Protecting privacy

Last week, President Clinton proposed regulations to protect patients’ medical records from easy access by employers, marketers, researchers and others who, at this time, are not required to gain permission from patients themselves. While these regulations are an improvement, Congress must go further to ensure that Americans regain control of their medical history data.

Incredibly, 28 states do not permit patients access to their medical records, and only 34 states have laws protecting patient confidentiality. Clinton’s proposal allows patients to have access to their medical records, determine who else has examined them and permits legal action against anyone who has misused their medical history. Similarly, Sen. Olympia Snowe has included in the Patient Bill of Rights, now in conference, a provision to prevent misuse by insurance companies of patients’ genetic information.

Dramatic advances in computer technology have simplified data collection, storage and transfer. No longer are doctors and hospitals required to store and handle wheelbarrow loads of patient files. As health maintenance organizations populate the health-care landscape with their broad networks of doctors, hospitals and treatment providers, the need to transfer these records to wider groups of “interested parties” becomes vital to the patient’s best interest.

But the ease of transfer and storage has allowed misuses of these medical databases. A recent survey showed that more than a third of all Fortune 500 companies use medical records as part of the evaluation process for hiring new employees. One large employer in Pennsylvania had no trouble obtaining detailed information on the prescription drugs taken by its workers, easily discovering that one employee was HIV positive. Insurance companies are denying coverage to people based on their past medical conditions, regardless of whether they have recovered from those conditions. A dozen Medicaid clerks sold individual profiles from their computerized databases to HMO recruiters. The recruiters used this information to target potential customers.

These excesses are unacceptable. Some doctors are taking the approach of censoring themselves. Insurance companies tend to want the entire medical record of a patient. Therefore some doctors are purposely omitting sensitive information on their patients’ charts and keeping this information separately. A 1996 law limits what measures Congress can add to the adminsitration’s proposal, but must address pharmaceutical companies’ unhindered access to patients’ medical records without their permission.

Privacy will continue to be compromised as people become increasingly interconnected electronically, particularly as the Internet becomes more central to life. Where people go, what they buy, who that donate to and even who they talk to can be digitized and made available for purchase. Privacy can no longer be acquired behind a fence down a wooded lane. It must be protected.