Return to Emily Friedman home page

Privacy? What Privacy? Confidentiality Who?

by Emily Friedman

First published in Hospitals & Health Networks OnLine, June 6, 2006

The impending revolution in health care information technology offers tantalizing possibilities for quality improvement, more coordinated care, better communication and greater patient empowerment. But there are also real threats to privacy, the consequences of which can be devastating.

Several years ago, I was speaking at a conference on health care information technology, long before the topic was fashionable. I was there as the representative of patients and consumers, and, of course, I emphasized privacy of personal medical information. One of the other speakers was a federal official who was heavily involved in implementation of HIPAA (the Health Insurance Portability and Accountability Act, as if you didn’t know). We got to talking during a coffee break, and he told me that he found my presentation interesting, but he didn’t know why I was worried. “I don’t care who sees my medical records,” he said.

Well, I care who sees mine.

Back When

Once upon a time, sensitive medical information was protected from prying eyes, although the decision to conceal it was not always wise. Physicians commonly had a locked drawer in the office in which the “other” medical record was kept, detailing pregnancies, abortions, sexually transmitted diseases, mental illness and other stigmatizing conditions.

Often, such information did not make it into medical records at all. Indeed, during the early days of the AIDS epidemic, it was common for physicians to list the cause of death of AIDS patients as something else. This was relatively easy to do, given that the AIDS infection sparks the fatal condition but the cause of death itself can be otherwise described, usually as pneumonia or cancer. In the case of some celebrities who died of AIDS--who had begged their physicians for privacy--medical records were knowingly falsified.

Am I in favor of this? Of course not. In an emergency, or in the event of an illness or accident while someone is traveling, or when a patient does not have a physician who knows his or her health care history, complete medical records are necessary; there’s nothing like not knowing that someone is pregnant or is HIV-positive when you’re trying to treat him or her! There are significant risks for both patients and providers. And the need to protect the public’s health in the case of epidemic disease is extremely important--although there are limits.

But I can certainly understand how the concealment of critical health care information happened--and still happens. Despite the cavalier attitude of that federal official, most people are very worried about who can get into their personal health records.

Prying Eyes

And these days, a whole lot more people can get into those records than ever did before.

Data Bandits

And these are all legal initiatives (at least until they are challenged in court)! There are too many examples of people and organizations playing fast and loose with personal health information on the fringes of the law, or just plain outside the law. Among the lowlights:

Now, I realize that prying and illegal violations of privacy are hardly confined to health care. Every day, it seems, I receive outrageous “privacy notices” asking me to hand over the crown jewels. As one such solicitation read, “You don’t have to do anything to permit us to use your information. We think that’s one reason you trust us.” Think again, guys.

Dreadful Consequences

In health care, the stakes are higher. If you don’t send the privacy statement back to the credit card company, refusing to allow them to sell your information to their friends and acquaintances, you’ll just get bombarded with offers to buy this or that. But if your personal health care information gets into the wrong hands, the consequences are slightly more serious, such as:

Can Anything Be Done?

OK , so is it hopeless? More than a few people have told me to abandon my quixotic quest for proper protection of personal health information, that there is no way to keep it private, and that whatever skimpy means we have had to make it safe will be washed away in the IT deluge of electronic health and medical records and community health information networks and data bases and lack of enforcement of whatever laws manage to survive.

To which I answer: As long as people’s lives can be ruined by the improper use and/or release of their personal health information, then it is a moral and ethical issue as well as a technical and legal one, and we have no right to abandon the field to those who would do us harm, especially because most of the time their goal is to make money from the suffering of others.

A Tiny Bill of Rights

So I would suggest the following tiny little Bill of Rights for People Who Have Ever Seen a Physician or Have Been in a Hospital or Ever Had Health Insurance:

And if you think that all this is just paranoid raving (in which case my paranoia is shared by the majority of Americans, all across the political spectrum), ask yourself a question: Do you have a deep, dark health care secret? Does anyone in your family have one? Do you think any of you might ever have one?

Do you want to see it as the lead story on the 6 o’clock news?

First published in Hospitals & Health Networks OnLine, June 6, 2006

© Emily Friedman 2006

Return to Emily Friedman home page