Keep Your Health History Private

The Clinton administration has announced its intention to ensure protection of our medical records. Unfortunately, the proposals are likely to be similar to measures used to secure our credit card information. These provisions would be devastating to privacy.

Details of these proposed “fair information practices” will soon be revealed by Donna E. Shalala, the secretary of Health and Human Services. Congress, under provisions of a law passed last year, has until late 1999 to devise a plan for ensuring medical confidentiality.

Powerful interests are promoting a medical privacy bill that would dump every American’s medical record into an electronic national health care databank. This databank ostensibly would facilitate cost-cutting, research and law enforcement. If this mandatory computerization becomes a reality, none of us would be able to go to the doctor without putting our most sensitive information online.

Most Americans assume that the facts they tell their doctor are confidential and protected. In fact, medical records enjoy less legal protection than video rentals. And Congress has not acted to safeguard the confidential communications between doctors and patients. Instead, it has already laid the groundwork for the national database that would make our medical histories accessible to tens of thousands of unidentified users without our knowledge or consent.

This was done in the popular Kennedy-Kassebaum Health Insurance Portability and Accountability Act, through a provision added at the eleventh hour to require that every American be assigned a national “health identification number.” This alarming measure received no public debate, no hearings and little scrutiny. As a result, this section of the law is a ticking time bomb with respect to our medical privacy. The Administration’s so-called “fair information practices” will accelerate the risk.

Our medical records, which have traditionally been stored by each individual doctor or hospital, could be linked electronically and be accessible via computer across the country. We would have no chance to consent or object to this use of our most intimate information. Our medical records would be available to thousands of insurance companies and managed care entities, employers, researchers, public health officials, government overseers and law enforcement authorities, to name a few.

We need laws to protect our medical privacy and keep our medical “dossiers” off the Internet.

Large insurance companies and data-management firms are eager for government to support these “fair information practices” because they would help these companies to mine our private information for profit.

Think about the information you tell your doctor, therapist, gynecologist or urologist. Imagine that you or someone in your family has suffered mental illness, cancer, impotence or incontinence. Now imagine that this information has been deposited into a national database without your knowledge or consent. Or consider genetic testing. Would you want your child screened for an inherited disorder, knowing that the results posted in the databank might jeopardize his or her ability to get a job or health insurance later in life?

These are not abstract fears:

* In a University of Illinois study of Fortune 500 companies, half admitted to using edical records in employment decisions.

* A woman with a genetic predisposition to breast cancer was denied insurance coverage for treatment because it was labeled a “preexisting condition.”

* A Maryland banker serving on a state health commission pulled up a list of every person who was suffering from cancer in his area and checked it against the names of customers at his bank. He then called in the mortgages of the cancer patients. He was not punished.

Proposals to solve these problems with anti-discrimination laws just drive the abuse undergound. Some proponents of mandatory, networked electronic medical records argue that benefits would outweigh the rare problems. These advocates claim that they are protecting us, and that their interest is in saving lives by making sure that our records are available in an emergency. What they won’t admit is why they can’t ask for our consent. A system created for emergency situations could easily be built with the full knowledge and informed consent of patients. A system to advance medical research could involve the patients in the decision or use anonymous information.

If computerization of medical records is done in a truly patient-centered way, it would allow individual patients to keep information off a networked computer database and to get genetic or other tests without having to link the results to a national health identification number or reveal that they have been tested. Doctors and other health professionals would be able to remove all identifiers from an individual’s records before making the information available for research, cost-containment or “quality assurance.” And meaningful patient consent would be obtained before information was sent to a data clearinghouse or to electronic links.

Surprisingly, none of these requirements are included in the administration’s current proposals for medical privacy. They should be, before what is now misleadingly termed “fair information practices” can be regarded as so.