Is there confidentiality in the computer age?
Is there confidentiality in the computer age?
Can patient records be kept private?
Most Americans consider privacy to be a fundamental right, along with life, liberty, and the pursuit of happiness. But with the advent of computers and the proliferation of computerized records, some are beginning to doubt whether their medical history is safe.
In the past several weeks, three pieces of legislation have been introduced before the House and Senate. (See box, p, 54.) Each bill strives to balance the patient’s right to privacy with the public benefits that can result from shared health information. Even so, there are some organizations, the American Health Information Management Association in Chicago (AHIMA) among them, that fear the very inadequacies left by prior legislation — and that these bills are meant to address — are still untouched.
In the past, several pieces of legislation have attempted to address the issue of medical record confidentiality, but none successfully. The outcome has been a patchwork quilt of state and federal laws that leaves some areas uncovered and treats others unequally.
The result of this situation can be nothing short of catastrophic lest the wrong information get into the wrong hands. Insurance companies regularly consult databases to determine whether to insure a particular person and to determine premiums, for example. If someone’s record contained false information, that individual could be wrongly denied health care coverage. Companies, too, can gain access to personal health records and use this information as part of the hiring process.
What is in the public’s best interest?
Still, the need — and desire — to keep a medical history private must be weighed against the public good. AHIMA points to several public benefits that have arisen from shared records, among them the prompt detection and treatment of infectious disease epidemics. On a more personal level, by giving physicians and emergency department (ED) personnel access to computerized records, they may be able to save the life of an unconscious patient rushed into the ED.
Public good aside, many people see computerized records as more easily accessible than paper records because paper documents can be locked up at night while records on a database are susceptible to hackers. However, no matter the form, no document is ever entirely safe from prying eyes.
AHIMA officials, referring to the vast databases of medical information, quote a 1996 Time article:1 "It’s hard to keep a secret if more than a couple of people are in on it; in a typical five-day stay at a teaching hospital, as many as 150 people — from nursing staff to X-ray technicians to billing clerks — have legitimate access to a single person’s records."
As Congress tries to meet the 1999 Kennedy-Kassebaum law deadline, the Department of Health and Human Services set forth five guiding principles for Congress to consider:
1. Health care information about a consumer should be disclosed for health purposes and health purposes only.
2. Legislation must contain technical security safeguards for computerized data.
3. All patients should have access to their medical records and know how to inspect, copy, and if necessary, correct them and know who else has access to them.
4. Those who breach the security of personal health information should be met with criminal penalties (fines and imprisonment), and civil remedies (actual and punitive monetary damage recoveries) for injured parties.
5. Legislation must balance personal privacy issues against national priorities of public health, research, and law enforcement.
No doubt, other bills will be brought before the House and Senate for consideration, each addressing varying nuances of the privacy issue. The key determinant in any of them will be the issue of federal preemption, says Don Asmonga, AHIMA government relations manager, and it’s the lack of this that has AHIMA concerned about the three proposed bills.
"With the Jeffords bill, preemption is the main issue, but with Leahy’s bill there are also provisions for the segregation of information," he says, noting that there are no determinations as to what information from a patient’s health record could be segregated and set aside as private.
"We are interpreting that as it would be the patient’s choice as to what information is segregated, and that patients could ask that their records not be in electronic form," Asmonga explains.
Will protections raise red flags?
Certainly for AHIMA members, those provisions would prove problematic, especially for those management companies who deal solely in electronic records. But there is more at stake than any problems it could cause for the information management industry.
"When you start attaching special requirements to certain types of information, you put up a red flag saying that there is something in this record that is very important," Asmonga says.
"You may have an instance where someone doesn’t want anyone to know they’re seeing a psychiatrist or have a genetic predisposition to a disease, and with the red flag you may be calling attention to that. We think special protections stigmatizes the information, he says.
Ideally, he continues, legislation would contain a federal preemption along with established national guidelines and rules for the use, release, and disclosure of health information. "We believe all health information is created equal."
Reference
1. Gorman. Who’s looking at your files? Time, May 6, 1996:60.
Source
• Don Asmonga, Government Relations Manager, American Health Information Management Association, 919 N. Michigan Ave., Suite 1400, Chicago, IL 60611. Telephone: (312) 787-2672.
Privacy, According to the Law
Privacy Act of 1974 [5 USCS 552(a)]: Provides limited protection against government disclosure of individual health records maintained by government agencies such as the Veterans Administration and the Department of Defense. However, a "routine use" exception clause, say privacy advocates, renders the legislation moot.
Whalen v. Roe, 429 US 589 (1977): The Supreme Court unanimously recognized a qualified constitutional right to privacy of personal information that could reflect unfavorably on an individual. Nevertheless, the court also upheld a New York statute requiring physicians to forward to the state the name, age, and address of every patient who obtained dangerous, albeit legitimate, drugs.
Americans with Disabilities Act of 1990 (42 USCS, 121101): Under this, Americans are protected from discrimination on the basis of a disability, including AIDS/HIV. The matter of privacy, however, is not directly protected, rather it only provides a remedy for discrimination based on breaches of confidentiality.
S. 573, Medical Information Privacy and Security Act (Sens. Patrick J. Leahy, D-VT and Edward M. Kennedy, D-MA) and its counterpart H.R. 1057 (Rep. Edward J. Markey, D-MA): If passed, this proposed piece of legislation would provide individuals with access to their health records and ensure those records are kept confidential. Unauthorized use of the information would be met with criminal and civil penalties.
S. 578, the Health Care Personal Information Nondisclosure or "PIN" Act (Sens. Jim Jeffords, R-VT, and Christopher Dodd, D-CT): Under the PIN Act, clear guidelines would be established for the use and disclosure of medical information by health care providers, researchers, insurers, and employers.
Source: American Health Information Management Association, Chicago.
Subscribe Now for Access
You have reached your article limit for the month. We hope you found our articles both enjoyable and insightful. For information on new subscriptions, product trials, alternative billing arrangements or group and site discounts please call 800-688-2421. We look forward to having you as a long-term member of the Relias Media community.