Medical records online for all to see?Imagine having instant online access to your personal medical information--from payment records to laboratory results. Then imagine a crowd of people peering over your shoulder at your computer screen as you check on your prescription for nicotine patches. The Internet is increasingly being used for health care delivery, payment, prescribing medicine, outcomes analysis, research, and marketing. And doctors, insurance companies, and health maintenance organizations (HMOs) are putting personal health information online. But how confidential are these records, and how is the information used? "The locked doors, secure file cabinets, and watchful eyes of the office staff provided some protections for privacy in the age of paper-based medical records," said Deidre Mulligan mul·li·gan n. A golf shot not tallied against the score, granted in informal play after a poor shot especially from the tee. [Probably from the name Mulligan.] Noun 1. , staff counsel at the Center for Democracy and Technology, a nonprofit advocacy organization in Washington, D.C., dedicated to protecting civil liberties in the electronic age. "In the pursuit of quick access to medical records, systems are being built without any thought to privacy." Organizations providing medical records and services online say their security standards are adequate to protect patient confidentiality patient confidentiality Medical practice A Pt's right to privacy and freedom from public dissemination of information that the Pt regards as being of a personal nature. See HIPAA, Medical privacy. . Most health plans already have Web pages containing lists of doctors and hospitals and general wellness information. Using a variety of security measures Noun 1. security measures - measures taken as a precaution against theft or espionage or sabotage etc.; "military security has been stepped up since the recent uprising" security , they are now placing personal patient information on the Net. Kaiser Permanente Kaiser Permanente is an integrated managed care organization, based in Oakland, California, founded in 1945 by industrialist Henry J. Kaiser and physician Sidney R. Garfield. , an HMO HMO health maintenance organization. HMO n. A corporation that is financed by insurance premiums and has member physicians and professional staff who provide curative and preventive medicine within certain financial, based in Oakland, California “Oakland” redirects here. For other uses, see Oakland (disambiguation). Oakland (IPA: /ˈoʊklənd/), founded in 1852, is the eighth-largest city in the U.S. , with more than 9 million members, encrypts online exchanges between the HMO and members, using standards similar to those used in online banking. Kaiser says that privacy is carefully safeguarded and that the company's security systems can protect the electronic information, perhaps better than paper records can be protected. Next year, the company will provide lab results to patients who log on with a personal identification number. Oxford Health Plans also assigns personal ID numbers to members for online communication. Aetna U.S. Healthcare U.S. Healthcare is a now-defunct healthcare company. The logo had an apple. The merger with Aetna In 1996, the company merged with Aetna, calling it Aetna U.S. Healthcare. The U.S. Healthcare apple logo was next to the Aetna name, and U.S. Healthcare under it. U.S. , with 6 million managed care members, will soon put on the Internet "a significant percentage" of member information, including benefits data, status of claims, and an online approval process for specialist referrals. Aetna said the International Computer Security Association was unable to breach its privacy safeguards in a test. Health Partners in Minnesota and Blue Shield of California Blue Shield of California is a not-for-profit health insurance provider headquartered in San Francisco, California. An independent licensee of the Blue Cross and Blue Shield Association, Blue Shield of California is an incorporated, wholly owned subsidiary of California Physicians' both let employers and insurance agents enroll members over the Internet, and some of Blue Shield's insureds may select their type of coverage and physicians over the Net, usingan encryption-protected program. At Columbia University Columbia University, mainly in New York City; founded 1754 as King's College by grant of King George II; first college in New York City, fifth oldest in the United States; one of the eight Ivy League institutions. , doctors are testing a program that allows patients with chronic diseases like asthma and diabetes to view and add to their medical records online using an ID number. Despite security assurances, there are a number of ways to breach the privacy of online communications. "Clickstream The trail of mouse clicks made by a user performing a particular operation on the computer. It often refers to linking from one page to another on the Web. " data provide an electronic trail that can be used to track everything a user has viewed on the Internet. "Cookies" generated by Web servers and stored on a user's hard drive collect personal data about the user's online habits. Unauthorized interception or access to computer transmissions such as e-mail can also occur. And many users voluntarily contribute personal information, for instance, by filling out a questionnaire to subscribe to Verb 1. subscribe to - receive or obtain regularly; "We take the Times every day" subscribe, take buy, purchase - obtain by purchase; acquire by means of a financial transaction; "The family purchased a new car"; "The conglomerate acquired a new company"; an online service. In a three-year test, the University of California, San Diego UCSD is consistently ranked among the top ten public universities for undergraduate education in the United States by U.S. News & World Report.[3] It is a Public Ivy. [1] For graduate studies, most of UCSD's Ph.D. , (UCSD UCSD University of California, San Diego (La Jolla, California) UCSD User Centered System Design UCSD Urbana-Champaign Sanitary District (Illinois) UCSD Ultra Cool Sexy Dudes ) School of Medicine is placing full patient medical records on the Internet. The UCSD is using a privacy protection system, hoping to answer procedural, technical, and privacy questions that have been raised by participants in similar experiments. The privacy system is like those used with military and defense Internet systems, according to according to prep. 1. As stated or indicated by; on the authority of: according to historians. 2. In keeping with: according to instructions. 3. its designer, a defense contracting company. The system codes information in five levels, and users must pass through incremental Additional or increased growth, bulk, quantity, number, or value; enlarged. Incremental cost is additional or increased cost of an item or service apart from its actual cost. security procedures to reach levels that contain sensitive data. But not every company is erecting defenses, and critics are not convinced by the health plans' assurances of privacy. "We need to build locks into the system--to keep the bad guys out and to guard against misuse of this sensitive information," said Mulligan. "There's a big difference between security and confidentiality," said A.G. Breitenstein, director of the Health Law Institute, a private nonprofit research center in Boston. "The salient question is: How many people other than the Kaiser member have access to that lab result?" (Milt Freudenheim, Medicine at the Click of a Mouse; Online Health Files Are Convenient. Are They Private? N.Y. Times, Aug. 12, 1998, at D1.) Exploiting records If accessed, confidential medical information could be misused in a number of ways. Personal physicians, insurance administrators, electronic file clerks, case reviewers, and other doctors in a patient's HMO are just a few of the people who may have access to patient records. Confidential information Noun 1. confidential information - an indication of potential opportunity; "he got a tip on the stock market"; "a good lead for a job" steer, tip, wind, hint, lead , such as the results of a test for AIDS or pregnancy, could be disclosed, for example, to an employer, provoking the loss of a job or benefits. Harvard Community Health Plan, a Boston HMO, admitted to keeping detailed notes of psychotherapy psychotherapy, treatment of mental and emotional disorders using psychological methods. Psychotherapy, thus, does not include physiological interventions, such as drug therapy or electroconvulsive therapy, although it may be used in combination with such methods. sessions in computer records that were accessible by all clinical employees. It has since changed its computer security practices. The most blatant violation of privacy involves health insurers and others who share or sell patient data to turn a profit. Recently, eight Medicaid clerks were prosecuted in Maryland for selling computer printouts of recipients' and their dependents' financial resources to managed care company sales representatives. In Minnesota last year, 17 states settled a consumer protection suit over misuse of medical records. The suit alleged that after the Merck pharmaceutical company merged with Medco, a prescription management company, Medco gathered information from patient prescription records and had its pharmacists call doctors to urge them to switch patients to Merck products. The settlement divided $1.9 million among the states and required such managed care reforms as full disclosure and consumer education about rights and privacy issues. (In re Merck & Co. Inc., and Medco Containment Services, Inc. (Minn., Ramsey County There are two places in the United States named Ramsey County:
Pharmacies may profit by selling individuals' prescription records for target marketing. Giant Food, Inc., and CVS (1) (Concurrent Versions System) A version control system for Unix that was initially developed as a series of shell scripts in the mid-1980s. CVS maintains the changes between one source code version and another and stores all the changes in one file. Corp. both had agreements with Massachusetts marketing firm Elensys, Inc., which mailed refill reminders and promotional material to customers. In early 1998, after customers complained this could affect the confidentiality of their medical information, both companies terminated their contracts with Elensys. Pharmacy benefit managers (PBMs)--companies hired by health insurance plans to administer prescription benefits--are electronically linked to most U.S. pharmacies and have access to detailed information on 150 million Americans who use prescription cards. Selling prescription information to health industry companies, including drug manufacturers, can be a lucrative source of PBM PBM - play by mail. See play by electronic mail. revenue. (Robert O'Harrow Jr., Plans' Access to Pharmacy Data Raises Privacy Issue, Wash. Post, Sept. 27, 1998, at A1.) One beneficial use of patient prescription information is tracking patients' refill habits and checking for drug interaction problems or allowing doctors to look directly online at patients' drug histories. A study published in the Journal of the American Medical Association JAMA: The Journal of the American Medical Association is an international peer-reviewed general medical journal, published 48 times per year by the American Medical Association. JAMA is the most widely circulated medical journal in the world. found monitoring computerized prescription records can reduce the risk of potentially dangerous drug interactions in the elderly. Merck-Medco set up a computer program to monitor drugs prescribed through the service for 23,000 patients age 65 and over. Monitoring triggered 43,000 warnings to pharmacies during the year-long test, and about 24 percent of the prescriptions were changed by notified doctors. (Mark Monane et al., Improving Prescribing Patterns for the Elderly Through an Online Drug Utilization Review drug utilization review Health insurance A study of drug prescriptions to evaluate appropriateness and cost-effectiveness of drug therapy Intervention, 280 JAMA JAMA abbr. Journal of the American Medical Association 1249-52 (Oct. 14, 1998).) Direct intervention with patient care might result from monitoring records. PBMs can suggest care for those with specific chronic illnesses or contact doctors and patients to persuade them to change drugs and influence how they use them. Some PBMs have sent their own pharmacists to doctors to talk about a patient's care without the patient's knowledge. PBMs say they remove patient names and identifying information before selling data, but there is no federal privacy law governing the use of prescription information. In Nevada, for example, pharmacy chain American Drug Stores used names and other information from confidential prescription records maintained by a PBM the chain owned to send coupons and promotional fliers to patients who shopped at independent drugstores. Legislation State laws provide inconsistent protection, and there is no comprehensive federal law governing appropriate uses of health information. "Most people mistakenly believe there is a federal privacy law that safeguards their medical records, and they believe the law gives them the right to access their own medical records," said Janlori Goldman, director of the Health Privacy Project at Georgetown University Georgetown University, in the Georgetown section of Washington, D.C.; Jesuit; coeducational; founded 1789 by John Carroll, chartered 1815, inc. 1844. Its law and medical schools are noteworthy, and its archives are especially rich in letters and manuscripts by and , at a March hearing before the House Ways and Means WAYS AND MEANS. In legislative assemblies there is usually appointed a committee whose duties are to inquire into, and propose to the house, the ways and means to be adopted to raise funds for the use of the government. This body is called the committee of ways and means. Subcommittee on Health. Until the U.S. Congress passes medical records privacy legislation, the Clinton administration Noun 1. Clinton administration - the executive under President Clinton executive - persons who administer the law has tabled its plan to assign a computerized code to every American as a "unique health identifier." Privacy laws will protect patient privacy as part of a proposed "electronic bill of rights" that would also cover Internet transactions, financial data, and other computerized personal data. In late July, the House passed a Republican-endorsed bill--the Patient Protection Act of 1998 (H.R. 4250)--that included a privacy provision. However, while the bill would have required hospitals, doctors, and insurers to provide notice of their confidentiality practices to patients, it would not have required patient consent for the release of records. In addition, it would have banned the sale of confidential medical information but would have allowed the release of patient records for "health care operations," a broad term critics said could apply to almost anything. The House-passed bill was never considered by the Senate prior to adjornment of the 105th Congress in October. Health reform legislation creating a "patients' bill of rights" was intended to guarantee patients greater access to information and necessary care, guarantee a fair appeals process when health plans deny care, protect the doctor-patient relationship doctor-patient relationship, n in-teraction between a physician and a patient. , and hold HMOs accountable for decisions that end up harming patients. At the end of October, the European Union's strict regulations regarding privacy protections for medical and work records of citizens of member nations took effect. Under the regulations, companies must provide detailed disclosures to individuals about how the data will be used and give them access to the information. According to Goldman's testimony, the U.S. Congress should consider similar protections. She said a federal health privacy policy should ensure that people have the right to see, copy, and supplement their own medical records (28 states currently allow this). Patients must be given written notice of how their health information will be used and by whom, and they must consent to disclosure of personal health information, except in emergencies or public health situations. Federal privacy laws should strengthen existing safeguards for health information used by researchers and provide incentives for them to use anonymous data, Goldman said. |
|
||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion