Progress for Privacy

In recent months, health insurers have aired scores of TV ads in which an older woman named Flo says she opposes most federal HMO reforms because she thinks they would put “big government in my medicine cabinet.”

What Flo doesn’t tell viewers is that her medicine cabinet, like that of most Americans, is already chock full of snoopers, from car insurers looking to see if she has high blood pressure to health insurers checking for a family history of cancer to employers seeking evidence of psychiatric problems.

Most Americans may not realize it, but federal laws makes this snooping perfectly legal. Video store owners are barred from disclosing our rental histories and cable companies cannot divulge our channel choices, but no federal regulations govern the dissemination and use of patients’ most intimate medical information, though California has fairly strict laws.

Last Friday, President Clinton took a long overdue step toward imposing the nation’s first patient confidentiality standards. He ordered the Secretary of Health and Human Services to issue by Feb. 21 regulations permitting doctors, hospitals, pharmacies and managed care organizations to share medical records only for treatment, payment, and health care operations such as quality assurance. Health care insurers, led by the Blue Cross and Blue Shield Assn., say the regulations would “interfere with physician communication” and add $43 billion to health care bills over the next five years. That’s alarmist. In fact, the regulations grant doctors and insurers significant discretion to disclose patient information deemed necessary for “business operations.”

Clinton’s plan is far from watertight. The administration did not have the authority to bar life insurers from checking patient records and medical researchers from redisclosing charts that patients or the government had given them. Nor was the administration able to change a federal law (called ERISA) that allows employers to exchange medical records of their employees with affiliated companies. Finally, while federal regulators will be able to fine doctors and hospitals up to $50,000 for the improper disclosure of confidential medical information, patients may not sue doctors, HMOs or insurers who knowingly violate them.

But while Clinton was at least working to allay a growing worry for patients, Congress this year has labored in the opposite direction. For instance, new banking reform legislation offers no safeguards against insurance companies sharing their medical files with their banking affiliates. A bank could use medical files, for instance, as grounds to reject a mortgage application and not even bother to inform the customer.

Until strict safeguards against such disclosures are in place, banking regulators should make a ban on the sharing of medical data a condition to any merger between an insurance company and a bank.

Computerization of medical records and medicine’s growing ability to find genetic markers for disease are leading more and more companies to sneak a peek into patient records. President Clinton’s plan will help ward off many of these special interests, but only Congress’s leadership can shut them out for good.