Privacy in the Information Age?Strategies to protect confidential patient information. Little Maria, seven years old, was dying. The doctors thought they might be able to save her with a bone marrow transplant bone marrow transplant: see bone marrow. , if a suitable donor could be found. Thus it was that her parents, Allison and John, were "worked up" to ascertain whether or not they could donate their bone marrow to Maria. As it turned out, John was a better match than Allison--but both of them ended up in the donor data bank. Unfortunately for all, Maria died despite the bone marrow transplant. Her parents were so lost in their own grief that they were unable to comfort one another, and eventually they divorced. This, at any rate, was Allison's experience. Her daughter had been dead eight years now, she had been divorced for seven years, and now she was remarried. She and her new husband, Tom, moved out of state and planned to start a family soon when Allison got a phone call. It seems that she was a suitable match for someone--a 32 year old man, they told her--who needed a transplant to live. They asked her to consider being a donor. She talked it over with her husband Tom and decided not to participate. The whole situation would bring back painful memories, some risk to her own health (however small) was involved, and they would have to put off having a child for at least a year or more until she was completely healthy again. The next day, she returned the call. She was sorry, but no. Three weeks later Allison got another call. This time it was from the man to whom she had been asked to donate her bone marrow. He pleaded with her. He insisted. He offered her money. When she remained adamant, he became verbally abusive. When he finally got off the phone, Allison was emotionally distraught dis·traught adj. 1. Deeply agitated, as from emotional conflict. 2. Mad; insane. [Middle English, alteration of distract, past participle of distracten, . She felt guilty, the stranger leaving the feeling that he had some right to her tissues and organs. She felt demeaned; he'd called her selfish among other epithets. And finally, she felt violated. She had participated in the program--allowed them to take her blood and test her--to help her daughter, not some abusive stranger. How had he managed to find her? She had been told the information would be kept confidential. If things were different in her life, if she and Tom didn't have so many plans, if she wasn't trying to get pregnant, perhaps it would be different. After all, it was her life and her body. They had no right to release her name and phone number to this man. As it turned out, they had not released this information, but he managed to find out anyway. Proof indeed, that you can find anyone with very little information--if you have the time and money. The Real Issue All one needs to do is log onto a search line to understand the magnitude of the problem. I did, and found more than three million references for "privacy." And to know that almost any commentary on the issue has to be limited to concerns about patient privacy in the health industry. Linda Carroll has written: "With the advent of computerized medical records and the growth of managed care, some very intimate information is now at the fingertips "Fingertips" is a 1963 number-one hit single recorded live by "Little" Stevie Wonder for Motown's Tamla label. Wonder's first hit single, "Fingertips" was the first live, non-studio recording to reach number-one on the Billboard Pop Singles chart in the United States. of almost any computer-savvy person ... And in a move that might make medical information even more vulnerable to prying pry·ing adj. Insistently or impertinently curious or inquisitive: ignored the prying journalists' questions. pry eyes, Congress last year passed a provision mandating the creation of a system of patient identifiers that would make it easier to gather health information on every American." The provision of the health ID number is part of the Kennedy-Kassenbaum bill Kennedy-Kassenbaum Bill HIPAA, see there . It is designed to make up-to-date information easily available to clinicians and researchers. Privacy advocates, however, assert that this information belongs to the patient, and outside entities should not be able to get it without the patient's consent. And that covers only the legally accessible information. When one considers the potential for "data-theft" and "data-embezzlement" the mind boggles, Carroll says. * A Florida healthcare worker leaked a confidential list of AIDS patients to newspapers; * A Colorado medical student sold medical records to malpractice lawyers; * Medicaid clerks in Maryland sold computer printouts of patients' financial records to managed care companies; * A convicted rapist rap·ist n. One who commits rape. Noun 1. rapist - someone who forces another to have sexual intercourse raper aggressor, assailant, assaulter, attacker - someone who attacks in Massachusetts used someone else's password to peruse pe·ruse tr.v. pe·rused, pe·rus·ing, pe·rus·es To read or examine, typically with great care. [Middle English perusen, to use up : Latin per-, per- 1000 patient files, looking for Looking for In the context of general equities, this describing a buy interest in which a dealer is asked to offer stock, often involving a capital commitment. Antithesis of in touch with. phone numbers which he used to make obscene phone calls An obscene phone call is an unsolicited telephone call where the caller attempts to annoy or frighten the called party, usually by sexual or foul language. Note that solicited calls involving sexually explicit language are usually considered phone sex. . Most everyone involved in the debate over medical databases agrees that they have enormous potential to help society, and most everyone agrees that they could be--in fact, already are being--abused. A medical ID could simplify billing and make medical records easier to transport when you change jobs and insurers. It also would provide data for statistical analyses that the providers of the data (the patient) would appreciate--like denial of services A condition in which a system can no longer respond to normal requests. See denial of service attack. because a treatment doesn't meet a cost-benefit analysis cost-benefit analysis In governmental planning and budgeting, the attempt to measure the social benefits of a proposed project in monetary terms and compare them with its costs. . "The lucrative market for obtaining this information is rapidly expanding. The American Insurance Services Group (ASIG ASIG Association Suisses et Internationaux de Genève (Geneva Swiss International Association; Geneva, Switzerland) ASIG Aerospace Special Interest Group ASIG Africa Special Interest Group ) in New York New York, state, United States New York, Middle Atlantic state of the United States. It is bordered by Vermont, Massachusetts, Connecticut, and the Atlantic Ocean (E), New Jersey and Pennsylvania (S), Lakes Erie and Ontario and the Canadian province of maintains INDEX, a national clearinghouse for bodily-injury claims with a database of over 50 million claims. "The Medical Information Bureau (MIB (1) (Management Information Base) The hierarchical database used by the simple network management protocol (SNMP) to describe the particular device being monitored. MIB objects are identified using ASN.1 syntax. See SNMP, RMON, OID and ASN.1. ) collects medical data concerning individuals. Additionally, MIB collects credit history information, driving record information, criminal activity, and data concerning participation in dangerous sports...." says Jon L. Gelman. The National Committee on Vital Health Statistics has been holding hearings in an attempt to establish a unique health identifier (UHID UHID Universal Healthcare Identifier UHID Union of the Hideously and Improbably Deformed UHID Usb Human Interface Device ) and to maintain some level of privacy for health information, and is writing guidelines for an identifying system for individuals, employers, health plans and health care providers for use in a generalized healthcare system. To maintain privacy, a computer friendly algorithm or a biometric identifier (e.g., a retinal scan A retinal scan is a biometric technique that uses the unique patterns on a person's retina to identify them. It is not to be confused with another ocular-based technology, iris recognition. ) has been suggested. Individual states also are taking action: New York enacted legislation forbidding disclosure of workers' compensation workers' compensation, payment by employers for some part of the cost of injuries, or in some cases of occupational diseases, received by employees in the course of their work. records, and California prohibited the use of "individually identifiable information" in files of individual's workers compensation claim. However, New Jersey reflects the kind of confusion there is in legislative circles. New Jersey has a law that prohibits dissemination of workers' compensation records to non-parties, but it does not prohibit or restrict the use of disseminated records obtained by the parties (e.g. the employer, insurance company etcetera). In short (and New Jersey is not alone), there is legislative chaos as states both prohibit and require information and its dissemination. The Bottom-Line In the end, privacy of medical records is essential for a variety of reasons. Perhaps the most compelling is that patients are far less likely to reveal vital personal information with health professionals if they think it will be shared freely with individuals who may not have either a need or a right to it--and may even use it to exploit or harm them. Legislation may not be the best answer, but it most likely will be part of the solution to a growing and serious problem. The Medical Records Privacy Act of 1997 (S1368) is a comprehensive and carefully crafted bill that enables the development of a uniform health data program and yet provides some level of privacy. It establishes privacy safeguards, allows patients prompt access to their own information--and the ability to amend it, has specific requirements for healthcare providers to notify individuals of their rights and secure their consent to release of information, limits disclosure of information and requires segregation of sensitive portions of the medical record, and retains state laws when those restrictions are mandated. On the other hand, the Health Care Personal Information Non-Disclosure Act of 1998 (S1921), though more provider-friendly, does not separate psychiatric information, and denies patients access to their own information "if it would cause them substantial mental harm" (guess who decides that?) and allows an employer to terminate an employee who doesn't authorize To empower another with the legal right to perform an action. The Constitution authorizes Congress to regulate interstate commerce. authorize v. to officially empower someone to act. (See: authority) the release of information. The American Medical Association American Medical Association (AMA), professional physicians' organization (founded 1847). Its goals are to protect the interests of American physicians, advance public health, and support the growth of medical science. articulated three principles for safeguarding the confidentiality of medical records: 1. "That patients have a basic right to privacy of their medical information and records, and that this right should be explicitly acknowledged; 2. "That privacy should be honored unless waived by the patient in a meaningful (that is, informed, noncoercive) way, or in rare instances of a strongly countervailing public interest; 3. "That information disclosed should be limited to that portion of the medical record that is necessary to fulfill the immediate and specific purpose." The real bottom-line for privacy rests with the integrity of those who handle or have access to the databases. Laws may not be able to protect the medical record in at all times or even completely at any time ... but if we can prevent the worst of the abuses, and provide a reasonable protection for most people most of the time, all of us can realize the very considerable benefits--providers, researchers, payers, employers--that a uniform medical database offers. Leah Curtin, RN, ScD(h), FAAN FAAN abbr. Fellow of the American Academy of Nursing , is editor-in-chief of CurtinCalls, an irreverent ir·rev·er·ent adj. 1. Lacking or exhibiting a lack of reverence; disrespectful. 2. Critical of what is generally accepted or respected; satirical: irreverent humor. , fact-filled scan of nursing and healthcare, Cincinnati, OH. Roy Simpson, RN, C, FNAP FNAP Fédération Nationale des Praticiens des Hôpitaux Généraux , FAAN, is vice president of McKessonHBOC, Atlanta, GA. |
|
||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion