Title: The Myth of Patient Confidentiality
|
November 1999 |
|
| The
Myth of Patient Confidentiality
The word "confidential" has virtually no meaning for medical or
other personal records. The best thing that health privacy rules offer
is the guarantee that further erosions of privacy interests will not take
place without public awareness and debate. If we can stop things from becoming
worse, that will be a significant accomplishment.
Robert Gellman is a Washington, DC-based privacy and information policy consultant and former chief counsel to the House of Representatives subcommittee on information, justice, transportation, and agriculture. In announcing the publication of draft health privacy regulations, President Clinton described the objective of the proposal as protecting the "sanctity of medical records." He said "we owe it to our families to protect their privacy in the most comprehensive way possible." The rhetoric from the President is similar to statements that other politicians and policy makers routinely make about the vital importance of confidentiality in the relationship between physician and patient. There is just one problem. Medical records are not confidential, and they haven't been confidential for decades. In fact, the word "confidential" has virtually no meaning for medical or other personal records. Banks tell customers that depositor records are confidential. But the banks give the records -- without any notice to customers and without customer consent -- to the Internal Revenue Service, credit bureaus, bank regulators, courts, lawyers, auditors, process servers, police, and maybe even telemarketers. Federal law also protects the confidentiality of student records, but the records can still be disclosed without notice or consent to the Secretary of Education, school officials with "legitimate educational interests", the Comptroller General of the United States, state educational authorities, banks in connection with student loan applications, educational researchers, accreditation organizations, and others. Medical records have the same pattern of widespread use. If you are hospitalized, hundreds of hospital employees may see some or all of your records. Records may be shared with labs, x-ray facilities, nursing homes, physical therapists, pharmacists, and others involved in treatment. At each institution, computer operators, lawyers, and accountants can access records. If you have third party insurance, bills will be sent to claims processors and clearinghouses before the bills reach your insurer. If your employer pays for your health insurance, then the employer may be able to obtain your treatment records. Records are also routinely shared with or used by public health authorities, medical researchers, dozens of government agencies at the federal, state, and local levels, schools, courts, fraud and abuse investigators, cost containment managers, outcomes researchers, licensing and accreditation organizations, police, coroners, and others. Some records are routinely sent overseas for transcription. Medical records are simply not confidential. Indeed, of all the records about individuals maintained by third party record keepers -- banks, schools, employers, supermarkets, marketers, credit grantors, government agencies, and others -- medical records are probably the most widely shared. The routine sharing of patient records is an essential feature of the culture of the medical establishment in the United States. Most disclosures occur without notice to patients and without any patient consent. Most individuals are completely unaware of the routine sharing of health records, and even many health professionals still think that records are private. Will privacy legislation help? Maybe. However, just about every community of medical record users has asked for some type of exemption from any health privacy rules. Every user believes that its function is so vital and so important that no barriers to access and use should be erected. Of course, every institution is willing to have a law that applies to others. Everyone believes in privacy. But no one in the user community wants to be affected by a privacy law. Neither the privacy rules announced by the President nor any of the legislative proposals floating around Capitol Hill will make any material change in the routine disclosure of patient records. The proposals establish disclosure rules and procedures, but it is difficult to identify any major set of current disclosures that would be prohibited by proposed laws or regulations. Even stronger rules are likely to make changes only at the margins, although marginal improvements in privacy protection will still be welcome. This is not to say that the regulatory or legislative efforts are useless. We need fair information practices to govern the maintenance, use, and disclosure of medical records. However, we are not going to get anywhere if the goal is to preserve the "sanctity" of the records. We have made too many decisions that require the sharing of records to act like we can preserve the illusion of confidentiality. We need to be more honest with the public. We need to lower expectations. We can no longer promise that medical records will be confidential. We effectively abandoned the notion of confidentiality when we decided to have third party payment for health care, fraud and abuse controls, and public health protections. These and other health care institutions developed without any consideration to the consequences for privacy. The best thing that health privacy rules offer is the guarantee that further erosions of privacy interests will not take place without public awareness and debate. If we can stop things from becoming worse, that will be a significant accomplishment. Another result of privacy rules should be to restrict the current "worst practices". Pharmacies and other providers should be prohibited from giving patient information to marketers without patient consent. Prosecutors should be prevented from making public filings of patient records in fraud and abuse prosecutions of physicians. Employers should be prevented from obtaining medical records for cost containment and then sharing the data with an employee's colleagues or supervisors. These activities fall within a gray zone today, and the lines need to be sharper so that these specific abuses stop. Technology is sometimes cited as the real threat to privacy or as the savior of privacy. The truth is that technology makes things better and worse at the same time. Technology makes it easier to exploit records, and the technological imperative is that anything that can be done profitably must be done. That is the real threat of technology. Activities that were unthinkable, unethical, and unprofitable ten years ago, like marketing, are becoming more routine because technology allows for easy manipulation of data and because the activities promise profits. Health plans and even some health care providers are happy to share records for the right price. At the same time, however, we can also use technology to provide greater protection for records. Electronic records permit the sharing of information by the byte rather than the megabyte. Computers make it easier to slice and dice electronic records so that users can receive only the data fields that they really need, and identifying information can be left behind. It would be wonderful to conclude that technology allows for the greater use of deidentified records. That would be the free lunch of health privacy -- more record sharing without any threat to patient privacy. To some extent, better information technology may help to limit data
sharing, but a free lunch is highly unlikely. So much data about individuals
is available in public and private files that almost all patients can be
identified no matter how much detail is removed from their records. The
nonidentifiable patient record, like health confidentiality itself, is
a privacy myth. But it is a myth to be debunked on another day.
Released: November 22, 1999
© Copyright 1999. Robert Gellman. |
Next
Insight Essay |