A young New York financial-services employee recently learned his promotion would not be final until he visited a luxurious clinic. There doctors gave him a comprehensive medical questionnaire, urine and blood tests, an EKG and a psychiatric session that included much role-playing.
“I never understood why they did all that,” he says. “I was being promoted from within, It wasn’t like I was a stranger.”
Such invasions of our medical privacy are becoming more common, and it may get worse before it gets better.
Congress has been struggling with the creation of privacy legislation to prevent the misuse of “unique health identifiers,” which function sort of like Social Security numbers. These numbers aren’t yet in place, but were mandated by the 1996 Kennedy-Kassebaum health bill.
Without an identifier, theoretically, no American would be able to get medical care, even if paying cash.
Some consumer advocates would prefer that Washington just stay out of it. They fear that any federal laws in that area of medical privacy are likely to codify current privacy-eroding practices and prevent, or preempt, states from passing stronger laws.
“Pre-emption is where the game’s at now,” says Boston psychiatrist Denise Nagel of the National Coalition for Patient Rights. “All the industry groups want it.”
Says American Psychiatric Association vice president Paul Appelbaum: “You’ve got people in Montana with rifles scanning the sky for black helicopters, while the real threat to their liberty is in Washington, where powerful efforts are under way to construct a national health-care data bank that would list all their medical encounters from birth to death.”
You needn’t live in Montana to feel threatened. In fact, a Harris poll conducted last year by corporate privacy expert Alan Westin found that of those earning at least $75,000 a year, 56 percent–more than in any other group–strongly agreed that “consumers have lost all control over how personal information is circulated and used by companies.”
That, Westin says, is because the wealthiest understand the new information technology that is beginning to drive American life.
They know that receiving a flier from a pharmacy reminding you to take your cholesterol medication is nothing compared with being turned down for a mortgage or terrific job because some backroom functionary concluded you’re at risk for a heart attack.
According to Robert Gellman, a privacy consultant and former Capitol Hill staffer, personal medical information is daily becoming more easily available and more attractive to such users as employers, lenders, health plans, government and law-enforcement officials, researchers, drug companies, data miners and on-line ventures.
Take Healtheon, Netscape co-founder Jim Clark’s new company. An electronic service for payers, doctors and hospitals, Healtheon claims that centralizing medical data will ultimately benefit the patient by offering consumers “vaults” that can receive direct reports of medical purchases.
Employment may be the most sensitive area of concern. University of Illinois political science professor David Linowes was the chair of a privacy commission under Presidents Gerald Ford and Jimmy Carter, and since 1979 he and his co-researcher, Ray Spencer, have been asking Fortune 500 companies if they use medical data in employment decisions.
About a third of the respondents answered yes in the last survey, in 1996, and Linowes says that applicants can consider themselves very likely to undergo such scrutiny.
A human-resources manager can’t legally examine a prospect’s medical record without consent. But she may easily be able to view the prospect’s records of insurance claims.
If you can’t move to New Zealand, which Gellman says has great privacy laws, here are some strategies for managing your medical privacy:
– Appelbaum suggests saying to your doctor: “I have concerns about my medical-record information being spread around, and I know there’s no certain way of protecting information once it gets into the records. I’d like to share my information with you to get care, but I’d like your assurance you will work to keep personal and potentially embarrassing information out of my record.”
– Harold Bursztajn, of the Harvard Medical School, says a home-based private practice is best for psychiatric care. Don’t use insurance if you can afford not to. Understand that if you take psychiatric medication, or any other prescription, you have left an electronic trail. He advises making an agreement with all your doctors that no information leaves their offices without your review and consent. Caveat: A call for records from a health plan to which you gave blanket consent when you enrolled could override that agreement.
– In a post-job-offer medical screening, the worst thing to do is lie, says Manhattan benefits attorney Richard G. Schwartz. That can be a larger factor in losing a position or promotion than even a serious health problem. “You’ve got to be careful what you say, and employers have to careful what they ask,” says Schwartz.
– In genetic tests for diseases, “be extraordinarily careful,” says Appelbaum. “Few genetic tests will lead to useful intervention, and patients should ask themselves and their doctors what the justification is.”
– When at work, stay off medically oriented Web sites. “Many companies log where employees go on-line, and unusual activity is looked at,” says computer scientist Jason Catlett of Junkbusters, a Web site that helps people protect their on-line privacy. Assume that any information you give to a Web site is not private.
– Finally, it’s corny but true: Contact your elected officials about your concerns. Says political scientist Richard Sobel, “If we had reasonable policies, people would not have to be privacy guerrillas.”
