The computerization of patients record and other health care information is spreading through cyberspace and raising serious questions of what rights of privacy can be invoked by people treated by doctors and hospitals.
There is no proprietary right under federal law to your health records and the states offer a patchwork of laws and no laws depending on the jurisdiction. No state laws even begin to catch up with the rapid advancement of the commerce of computerized records. It is no longer just a file between you and your physician or even your clinic or hospital. There are hundreds of companies grasping for personal health data, both individual and aggregated, to sell.
Insurance companies, employers, educational institutions, credit bureaus, government agencies, consulting firms and other entities are increasingly interested in medical records. They variously want to know about family history, legal and illegal drug use, mental health problems, abortions, sexual orientation and practices and the medical personnel’s’ observations about character, mental condition and personality.
WHAT THE LISTS ARE USED FOR
Some of this data are gathered to prepare and sell mailing lists. While other uses are more intrusive, such as whether one gets a job or not, insurance or not, credit or not, admission to a school or obtaining a license or not.
The arguments for computerization of medical records and health information are that it will improve the quality of health care, increase efficiency and accountability of the health care providers.
That is one of the rubs. Sure, computers can produce treatment outcome data by physician, clinic or hospital and tell us which of these providers is doing a good or not so good job. But these providers have thus far shown little interest in such “outcomes” data. They want the computer programmed to serve their needs and their business, not to give patients such comparative information about quality and any billings abuses.
Because of such struggles, consumer-sensitive computerization is being delayed.
Physicians want information about patients who file claims against doctors in order to avoid them. There is such a data base in operation. But most physicians do not want patients to have information about frequently malpracticing doctors. So the taxpayer funded National Practitioners Data Bank in Washington, D.C., which has such information, is still closed to the public.
Most present violations of privacy between doctors and patients are committed by insiders—other doctors, nurses and administrative staff in a hospital. “Virtually all the hospitals here [the Boston area] are putting Information online in such a way that anybody, including secretaries and many people not treating the patient, can access the records –,” asserts Beverly Woodward, a sociology researcher at Brandeis University who studies the subject of patient privacy.
THIS IS SUPPOSED TO BE PROTECTION?
Backers of computerization say there will be passwords, codes and audit trails in these systems to reduce privacy invasions. The hackers who broke into the Pentagon computers would laugh at that assurance. And passwords can be passed along to anyone.
It gets worse. ABC’s 20/20 reported on September 30, 1994 how a private detective using the telephone and falsely saying he represents an insurance company got into people’s medical files.
Coming fast on the horizon is the classification of people by their genetic status. As these tests become simpler to administer and use, people will be typed as having the breast cancer gene, or a gene predisposing one to high cholesterol or the gene for Huntington’s disease, etc.
Americans have already lost their jobs, their health or life insurance because of such classifications. They are called the “healthy ill,” meaning that they are OK now but may not be many years later.
The Council for Responsible Genetics (5 Upland Road, Cambridge, Massachusetts, 02140) has documented over 200 cases of genetic discrimination and will send you information on this burgeoning situation and what some states are doing about it.
President Clinton’s health care proposal, which failed in Congress last year, included some measures to protect privacy. But despite Congressional hearings and documented horror stories, nothing has been done to either establish a Health-Privacy Commission to explore policy recommendations or any federal law to give consumers the rights that will control the nature, veracity and uses of their files.
The more the public finds out about what is happening In the commercial arena, against privacy and confidentiality, the faster the rule of law and the tools will be put in place to control what could be a very personal kind of corporate computer despotism.