Can Washington Make Medical Records Private Again?

Article excerpt

The electronic age has pretty much destroyed the confidentiality of health information. Can Congress ride to the rescue? And where do physicians come in?

you're not paranoid if you worry that electronically accessible medical data can be collected and used against you. And you don't have to be a wacko cons iracy theorist to suspect that managed-care companies, insurance carriers, employers, and just-for-the-heck-of-it computer sleuths are sifting through your supposedly confidential medical files. That they're checking on physicians and patients alike. That they don't have your best interests at heart. And that there isn't much you-or the law-can do to stop them.

"The simple truth is that health information has little meaningful legal protection today," says Rep. Gary A. Condit, D-Calif.

A person's medical record, 1996 presidential candidate Steve Forbes griped in his magazine, is less protected than his or her list of video rentals.

Going one further, a USA Today editorialist lamented, "You may as well hire a healthcare skywriter to transcribe your medical history."

Not everyone sees the situation as dire, of course. Some people even argue that electronic records can be made less accessible than paper files. And abuse of electronic medical information is still fairly uncommon, according to Edward Krill, a Washington, D.C., attorney specializing in health care.

Nevertheless, the computerization of medical records is giving people the jitters. Perhaps the data can be used to pressure physicians, against their better judgment, to treat patients the insurance company's way. Or it might provide fodder for the termination of a doctor's HMO contract. Whatever the purpose, tapping into a medical file without authorization breaches the sacrosanct doctor-ntient relationship, argues Gary Dennis, the president of the Medical Society of the District of Columbia.

Will Washington step in to remedy the situation? "It would be wonderful if we could restore the old notion that what you tell your doctor in confidence remains totally secret," says Condit. "But in a health-care environment characterized by third-party payers, medical specialization, high-cost care, and increasing computerization, absolute privacy is simply not possible."

Yet Washington is moving-albeit slowly-to protect the confidentiality of electronic medical records. To get there, it's traveling the usual roads: legislation and regulation.

arly in this session of Congress, Condit introduced the Fair Health Information Practices Act. The bill, referred to simply as HR 52, would require that a collector or holder of patient-identifiable medical records:

Minimize the disclosure of information. Use the information only in ways that are compatible with the purpose for which it was collected.

Disclose it only for authorized purposes.

Under HR 52, when a medical record is used in conjunction with treatment, payment, or oversight, a patient would have the right to:

Inspect or obtain a copy of the information.

Have inaccurate information corrected.

Receive an explanation for the use of the information.

The bill also would establish criminal penalties-up to 10 years imprisonmentand civil sanctions for those who violate its protective provisions. In addition,

HR 52 would allow for alternate dispute resolutions.

"My legislation is not a pie-in-the-sky privacy code," says Condit. "We cannot elevate each patient's privacy interest above every other societal interest. That would be impractical, unrealistic, and expensive. The right answer is to strike an appropriate balance that protects patients' interests while permitting essential uses of data under controlled conditions."

In the debate over HR 52 and similar bills, the word "balance" is often used. Opponents and proponents alike are fond of it. Take, for instance, the congressional testimony of Sherine E. …