Lucy Mohr never used to think very much about the privacy of her medical records. She has had her share of medical problems, including Type-2 diabetes and, earlier in her life, a diagnosis of depression. But then Mohr was called into a meeting at the manufacturing plant where she worked in Alliance, Ohio. She was shocked and angered to be confronted by the company doctor, who demanded she sign a release of her entire medical record.
Mohr signed the waiver and has been regretting it ever since. Not only did the company reassign her on the basis of her medical history, Mohr said, but details of her medical history, as well as health issues related to her husband and son, have become company property. A complaint was filed with the Equal Employment Opportunity Commission, but whatever the result, said Mohr, it will not make up for her feeling of being wronged.
“I don’t think it’s fair that our health problems have to be hidden,” said Mohr. “It changes everything, even what I’m willing to talk about with my doctor.”
Since the time of Hippocrates, medical privacy has been regarded as a sacred aspect of the doctor-patient relationship. But rapid advances in data technology, along with changes in how health care is delivered, have placed medical privacy under assault. While a number of polls show that the great majority of Americans believe medical confidentiality to be an essential element of health care, many of those citizens would be surprised and dismayed at how much health data is bounced around by the $40 billion medical information industry.
At present, one of the obstacles to confidentiality is that there is no uniform standard of rules.
“There is very little consistency from state to state, said Linda Kloss, CEO of the American Health Information Management Association. “There are pieces of some state laws that are very good, and others that offer little protection. One of the things we’ve been pushing for is a federal standard, primarily to overcome the patchwork effect, which is getting more cumbersome in health care across state lines.”
While it’s unlikely that Congress will pass legislation on medical privacy this year, the issue has strong interest in Washington, and presidential candidate Al Gore has been pushing his own version of what the law should look like in his campaign. On another front, the Clinton administration had promised but couldn’t deliver new standards on medical privacy by Tuesday’s Election Day under the mandate of the 1996 Health Insurance Portability and Accountability Act.
A wide variety of organizations and consumer groups will welcome such a national standard, if it’s strong enough. A national standard is necessary, said Peter Kane, executive director of the National Coalition for Patient Rights in Andover, Md., not only to protect sensitive patient information but to maintain the integrity of the health system.
“What will happen when people start cloaking their health information to the physician?” said Kane. “A person will decide not to tell the doctor about a dizzy spell that they had the other day. But leaving that out may be critical to the diagnosis, and the quality of care will go down. Or a person may decide not to tell a physician that they are drinking heavily because they are afraid their employer will find out. The quality of the health system is at stake here. Once consumers start hiding information, research ultimately suffers and the public health suffers.”
Dr. Donald Palmisano, co-chairman of the American Medical Association’s Task Force on Privacy and Confidentiality, said that the best firewall for confidentiality is patient consent, and that privacy should be honored unless waived by the patient.
“Any information that is disclosed should be limited to that portion of the medical record that is needed to fulfill the immediate specific purpose,” said Palmisano. “For example, a patient comes into my office and has a wart taken off their arm. The patient then files a claim and the insurance company writes me a letter asking for the patient’s entire medical record.
“Now, this was just for the removal of a wart. Did the patient mean for me to give the insurance company their entire medical records, including data from 10 years earlier when there were marital difficulties and the patient was quite depressed and had psychiatric care? I don’t think the patient meant that. And in a way, this is the core of our position. Just because we have the technology to collect all this data doesn’t mean we have the right.”
A GUIDE TO KEEPING YOUR MEDICAL RECORDS SAFE
Following are some questions to ask yourself about the privacy of your medical records, according to experts at the American Medical Association and American Health Information Management Association:
1. What is the first step for keeping my medical records safe?
That’s simple enough. Find out what’s in them.
A medical record is created any time you receive treatment from a health professional such as a doctor, nurse, dentist, physician’s assistant or psychiatrist.
This record may include a medical history (including information about family history), lab tests, medications being taken and details on any previous operations or other medical procedures. A doctor’s handwritten notes are an official part of your medical record.
A medical record is legally the property of the practitioner or facility that compiles it. This goes back to the days when all records were on paper–before faxes, e-mail, the Internet–and the doctor was responsible for their confidentiality.
Basically, the provider who created the record owned the record. Laws have not changed to reflect the changes in technology that now lessen that responsibility.
In most cases, doctors will provide a patient with a copy (for a slight charge) upon written request.
There are two primary benefits to seeing your medical record:
You are able to verify the information that has been collected.
You will know what information is released when you allow disclosure to employers, insurance companies or other third-party entities.
Another way of finding out what medical information is available about you is by contacting the Medical Information Bureau (MIB), a data company that maintains information on more than 15 million Americans and Canadians.
A large number of insurance companies use the MIB to obtain information on applicants, so it’s important to make sure that its information is correct.
The MIB can be found at www.mib.com. Remember that it does not have health information about every American.
2. Who has access to my records?
Your medical information can be shared by a wide range of people and companies, including your physician, managed care organization, insurance company, employer, researchers, data warehouses and marketing companies.
Let’s say you use your insurance card to get a prescription filled. Most large drug chains collect this information and compile databases of their own. It is not uncommon for some of this information to be sold later to third-party entities.
Medical information can also be released to direct marketers when you participate in local health fairs that provide screening for cholesterol, high blood pressure, etc.
While these fairs can provide valuable information to you at little or no cost, most experts suggest caution. Be sure to ask the providers who will have access to your test results and what will be done with the information.
Also be cautious when using the Internet. There are literally hundreds of chat rooms and news groups dedicated to sharing information on specific diseases and conditions.
Unfortunately, these groups have also begun to attract researchers and marketers.
Once again, while there can be great benefits to sharing information with others, consumers would be wise to use a pseudonym when participating in such groups.
3. What’s the best way to protect my medical privacy?
Until Congress gets around to addressing the issue–2001 at the earliest–there are several steps you can take to protect your medical information.
First, if possible, do not sign any kind of general waiver of your medical records. Cross out any language that refers to a blanket or general release, and write in specific terms of what you will allow to be released. Instead of “I authorize my physician, hospital or health-care provider to release to the insurer any information upon request,” write “I authorize the release of information from [doctor, clinic, hospital] to [insurer] only as it relates to [condition being treated].
Dr. Donald Palmisano, a surgeon and attorney and member of the American Medical Association Board of Trustees, recommends knowing your insurance company’s policies, and if they are not to your liking, confronting them with your complaints.
Some insurance companies will accept such revisions made by patients, others will refuse reimbursement.
Second, be cautious about filling out any medical questionnaire. Find out the purpose for it, if it is necessary and who will be seeing it.
Talk with your physician about the office policy concerning medical release. Ask that you be notified and give approval before any information is released. When dealing with insurance companies, look for any fine print that says medical information may be released for any purpose.
Most of all, don’t be afraid to ask questions.
