Testimony on Unique Patient Identifiers
Good Morning. My name is Twila Brase. I am a public health nurse and president of Citizens for Choice in Health Care (CCHC). CCHC is a health care policy organization located in St. Paul, Minnesota which was founded three and a half years ago as a result of health care consolidation, a growing loss of medical confidentiality, and the elimination of many health care choices in the areas of insurance, treatment, and providers. Our mailings reach approximately 6000 people nationwide and our email list has been growing since we went on-line in November. We are pleased to say that we have a comprehensive web site focused on health care reform policy issues and medical confidentiality.
Thank you for giving me the opportunity to present our organization's thoughts on the very important issue of unique patient identifiers for individuals. I will begin with our thoughts on unique patient identifiers and end with eight recommendations.
With insight beyond his time, U.S. Supreme Court Justice William O. Douglas in 1966 in the case of Osborn v. United States [385 U.S. 323] said, "Once electronic surveillance...is added to the techniques of snooping which this sophisticated age has developed, we face the stark reality that the walls of privacy have broken down and all the tools of the police state are handed over to our bureaucracy on a constitutional platter."
After reciting the fourth Amendment, Justice Douglas went on to say, "The time may come when no one can be sure whether his words are being recorded for use at some future time; when everyone will fear that his most secret thoughts are no longer his own, but belong to the Government; when the most confidential and intimate conversations are always open to eager, prying ears. When that time comes, privacy and with it liberty, will be gone. If a man's privacy can be invaded at will, who can say he is free? If his every word is taken down and evaluated, or if he is afraid every word may be, who can say he enjoys freedom of speech?"
Justice Osborn had no idea how sophisticated we would become in the computer age. In light of his comments it is important to remember that the definition of health care information in the Health Insurance Portability and Accountability Act (HIPAA) includes "any information, whether oral or recorded in any form or medium, that is created or received by a health care provider, health plan, public health authority, employer, life insurer, school or university, or health care clearinghouse;" which "relates to the past, present, or future physical or mental health or condition of an individual, the provision of health care to an individual, or the past, present, or future payment for the provision of health care to an individual."
Add to that Secretary Shalala's recommendation that government officials have access to citizen medical records without patient consent for four national priorities, which if implemented would give unprecedented, rather than restricted government access to health care information on citizens.
Therefore, Citizens for Choice in Health Care cannot support the implementation of standardized government-issued unique patient identifiers for individuals. Despite the fact that Congress passed the HIPAA law, this enumeration and surveillance system will clearly be detrimental to the liberty, privacy, and security of every United States citizen. Not only will this surveillance system allow government officials to use doctors to track citizens at their most vulnerable times when they have no where else to -- which in itself in unconscionable--it will also raise the cost of health care, diminish the excellence of our health care system, and inhibit citizen access to medical care, especially in the at-risk and immigrant populations.
Confidentiality is rooted in personal integrity and limited distribution and access, not legislation or encryption. As they say, "Loose lips sink ships," and unfortunately, we have all heard stories about government employees and others perusing or disclosing data on citizens. Many citizens deal with diseases, conditions, or injuries that, if disclosed, can harm their reputation, employment, marriage, credibility, community standing, and insurability. In truth, there are not enough lawyers, attorney generals, or police officers to stop anyone from breaking the law. That being said, there is also no punitive sentence from a court could ever restore the loss of confidentiality or eliminate the resulting personal chaos that may follow.
In addition, although our government may currently be considered beneficent, it is a well known fact that oppressive governments in the course of history have used access to medical information to commit egregious crimes against their own people. The mere fact that Administrative Simplification even passed may cause more than a little speculation of our own government's beneficence. For all these reasons, plus the protections within our Constitution, it is clearly not within the purview of the government to have access to, or begin the process toward, comprehensive medical information on citizens.
If this system of identification and tracking is implemented, there will be a growing unwillingness of patients to give complete information to their providers. This may cause delayed or incorrect diagnoses&emdash;and increased costs. In addition, more people may choose to leave the traditional health care system, accessing medical care only in desperation, and perhaps only with practitioners willing to violate the government tracking system requirements in order to secure their anonymity.
Already, there are growing numbers of persons who elect to forego vaccinations, home school their children, or have home births in order to escape the probing questions of HMOs and the pressure exerted by doctors, schools, and office staff to submit their children to vaccinations against their wishes or to complete intrusive surveys for the creation of patient profiles. One of the worst imaginable outcomes of the proposed surveillance system would be the creation of a black market for medicine in America.
1) There should be no government-issued unique patient identifiers for all citizens, or government repositories of medical data on all citizens, directly or through data linkages.
2) Each provider or clinic may choose a separate unique patient identifier or medical record number for each patient, as is current practice. While we know that many health plans and others want a single identifier to create a "lifelong" record on individuals, the fact is, many patients have sincere personal reasons why they don't want Doctor A to know about their care from Doctor B. It is right of individual citizens to protect themselves and their confidentiality from others.
3) To protect anonymous access to care, no unique patient identifier or social security number should be required in order to obtain health care services from any health care provider.
4) Government access to patient identifiers or individually-identifiable patient information for law enforcement purposes must include the protections of due process as afforded in the Constitution, such as a valid court order for access, or a search warrant.
5) Use of electronic identifiers and electronic transactions must not be required for access to medical services.
6) There must be use of strong encryption for any patient identifiers which are used in electronic transactions. (some have suggested 128 bit encryption)
7) No insurance company should require submission of a social security number for purchase of, or enrollment into, a health insurance policy, but should offer an alternative enrollee identification number to those enrollees which request them. This separate identifier should not resemble the social security number and should not contain embedded intelligence on the enrollee.
A) creation of a unique patient identifier which cuts across every medical or health care encounter.
B) a requirement to have an electronic unique patient identifier. (ex. smart card, biochip)
C) the sale, distribution, or release of identifiers or individually identifiable information by anyone who holds health care data (including but not limited to physicians, other health care providers, organizations, data clearinghouses, employers, government agencies, pharmacists, or any insurance, pharmaceutical or managed care companies.)
D) government access to unique patient identifiers or individually-identifiable patient information for research, oversight, or surveillance.
E) entry of unique patient identifiers or individually-identifiable information into any registry or database.
F) medical research using unique patient identifiers or individually-identifiable information including CQI (Continuous Quality Improvement) activities by HMOs, which is more appropriately called risk assessment, patient categorizing, or patient profiling.
G) behind-the-scenes tracking of citizens through a government Master Patient Index system.
- 8) The following seven items A through G, should not be permitted without informed, voluntary, written, patient consent which details all intended uses and recipients of the data to be shared and contains a written agreement that the data will be used for nothing else and shared with no one else.
The patient and the provider&emdash;who is under an ethical oath to protect confidentiality of the patient&emdash;should control and limit access to information. The system we propose by necessity makes tracking and linking difficult because decentralization is the essence of privacy.
Since MEDICAL PRIVACY, health care access, and lower health care costs are stated concerns of Congress and the federal government, I trust that our recommendations will be given full consideration. If followed, there can be an improved sense of trust in the health care system and the government. Trust will not happen with forced enumeration or surveillance of citizens.
Thank you again for allowing me to share our comments and concerns.
Q and A (available on the NCVHS website by about July 31, 1998)