The New Enemy of Privacy: Big Bucks

Challenge, May, 2000 by Amital Etzioni

All these instances of publicizing people's medical records, as well as many others, have several attributes in common. Typically they are isolated acts, often committed by a single person. As a rule, they are in violation of the policies and ethical codes of the institutions in which they took place and, in some circumstances, are in violation of federal or state laws. As troubling as these instances of unauthorized use are, they pale in comparison to the unfortunate consequences resulting from what might be called "authorized abuse." The latter intrusions are new, having become possible only with the massive introduction of electronic medical records, which are rapidly replacing paper records, and changes in insurance schemes in the health maintenance organization (HMO) age.

Privacy-Diminishing Developments in the Cyber Age

In recent years, there has been a powerful trend in the United States to gather and record more detailed information in medical records, including genetic and life-style information. The health insurance industry now collects much larger amounts of more personal information from physicians than it did in the past, amassing very large databases. Until recently, insurance companies usually received only an abstract of a patient's record, containing information on diagnoses, tests performed, and treatment provided. Nowadays, it is not uncommon for insurers to demand to see a patient's entire record. The shift to managed care programs (run by HMOs) has generated considerable additional demand for detailed patient information by groups other than doctors and other medical personnel. For instance, representatives of managed care companies have required psychiatrists, as condition of payment, to reveal extensive details about their patients to verify that treatment was necessary. A survey of psychologists and psycho analysts by the Santa Clara County Psychological Association found that 37 percent of respondents said they "had a client who either decided against therapy or interrupted it 'because of confidentiality concerns."'

Equally important are technological developments, especially the move by health-care organizations to switch the format of their medical information from traditional paper-based files to computerized records that are stored in online databases.

The increasing prevalence of electronic medical records has been compounded by moves to link health-care databases. This, in effect, turns numerous databases into one. Such linking often takes place within a single entity--for example, hospitals, clinics, and outpatient services all located within one medical center. Of a greater magnitude are the linkages among discrete organizations that render personal medical information accessible to a large number of institutions with distinct purposes, such as pharmaceutical marketers, employers, research centers, and others.

Electronic medical records also differ from traditional paper-based records in the ease with which longitudinal records are created, forming what a congressional Office of Technology Assessment report terms "a cradle-to-grave view of a patient's health care history." One can easily imagine the difficulty of such an endeavor in the old paper-based system for a patient who has lived in several cities and thus has records scattered among many physicians and hospitals that have no ties to one another and are in different locations. It is just as easy to imagine the relative ease of compiling such information when the separate records are entered into online databases. As a result, there is no escaping earlier life events, from drug abuse as a teenager to family histories of mental illness. The great gains in efficiency of electronic systems have caused a considerable loss of privacy.