Records No Longer for Doctors’ Eyes Only
Ben Walker, a 30-year FBI veteran, strode confidently into a pre-Christmas interview with his supervisor. Highly regarded for his work on drug and organized crime cases, Walker was sure he would quickly allay concerns about a report that he had seen a psychiatrist.
Instead, his supervisor told him the FBI was concerned. Within weeks, the bureau had decided to take away his gun, assign his drug cases to another agent and put him on administrative leave.
Behind the sudden demotion was information about Walker that the bureau had obtained from pharmacy records--released without Walker’s permission. The records showed, correctly, that he had sought treatment for depression. But they also showed, incorrectly, that he was taking multiple antidepressants.
After a year of attempts to win back his superiors’ trust and return to drug investigations, Walker decided in January to retire early.
Stories like his of leaked medical records and disastrous consequences are becoming increasingly familiar as more and more people gain access to patient information--particularly records stored in computers--that was once accessible only to doctors.
Today’s health care system often requires doctors to send substantial chunks of their patients’ records to insurers, managed-care organizations or government agencies. Insurers in turn make the information available to health consultants, peer-review panels and utilization-review experts who look for expensive treatment patterns.
But what worries patients most is that private medical information is also available to employers, who may use it to deny promotions and job changes, demote workers or avoid hiring them in the first place. In a 1996 survey of Fortune 500 companies by researchers at the University of Illinois, 35% said they had used individual medical information to make job-related decisions.
“The problem today is that most health information is in large databases that are held by managed care organizations, pharmacy-benefit managers, employers and government regulators, and there are no federal laws that protect against disclosure,” said Larry Gostin, a Georgetown University law professor and privacy expert.
Congress is considering several bills to give patients the right to inspect their medical records, correct inaccuracies and increase privacy protection. If it does not act within the next year, current law permits the secretary of Health and Human Services to put privacy protections in place for electronic medical records, although paper records might remain unprotected.
“When we give a physician or health insurance company precious information about our mood or motherhood, money or medication, what happens to it?” HHS Secretary Donna Shalala said in a recent speech. “As it zips from computer to computer, from doctor to insurance company to hospital, who can see it? Who protects it? What happens if they don’t?”
Many Ways to Gain Access to Records
In the absence of coherent legislation, medical records can find their way to an employer by many routes. Walker’s case is exceptional--though far from unique--because he had such a long record of faithful service to his employer and because his medical records came to his employer’s attention because of a matter unrelated to his health. But there are many other ways that employers can learn about a worker’s medical history.
For instance, 48 million workers get their health care through their companies’ self-insured health plans, according to the nonprofit, nonpartisan Employee Benefit Research Institute.
In such plans, the employer, rather than buying an insurance policy to cover its workers’ health, pays for their health care itself. That frequently gives an employer direct access to workers’ medical records.
And employers that contract with a health insurance company to cover their workers can request information from the insurer. Whether the information comes with employee names attached depends entirely on the insurer and the employer--not the employee.
What makes the issue so difficult is that--although patients want privacy--employers, insurers and public health agencies have an interest in controlling costs, rooting out fraud, tracking infectious diseases and finding the most effective treatments for different ailments.
At Intermountain Health in Salt Lake City--an integrated health plan with hospitals, doctor groups and other health care services in Utah, Idaho and Wyoming--physicians have access to a database with all patient information. That is a boon when a doctor other than the patient’s primary-care physician may need quick access to the patient’s records in an emergency.
“Literally hundreds of lives have been saved as a result of highly accessible information,” said John Nielsen, a senior legal counsel for Intermountain. The company’s privacy policy is to deny employers access to any health care information on workers.
Alan Mertz, vice president for government relations at the Healthcare Leadership Council, which represents the largest health care companies, added: “There are uses of patient information that help patients--you need information . . . to conduct research, do risk assessment or send reminders to patients that it’s time for a yearly mammogram or vaccinations.
“Anyway, an employer can’t use the information to discriminate--that violates the law,” said Mertz, referring to the Americans With Disabilities Act.
That is not the whole story. Not all medical conditions would qualify as a “disability” under that federal law. But even in those cases in which the law does apply, advocates for the disabled say it is not enough.
“Discrimination laws only help you after something bad has happened,” said Jeffrey Crowley, co-chairman of the Consortium for Citizens With Disabilities. “We want privacy laws to limit the flow of information so that it prevents bad things from happening in the first place.”
Employers Cite Proper Uses of Information
Employers respond that there are some things that they have a right to know.
“You would not want an employee who’s subject to blackouts to be driving a toxic chemical truck through your neighborhood,” said Mark Ugoretz, executive director of the ERISA Industry Committee, which represents self-insured plans. (The Employee Retirement Income Security Act of 1974 governs the pension and health care benefit programs operated by many big employers.)
What about an employer who is considering several workers for a highly prized assignment in a remote area? Should the employer be able to look at the workers’ medical records and eliminate an employee with serious diabetes, which might make completion of the job impossible?
“That’s a hard call--I think I would . . . say that’s a legitimate use of information,” Ugoretz said.
A Number of Questionable Cases
Scores of examples from the dark side of the Information Age raise those questions, but so far Congress, under heavy pressure from the health care industry, has been reluctant to curtail the flow of information. Consider these cases:
* An individual with the AIDS virus used a health insurance policy to buy AZT, an expensive medication. His employer discovered the AIDS drug claims and changed the company’s coverage so that the employee no longer was covered for the treatment.
* The Harvard Community Health plan, a Boston-based health maintenance organization, admitted to maintaining detailed notes of psychotherapy sessions in computer records that were accessible to all clinical employees. (Since reports of the practice were made public, the HMO has changed its procedures.)
* Two East Coast pharmacy chains, CVS and Giant, shared confidential prescription information with drug manufacturers for target marketing and customer tracking. After a public outcry, they abandoned the practice.
* Medical records of Rep. Nydia M. Velazquez’s bout with depression and a year-earlier suicide attempt were faxed to reporters just four weeks before the New York Democrat’s first congressional election in 1992.
After a painful few days in which she acknowledged past battles with mental illness, she went on to become the first Puerto Rico-born woman to serve in Congress. Velazquez said at the time that loneliness and overwork had driven her to despair.
“I learned to seek help, to take advice, to share my problems,” she said. She credited therapy with helping to change her life. “There is life after attempted suicide.”
In Congress, she has been a passionate advocate of stronger privacy laws and has testified openly about her experience.
Former FBI agent Walker’s case is a study in how thin the barriers are between private life and work. It shows how the mere suggestion of illness can undermine years of hard work and at least partly erase a record of accomplishment.
Walker was orphaned at a young age and grew up in rural eastern Tennessee. He went to work at the FBI in Washington as a fingerprint clerk soon after graduating from high school. He attended college while working at the bureau, married a fellow fingerprint clerk and became a proficient agent handling drug and organized crime cases.
“He was married to the FBI,” said Wanda Walker, his wife.
After years of insomnia and pleadings from his wife that he see a therapist, Walker asked the bureau’s employee assistance program for the name of a psychiatrist. The program, like those run by many private companies, guarantees employees that a wall separates it from the bureau’s supervisors.
“Wanda had tried to get me to seek help for years, but . . . FBI agents do not have the privilege of being able to show any weakness,” Walker said.
He saw the psychiatrist for occasional therapy and was prescribed a low dose of Zoloft, a mild antidepressant, and chloral hydrate, a sleeping pill. The depression ebbed and, for the first time in years, Walker slept well.
When a disgruntled employee accused Walker’s psychiatrist of fraud, at least two state health agencies mounted investigations, according to court papers. The overseers of the federal-state Medicaid program exonerated the doctor after a brief inquiry, but the Kentucky Board of Medical Licensure launched a full investigation.
According to Walker’s court filings, the board’s investigator demanded Walker’s medical records and those of other patients. When neither the patients nor the psychiatrist would agree to their release, the investigator obtained prescription records from local pharmacies.
Then came the fateful step: The investigator summed up the records and forwarded them to the FBI.
“Individual patients’ interests have to give way to public safety,” said Lloyd Vest, the licensure board’s general counsel. “This was an example where agents of the board were given information that indicated that there was a possibility of danger to the public that needed to be assessed.”
The danger, according to Vest, was that an armed FBI agent on sleeping pills might have impaired judgment.
Both Walker and his psychiatrist, Michael Pravetz, maintain that the investigator and the licensure board violated their due process rights and their privacy.
Experts said no one knows how often such violations of privacy occur. “Very often there is no law broken, and that is the scariest part of all,” said Nan Hunter, a former deputy general counsel of the Department of Health and Human Services. “This points to one of the most significant medical privacy problems: . . . the lack of restrictions on redisclosure of information that is obtained lawfully.”
But, worst of all from Walker’s standpoint, the FBI did what no doubt many employers would do: Agency officials appeared to believe the information that had been forwarded to them. Walker was summoned to his supervisor’s office just before Christmas 1996 and soon after was put on administrative leave.
Before long, a member of the bureau’s employee assistance program, where Walker had first turned for help, told him he had to go to Chicago for a psychiatric evaluation to see if he was fit for duty.
Walker went under protest, fearing that the taint of the exam would damage his career. The evaluation found Walker to be “fit for duty.” But by the time he was permitted to work, his drug cases had been assigned to other agents, and Walker said his supervisors no longer seemed comfortable assigning him new ones.
Furthermore, the exam had destroyed Walker’s credibility in court because defense lawyers could challenge his testimony because of it.
“The exam was the kiss of death,” Walker said. “That’s why I didn’t want to go.”
‘A Whole Universe of Prejudice’
Although the FBI will not comment, Walker’s lawyer sees it as typical of what can happen to patients when their medical privacy is breached.
“The FBI took the steps they felt they had to take, but then a whole universe of prejudice attached to him,” said Brian Glasser, the lawyer. “In a sense, the FBI system worked. It technically cleared him and found him fit for duty. But as an institution, the FBI didn’t have room for him after that.”
This summer, FBI Director Louis J. Freeh delivered a speech in Louisville, Ky., where Walker was based. Walker attended and, after the speech, gave Freeh the material he had amassed that he had hoped would clear him.
It included a copy of a letter of commendation that Freeh had sent him just a year earlier for his courage and resourcefulness in a hostage case.
“I went over to him and I said: ‘Hello, Director Freeh, I’m Ben Walker, a retired agent, and I’d really appreciate it if you’d take a look at these documents, and I’d appreciate any response you can give me.’ ”
So far, Walker has not heard back.
