[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
essay: "The Myth of Patient Confidentiality" (resend)
November 1999
The Myth of Patient Confidentiality
The word "confidential" has virtually no meaning for medical or
other personal records. The best thing that health privacy rules
offer is the guarantee that further erosions of privacy interests
will not take place without public awareness and debate. If we can
stop things from becoming worse, that will be a significant
accomplishment.
Robert Gellman
rgellman@cais.com
Robert Gellman is a Washington, DC-based privacy and
information policy consultant and former chief counsel
to the House of Representatives subcommittee on
information, justice, transportation, and agriculture.
In announcing the publication of draft health privacy regulations,
President Clinton described the objective of the proposal as
protecting the "sanctity of medical records." He said "we owe it
to our families to protect their privacy in the most comprehensive
way possible." The rhetoric from the President is similar to
statements that other politicians and policy makers routinely make
about the vital importance of confidentiality in the relationship
between physician and patient.
There is just one problem. Medical records are not confidential,
and they haven't been confidential for decades.
In fact, the word "confidential" has virtually no meaning for
medical or other personal records. Banks tell customers that
depositor records are confidential. But the banks give the records
-- without any notice to customers and without customer consent --
to the Internal Revenue Service, credit bureaus, bank regulators,
courts, lawyers, auditors, process servers, police, and maybe even
telemarketers. Federal law also protects the confidentiality of
student records, but the records can still be disclosed without
notice or consent to the Secretary of Education, school officials
with "legitimate educational interests", the Comptroller General
of the United States, state educational authorities, banks in
connection with student loan applications, educational
researchers, accreditation organizations, and others.
Medical records have the same pattern of widespread use. If you
are hospitalized, hundreds of hospital employees may see some or
all of your records. Records may be shared with labs, x-ray
facilities, nursing homes, physical therapists, pharmacists, and
others involved in treatment. At each institution, computer
operators, lawyers, and accountants can access records. If you
have third party insurance, bills will be sent to claims
processors and clearinghouses before the bills reach your insurer.
If your employer pays for your health insurance, then the employer
may be able to obtain your treatment records. Records are also
routinely shared with or used by public health authorities,
medical researchers, dozens of government agencies at the federal,
state, and local levels, schools, courts, fraud and abuse
investigators, cost containment managers, outcomes researchers,
licensing and accreditation organizations, police, coroners, and
others. Some records are routinely sent overseas for
transcription.
Medical records are simply not confidential. Indeed, of all the
records about individuals maintained by third party record keepers
-- banks, schools, employers, supermarkets, marketers, credit
grantors, government agencies, and others -- medical records are
probably the most widely shared. The routine sharing of patient
records is an essential feature of the culture of the medical
establishment in the United States. Most disclosures occur without
notice to patients and without any patient consent. Most
individuals are completely unaware of the routine sharing of
health records, and even many health professionals still think
that records are private.
Will privacy legislation help? Maybe. However, just about every
community of medical record users has asked for some type of
exemption from any health privacy rules. Every user believes that
its function is so vital and so important that no barriers to
access and use should be erected. Of course, every institution is
willing to have a law that applies to others. Everyone believes in
privacy. But no one in the user community wants to be affected by
a privacy law.
Neither the privacy rules announced by the President nor any of
the legislative proposals floating around Capitol Hill will make
any material change in the routine disclosure of patient records.
The proposals establish disclosure rules and procedures, but it is
difficult to identify any major set of current disclosures that
would be prohibited by proposed laws or regulations. Even stronger
rules are likely to make changes only at the margins, although
marginal improvements in privacy protection will still be
welcome.
This is not to say that the regulatory or legislative efforts are
useless. We need fair information practices to govern the
maintenance, use, and disclosure of medical records. However, we
are not going to get anywhere if the goal is to preserve the
"sanctity" of the records. We have made too many decisions that
require the sharing of records to act like we can preserve the
illusion of confidentiality. We need to be more honest with the
public. We need to lower expectations.
We can no longer promise that medical records will be
confidential. We effectively abandoned the notion of
confidentiality when we decided to have third party payment for
health care, fraud and abuse controls, and public health
protections. These and other health care institutions developed
without any consideration to the consequences for privacy. The
best thing that health privacy rules offer is the guarantee that
further erosions of privacy interests will not take place without
public awareness and debate. If we can stop things from becoming
worse, that will be a significant accomplishment.
Another result of privacy rules should be to restrict the current
"worst practices". Pharmacies and other providers should be
prohibited from giving patient information to marketers without
patient consent. Prosecutors should be prevented from making
public filings of patient records in fraud and abuse prosecutions
of physicians. Employers should be prevented from obtaining
medical records for cost containment and then sharing the data
with an employee's colleagues or supervisors. These activities
fall within a gray zone today, and the lines need to be sharper so
that these specific abuses stop.
Technology is sometimes cited as the real threat to privacy or as
the savior of privacy. The truth is that technology makes things
better and worse at the same time. Technology makes it easier to
exploit records, and the technological imperative is that anything
that can be done profitably must be done. That is the real threat
of technology. Activities that were unthinkable, unethical, and
unprofitable ten years ago, like marketing, are becoming more
routine because technology allows for easy manipulation of data
and because the activities promise profits. Health plans and even
some health care providers are happy to share records for the
right price.
At the same time, however, we can also use technology to provide
greater protection for records. Electronic records permit the
sharing of information by the byte rather than the megabyte.
Computers make it easier to slice and dice electronic records so
that users can receive only the data fields that they really need,
and identifying information can be left behind. It would be
wonderful to conclude that technology allows for the greater use
of deidentified records. That would be the free lunch of health
privacy -- more record sharing without any threat to patient
privacy.
To some extent, better information technology may help to limit
data sharing, but a free lunch is highly unlikely. So much data
about individuals is available in public and private files that
almost all patients can be identified no matter how much detail is
removed from their records. The nonidentifiable patient record,
like health confidentiality itself, is a privacy myth. But it is a
myth to be debunked on another day.
Released: November 22, 1999
iMP Magazine,
http://www.cisp.org/imp/november_99/11_99gellman-insight.htm
© Copyright 1999. Robert Gellman.