Medical Privacy Rules An intolerable breach

Posted: December 07, 2003

When the doctor calls these days, she has to leave cryptic messages on your answering machine about those test results. The hospital may not alert your minister if you're banged up in a car accident. And, please, back away from the pharmacy counter while they help that other customer.

Welcome to the hassles of the new world of medical privacy. Such measures are well-intentioned, if clumsy, efforts to stop snooping.

They stem from federal rules enacted in April - rules the Bush administration touted as a giant step for safeguarding personal medical data stored increasingly on computer.

But those same rules are posing a troubling possibility: Are the protections just an illusion?

To sharpen that point: If someone can threaten to post patient medical records on the Internet, what does it matter if doctors talk in whispers?

Patient groups, physicians and privacy advocates contend that today's doctor-patient privacy procedures merely are window-dressing. They say government privacy rules primarily facilitate behind-the-scenes sharing of individuals' medical data for commercial reasons.

A federal lawsuit set to be heard Wednesday in Philadelphia before U.S. District Judge Mary A. McLaughlin sets out that case. Citizens for Health makes a compelling case for reviewing a host of concerns over potential threats to medical privacy.

Health privacy also takes center stage this week at the National Constitution Center, where it will be debated on the national civic affairs radio program, Justice Talking.

And 20 U.S. House members led by Rep. Edward J. Markey (D., Mass.) think it's time to act. They've offered a bipartisan measure that would perform emergency surgery on the federal privacy rules. The legislation is stalled, but deserves a full debate.

If all the concerns are true, Americans should be furious. This much is clear: Policymakers cannot ignore the perception of patients that their medical privacy is threatened. Patients who lose trust could avoid seeking medical care, with life and death consequences.

There may have been no major breaches of data reported lately, but there's that lady in Pakistan.

Haven't heard of her? Well, she - or thousands of other professionals hired here and abroad to transcribe medical records - could know your most intimate health history.

In this recently reported tale, the overseas transcriber working for a San Francisco hospital wanted more money. So she threatened to post patient data on the Web if not paid.

Imagine the consequences such widespread disclosure of medical data could generate. Records could expose details of mental health care, abortions, or histories of chronic ailments that could endanger patients' jobs.

When handling health care data - here or overseas - U.S. health care providers and insurers insist they protect patients. By law, the firms say their contractual terms mandate strict privacy protections. But law or no, information leaks right through those protections.

These data are shared across huge networks - hospitals, insurers, government agencies - all of it a mouse-click away. What's more, patients have little way of knowing how their information is used. What they learn may disturb them.

Consumers, for instance, have come to accept that they'll receive coupons after tracking of their grocery shopping via discount cards. Are they ready to accept, though, that a drugmaker could pitch them a medicine based on access to records that specify their other medications? Grocery store data reveal taste; drug store data, a medical condition.

Similarly, no employer should be able to access health care data about individual workers, but that appears possible under the Bush rules.

Privacy advocates say the way to rein in data is to require that health care providers obtain patients' consent before sharing data. That's the aim of the suit before McLaughlin.

It's notable that an early version of the privacy rule under Bush contained the right for patient consent - only to see it taken out a year later. Health Secretary Tommy G. Thompson now says he concluded requiring patient consent would snarl health care.

Well, Markey's legislation would resolve day-to-day logistical problems such as prescribing medicine over the phone. The Bush administration owes Americans more on this important privacy issue than shell games or setting up a false either/or choice.

Patients can be granted greater control over their medical records. Why wouldn't they be - whose records are they, anyway?

See for privacy tips. Join the Justice Talking audience for Tuesday's discussion by signing up at WHYY-FM (90.9) airs the show Mondays at 10 p.m.

comments powered by Disqus