Medical Privacy: From the 4th Amendment To HIPAA.
Newly adopted federal privacy regulations set a high standard far control of medical information that all medical offices and clinics must meet. Yet, the federal government can't even secure its own database of medical information. We have less than two years to came into Full compliance with regulations that may well change aver the coming months, making compliance a moving target. Learn the history of our privacy rights and regulations. And preview the privacy debates and dilemmas that await our digital society.
Whatever in the life of men I shall see or hear, in my practice or without my practice, which should not he made public, this will I hold in silence, believing that such things should not he spoken.
Excerpted from the Oath of Hippocrates
You have zero privacy anyway. Get over it.
Scott McNealy, CEO, Sun Microsystems I
ALONG WITH ALL THE other serious issues that occupy physician executives, now comes privacy. As if personnel, financing and regulatory problems weren't enough to worry about already, U.S Health and Human Services Secretary Tommy G. Thompson announced the final patient privacy rule from the Clinton administration would be implemented rather than delayed. 
And the countdown began.
All medical facilities, from the largest hospital to the smallest solo office, must comply with these new federal regulations by April 14, 2003,  even though modification of some aspects of the regulations still may occur.
Thompson's announcement unleashed an avalanche of information, conferences and consultants all aimed at helping us comply with the 1,500 pages of privacy regulations. The consultants are set to have a field day at our expense.
In the midst of all this activity, consider the state of health information privacy today and the larger question of privacy in general.
The right to privacy
Search the U.S. Constitution and Bill of Rights and you won't find the "right to privacy" mentioned anywhere.
The Founding Fathers probably felt that they did address privacy when the Bill of Rights was adopted. They would point to the 4th Amendment as protective of any citizen's privacy.
The entire 4th Amendment reads:
This language established all the privacy any person could need or use in the late 18th and early 19th centuries.
If a free man-as women and slaves had no rights at that time-kept his papers locked up in his own house, his privacy was secure under the 4th Amendment.
By the end of the 19th century, technology had changed the privacy landscape. The 4th Amendment no longer covered all of a person's privacy needs. New conditions called for new thinking.
On December 15, 1890, Samuel D. Warren and Louis D. Brandeis presented a new way to consider privacy in their influential article, "The Right to Privacy," published in the Harvard Law Review.
"Instantaneous photographs and newspaper enterprise have invaded the sacred precincts of private and domestic life; and numerous mechanical devices threaten to make good the prediction that 'what is whispered in the closet shall be proclaimed from the house-tops,"'  Warren and Brandeis wrote.
We can only imagine how these two legal scholars would react to our 21st century world of instant Internet communication, but the points they raised resonate even more accurately today.
Over the course of the 20th century, the right to privacy slowly established through both statutes and case law. Occasionally, the extent of our 4th Amendment rights becomes a legal issue.
Such was the recent case in Kyllo V. the United States, which the Supreme Court decided on June 11, 2001. In a 5-4 decision, the high court decided that our right to privacy in our homes extends to any technological device that can register what is happening inside the house without entering the structure.
In this case, police used a thermal recording device outside to find a hot spot inside a house and used this information to obtain a search warrant. They discovered high intensity lamps for growing marijuana inside the house.
Justice Antonin Scalia wrote that this prohibition against passive, yet invasive, technology extends to any "more sophisticated systems that are already in use or in development." ...This ruling not only dealt with the issue at hand, but also set a new privacy standard into the future. 
In many other cases, our legal right to privacy is seen by the courts an inferred right rather than an explicit one. Inferred rights remain more pen to interpretation than the thermal recording case.
Over the years, legal opinions inferred that a right to privacy exists as a "penumbra" from other more explicit rights. This sort of protection is all we have right now for medical information privacy in many jurisdictions.
Any right to medical privacy only exists as far as the judiciary cares to support it unless that right is codified in law. Medical privacy laws vary from state to state with many states having no statutes covering this issue at all.
As a result, privacy sections became an important part of the Health Insurance Portability and Accountability Act of 1976 (HIPAA), eventually leading to the medical information privacy regulations that Secretary Thompson set into motion.
In essence, HIPAA makes a federal crime of providing any patient information in an identifiable form to anyone not specifically authorized to know it.  HIPAA causes various sets of "administrative simplification regulations" to be created.
The Department of Health and Human Services promulgated rules on electronic transactions and code sets in August 2000 and standards for privacy of individually identifiable health information in December 2000--and the privacy rule that was finally adopted in April this year.
Regulations for security standards are expected by October, identifier standards in late 2001 and attachment standards in late 2002 or early 2003.  This means we will face a parade of standards over the next several years, with each standard coming into effect two years after its final adoption.
There is strong pressure on the Bush administration, especially from congressional Republicans, to make major changes in the final HIPAA privacy regulations, but no one can say what changes, if any, may be made. 
In response to HIPAA, the South Carolina Medical Association filed a lawsuit against Thompson and DHHS alleging that the privacy rule overreaches its legal mandate. Details of the lawsuit were sketchy at press time, but this could well cause delays in implementation of the privacy rule or even its outright nullification.
Is there really a problem?
Does the HIPAA privacy rule solve an important problem or is it an example of unnecessary government intrusion?
The American Medical Association strongly supports patient privacy but feels that HIPAA unreasonably overloads physicians.
"Ironically, the rule does substantially increase the administrative burdens for physicians--the one sector of the health care system already ethically bound to safeguard patient privacy,"  AMA Trustee Donald J. Palmisano, MD, said. He noted that in many cases health plans are not required to obtain patient consent for the use or release of patients' medical information.
Janlori Goldman, director of Georgetown University's Health Privacy Project, praised HIPAA.
Goldman said the regulations prevent consumers from becoming "unwitting victims" of misuse of personal medical information. According to Goldman, doctors and patients have lost control over edical records, where they go and who views them. 
The Health Privacy Project has an illustration depicting how widely medical information can disseminate, and it's a scary picture.
When viewed this way, the flow of health care information seems very complex. Yet questions remain.
* Will HIPAA regulations really control the potential leaks from all these sources?
* Is the AMA's concern about overburdened physicians justified?
* Can we put the privacy genie back in the bottle, or is it too late?
Although we can agree that all medical information should remain private, clearly the public release of some forms of medical information can be much more damaging than others. Of particular concern are:
* Psychiatric records
* Sexual histories
* Drug and alcohol abuse histories
* Genetic testing
This last item creates particular concern.
As the field of human genetics leaps ahead with the Human Genome Project and similar research, areas of investigation tread into issues of ethnicity.
The human gene pool is much more homogeneous than other species of large animals. Nevertheless, research into the extremely minor variations that account for ethnic differences immediately runs into political quicksand. The study of human genetics "has become the most contentious area in modern science." 
Certain ethnic groups who were marginalized throughout history fear genetic information will be misused. Such information could conceivably be used to "scientifically" show why certain ethnic groups really are "different." Genetics could become the next tool of oppression. This understandable fear is likely to stymie certain types of genetic research for years to come.
Genetic studies that indicate a patient might have a higher risk for certain diseases have already been misused as a basis for hiring or firing.  One third of women invited to participate in a breast cancer study using genetic information refused to participate out of fear that the information might be used against them. 
That means strict controls on genetic information are necessary and appropriate, correct?
Maybe, but this question is trickier than it first appears.
The other side of the marketplace
"Ever-tightening legal prohibitions against genetic discrimination create perverse side effects when combined with the trend toward cheap and effective genetic testing," Longman and Brownlee wrote.
"Specifically, the ability of people to keep the results of genetic tests secret causes an asymmetry of information between insurers and insurers that threatens to unravel the very logic of private health insurance markets and, by extension, the viability of the U.S. health care system as a whole. 
They're talking about two issues that arise when it comes to using genetic testing to set health insurance rates:
(1.) It is not fair to rate a group of people higher for health insurance simply because of their genetics.
(2.) Results of genetic testing will always go against the individual.
Can you buy auto insurance without revealing the age of the covered driver?
Take a closer look at these concerns.
Of course not. We are quite used to having teen drivers rated higher than others because teens, as a group, have more accidents than more mature drivers.
Is this fair?
No, if you are a very careful and safe teen driver.
Yes, if you are 40 years old and your car insurance would otherwise increase to cover the extra costs of adding teens at the same rates that you pay.
In the medical arena, similar concerns arise.
Mutations of the BRAC1 and BRAC2 genes predispose some women for significant cancer risks. Women with either of these mutations have a higher risk of breast and/or ovarian cancer, but not all affected women will get cancer.
Now, is it fair to charge women more for health insurance if they are carriers of the mutated BRAC1 or BRAC2 genes?
The quick answer is no. It's not a woman s fault that she has this genetic makeup. Why should she have to pay more for health insurance just because she is genetically unlucky?
On the other hand, what about women who do not have BRAC1 or BRAC2 mutations? Why should these women subsidize the others who have a known cancer risk factor by paying higher health insurance rates?
How is this genetic rating really any different than charging teens more for car insurance? A teenager who drives excellently is still grouped with all the others who don't.
The leap from teen to gene is short and easy to make. The ethics of this question are murky. The ultimate issue is why any of us should be required to pay higher rates for health care insurance if certain subgroups an be easily and accurately identified and assigned a more accurate risk rating.
Will genetic information always be used to the detriment of the patient?
And what happens when insurance companies start to advertise lower rates to women who can prove that they do not carry the mutated BRAC1 or BRAC2 genes? Should this be allowed?
If we do not allow the lower rating, isn't that genetic discrimination, as well?
Longman and Brownlee argue that it is.
Think about the plight of a poor woman without either BRAG gene mutation who can only afford health insurance if she gets a lower rate based on her better genetic inheritance. The issue of fairness is obscured when both sides of the argument are considered.
Moreover, Longman and Brownlee predict this issue of genetic rating could be the one that brings an end to private health insurance in the United States.
"If genetic information is shielded by privacy laws, adverse selection alone will cause the cost of private health insurance to spiral upward, aggravating the problems of access. If such information is shielded, health insurance markets will operate efficiently, but they will also deny a different group of people access. Either way, mitigating such effects will require increased governmental subsidies or outright socialized medicine." 
The authors argue that the only way we can fairly deal with the genetics issue is to include everyone in the same health plan. Then, and only then, will the risk of genetic predisposition to one disease or another be borne equally.
We cannot turn back our genetic science, but we must examine where it might take us. For those who believe that a single-payer plan is the best and fairest way to provide health care coverage to all Americans, genetics may finally provide the economic argument that carries the day.
Those who oppose the prospect of a single-payer system need to understand how the knowledge of genetic predispositions to disease threatens the current system.
Taking an opposite position from congressional Republicans, President George W. Bush announced support for a legal ban on use of genetic information by employers or insurance companies.  With the Democrats now controlling the Senate, such legislation has a better chance of passing.
Can our technology save us?
If technology is the underlying cause of our privacy fears, can technology provide the privacy protection we all seek?
The computer revolution makes it quite possible for sensitive medical information to fall into the wrong hands and be broadcast throughout the world with just a few mouse clicks.
Another question is how secure are the federal government's own computers?
Michael Neuman of En Garde Systems was hired to test the security of the Health Care Financing Administration's (HCFA) computer networks. He testified to Congress that HCFA computer contractors were "outright obstructive to providing sound security."
After a year of negotiation, En Garde Systems won permission to test HCFA's systems, although certain systems were off limits.
Nevertheless, security was lax. "Using extremely old, very well known vulnerability in the WWW server software, we were able to gain access to HCFA's Web server without any more technical expertise than it takes to point and click," Neuman reported. 
So, we have the federal government enforcing privacy rules on all of us even though it's unable to protect its own medical data from the most unsophisticated form of break-in.
Scott McNealy (of the "Get over it" quote) argues that too much patient privacy will hurt patients.
"If you are in an accident, do you want an ambulance driver to be able to access your medical records online? I think you do. Do you want everybody to? No." 
McNealy makes the same case that others have made. Our technology must be allowed to work on our behalf. Just as we allow banks to access our savings information from any ATM on the planet, some form of access control must be in the hands of the owner of the information. This leads to a crucial point: who owns our private information?
"Who will draw the privacy line, and where will they draw it? If governments do it, then in all likelihood it will be a stark line, one that errs on the side of restricting the availability of information and lacks the flexibility to adapt to changing economic circumstances and individual preferences. But what of the alternative?" ask Douglas Neal and Nicholas Morgan.
"Few Americans would be comfortable allowing business to make all the privacy decisions. There is a third option. Rather than trying to set abstract standards for privacy in he marketplace, we can begin to think about personal information as personal property." 
Right now, if your private information is stored in someone's database, you have no say about what happens to that information. But if you owned your private information--no matter where it resides--then companies would be legally bound to ask your permission before using it. Moreover, you could charge for each and every time your data is used.
However, it seems we are already far into Neal and Morgan's first alternative of government regulation. Those royalty checks for the use of your data are just a pipe dream.
Earl R. ("Trey") Washburn, MD, is the administrative physician for El Dorado Pediatric Medical Group, Inc. in Placerville, Calif. and a freelance writer on medical issues.
(1.) Lester, Toby. "The reinvention of privacy." The Atlantic Monthly, 287 (3), March 2001, pgs. 27-39.
(2.) U.S. Dept. of Health and Human Services. "Statement by HHS Secretary Tommy G. Thompson Regarding the Patient privacy rule." HHS News, April 12, 2001.
(3.) U.S. Dept. of Health and Human Services. "Protecting the privacy of patients' health information." HHS Fact Sheet, April 23, 2001.
(4.) Greenhouse, L. "Search warrants mandated for high-tech home scans." The Sacramento Bee, June 12, 2001, pg. Al.
(5.) Lentz, R. "Will-o'-the-wisp: HIPAA privacy regulations are in place but not set in stone." Modern Physician, 5 (8), May 2001, pg. 4.
(6.) Pear, R. "House Republicans urge bush to ease health care rules." The New York Times, May 11, 2001.
(7.) AMA Board of Trustees Report 34-A-01. "HIPAA Update 2001." American Medical Association, June 2001.
(8.) Landers, S. "Physician groups balking at privacy rule's extra burdens." American Medical News, 44 (17), May 7, 2001, pg. 1.
(9.) California Healthcare Foundation. "Janlori Goldman discusses privacy on "Morning Edition'." California Healthline, May 15, 2001.
(10.) Olson, S. "The genetic archeology of race." The Atlantic Monthly, 287 (4), April 2001, pgs. 69-80.
(11.) Goldman, J. & Hudson, Z. Exposed: A Health Privacy Primer for Consumers. The Health Privacy Project, December 1999.
(12.) Longman, P. & Brownlee, S. "The genetic surprise." The Wilson Quarterly, 24 (4), Autumn 2000, pgs. 40-50.
(13.) New York Times News Service. "Bush says he'll back genetic discrimination ban." Sacramento Bee, June 24, 2001, pg. A5.
(14.) Associated Press. "Congress to hear status report on Medicare's computer security." The News & Observer (Raleigh, N.C.), May 22, 2001.
(15.) McNealy, S. "The case against absolute privacy." The Sacramento Bee, June 3, 2001, pg. L5.
(16.) Neal, D. & Morgan, N. "Our data, our Selves," The Wilson Quarterly, 24 (4), Autumn 2000, pgs. 51-57.
'Anonymous' Data Helps Identify AIDS Patients
In the fall of 1999, I was enthralled and horrified by a lecture to the California Medical Association's 4th Annual Leadership Academy.
Latanya Sweeney, assistant professor of public policy and computer science at Carnegie Mellon University, explained how she can break the code of medical privacy using seemingly safe information and no more computing power than a 1999 laptop computer.
In one example, she downloaded her state's department of motor vehicle database of car registrations--which is public information--and crosschecked it against hospital discharge data that listed only "anonymous" patient information such as zip code, gender and medications.
Certain medications carry implications for certain disease states, and Sweeney used this as her wedge to crack the privacy barrier. She let her computer do its magic, and within two hours she knew the names and addresses of 90 percent of the people in her city that had been hospitalized for AIDS the previous year.
* Is this the end of privacy?
* Sweeney thinks it is, and she makes a good case.
Few of us realize the true power of database programs. We use them to make labels for our Christmas cards, but they can do so much more. Sweeney's analysis shows that removing the typical personal identifiers in epidemiological data no longer protects patient identities.
Given proper instructions, a database program can compare different compilations of information to discover solid clues to individual identities. One important fact she shared: your "ZIP+4" code identifies you every time.
Sweeney sees only one way to make epidemiological information safe and anonymous--make it useless. However, by the time hospital discharge data or similar information is rendered truly anonymous, it has lost all of its power for medical research as well.
Are we ready to see the end of epidemiology and meaningful health care statistics in order to preserve our privacy? Do we have any choice?
Earl R. Washburn, MD
Digital Signature Debate Divides Doctors
The American Medical Association protests that physicians are already ethically bound to observe patient privacy, yet the HIPAA privacy rule impacts physicians harder than health plans and pharmaceutical companies.
In December, the AMA House of Delegates passed a resolution to stop drug companies from profiling the prescribing patterns of physicians. Delegates said profiling intrudes into private information between physicians and their patients.
Meanwhile, the AMA is selling physician information to drug companies from its MasterFile. The sale of physician lists brings several million dollars to the AMA every year.
These lists can include information like each physician's Drug Enforcement Administration number and Social Security number-exactly the kind of information the AMA Delegates did not want given out to drug companies. 
Additionally, both the AMA and the California Medical Association are actively developing for-profit subsidiaries to market digital signature keys for physicians in response to the increased security requirements of HIPAA.
Right now it looks like AMA and CMA will compete for this market.
Initially, CMA partnered with the VeriSign Corporation to develop the MEDePass technology.
Then, to CMA's surprise, AMA announced that VeriSign would partner with it to develop the AMA Internet ID starting in June, when VeriSign's contract with CMA expired.
VeriSign will replace Intel as AMA's main technology partner. It means the company that understands MEDePass best is now working for its top competitor.
Marie Kuffner, MD, immediate past president of CMA, wasn't pleased. "We were way ahead of the curve on the technology, and now here we have our own family in competition." 
In response, MEDePass signed a new technology partnership with Certicom replacing VeriSign. Jack Lewin, MD, CMA's EVP/CEO, said Certicom is "the only vendor offering a deployable digital signature infrastructure that can be used in both desktop and wireless (handheld) environments." 
MEDePass technology puts the physical ownership of the digital signature in the hands of the individual physician. CMA insists it is critical for physicians to control their on-line identities.
With AMA Internet ID technology, ownership of the digital signature resides with the issuing company rather than the physician. And the AMA dismisses the issue. "Ownership of a digital certificate is not defined by where the certificate resides." 
Delegates to the June 2001 AMA Annual Session in Chicago presented two resolutions calling for AMA policy to support individual physician ownership of digital signatures and restrictions on the use of the AMA MasterFile of American doctors.
A showdown between the AMA leadership and the CMA delegation was expected. Thomas Sullivan, MD, chairman of the AMA's online oversight panel, called the developing situation "a sad, potentially harmful internecine battle." 
But the surprise filing of a multimillion dollar lawsuit against the AMA by its EVP/CEO E. Ratcliffe Anderson, Jr., MD, at the opening of the annual session distracted all the participants and changed emotional content of much of the deliberations.  Anderson was later terminated from his AMA post.
Ultimately, the California delegation moved for referral of both resolutions to the AMA board of trustees for more study, and the immediate confrontation between the two large medical groups was defused.
Meanwhile, it is not at all clear whether digital signatures will be important to HIPAA compliance or not. The original HIPAA legislation does not require digital signatures. Both government and industry officials question whether digital signature technology is well enough established to be required. 
As AMA and CMA compete for what they hope is a lucrative line of business, we still do not know if there is a market to be captured in the first place. Publication of the HIPAA security rule at he end of this year may clarify this point.
Earl R. Washburn
Disclosure: Washburn is a member of the California delegation to the AMA and holds a MEDePass digital certificate.
(1.) Conn, J. "For sale: Privacy concerns, drug marketing collide at the AMA." Modern Physician, 5 (8), May 2001.
(2.) Anderson, B. "A medical identity crisis," The Fresno Bee, May 7, 2001.
(3.) Lewin, J. personal communication, June 8, 2001.
(4.) "What you need to know about the AMA Internet ID." American Medical Association, June 2001
(5.) Wolinsky, H. "AMA list, ID program called vulnerable." Chicago Sun-Times, June 14, 2001.
(6.) Japsen, B. "AMA to probe CEO charges: timing lamented." Chicago Tribune, June 20, 2001.
(7.) Zuckerman, A. "Digital signatures spark debate." The New York Times, May 14, 2001.
|Printer friendly Cite/link Email Feedback|
|Author:||Washburn, Earl R.|
|Article Type:||Brief Article|
|Date:||Sep 1, 2001|
|Previous Article:||Treating Patients Like Customers.|
|Next Article:||The Past, Present and Future of Health Care Quality.|