      information trustee that receives protected health care
>      information for purposes of authorization of payment
>      may only use information for this purpose, and may not
>      redisseminate the information to any third parties,
>      including persons who seek information under sections
>      204, 205, 206, 207, 208, 209, 210, 211 or 212 of this
>      act.  Protected information received for purposes of
>      payment authorization shall be removed or destroyed at
>      the earliest opportunity once payment has been
>      authorized.

	Under this proposal, a patient cannot consent to the use of their 
medical information for other purposes.  This is the FIRST time that 
anyone has proposed restricting how an individual can use or authorize 
the use of their own records.

	Destroying information once payment is authorized will prevent 
investigations of fraud.  It will also mean that it will be harder or 
impossible to compile information for health oversight, including 
identifying substandard doctors and hospitals.

> 
> Mr response:
>    An alternative is for patients and doctors to decide, without
> the coercion of insurance payments, if they want to enter the
> records in databases.  Doctors and patients may decide that they
> want to give Equifax, Travelers, or whoever the records, to
> handle all these requests for data (gee, it sounds like there is
> such a huge demand for records), but why not give them the
> choice, instead of the insurer.  Are you afraid that people will
> just say no?

People can say what they want.  But the use of records for cost 
containment, fraud control, and research benefits everyone.  Some of this 
work is done through databases.  Now let's guess who will refuse to make 
their records available.  Those who are committing fraud or those who are 
not?  If there are proper restrictions as proposed in the Bennett/Condit 
bills, then we can have privacy and meet the other goals.

>     Bob, this is a low blow, and you know it.  Why are indentifed
> records necessary for cost containment?  And for fraud,
> investigators will surely be allowed to investigate, but do they
> need to know if a woman had an abortion 15 years ago, if I was
> ever treated for VD, or what I told a mental health professional
> about my family life.  Why is it so important to have these
> massive cradle to grave databases, without any omissions except
> for those who pay out of pocket?

Why don't you learn something about how cost containment is done before 
you ask these questions.  And the legislation will stop fraud 
investigators from obtaining old, irrelevant records.  See section 
201(a)(2) which says:

	Every disclosure of protected health information by a health 
	information trustee shall be limited to the minimum amount of
	information necessary to accomplish the purpose for which the 
	information is disclosed.

That cuts of irrelevant disclosures and fishing expeditions.  There is 
nothing like that in current law or practice.  It is a MAJOR advance.

> > So who should be prohibited from maintaining computerized
> > records? Doctors, labs, pharamcists, hospitals?  
> 
> My response:
>    No one.  Anyone can put their records on computers.  What are
> "their" records?  If an insurance company gets notes from my
> sessions with my doctor, which I have paid for with insurance
> that I have also paid for, does the record "belong" to the
> insurance company?  If a hospital has a record of my visit, is it
> theirs to sell or redisseminate?  This is about who has the right
> to release and redisseminate information that is or should be
> private. 

Okay.  This is what the legislation is designed to accomplish.  But what
does private mean to you.  Like it or not, there are lots of lawful
institutions that use these records for purposes beyond treatment and
payment.  Medical records are not actually less private than your bank
records, school records, and criminal history records.  You don't have to 
like this.  I don't.  But you can't pass legislation that prevents cost 
containment and research.  And some or much of it requires identifiable 
records.  You can have privacy or cost containment, but you may not be 
able to have both.  I am sorry about that.  I don't like it any more than 
you do.  But a bill that gets a multi-billion dollar price tag cannot pass.

> 
> Robert Gellman:
> > Can everyone
> > have their own computer and print out information to pass on to
> > the next person who then re keys it?  Do you want to ban
> > computerized patient records?
> 
> My Response:
>    I guess exaggeration seems like an effective polemic, Bob, but
> its not really becoming someone as sophisticated as you.  Saying
> the insurance company can't get my records without non-coercive
> consent won't bring the world back to the stone ages, or
> eliminate the use of computers.  But will give people more power
> to control the redissemination of their records.  Don't be so
> silly or alarmist.

That is quite a statement coming from someone who keeps talking about dog 
catchers getting access to medical records.  Now there's a non-silly, 
non-alarmist point.  

> 
> My response.
> Ok.  The Medical Records Confidentially Act does in fact contain
> some modest, if cosmetic measures toward privacy.  Fraud
> investigators can get records without consent and without notice,
> but they can only use them against you if you committed fraud.
> 

That's better protection than you get today.

> Mr Response:
> Wow, what an improvement.  Law enforcement officals get access to
> everything, on computer, without consent, but they need a warrant
> from a judge -- any judge in America will do of course.  I feel
> much better.
> 

What is the matter with having judges rule on warrants and subpoenas?  
You have another proposal?  Judges make life and death rulings every 
day.  I can live with this as a control.

Bob

+ + + + + + + + + + + + + + + + + + + + + + + + +
+   Robert Gellman          rgellman@cais.com   +
+   Privacy and Information Policy Consultant   +
+   431 Fifth Street S.E.                       +    
+   Washington, DC 20003                        + 
+   202-543-7923 (phone)   202-547-8287 (fax)   +
+ + + + + + + + + + + + + + + + + + + + + + + + +

Follow-Ups:
- Re: Bob Gellman and me
  - From: James Love <love@tap.org>

References:
- Bob Gellman and me
  - From: James Love <love@tap.org>

Prev by Date: Re: Notes on Industry Support for S. 1360
Next by Date: Re: CPT letters to NYT
Prev by thread: Bob Gellman and me
Next by thread: Re: Bob Gellman and me
Index(es):
- Date
- Thread