Medical Records Are Up for Grabs

0 Comments | Insight on the News, March 15, 1999 | by Aimee Howd

Government agencies, insurance companies, and healthcare researchers want greater access to Americans' medical data. But who will protect our right to privacy?

Seven years ago the Pennsylvania Transit Authority, while conducting a routine audit of claims information supplied by the pharmacy that was under contract to dispense prescription drugs to its employees, learned that one of its workers was taking medication for AIDS. Convinced that attitudes toward him changed after this revelation, the employee filed a lawsuit against the transit authority and Rite Aid Pharmacy for violating his privacy.

That employee lost his case. Whether (as the court ruled) his employer "had a genuine, legitimate and compelling need for the document requested" the worker now has personal proof that the privilege of increasing convenience in the Information Age comes at a cost to privacy rights. And the congressional battle about just how high that personal price will go in the medical field -- and over whether citizens or government will choose the treatments and pay the bills -- is intensifying. As Carrie Gavofa, policy director for the Healthcare Leadership Council, a broad-based industry coalition, tells Insight, "The issue will be scrutinized like no other."

This scrutiny may account for why there is little federal legislation on the privacy of medical records. Technological and medical advances simply have outstripped public-policy formulation. Even the most basic questions are up for debate: What information should be collected? By whom? How should it be used? Who has the right to access your medical information besides you and your doctor -- the pharmaceutical industry, your insurance company, your employer, the federal government? And, for that matter, just what is privacy in America's information-saturated society?

What traditionalists define straight-forwardly as "the right to be left alone" is defined by others (who insist that to be left alone is not possible in the modern world or, at least, not healthy) as "the right to control one's information." One federal lobbyist who has worked on medical issues since 1982 tells Insight that privacy issues in medicine now are more convoluted than the U.S. Tax Code.

David Linowes, chairman of the President's Commission on Privacy Protection during the Carter administration -- the last such commission to be appointed -- tells Insight, "You have to recognize the kind of information that administrators need to administrate effectively. We want and expect [convenience] today, and yet we hesitate when administrators have to get information in order to fulfill those expectations."

In employer-based insurance policies, as elsewhere, privacy and progress crash head on as technology exponentially increases the ability to store, access and manipulate personal information that often is surreptitiously gathered and relatively unprotected. About 35 percent of Fortune 500 companies use medical records in making personnel decisions, according to a 1996 study by Linowes, who now serves as professor of economy and public policy at the University of Illinois.

Before the computer, Linowes notes, information was stored on paper and voluminous records regularly were destroyed or filed without ready retrieval. Now information can be stored indefinitely and retrieved or related to other data by a few keystrokes. "The information always has been there, but it's the technology that has made the problem," he says.

Just one example of a central database of personal medical information is the Medical Information Bureau, or MIB. According to the California-based Privacy Rights Clearinghouse, medical records of 15 million Americans and Canadians are on file in the MIB computers, which supply data to more than 750 insurance firms.

Such medical records typically include personal and family medical histories, details about health-related habits and reports on everything from lab-test results to prescription medications to surgical procedures. Only 28 states allow patients access to their own medical files, generally claiming that the information in health records belongs to the health-care facility or practitioner that created them. However, in the course of a hospital stay, says a 1996 study by the Congressional Research Service, up to 400 people may see at least part of a patient's medical record. Medical information routinely is bought and sold, and may be accessed by insurance companies, state bureaus of vital statistics, managed-care organizations, healthcare researchers and others.

Recent legislation has worked with technological advances to turn information management and protection into one of the fastest-growing industries in the United States as private companies contract to collect data for the federal government in what are called "public-private partnerships."

There has been a drive on both sides of the political aisle to standardize electronic record keeping as a means to greater efficiency in billing and treatment, in gathering public-health statistics and in determining the best course of health care for society at large.