CFP'93 - Medical Records, Privacy and Health Care Reform
by Sheri Alpert
(Note: This paper is excerpted from a larger work in progress)
Without federal laws to protect the privacy of patients and the confidentiality of medical records, efforts to reform the nation's health care system will not be fully successful. With the exception of records relating to mental health and drug and alcohol abuse or records in the custody of the federal government, there are no federal laws to protect the confidentiality of medical records. Only a handful of states have adopted any laws to protect these records, but they vary in scope and applicability, and often contain provisions more favorable to information exchange than to patient privacy. In fact, video rental records are afforded more federal protection than are medical records. As current federal law stands, while the unauthorized disclosure of medical records may be ethically reprehensible, in the majority of states in this country, it is not illegal.
This lack of legal status for medical records has led to a situation in which people cannot be certain that the personal medical information they share with a care provider will remain confidential. This uncertainty on the part of the patient could undermine a physician's ability to provide treatment, because the patient may be reluctant to provide information crucial to his or her care.
The introduction of vast computerized data bases (as are being proposed under several of the health care reform proposals) could further exacerbate this situation, because care providers may have even less ability to ensure the confidentiality of patient information. Federal laws to protect the confidentiality of medical records, regardless of the medium in which they occur, will become even more crucial to the integrity of our health care delivery system.
Federal Laws Regarding the Confidentiality of Medical Records
In 1974, the Privacy Act became law in the United States. It encompassed a code of five fair information practices that had been set forth in the 1973 report "Records, Computers, and the Rights of Citizens" (U.S. Department of Health, Education, and Welfare, Secretary's Advisory Committee on Automated Personal Data Systems1). The Privacy Act of 1974 recognizes the legal status of records in the custody of the federal government and delineates the rights individuals have with respect to those records. (It has been estimated that only about 5% of the medical data banks in the United States are covered by the Privacy Act.2) It does not cover any other government entities such as states and localities (with one exception) or private sector entities. In addition the Privacy Act allows other uses of these records, if the purpose of the use is consistent with the reason the information was collected. This can (and does) lead to disclosures of personal information to other entities.
The Privacy Act created a Privacy Protection Study Commission which, in 1977, made several recommendations for federal legislation to protect public and private sector records, including medical records. They articulated three objectives for effective privacy protection, upon which all their recommendations were grounded:
- ...to create a proper balance between what an individual is expected to divulge to a record-keeping organization and what he seeks in return (to minimize intrusiveness); to open up record-keeping operations in ways that will minimize the extent to which recorded information about an individual is itself a source of unfairness in any decision about him made on the basis of it (to maximize fairness); and to create and define obligations with respect to the uses and disclosures that will be made of recorded information about an individual (to create legitimate, enforceable expectations of confidentiality).3
According to a report issued by the U.S. Department of Health and Human Services,
...the regulatory framework governing providers' disclosure of patient
identifiable health information is flawed. It dictates different disclosure
rules for different types of providers.
...When protection is available, the remedy may be counterproductive. It usually cannot be obtained without litigation, an after-the-fact, costly process that might produce damages but typically will not prevent disclosure of the information. Also, patients have no workable way to "police" information practices to ensure that disclosure rules are being followed.6
- ...the outward flow of medical data...has enormous impact on people's lives. It affects decisions on whether they are hired or fired; whether they can secure business licenses and life insurance; whether they are permitted to drive cars; whether they are placed under police surveillance or labelled a security risk; or even whether they can get nominated for and elected to political office.7
There is usually an enormous amount of personal information in a medical record, some of which can be quite sensitive. Aside from the patient's name, address, age, and next of kin, there also may be names of parents; date and place of birth; marital status; religion; history of military service; Social Security Number; name of insurer; complaints and diagnosis; past medical, social, and family history; previous and current treatments; an inventory of the condition of each body system; medications taken now and in the past; use of alcohol and tobacco; diagnostic tests administered; findings; reactions; and incidents.8 Clearly, medical records contain extensive amounts of information that has non-medical uses.
One of the most fundamental aspects of the relationship between a patient and health care provider is the provider's obligation to maintain health information in a confidential manner. That obligation, which is defined by statute, common law and professional ethics, is static. It does not change with the medium of health information transmission or storage, whether paper or electronic. The provider's ability to carry out its obligation to ensure that confidentiality is maintained, however, can be greatly affected by use of the electronic medium to store and transmit health information.9
The Administrative Savings Features of the Reform Proposals
As stated earlier, most of the health care reform proposals rely heavily on computer technology to facilitate the flow of medical records. Most of the proposals envision establishing a comprehensive electronic "cradle to grave" medical file on every individual in the United States covered by health insurance (presumably most all Americans). These files would be contained in one or more enormous data bases. Additionally, the proposals will introduce the use of "electronic" or "smart" cards to allow care providers to access a patient's medical information via vast telecommunications networks. The magnitude of the proposed application of this technology is untried and unproven in this country. However, sufficient information is known about the capabilities of the technologies to warrant careful examination of their use in this proposed application, particularly given the enormity of the intended scope of the application.
Because there are so few federal legal protections and inconsistent state protections for medical records, federal protections should be placed on the collection, use, storage, disclosure of and access to all medical records prior to or as a concurrent effort with health care reform. These legal protections should be explicit and:
- delineate the rights patients have with respect to their own medical
information (i.e., their rights to access, amend and correct errors in their
records, and have any control over others' access to their records);
- define the responsibilities (ethical and legal) of those with legitimate
authorization to access personal medical information;
- delineate the types of allowable and prohibited uses of personal medical
information (e.g., in statistical research, for billing and insurance purposes,
in employment situations, etc.) and provide for an enforcement mechanism;
- provide for a limited patient authorization for the use and disclosure of
medical record information (to include specific references to the records
subject to the authorization, the parties allowed access, an expiration date for
the authorization, and a right to revoke that authorization);
- establish medical record retention schedules for each class of information
recipient (i.e., physicians, hospitals, insurers, researchers, auditors, etc.),
particularly where patient identifiers are attached to the information;
- require notice of information record use practices, to include publishing
information about the existence of health care data banks, and where and how
patients can get access to their medical records;
- establish a totally unique patient identification scheme that prohibits all
other uses not directly related to the provision of medical care;
- limit employers ability to see individual employee medical records and use
them to make adverse decisions about the employee;
- prohibit the marketing of medical data;
- require extensive recordkeeping to track all disclosures of personal medical
information (i.e., whose records are released; a copy of the signed patient
authorization for such release; names and addresses of the recipients of the
records; the reason for the disclosure, such as billing, providing direct
medical care, research, etc.);
- establish civil and criminal penalties for prohibited activities, allowing
patients to collect damages;
- prohibit "pretext interviews," where an insurer or employer conducts an
investigation into a patient's medical history under false pretenses or by
pretending to be someone they are not, in order to gain access to medical
- cover all care providers (physicians, hospitals and their personnel,
pharmacies, etc.), insurance companies, and insurance support organizations
(e.g., the Medical Information Bureau).
With these sorts of federal legal rights that are "technology transparent," patients can be more confident that their medical information will be covered by stringent protections that respect their dignity and their privacy. It will also enhance the effectiveness of the technical and administrative security measures built into the electronic records environment of the future, and guarantee that the existing paper medical records are protected, as well.
1 These principles are:
- there must be no personal-data- record-keeping systems whose very existence is secret;
- there must be a way for an individual to find out what information about him is in a record and how it is used;
- there must be a way for an individual to prevent information about him obtained for one purpose from being used or made available for other purposes without his consent;
- there must be a way for an individual to correct or amend a record of identifiable information about him; and
- any organization creating, maintaining, using, or disseminating records of identifiable personal data must assure the reliability of the data for their intended use and must take reasonable precautions to prevent misuse of the data.
2 Terra Ziporyn, "Hippocrates Meets the Data Banks: Patient Privacy in the Computer Age;" Journal of the American Medical Association; July 20, 1984; page 319.
3 Personal Privacy in an Information Society; Report of the Privacy Protection Study Commission; Washington, D.C.; 1977, pp. 14-15.
4 Privacy for Sale; Jeffrey Rothfeder; Simon & Schuster; New York, New York; 1992; p. 179.
5 As a gauge of how the American public feels about personal and consumer privacy issues, Lou Harris and Associates conducted a poll on the subject in 1990. Nearly four out of five Americans expressed general concern about threats to personal privacy in America today. ("The Equifax Report on Consumers in the Information Age;" Atlanta, GA; 1990; p. VII.)
6 "Workgroup for Electronic Data Interchange;" Report to the Secretary of the U.S. Department of Health and Human Services; July 1992; Appendix 4, p. 17.
7 Alan F. Westin, Computers, Health Records, and Citizen's Rights; (Washington, D.C., United States Department of Commerce; 1976); p. 60.
8 "Prescribing Privacy: The Uncertain Role of the Physician in the Protection of Patient Privacy;" Robert M. Gellman; North Carolina Law Review;
Volume 62, Number 2; 1984; p. 258. 9 "Workgroup for Electronic Data Interchange;" Report to the Secretary of the U.S. Department of Health and Human Services; July 1992; Appendix 4, p. 3.
Return to CPSR conferences page.
Return to the CPSR home page.
Send mail to webmaster.
Created before October 2004