Health care and privacy law in electronic commerce

Healthcare Financial Management, Jan, 1994 by Benjamin Wright

As electronic data interchange (EDI) continues to gain acceptance and use, questions regarding protection of the confidentiality of private healthcare information have arisen. This article explains how a computer-based information system equipped with appropriate safeguards can be far better at ensuring privacy than a paper-based system.

As the pool of stored healthcare information continues to grow, so does the desire to access that information. Insurers, employers, government payers, utilization review entities, researchers, government statisticians, peer-review bodies, and patients are all demonstrating an increased interest in this information.(a)

Employers increasingly have been requesting healthcare usage profiles of those covered by employer-sponsored healthcare insurance policies. Employers seek to understand their employees' use of healthcare benefits and thus better manage costs.(b) Yet healthcare data is very sensitive information and not the type of information that individuals feel comfortable sharing. It can be embarrassing or even damaging in the wrong hands.

Some see electronic communication as posing an increased risk to the confidentiality of healthcare information. "EDI promises enhanced efficiency |for the healthcare provider~," according to an article in The Journal of Health and Hospital Law. "This promise, however, is tempered by the risk EDI poses to the security of patient information. Even if stringent security protocols make it more difficult for intruders to initially access computer systems, once accessed, the electronic medium could allow remote and unauthorized review of virtually unlimited health information. Therefore, EDI has the potential to significantly increase both inadvertent and intentional breaches of confidentiality."(c)

The author of this article, however, seems to confuse EDI and database technology. EDI is a technology that allows discrete messages to be exchanged between independent organizations or trading partners. Databases are large, organized electronic collections of information. The author's worry seems to be directed at databases, not at EDI. Someone who taps into an EDI communications channel is not likely to get access to "unlimited health information." Rather, access will be confined to the specific transactions (such as an insurance claim) that just happen to be in transit through the channel at the time. These transactions will require some effort for the eavesdropper to interpret unless he or she is trained in the language of EDI standards.

It is necessary to be alert to privacy concerns as the industry adopts more computer technology. But it also should be recognized that computers have as much capacity to ensure privacy as they have to undermine it.

Computer security and control features

Information technology not only makes the accumulation and dispersal of information easy and cheap, it can enhance control over the access of information, as well. With audit trails, system access barriers, and creative database design, information can be compartmentalized, monitored, and protected in carefully calibrated increments. A database can be designed to limit only small units of information to someone who (illicitly or otherwise) gains access to it.(d)

A well-designed system can release appropriate information to legitimate users, while guarding all other information. For example, suppose a large hospital plans to convert its patient records to an electronic format, and then plans to make those records available to the physicians who practice at the hospital. Physicians could access the records remotely through personal computers in their offices. It would not make sense, in this instance, to simply place all of the records on an unregulated database and open the whole database to hundreds of physicians. That would jeopardize patient confidentiality.

A better approach might be to require each physician first to send an electronic mail (E-mail) message to a database gatekeeper; the message would reliably identify the physician, identify the specific record the physician wishes to receive, and explain the need for the request. The gatekeeper (an individual, aided by software) would evaluate the request using the same criteria that a records manager would use to evaluate a request for paper-based patient records. If the request is justified, the gatekeeper would send the physician an E-mail message containing only the appropriate parts of the requested record and would keep a record to show precisely what information was released to which physician and when.(e)

A computer-based information system, when managed by competent professionals, is far better at controlling information than a paper-based system. In a paper-based system, for example, suppose that a researcher needed to see hospital records of certain patients, but the hospital felt it necessary to censor certain parts of those records, such as the identity of the patients, from the researcher. Hospital staff members would have to undertake the labor-intensive task of searching the records one-by-one for references to patient identity and then manually mask those references before releasing copies of the records. Staff members could, conceivably, fail to mask some of the references to patient identity, despite good intentions. In contrast, the masking of patient identity from voluminous patient records stored in an appropriate electronic database could be done in a matter of seconds, by a single operator, simply, reliably, and automatically.