Shoring Up Protection of Personal Health Data
Detmer, Don E., Steen, Elaine B., Issues in Science and Technology
A much-needed Senate bill would enhance confidentiality of medical records while allowing continued access for vital public purposes.
Few Americans are likely to see their private medical information become a newspaper headline as the late tennis great Arthur Ashe did when it was revealed without his permission that he had AIDS. But we all have reason to be concerned about the confidentiality and accuracy of our personal health data.
Medical records of average citizens have been posted in a computerized record system without adequate safeguards in Massachusetts, dumped in a parking lot after the closing of a psychiatric clinic in Louisiana, and sold in Maryland. At least one company that legally buys medical records from a variety of organizations has reported that the records often include patient names (which it says it removes before selling the data to drug companies). In several instances, employers have received information from insurers that allowed them to determine that employees had AIDS or received psychiatric treatment. Moreover, errors in medical records are difficult to correct. A computer error at the Medical Information Bureau, a Boston-based consortium of health, life, and disability insurers that maintains a database on 15 million Americans, resulted in one patient being denied health insurance for 18 months. The error was not corrected until the state insurance commissioner intervened.
Congress is now considering legislation that would, for the first time, provide federal legal protection for personal health data collected by organizations outside the federal government. Although early prospects were promising - the legislation had powerful bipartisan sponsorship and support - passage is now uncertain. Policymakers who were focused on specific personal health data issues unexpectedly became enmeshed in the broader, long-standing debate about balancing individual rights with community needs. The central question changed from "How should our nation deal with personal health data as a matter of law?" to "How do we define privacy in contemporary society?" This shift in focus threatens to derail what may be our best opportunity to implement a much-needed federal policy for protecting personal health data.
Benefits of confidentiality
Since the days of Hippocrates, the medical profession has dedicated itself to protecting patient information. Physician commitment to confidentiality enables a patient to share sensitive personal information and increases the likelihood that the physician will have complete data on which to base clinical judgments. This improves the chances for accurate diagnosis and better clinical outcomes. At a more fundamental level, some patients will not even seek care unless they believe that a health care professional or organization will maintain confidentiality. Individuals seeking mental health services, for example, are legitimately concerned that errant information going to employers or others could come back to harm them.
Many Americans are unaware that U.S. citizens do not necessarily have legal recourse if they are harmed by inappropriate disclosure of their medical records. Legal protection for personal health data depends in large measure on the state in which the data reside. In some states, movie rental records are better protected than medical records. Nor do all U.S. citizens have the right to view their medical records and correct inaccuracies.
This uneven and unsettling situation has arisen because legal protection for confidentiality of personal health data derives from a complicated combination of federal and state statutes, regulations, and common law, rather than from a sound and consistent policy framework. Inequities aside, the logistics of the situation are becoming increasingly unmanageable. Due to the growing mobility of the U.S. population, an individual's health-related records are commonly scattered among several states. …