Articles/Letters Published • Oct 2000

M.D. Confidential

M.D. Confidential The government is intruding on patients' right to privacy

Twila Brase, R.N., P.H.N.

The relationship with the patient hinges on trust. Patients believe that words spoken, diagnoses given, and treatment provided should be held in confidence. Unfortunately, the integrity of the exam room conversation is now jeopardized by corporate contracts, insurance policies and new laws.

Public awareness about outside access to private medical records is having a clinical affect.clinical impact of growing public awareness about outside access to private medical records. Nancy W. Dickey, M.D., current president of the American Medical Association put it well when she told Nightingale News in 1996, "These days, insurance companies don't want summaries; they want the whole record. So I think twice about what I include. Then I hope I can remember it all...If patients fear that what they tell me could come back to haunt them, they'll tend to be less forthright. I may come up with the wrong treatment because I was chasing the wrong clues."

Because patients can still use self-payment to avoid disclosure to insurers and employers, the greatest concern is federal and state access to medical records without patient consent &emdash; a phenomenon in direct conflict with the Fourth Amendment's protection against unreasonable government searches and seizures. Under the ruse of cost containment, health care reform laws across the nation are opening patient records to government officials, designing new state and national tracking systems, and developing electronic systems for instant access to medical records.

Minnesota

In Minnesota, state access to private medical records has come about through intertwined public-private initiatives. The 1993 MinnesotaCare bill mandated state collection of health care data from providers and payers for cost containment. In 1995 the state was given full access to all medical records (without patient consent) for research, cost analysis, quality assessments, utilization review, and outcome data. The Minnesota Health Data Institute, a public-private arrangement involving payers, employers and the Minnesota Department of Health (MDH), was created to facilitate access to medical records. The Wisconsin Medical Society has considered a lawsuit against the State of Wisconsin for similar legislation.

As an example of the state's collection activities, in April 1998 Minnesota Health Commissioner Anne Barry testified that the MDH collects individually identifiable information on more than 90 health care conditions without patient consent. Further documentation revealed eleven disease- and injury- specific state databases, and five community-based immunization registries.

Statisticians, politicians, and epidemiologists may find disease databases useful, but the 1997 birth-defect-registry debate in the state Legislature demonstrated a zealous disregard of individual rights when "a greater good" for society has been defined without consideration of constitutional limits.The MDH, with the assistance of the March of Dimes, attempted to create a birth defects registry to monitor and track all children with birth defects &emdash; and their parents &emdash; without the knowledge or consent of either. The bill was defeated when concerned legislators amended parent and patient consent to the bill, causing proponents to strip the registry language out of the final omnibus bill because they feared a precedent for future databases.

Immunization registries pose a more complex conflict. Many physicians, who could understand the intrusiveness of the birth defects registry, can easily define a public health benefit and convenience factor for immunization registries. However, opponents point out that mandatory enrollment of children and adults, rather than an opt-in provision, could easily lead to a national patient database. Consider that in 1997 the Pennsylvania Forum for Primary Health Care's publication Immunization News said that unique national identifiers, standardized code sets, and computerized patient records "can contribute toward what could ultimately be more comprehensive clinical and preventive data bases."

The Nation

The push for government access to medical data without patient consent is strong at the national level as well. The 1996 Health Insurance Portability and Accountability Act (HIPAA) expanded federal powers to inspect medical records for fraud and mandated four new national health care identification and tracking systems. Although the patient identifier got negative media attention and was stalled by the 1998 appropriations bill, provider, employer, and payer identification systems are moving forward with little public knowledge or debate.

The National Provider Identification (NPI) system has received new federal funding for rapid implementation. The eventual rollout of the system may leave health care professionals and medical suppliers stunned by its intrusiveness.The proposed regulation requires 43 data elements on each provider, application for a federal number by all providers, "enumerators" to issue the numbers, financial penalties for noncompliance or failure to report changes in data and little restraint on outside access to private data that the providers supply.

As a result of those systems, HIPAA required Congress to pass privacy legislation by August 1999 or accept as administrative rule the U.S. Department of Health and Human Services Secretary Donna Shalala's September 1997 recommendations. Those involved unprecedented government access to medical records &emdash; without consent &emdash; for law enforcement and "national priority activities" such as oversight of the health care system, public health, health research and state health data collection. In response to Shalala's recommendations and in hope of negating the August 1999 deadline, Rep. Ron Paul, R-Texas, tried unsuccessfully to repeal the entire enumeration section of HIPAA in the 1998 appropriations bill.

Leaders in Congress appear unwilling to pass meaningful privacy legislation. The failed 1998 Republican Patient Protection Act (PPA) would have increased sharing of patient information for any purpose classified as "health care operations," and a 1998 copyright bill would have granted federally protected corporate ownership of database information. Opponents feared ownership could allow the exchange and sale of medical data without discretion. Although both data proposals failed, the likelihood of strong privacy protections appears slim.

Some members of Congress, such as Rep. Bill Thomas, R-Calif. (who while in Minnesota publicly chastised Minnesota legislators for restricting access to medical records), appear poised to use federal legislation to dismantle any state law that protects patient privacy. Minnesota's minimally protective medical records law, passed in 1996, pertains only to those records generated after January 1, 1997, and only to requests for the entire medical record. It is, however, one of the only medical records law in the nation that strives to require written patient consent before medical records can be accessed by medical researchers from outside the institution that holds the records.

Computerized Access

Another alarming trend is government officials' advocacy of computerized medical records and computer chip technology &emdash; smart cards. Minnesota's 1997 legislature considered a governor-supported smart card proposal called the "MNCard." Had it passed, it likely would have become the mandatory identification and access card for all Minnesotans. Documents describing the card suggested many uses beyond medical records including phone and bank functions, workstation access, and drivers license.

The recent Western Governors' Association (WGA) decided to test a smart card in Bismarck, N.D., Reno, Nev., and Cheyenne, Wyo. &emdash; a health care card focused on immunization. Privacy advocateds fear that the Health Passport Program (HPP) could be used to access individually identifiable medical records and perform medical research without patients' consent. According to the WGA, the HPP "is one dimension of a much broader public health strategy for the next century [and] will ensure convergence with financial and retail industry plans for a universal transition to smart cards by the year 2000." In the future, the health passport may become as mandatory for health care as a citizen passport is for international travel.

A less obvious threat is the U.S. Commerce Department's recent grant to Sequoia Software Corporation for development of a master patient index (MPI). Piloted at Johns Hopkins Health System, it is designed to achieve systemwide linkages among an individual patient's medical record &emdash;in all places they are located &emdash; by using demographic information such as Social Security numbers. Given the media reaction to the medical ID proposal, government officials may see MPI as a less obvious and therefore more acceptable method of tracking individuals through the health care system.

Beware

Physicians are now in a difficult position. Their ethical obligation to patient confidentiality runs in direct opposition to state and federal laws demanding greater access to patient records. Clinics run the risk of becoming government research laboratories. At this rate, patients may soon find that they are research subjects under a government-imposed obligation.

Most people make health care access decisions based on fear. Fear of death, fear of pain, fear of the unknown. If the fear of public exposure, political blackmail, employment discrimination or government surveillance is greater than the fear of potential disease and incapacity, the result could be incomplete patient disclosure, costly delay, skewed research results, and unwanted medical outcomes.

Physicians must not be willing or powerless accomplices. The trust necessary for good medical care is the heart of the entire medical system. Government officials and legislators are rapidly moving toward an open season on patient information, and physicians must respond.

Twila Brase, R.N., P.H.N., is president of the St. Paul-based Citizens' Council on Health Care, a non-profit organization focused on policy affecting health care access, cost, and delivery.

Reprinted with permission of the Minnesota Physician magazine, which holds the copyright on this article. No copies, reprints, or reproductions of this article may be made without the express consent of Minnesota Physician Publishing: #612-728-8600 or mpp@mppub.com.