[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
6/23 med-priv op-ed (fwd)
[note reference to CDT and absence of reference to McDermott bill pm]
---------- Forwarded message ----------
P-I FOCUS
TELL ME (US) EVERYTHING
PROTECTING PATIENT PRIVACY AT ISSUE IN FEDERAL LEGISLATION
MAGGIE SCARF
06/23/96
Seattle Post-Intelligencer
E1
(Copyright 1996)
Nowadays, getting help from a psychotherapist can be a risky
enterprise.
Take the case of Ann Linehan, a Boston woman in her early 60s, who went
to an internist at her health maintenance organization for routine
treatment of a urinary tract infection.
The doctor she saw that day (not her regular physician) glanced over
her medical file and then said flippantly, "I can certainly help you with
your medical problems, but I can't help you with your mental problems."
At the time, Linehan was being treated for a stress disorder, and she
believed her talks with her psychiatrist to be confidential.
She discovered that detailed notes on every session had been stored in
a computerized medical record that was accessible to anyone working within
the sprawling Harvard Community Health Plan system.
What happened to Linehan was no rare occurrence, for as managed-care
organizations demand detailed justifications for medical treatment and
file more and more data electronically, the cloak of confidentiality that
once protected psychotherapy has become increasingly threadbare.
A new bill wending its way through Congress represents the first
comprehensive national effort to deal with this emerging problem.
Introduced last November by Sens. Robert Bennett, R-Utah, and Patrick
Leahy, D-Vermont, the medical records confidentiality bill is intended, as
Bennett put it, to "create safeguards so that the folks who currently have
access to your medical information cannot abuse it as it is being abused
now."
The Bennett-Leahy bill would make it illegal for companies to use
medical records to create marketing lists and would grant patients access
to their medical records in states that do not already do so.
But the question being debated among mental health professionals and
patient advocates across the country is whether this bill will actually
advance the cause of patient privacy or precipitate a confidentiality
disaster.
What happens between the patient and the therapist is singularly
privileged.
"A broken arm is usually not a secret, but an eating disorder or
substance-abuse problem often is one," says Dr. Herbert Pardes, a
psychiatrist who is dean of the faculty of medicine at Columbia University
and was director of the National Institute of Mental Health under the
Carter and Reagan administrations.
At present, it's unrealistic for people to assume that the tender
subjects they talk over with their therapists will go no further than the
four walls of the consulting room.
And many patients have become legitimately concerned about the
possibility that the depression, suicide attempt, marital problem or
alcoholism being discussed could return to haunt them in cyberspace.
They are aware of the shadowy figures sitting in on their therapy
sessions: the insurance administrator, the electronic file clerk, the case
reviewer, other doctors within an HMO - even their own co-workers and
supervisors.
For example, in a case documented by the National Coalition of Mental
Health Professionals and Consumers in Commack, N.Y., a patient filed a
psychotherapy claim with the managed-care office of his self-insured
employer.
Shortly afterward, when the man applied for a promotion, it was denied.
Not until much later did he learn, from a subsequent employer, that the
reason he had been passed over was that he was the butt of so much office
gossip: Some clerks in the company's insurance office were reading his
therapist's reports and discussing all the details of his private life.
In another instance, Mark Hudson, 37, who was at the time an employee
of Blue Cross/Blue Shield of Massachusetts, realized that his own privacy
was being compromised when, in the course of a computer training class, he
called his medical record up on the screen.
Hudson was startled to find himself staring at what he believed to be
his confidential psychiatric file.
Last August, two days after testifying for the plaintiffs in a
class-action suit brought against Bay State Health Care - part of Blue
Cross/Blue Shield - Hudson was dismissed from his job.
The Linehan case was resolved somewhat differently.
After she and several other patients went public, the HMO involved
responded swiftly and responsibly.
Within a matter of days, the HMO had partitioned off all psychiatric
files and put a lock on them, making them accessible only to mental health
clinicians and selected medical staff members.
Still, many privacy experts remain concerned about how secure such a
lock on these and any other electronic files might be.
The very manner in which psychological services are now delivered is,
moreover, causing problems not just for patients but for therapists as
well.
It's raising the question of whom the clinician is actually working for
- the patient? The HMO? The fee-for-service insurer? The employer-owned
group insurance plan?
Consider a situation in which the therapist, in order to preserve
patient confidentiality, refuses to disclose information to the
third-party insurers.
The case reviewer would probably decide that the patient's sessions
cannot be approved without sufficient proof that psychotherapy is
"medically necessary and appropriate."
Result: The afflicted person will not be able to get his mental health
benefits.
The therapist is under pressure, too - economic pressure - to meet the
third-party payer's demands for detailed patient information, or perhaps
be dropped from the panel of mental health care providers. (The therapist
has usually signed a contract stating that his services may be terminated
at any time, without any reason given.)
So to earn a living, and get their patients' sessions authorized,
therapists are being forced to release information that under normal
circumstances they would not.
As John Chiaramonte, a clinical social worker, describes the situation:
"These days, you can't just put down the diagnosis - say, `depression.'
No, you have to get very specific."
Legally, there is no impediment to the therapist's release o such
sensitive clinical material - when an individual applies for insurance, he
routinely signs a waiver allowing health car providers to share his
medical information.
Nevertheless, says Chiaramonte, who is vendorship chairman of the New
York State Society for Clinical Social Work, "if patients realized how
much personal information is actually being given out, I think that many
of them would go ballistic ... "
In all fairness, the third-party payers are doing just that - paying.
In the ordinary course of events, an insurer's efforts to verify that
requests for therapy are warranted are certainly legitimate.
Third-party payers also have the right to maintain quality control - to
make sure that the therapists on their provider panel are offering
appropriate, effective treatment.
But why is it that health care insurers and managers, who a mere decade
ago required little confidential information beyond that contained in the
patient's diagnosis, now insist upon becoming privy to so much potentially
damaging personal material?
Can't the third-party payer put a certain cap on the number of sessions
to which a subscriber is entitled, and then simply use the clinician's
diagnosis in order to authorize the patient's treatment?
I put this question to Dr. Saul Feldman, chief executive officer and
chairman of U.S. Behavioral Health, a mental health care and
substance-abuse treatment management organization based in Emeryville,
Calif., which provides services to more than 5.7 million people across the
United States.
He answered by saying that in his view the increased demand for
detailed personal information is part and parcel of what first brought
managed-care organizations into being - the need for a sense of discipline
and accountability, which was lacking in the mental health care field.
"What the managed behavioral health organizations see as their major
responsibility," he told me, "is making sure that patients are getting the
right amount of care in the right places, and that they are making
progress.
"Managed care is itself a reaction to what had been going on for years
- people getting into outpatient therapy and literally spending years
there, with no treatment goals and no concern about the resources being
expended for the treatment."
Simply relying upon the clinician's diagnosis in order to authorize
treatment (with an outside limit on the number of sessions permitted),
Feldman says, is "an excessively rigid" approach to managing mental health
care.
"What we hope will happen - and what is happening - is that as
clinicians begin to focus on cost-effective care, rather than care that's
never ending, their practice patterns will change," he says.
Managed mental health care organizations such as U.S. Behavioral Health
insist upon relatively short-term, goal-focused therapy - and they monitor
the patient's treatment periodically along the way.
Further down the road, care managers want to know how the treatment is
progressing, and finally, at the end of the therapy, to make an overall
assessment of whether those initial goals were achieved.
"In brief," he says, "we're evolving from an emphasis on process to an
emphasis on outcomes."
Not so, says Dr. Denise Nagel, a psychiatrist and president of the
Coalition for Patient Rights of New England.
In her opinion, third-party payers are in the process of managing
psychotherapy right out of existence.
Nagel takes the position that a better middle ground can and must be
found between the insurer's need for documentation and the right of an
individual in psychological pain to seek help withou the threat of
exposure.
Laws can and should be written, Nagel says, to safeguard patient
confidentiality in the face of insurers' ever-mounting demands for
personal information and the headlong advance of computerized
record-keeping.
But a first and crucial order of business is, in her view, simply
bringing these privacy issues into the forefront of our attention.
Certainly, no one disputes the fact that there is a need for clear-cut
standards to control who may have access to sensitive personal
information, and how that information can be used. There is no federal law
that explicitly protects the confidentiality of medical records (although
there is a measure protecting the confidentiality of video rental lists).
And while a patchwork quilt of state-level regulations exists, the
increasing electronic transfer of patient records across state lines has
made such measures extremely difficult to disentangle, much less enforce.
The Bennett-Leahy bill is thus a welcome, well-intentioned first pass
at establishing national standards, and it commands a good deal of
enthusiastic support.
One group, the Washington-based Center for Democracy and Technology,
has been quite prominent in the continuing discussions of the proposed
legislation.
Janlori Goldman, the center's deputy director, said in testimony before
the Senate Labor and Human Resources Committee that the legislation
represents "the most comprehensive and strongest privacy bill the Congress
has yet considered in this area."
Still, the center (which styles itself as a public-interest group) is
heavily financed by a number of large computer, databank and
telecommunications corporations, including Microsoft, AT&T, Equifax, IBM
and TRW.
So you wonder: Are these giant companies truly interested in protecting
our medical privacy or are they interested in legitimizing the
release-for-profit of confidential patient information?
It's important to recognize that immense profits can be reaped from
aggregated medical records, and a number of computer database companies
(Equifax, the huge credit-reporting agency, is in the forefront) are
already moving forward to stake their claims to this highly marketable
information.
An advertising agency handling a pharmaceutical company's account,
might, for example, be interested in knowing the ages and ethnic and
economic backgrounds of the users of a certain anti-depressant.
Or an employer might want to know the medical and psychiatric status of
a potential employee. And insurers could make use of detailed mental
health records to exclude particularly vulnerable applicants from their
pool.
Once such information is on line and accessible, it can be obtained,
for a price, at the touch of a button.
A stated purpose of the Bennett-Leahy bill is "to promote the
efficiency and security of the health information infrastructure so that
members of the health care community may more effectively exchange and
transfer health information in a manner that will insure the
confidentiality of personally identifiable health information."
But the bill's many fierce opponents - including privacy and consumer
groups such as the Justice Resource Health Law Institute, the National
Coalition of Mental Health Professionals and Consumers, the Electronic
Privacy Information Center and the Coalition for Patient Rights - complain
that the bill would facilitate the development of health care databases
containing huge amounts of personal information.
Those with access to this privileged patient information would include
not only the database companies but also a newly created class of "health
information trustees" - insurers, universities, medical researchers,
employers, police and courts, state and federal agencies and others.
As Jay Cutler, special counsel to the American Psychiatric Association,
has said, "It's hard to figure out who wouldn't qualify as a so-called
health trustee."
Indeed, the psychiatric association dubbed the bill the Medical Records
Disclosure Act because it would make access to so much personal,
identifiable patient data legal.
As the association's president-elect, Dr. Herbert Sacks, has observed,
"Establishing a new class of `health trustees' is rather like designating
a special group of `trustworthy foxes' and inviting them to come and set
up shop inside the henhouse."
Perhaps most unnerving of all is a provision on the last page of the
draft currently in circulation stating that "a health information trustee,
or an agent or contractor to such trustee, who makes a disclosure of
protected health information about an individual that is permitted by this
Act shall not be liable to the individual for such disclosure under common
law."
In short, should you suffer injury because your medical privacy has
been violated, you won't have any legal recourse.
What, then, is to be done about what Nagel calls the "hemorrhaging" of
so much privileged personal data?
What seems evident is that the medical records confidentiality bill
must be reworked to be what its name implies - a measure intended to
safeguard the privacy of patients' records.
In January, Massachusetts (in large part as a reaction to the turmoil
generated by the debacle of the Harvard Community Health Plan) enacted a
modest but precedent-setting piece of legislation.
This new law specifically prohibits insurers from demanding detailed
information about their subscribers' life situations and psychiatric
status before granting them their mental health benefits.
The legislation, however, covers only the state mandated benefits - a
rather skimpy $500, which in Massachusetts pays for about six therapy
sessions. A more reasonable figure might be $1,200, which would allow for
12 to 15 sessions.
Still, it's a fine step in the right direction - and others must
follow.
First, we must limit the amount of clinical data that third-party
payers can require of therapists (under the new Massachusetts measure,
insurers can demand no information other than the patient's name,
diagnosis and date and type of treatment until the $500 nondisclosure
ceiling has been reached).
Then we must establish mechanisms for providing a genuinely
confidential review in cases where the insurer disputes the "medical
necessity" of the treatment.
We must require informed consent from patients before their medical
information can be entered into a computerized network.
And finally, we must prohibit the penalizing of doctors and patients
who refuse to disclose unduly sensitive data or who do not want their
medical information filed in data networks.
To be effective, psychotherapy must be based on an assumption of mutual
respect and confidentiality.
If there is a threat that your most intimate confidences may go on
line, who would ever be crazy enough to confide in a therapist?
----