These days, profound changes are underway that threaten the confidentiality of medical records--records that contain not only the potentially embarrassing medical secrets you tell your doctor, but details about where you live, what you earn, and other personal information that can be used, or misused, for a variety of purposes. With changes in the way these records are stored, maintained and exchanged, patient privacy is at risk as never before.
The old paper-based system of recording medical information--inefficient perhaps, but easier to keep private--will soon be a thing of the past. What's replacing it? Computerized systems in which your secrets are transmitted through cyberspace from your treating physicians to insurers, oversight agencies, and others with an interest in the cost of your medical care. With the growth of HMOs and health networks, these computerized systems often include electronic depositories of patient information, which insurers and others can access from remote locations throughout the country. No one tells you who's looking, because no one is required to.
A further complication is the rise of commercial information companies. In 1995, Equifax--the country's largest dispenser of credit reports--announced its intention to enter the computerized medical records industry. Although a joint venture between AT&T, Equifax, and others has been temporarily put on hold, Equifax still intends to tap into this growth industry.
In the meantime, Equifax has issued public assurances that it is opposed to the use of medical information for marketing or other non-medical purposes. Nonetheless, it won't be long before some enterprising company, taking advantage of the loopholes in existing legislation, begins putting medical information to creative--and perhaps sinister-- uses.
Medical information has become a commodity. And when your secrets can be bought and sold, you should be concerned about who is looking at your medical records, and why.
Many think the confidentiality of their medical records is protected by federal law. Not so. Though a proposed federal law--the Medical Records Confidentiality Act of 1995, called the "Bennett Bill"--is being considered by the Senate, the privacy of medical records is now governed only by state law. Many states, however, don't protect the confidentiality of medical records. Those that do don't always grant patients the right to obtain a copy of their own records.
Clearly, the time is right for uniform federal legislation, which should contain the following provisions:
--Patients should have complete access to their medical records--no exceptions.
--Access to others should be strictly limited to treating doctors, or those with a need to know, rather than to any hospital or insurance company employee with a networked computer.
--Patients should be notified when their medical information is transmitted from their treating physician to others.
--Patients should be allowed to decline participation in electronic databases, without fear of reprisal from insurers.
Using these various benchmarks as a guide, the federal legislation being considered by the Senate is seriously flawed. Sponsored by Sen. Robert F. Bennett (R--Utah),the bipartisan-supported bill is being considered by the Senate Labor and Human Resources Committee.
The committee should be busy, since in its present form, the bill does very little to protect patient privacy. It sanctions the creation of computerized data banks of medical information--all without patient consent. It provides patients no opportunity to decline participation in data banks and actually makes insider access to medical information easier than it was before. And though the bill allows patients to obtain their records and attempt to correct errors, the exceptions to these rights swallow the rule.
Surprisingly, the Bennett Bill would also preempt--in other words, abolish--all state laws and judge-made rules concerning medical records, thereby wiping out consumer-friendly legislation in those states that have made patient confidentiality a priority. This is astonishing, until you consider that differing state standards would create huge administrative problems for those information megabusinesses like Equifax that are involved with medical records on a nationwide scale.
Since 1994, patient confidentiality has been a key feature of virtually every health-care bill considered by Congress. It won't be long before one of them--whether the Bennett Bill or some other--is passed into law. Sen. Bennett's office expects that a revised draft of the bill will be considered by the full Senate later this year.
Consumers should take an interest in the end result. Though a 1993 Harris-Equifax poll on medical privacy found that 80 percent of respondents said they believed they no longer had control over the way their private information is circulated in the computer age, this doesn't have to be the case. Consumers can--and should--demand that the secrets they tell their doctors remain confidential.