[Med-privacy] Coalition for Patient Rights White Paper
Peter Marshall
techdiff@ix.netcom.com
Wed, 30 Aug 2000 09:15:33 +0000
Recommendations and Conclusion
While there are a variety of beneficial uses of medical records,=
when one
reviews them all together, it is staggering just how many person=
s, agencies
and interests are permitted access to and use of patients=92 pri=
vate medical
records. The public has become increasingly distrustful of a var=
iety
of social
institutions, including government, employers, and insurers, as =
a
result of
the exploitation of their medical records and medical informatio=
n. This
distrust undermines the goals of providing health care in a numb=
er of ways,
including less than full candor by patients to their providers, =
deliberate
deception by patients of providers, and avoidance strategies, al=
l of which
result not only in lower quality health care for the patients
themselves, but in
lower quality data in the medical records. Through the increment=
al
encroachment on and dismantling of the privacy of medical record=
s
over the
years, our society has lost respect for the autonomy of each per=
son to
determine for themselves what projects and practices they wish t=
o participate
in. We have traded bit by bit our respect for privacy for the
incremental goods
of violating it=97goods that are often as much private and propr=
ietary
as they
are public.
The National Coalition for Patient Rights believes that nothing =
short
of a
radical rethinking of the confidentiality of the medical record =
and
respect for
patient privacy is in order. With the exception of genuine publi=
c health
investigations, all secondary interests in accessing the medical=
record must
submit to the sovereignty of the individual to determine for him=
or herself
what uses of the medical record are appropriate. This can be acc=
omplished
only by means of federal legislation which sets a legislative fl=
oor that
guarantees to all citizens a right to the privacy of their medic=
al information.
Following from the discussion in the previous chapter, we recomm=
end that
such legislation should include the following provisions.
Recommendation 1: Medical records sho=
uld be
maintained as confidential and privat=
e for the
purpose of the clinical benefits of t=
he patient.
Disclosure of medical records outside=
the context
of clinical care requires the consent=
of the
patient.
Patients
Medical information varies in sensitivity. Mental health records=
and genetic
information are especially sensitive for a variety of reasons, b=
ut
patients in
general medical care settings often disclose facts about themsel=
ves
and their
behavior that can be embarrassing or even harmful to their inter=
ests if
disclosed outside the provider-patient relationship. Patients sh=
ould
have the
choice to determine what information in their records is especia=
lly sensitive,
and to seal that information from the many interests which may g=
ain access
to their records, including other health care providers, insurer=
s, employers
and others. Without the ability to protect such information as
physician and
psychotherapy notes and genetic testing information, patients wi=
ll
speak with
much less candor to their providers or avoid medical care and te=
sting
altogether.
An important problem arises when patients wish to hide from othe=
r
providers their psychiatric conditions by not disclosing their p=
sychiatric
medications. This can pose a risk to patient safety, since some
medications can
result in dangerous interactions with other drugs. Psychiatrists=
should
counsel their patients on such dangers, but the decision should
remain with
competent patients what information is disclosed to other medica=
l care
providers. Just as patients who seek to leave a hospital against=
medical advice
are required to sign a form acknowledging that they have been wa=
rned
of the
dangers, so too should patients refusing to disclose medications=
to other
providers be required to sign such an acknowledgment. =
Recommendation 2: The right of patien=
ts to
determine what information in their m=
edical
records is shared with other provider=
s and other
institutions and agencies should be r=
ecognized
both by law and by institutional poli=
cy. Patients
who wish not to disclose medical
information to
other health care providers that may =
be
important in their medical care shoul=
d be
counseled about the risks of nondiscl=
osure and
sign an acknowledgement of their bein=
g warned.
A fundamental tenet of any informational privacy protection (no =
matter
what the context) is allowing the person about whom information =
is
collected, used and stored rights of access, amendment, and
correction of the
information contained in the records others maintain about them.=
This is
particularly crucial in the medical context, where others=92 acc=
ess to personal
medical information can have a significant impact on an individu=
al=92s life.
Patients cannot possibly give informed consent to the use of the=
ir
records for
any of the variety of purposes from research to insurance
underwriting, if
they cannot easily and quickly find out what is contained in the=
ir
records and
correct any mistaken information. Given the fact that only 28 st=
ates allow
some level of patient access to their records, Federal medical p=
rivacy
legislation must grant patients rights to access, amend and corr=
ect their
medical records. =
Recommendation 3: Patient=92s should =
have the
legal right to review and copy their =
medical
records. Patient access to medical re=
cords should
be facilitated by providers, and char=
ges to
patients limited to the cost of copyi=
ng.
Institutions should develop clear pol=
icies and
procedures for patients to correct an=
d amend
errors in the medical record. Patient=
s should
have the right to review the audit tr=
ails
of who
have accessed their medical records a=
nd
for what
purposes.
Insurance and Managed Care
It is clearly inadequate for third party payers to require patie=
nts
to sign
nonspecific "consent" forms to authorize payment. Out of deferen=
ce to
patients, and to be consistent with traditional fair information=
practices,
insurers and third party payers should provide enough informatio=
n and
options to patients to facilitate making informed choices. Above=
all, patients
should not be coerced into "consenting" to the wide variety of
additional uses
of medical records as a condition of obtaining insurance coverag=
e in
the first
place. Additionally, in any and all cases, only the minimal amou=
nt of
information necessary to process a claim is all that should be
requested. There
is no good rationale for routinely demanding the entire record o=
f every
encounter to process claims, simply because they are available.
A disturbing trend in the management of medical care is the rise=
of "disease
management programs." Patients are frequently enrolled in these =
programs
without their or their physician=92s knowledge or consent. Disea=
se
management programs are often contracted out to various firms by=
the
managed care organization or the patient=92s employer, and many
programs are
sponsored by pharmaceutical manufacturers as a way to promote th=
e use of
their products. While the concept of disease management can be u=
seful in
clinical care if administered through the patient=92s own physic=
ian and
with the
patient=92s own consent, the current practices of disease manage=
ment amount
to little more that outsourced medical care and in many cases, s=
hould raise
questions of conflicts of interest for the drug manufacturers.
Recommendation 4: Third party payers =
of
medical services should be required t=
o
specify in
advance the medical information they
require to
assess claims and manage medical care=
=2E Public
notice should be made to patients of =
the
kinds of
medical information that will be requ=
ested from
their providers. Physician notes shou=
ld not
routinely be disclosed to third party=
payers, and,
consistent with the Supreme Court=92s=
decision in
Jaffe v. Redmond, psychotherapist not=
es should
never be disclosed to third party pay=
ers. Patient
consent should be required before med=
ical
records are transferred to or patient=
s are enrolled
in disease management programs. Disea=
se
management programs should be based o=
n
sound clinical research and arranged =
through
the patient's own health care provide=
r.
Personal medical information does not lose any of its sensitivit=
y
because it no
longer resides with the primary clinical provider. Indeed, it co=
uld
be argued
that personal medical information is even more "sensitive" when =
it is
outside the custody of direct clinical providers because
traditionally, the
ethical duty to protect the confidentiality of the clinical
relationship (and the
resulting information, documented in the medical record) is not =
seen
as the
primary duty of the third party payers. However, this sort of
practice must
change if quality patient care is to continue to be the long-ter=
m
goal. As such,
third party payers must be held to the same levels of accountabi=
lity of
confidentiality and privacy protection as have clinical personne=
l.
Recommendation 5: Third party payers =
should
be held accountable to the same stand=
ards of
privacy and confidentiality as are me=
dical care
providers. Third party payers should =
be limited
in their use of medical records to th=
e terms
specified in the patient consent to r=
elease
medical records. No disclosure by thi=
rd party
payers to any other party may be made=
without
the written freely given consent of t=
he patient,
i.e., participation in the health pla=
n or other
benefits should not be contingent upo=
n patient
consent to further disclosures. Patie=
nts
of third
party medical payers should have the =
right to
review and copy the medical records h=
eld by
these organizations, and to review th=
e
logs of
who has had access to their records a=
nd
for what
purposes. Third party payers should e=
stablish
procedures for patients to correct er=
rors
in their
medical information.
Special problems arise for psychiatric and psychotherapy records=
in the
context of managed care and insurers in general. Managed care pr=
oviders
often require copies of the entire medical record of mental heal=
th patients
including therapist notes on psychotherapy sessions. The
confidentiality of
the psychotherapeutic relationship was recently reaffirmed in th=
e
case of
Jaffee v. Redmond, in which the Supreme Court declared that "(1)=
such a
privilege (a) serves important private interests by fostering an=
atmosphere of
confidence and trust, and (b) serves the public interest by
facilitating the
provision of appropriate treatment for persons suffering the eff=
ects
of a
mental or emotional problem, the mental health of the citizenry =
being a
public good of transcendental importance." By the same reasoning=
, we have
argued in the previous section that the interests of third party=
payers, and
virtually all other interests, must submit to the sanctity of th=
e therapeutic
relationship and the consequent privacy of the medical record. T=
he only
exceptions to this principle should be for cases in which a pati=
ent
poses an
imminent threat of harm to other persons. But in the latter case=
, the
duty of
disclosure rests upon the provider and does not involve the medi=
cal or
psychiatric record itself.
Recommendation 6: The psychotherapeut=
ic
relationship is of such sensitivity a=
s to require
special recognition as a domain of ab=
solute
privacy. Records and notes of psychot=
herapy
sessions should always remain confide=
ntial and
third parties should be prohibited by=
law from
demanding their disclosure for any re=
ason. For
reimbursement purposes, only the mini=
mal
amount of information should be discl=
osed to
process claims.
Biomedical Research
The National Coalition for Patient Rights is strongly committed =
to the
benefits and values of biomedical research. Current debates on a=
ccess to
medical records for research purposes typically pit the social
benefits of
research against the benefits of respecting patient privacy and
autonomy by
requiring the informed consent of patients for such research. We=
believe this
is in large measure a false opposition for two reasons:
1) Trading patient privacy for social good treats patient privac=
y as a
commodity which can be sacrificed for competing goods and intere=
sts,
whereas we find that patient privacy is a fundamental norm groun=
ded upon
the respect for patient autonomy. Respect for the autonomy of
patients cannot
be balanced against or otherwise exchanged for other goods. =
2) Patient privacy and the public good do not need to compete wi=
th each
other. Indeed, there is a viable and practical solution that res=
pects patient
privacy and autonomy, and allows much of biomedical research to =
proceed
without the sometimes onerous task of obtaining informed consent=
from
individual patients whose records may be reviewed. The National
Commission, whose recommendations the Department of Health, Educ=
ation
and Welfare (HEW) was required by law to promulgate as federal r=
egulations,
arrived at a perfectly valid solution to this problem in 1978, b=
ut
which HEW
and subsequently the Department of Health and Human Services (HH=
S)
ignored. The National Commission believed that the protection of=
patient
privacy was of sufficient concern to warrant IRB review of all
research which
involved the review of medical records (or the analysis of exces=
s pathological
tissues specimens generated in the course of clinical care). But=
the National
Commission also recognized the difficulties of obtaining informe=
d consent
from each patient for each research use of their records, often =
years
after they
have left a health care institution or provider. Thus the Nation=
al
Commission recommended that patients be given the opportunity up=
on
admission to opt in or opt out of the research use of their medi=
cal records
(and tissue specimens). We note that had the National Commission=
=92s
recommendations been followed by HEW/HHS, the problem of the res=
earch
use of patient records without consent would have been solved in=
1981 with
the promulgation of the current regulations, and the vast quanti=
ty of those
records would today be open to biomedical researchers in a manne=
r that
respects patient privacy and autonomy.
As per our discussion in the previous chapter, we believe the Na=
tional
Commission=92s model to be an excellent basis from which to work=
=2E Federal
regulations should require that each patient be given the opport=
unity to
delegate their consent for the use of medical records in biomedi=
cal research
to a Medical Records Review Board (MRRB) or similar entity,
constituted by
a majority of community members, who may make judgments on the
propriety and purposes of the research that seeks to access pati=
ents=92 medical
records. We do not envision the MRRB would function as an additi=
onal layer
of review of general biomedical research, which often involves t=
he
review of
patient records in conjunction with research related clinical te=
sting and
treatment. Rather, the MRRB would relieve IRBs of the burden of =
reviewing
those research protocols that involve only the review of medical=
records,
protocols which are currently either exempted from IRB review, o=
r to which
IRBs often give scant attention under the pressure of increasing=
work loads.
Recommendation 7: Research involving
medical records must either be conduc=
ted with
the freely given informed consent of
patients, or
with blanket consent which delegates =
to a
Medical Records Review Board (MRRB) t=
he
authority to waive further consent. T=
he MRRB
should be constituted by at least a
majority of
community members (individuals not
employed by or otherwise affiliated w=
ith the
institution) in addition to appropria=
te scientific,
medical and allied health personnel a=
nd
administered by the Medical Records T=
rustee.
MRRB decisions not to grant a waiver =
of
informed consent should be final. The=
MRRB
should insure that the confidentialit=
y of patient
information is protected as it passes=
through a
research protocol, that the informati=
on is not
used for other purposes without expli=
cit MRRB
approval, and that the purposes of
research will
not be reasonably objectionable to th=
e patient
populations involved.
Health Services Research
Unlike much biomedical research, most health services research (=
i.e., research
done by managed care organizations, insurers and government agen=
cies) that
pertains to specific institutions, programs, outcomes, quality
assurance and
quality improvement, is carried out with no regulatory or ethica=
l
oversight to
ensure that patients=92 interests, rights, and welfare are prote=
cted.
The same
regulations which apply to biomedical research involving medical=
records
should apply to health services research, whether the institutio=
n is
a private
or public agency (irrespective of the receipt of federal funding=
),
and that those
regulations should be strengthened as per the recommendations ma=
de
here. =
Recommendation 8: All health services=
research that relies on personal medi=
cal
information should be reviewed, appro=
ved, and
overseen by an institutional Medical =
Records
Review Board, with the Medical Record=
s Trustee
being the main point of contact for b=
oth patients
seeking information about these
research/evaluation projects, and for=
those
people conducting the research and/or=
evaluation projects. =
Clinical Personnel
We have shown in the preceding analysis that the relationship be=
tween
clinical personnel and the patient forms the bedrock for the ent=
ire
health care
system, and often provides patients with their only direct
interaction with
that system. Without the assurance that these clinical personnel=
will
serve as
their advocates within that system, patients will be reluctant t=
o
interact any
more than is absolutely necessary. A crucial component of that
advocacy is
the protecting the confidentiality of the medical record.
Recommendation 9: Each clinical insti=
tution
maintaining medical records has the
responsibility to safeguard their con=
fidentiality
by minimizing access to medical recor=
ds to those
individuals whose "need to know" is o=
f clinical
benefit to the patient or is otherwis=
e consented
to by the patient. Institutions shoul=
d employ
encryption schemes and password prote=
ction,
and log each access to or modificatio=
n of the
medical record (e.g., computerized au=
dit trails).
Institutions should develop auditing =
programs
to ensure that access to and use of m=
edical
records is appropriate and take appro=
priate
punitive measures when it is not. Pat=
ients
should have the right to limit access=
to
particularly sensitive information.
It is not enough, however, to require that medical record
confidentiality must
be protected. There must be someone within each health care inst=
itution
whose function it is to ensure the confidentiality of medical
records: a
Medical Records Trustee. The Medical Records Trustee should be r=
esponsible
for implementing, overseeing, and enforcing institutional polici=
es and
procedures to protect patient privacy and ensuring compliance wi=
th
state and
federal regulation. This person should act in concert with other=
institutional
personnel, and should serve as the patient=92s main point of con=
tact on medical
record confidentiality issues.
Recommendation 10: Each health care
institution maintaining medical recor=
ds or
medical information should designate =
a
"Medical Records Trustee" responsible=
for
promulgating and enforcing institutio=
nal
confidentiality and privacy policies,=
and
ensuring compliance with the law. The=
Medical
Records Trustee shall be the final re=
sponsible
authority for granting any and all ac=
cess to
medical records and information withi=
n the
institution. The Medical Records Trus=
tee should
also be responsible for making
notification to
patients and the general public of th=
e
institution=92s policies for protecti=
ng patient
privacy and confidentiality of their =
medical
records.
Public Health
The National Coalition for Patient Rights strongly supports publ=
ic health
reporting when imminent danger to health is a real possibility.
Moreover, all
but three states have privacy protections in place for general p=
ublic health
data (Gostin 1996), and most allow for criminal and/or civil
sanctions for
impermissible disclosures. Because of the serious risks of not
gaining access to
relevant personal medical records for disease outbreak
investigations, the
standards in place for this purpose are necessarily exceptional.=
These
exceptions do not extend, however, to routine public health surv=
eillance
using personal medical records.
Recommendation 11: Public health
investigations in which an imminent d=
anger to
the health of individuals or communit=
ies
is at
stake, should be permitted to access =
private
medical records as necessary and as
provided for
under current law. The consent of pat=
ients
is not
necessary, but patients should be not=
ified
by their
providers that their records may be o=
pened to
public health authorities. When provi=
ders make
legally mandated disclosures to publi=
c health
authorities they should be required t=
o inform
the patient of this requirement at th=
e
time the
condition is discovered.
Employers
Special considerations must be taken into account when addressin=
g
access by
employers to their employees=92 medical information, particularl=
y where the
employer self-insures (i.e., as provided for under the Employee =
Retirement
Income Security Act=97ERISA). Employees are in a particularly vu=
lnerable
position vis-=E0-vis their employers, since the employer provide=
s the
employees=92 livelihood. Because of this vulnerability, employer=
s must
be held
to a high standard regarding the access to personal identifiable=
medical
information of their employees.
Recommendation 12: In general, employ=
ers
should not have access to clinical me=
dical
records. These records should be
segregated from
all other personnel-related informati=
on,
and be
used only in the benefits determinati=
on process
(and only where the employer is a sel=
f-insurer).
Employers should be barred from using=
this
information for employment, promotion=
and
other personnel decisions, and provid=
e
notification to all employees and pro=
spective
employees of what information they co=
llect and
for what purposes. Employers with acc=
ess to
medical records should be barred from=
disclosing
this information to other parties, an=
d should
maintain audit trails of who has acce=
ssed the
records and for what purposes, and ma=
de
available to the employees.
Administrative functions of the hospital or health care institut=
ion
While it is important that health care institutions have policie=
s and
procedures in place and publicly available to address clinical u=
ses
of personal
medical information, it is equally important that there be publi=
shed policies
and procedures governing the administrative uses of medical
information. In
the case of these administrative functions, the use of anonymous=
data should
be the rule, not the exception. In all cases, the information us=
e
policies and
procedures should be readily and publicly available to all curre=
nt and
prospective patients.
Recommendation 13: Health care instit=
utions
maintaining medical records should no=
tify the
public and patients individually of t=
he offices
and functions which have access to th=
eir medical
records. Institutions should also pro=
minently
display their policies on maintaining=
confidentiality of medical records. T=
he name,
address, and phone number of the Medi=
cal
Records Trustee should be provided to=
all
patients.
Aggregation of Medical Data
The federal government and various private sector consortia are =
pursuing
several strategies that would permit medical information from di=
fferent
providers on each patient to be linked together. The Unique Pati=
ent
Identifier, a proposal by the Secretary of HHS pursuant to the H=
ealth
Information Portability and Accountability Act, would require th=
at each
patient be designated by a unique identifier, and that each medi=
cal encounter
(regardless of who pays for it) would be required to use this un=
ique identifier.
This requirement would allow both public and private interests t=
o collate
medical records from all providers of medical services on each p=
atient.
Medical records would thus always be linked and provided the ele=
ctronic
infrastructure by which medical records can be shared, the entir=
ety
of a
patient=92s medical history would be available to the large vari=
ety of interests
which seek access to medical records. Other proposals, such as t=
he Master
Patient Index, or other national or regional medical records
databases all
would have the same outcome.
Such systems violate the liberty of patients to each determine f=
or themselves
who shall see their medical records and for what purposes. Such
systems will
inevitably expose most patients to irrevocable harm when such va=
st amounts
of medical information can be collated together. Without the fre=
edom and
ability to control access to their medical records, patients wil=
l
continue to lose
trust in their health care providers and institutions, and this =
will work
against both the quality of medical care and the quality of the =
data contained
in the medical records themselves. The decision of what medical =
information
is linked together should rest with the patient. Establishing an=
automatic
system whereby all the medical information on each patient is li=
nked
together and easily accessible in essence creates a national med=
ical
information tax on each medical care transaction, payable to any=
and all
parties which are able to justify their access to the national m=
edical
information database.
Recommendation 14: Proposals to creat=
e
systems designed to link private medi=
cal
information or otherwise collate medi=
cal record
information, such as the Unique Patie=
nt
Identifier or the Master Patient Inde=
x,
should not
be implemented without explicit patie=
nt
informed consent. Patients should alw=
ays have
the freedom to determine for themselv=
es what
medical information may be collated t=
ogether
and for what purposes.
Law Enforcement =
Recommendations by HHS Secretary Shalala pursuant to HIPAA would=
permit virtually any law enforcement officer to demand and recei=
ve any
medical records from any health care provider or institution wit=
hout court
order or notification of the patients themselves. This recommend=
ation
and a
variety of legislative proposals over the past several years sta=
nd in stark
contrast to the Supreme Court=92s decision in Jaffee v. Redmond =
where the
Court recognized that the public good is best served by protecti=
ng the
confidentiality of mental health records, in spite of the immedi=
ate
benefits to
individuals or society in discovering them. We feel strongly tha=
t law
enforcement access to medical records should be governed by the =
same
standards of other information gathered in the course of crimina=
l
investigations, namely, a court order. The potential for the abu=
se by law
enforcement agencies and personnel is far too great if they are =
given
unrestricted access to medical records.
A limited exception to this general principle should be in the c=
ase
of health
care fraud investigations. We recognize that payers of medical s=
ervices,
whether they be public or private, must have some means for audi=
ting and
maintaining accountability. In such cases, however, anonymous re=
cords
should be used whenever possible, and access to private medical =
information
should be as minimally intrusive as possible.
Recommendation 15: Law enforcement ac=
cess
to medical records should be limited =
to court
order. When records are thus obtained=
, they
should contain only the minimal amoun=
t of
information necessary to fulfill the
purpose for
which they were sought. Moreover, law=
enforcement officials should maintain=
the
confidentiality of the information th=
ey obtain,
and should only allow the least numbe=
r of
people access as is absolutely necess=
ary.
Under no
circumstances should personal medical=
records
become part of an open court record, =
where the
patients are not a parties to the cou=
rt proceeding.
In the limited case of health care fr=
aud
investigations, anonymous records sho=
uld be
used to assess patterns of fraudulent=
billing, with
identified information used only wher=
e specific
instances of fraud are suspected.
Marketing and Commercial Interests
The sale and use of medical information for marketing and other =
purposes
not only uses private medical information for purposes beyond th=
e direct
benefit of the patient, but may well use this information in way=
s
that are
contrary to patient interests. Commercial uses of medical record=
s have
developed in the absence of close governmental scrutiny of these=
practices
and has been made possible by the increasing computerization of =
medical
records. Allowing commercial interests access to medical records=
without
patient consent undermines patient trust and disrespects their
autonomy, and
should be prohibited by law.
Recommendation 16: The buying and sel=
ling of
medical records or information derive=
d from
them, and the use of these records fo=
r any
marketing purposes, including disease=
management programs, without the free=
ly given
informed consent of the patient, shou=
ld be
prohibited by law and institutional p=
olicy.
The National Coalition for Patient Rights believes that this set=
of
recommendations outlines a set of fair information practices tha=
t
should be
observed by institutions and agencies, public or private, that
collect, maintain
or produce medical records. Codifying these recommendations into=
federal
and state legislation would establish patient rights to privacy =
and the
confidentiality of their medical information, and thereby protec=
t patients
from a variety of possible abuses of their medical information. =
But most
importantly, these recommendations would establish a framework o=
f trust
between patient and health care provider that will ensure both
quality health
care delivery and quality medical data for those legitimate and =
authorized
uses medical records.