Big Brother

Washington Monthly, June, 1999 by Kip Sullivan

How HMOs stole our right to medical privacy

A convicted child rapist lands a job at a Massachusetts hospital, gains access to hundreds of children's records, and calls the children. A Florida state public health worker sends the names of 4,000 HIV-positive patients to two Florida newspapers. An anti-gay fanatic releases a Topeka, Kan. councilwoman's blood bank records, which show her blood has hepatitis antibodies. Information about the suicide attempt of a candidate for Congress from New York is leaked to The New York Post on the eve of a primary election.

These stories are emblematic of an invasion of medical privacy that began roughly two decades ago and is now reaching catastrophic proportions. Patient records are now routinely shipped out of clinics, hospitals and pharmacies to HMOs, drug companies, drug benefit management companies, self-insured employers, researchers and government agencies. These rivers of patient data are being pooled into enormous computerized reservoirs of information all over the country.

Two developments made this attack on medical privacy possible: computers and the spread of "managed care" Before the advent of computers, patient records were kept on pieces of paper in doctors' offices. Even today, most patient records exist on paper, not in the memories of computers. But that is changing rapidly as more and more clinics and hospitals automate their record-keeping. There's no question that automation is helpful to both doctors and patients. Computerized records are more legible than handwritten notes; they're easier to retrieve, and they help doctors remember to carry out a variety of useful tasks, including warning patients about harmful drug interactions.

But the advent of computers alone cannot explain why patient data are routinely being shipped out of clinics and hospitals to people over whom doctors and patients have no control. To paraphrase the National Rifle Association, computers don't invade privacy, people do. Somebody has to decide that my computerized record cannot just sit unmolested at my doctor's office as my paper file did in olden days, but must be zapped across cyberspace to be viewed by third parties. The people who want to do this are the same people who promoted "managed competition" to the Clinton administration, and, when the Clinton bill failed, pushed HMOs to the top of the health care food chain anyway. These people are a motley bunch. They are executives of big businesses, HMOs, insurance companies like Blue Cross Blue Shield that have adopted HMO tactics, and hospital chains currying favor with HMOs, as well as politicians, pundits, and "experts" associated with universities and think tanks who peddle "competition" between HMOs as the solution to the health care crisis.

These people did not ask Americans if we approved of a health-care system dominated by HMOs. Nor did they ask us if we wanted our medical records routinely examined by strangers. Polls indicate that if we had been asked, we would have responded with a loud "no" Polls taken in the early 1990s revealed that Americans rejected the proposition that HMO rationing was essential to constraining health care inflation, and polls taken since the HMO coup in the mid-1990s indicate a sizable majority of Americans believe the new HMO-dominated system threatens quality of care. Experts agree. In 1996, the editors of the New England Journal of Medicine observed that "the quality of health care is now seriously threatened by our rapid shift to managed-care plans as the way to contain costs" The few polls that have sought to assess American attitudes about the invasion of our medical records indicate that large majorities oppose consentless invasion of medical records. A Time/CNN poll, for example, found that 87 percent of respondents believe that their permission! should be sought by anyone seeking to look at their medical files.

The assault on medical privacy coincides with the HMO assault on the U.S. health care system for two reasons: (1) HMOs destroyed small, independent doctors and hospitals and provoked the creation of huge "integrated health systems" (corporations that house hospitals, clinics, and other providers under one roof); (2) HMOs cannot reduce medical services without access to patient medical records.

The spread of HMOs has provoked a rush to vastness within the entire health industry. Merger madness struck the insurance sector first, and then the health provider sector. HMOs got big in order to force doctors and hospitals to give them cut-rate prices and more cooperation in cutting services that smaller HMOs and traditional insurers could not get. Reduced fees and prices and fewer services in turn allowed big HMOs to keep their premiums lower than smaller insurers, which attracted more business, which beg at more power to extract cut-rate deals from health care providers, etc. Doctors and hospital administrators reacted to the growth of big HMOs by organizing themselves into the equivalent of provider unions. Hospitals formed huge hospital chains, and doctors either formed their own multi-clinic empires or, more commonly, joined one of the hospital chains. This only provoked the HMOs to get bigger. And around the cycle went. The coagulation of the health system into huge HMOs and huge provider systems means computerized patient records are now loaded onto vast computer networks, not one- or two-computer systems housed in small offices.