March 22, 2002
7:15 PM   Subscribe

Medical Records Confidentiality - An End to Privacy? "The Bush Administration yesterday proposed changing some of the federal rules designed to protect the confidentiality of Americans' medical records, including the ability of patients to decide in advance who should be able to use their personal health information."

The Day After 9-11, the debate started. "People would probably not protest FBI snooping so much if we did not need to guard our privacy so tightly, if we did not have to worry about medical records being used against us by employers or insurance companies ... (More info: EFF: Privacy - Medical & Psychiatric Records and Drug Testing,, The Search and Seizure of Electronic Information.)

You have ONE MONTH to give your comments on Medical Records Confidentiality. Congressional approval is not required.
posted by sheauga (12 comments total)
This post is simply not understanding what's going on. The implementation of the HIPAA guidelines as they were is a nightmare for physicians (scope it). These changes make managing a number of the day to day issues less burdensome on existing practice infrastructure. Don't get me wrong. Patient records are totally sacred and should be private, however, massive government involvement is NOT needed to insure it. This really is just one more overhead expense for physicians who are already strapped by declining medicare reimbursement. It's all a pretty dangerous game we're playing with healthcare here in the states and the result is risking what has been the best healthcare available on the globe.

[disclaimer: shagoth is a licensed, full qualified and board certified family physician who has found himself caught up in the seemingly ever worsening Seattle economy]
posted by shagoth at 8:30 PM on March 22, 2002

A decent topic to post; but I do not understand the reference to the 911.
posted by Oxydude at 9:00 PM on March 22, 2002

shagoth has it right. The regs must be updated to a reasonable level of manageability. As they stand now doctor's offices and small hospitals can only do the best they can to have some minimal compliance.
posted by bjgeiger at 9:08 PM on March 22, 2002

psychaitrist eliiot gelwan believes that whomever benefits from this, it won't be the patient.
posted by rebeccablood at 10:39 PM on March 22, 2002

The New York Times story on this from Friday, "Bush Acts to Drop Core Privacy Rule on Medical Data" makes it pretty clear this change is being done to benefit the insurance industry. They claim it is to help people have faster and more direct access to care, but I think it's pretty clear the health insurance industry would use this change as a way to research prospective client backgrounds before either granting or denying applications for health insurance.
posted by mathowie at 12:21 AM on March 23, 2002

The new version was largely criticized by privacy advocates, physicians and Democratic leaders on health care. But it was hailed by the insurance industry. (from the Wash. Post story)

Mat, I think you're absolutely right. The insurance industry is too concerned with treating patients cheaply, not treating patients thoroughly (or at all).
posted by thatweirdguy2 at 7:11 AM on March 23, 2002

I worked on the draft regs which were finally implemented as part of my practical training as a lawyer (in conjunction with georgetown's health privacy project. The regs are unweildly, but I don't like the direction this change is moving.

As I understand it, this change undermines the most basic goal of HIPAA: that patients give their consent befor health care providers use, share, sell, or disclosure that patient's health care information. As I remember it, this was just a form, signed by the patient at the initiation of the medical relationship. The proposed change not only eliminates the consent requirement but also eliminates the notice requirement. Health care professionals will no longer even have to inform patients that they have rights in the control of the data the doctor is collecting (these rights include very basic things like having your own personal copy of the medical record). However, the changes will require a patient's specific authorization before that patient's health care information can be mined for marketing purposes. That, at least, is a very good thing.

There are also changes proposed to how minors are treated under HIPAA, an issue I had some ambivalence about to begin with.
posted by crush-onastick at 7:22 AM on March 23, 2002

It does appear to me too that this would benefit the insurance carriers and no one else.

I could sympathize if they extended the timeline and streamlined specs to ensure more current and open technology standards can be used to ensure HIPAA compliance. But this change appears to undermine the foundation of individual privacy rights established by HIPAA. If you take away the individual's right to 'consent to allow his PHI to be used for the core functions of treatment, payment and healthcare operations', the other seven broad rights are almost meaningless.

Also, it would take a month just to educate people about what is this all about. I would think one month is too short a notice for incorporating such far reaching structural changes. It took a long time to arrive at HIPAA. It would be a pity .....

For those who are interested in a primer on HIPAA, I had found the following two documents in the IBM site (written I guess to educate IT folks in healthcare providers) useful:

-HIPAA privacy rules
-Future of HIPAA policy, strategy and technology.

Those are kinda long. But the actual specs are hundreds of pages.

posted by justlooking at 10:59 AM on March 23, 2002

Sorry, shagoth, but I gotta disagree with you. Difficulty does not equal lack of necessity; there should be nothing that outweighs a patient's inherent right to a private medical record, unless that patient actively and affirmatively gives another (person/company/entity) the right to examine it, and it disgusts me to the core of my soul that Bush and Thompson are attempting to weaken that right.

You give lipservice to the notion of the absolute sanctity of the medical record, but that government involvement isn't needed to ensure it. Are you implying that physicians, hospitals, and clinics will ensure it on their own? The same people who "are already strapped by declining medicare reimbursement," and thus not likely to implement costly procedures to ensure privacy unless compelled to do so? I doubt it.

Tell me something: what part of requiring the patient's affirmative consent before release of records is difficult or burdensome? More importantly, what burden would overwhelm the right of patients to not have their medical records available to people that they do not want to have access? I can't imagine any.

(Disclaimer: I, too, am a licensed and practicing physician, and cannot imagine ever obtaining access to medical records without getting permission.)
posted by delfuego at 1:31 PM on March 23, 2002

what burden would overwhelm the right of patients to not have their medical records available to people that they do not want to have access? I can't imagine any.

Well said, thank you. We should all have the right to decide who we do not want to share our records with. This seems like a very basic and intuitive point to me.

"Doctors, pharmacies and others who use records would have to make a 'good faith effort' to obtain written acknowledgment from patients, although not necessarily ahead of time, that they had been told about privacy practices."

I find it disturbing that this is not meant as satire.
posted by homunculus at 5:01 PM on March 23, 2002

Anyone think it's kinda ironic that it's the Bush administration, the most secretive in decades, which locks away the presidential records of its Republican predecessors, and refuses to disclose discussions on how Enron may have influenced energy policy, that wants to take away the right of people to approve in advance whether third parties get to see their medical records? Like homunculus, I think it'd be funny if it wasn't deadly serious.
posted by quirkafleeg at 7:14 PM on March 23, 2002

Thanks for the practitioners' viewpoints!

I was just drug tested and fingerprinted for employment, which got me thinking about privacy. It's unsettling to realize that anyone getting a urine specimen could test for pregancy without my knowledge. In the wake of 9-11, it's become clear that electronic records about individuals are an increasingly open book. I'm concerned about the potential for harassment when someone with unfriendly intent gets access to records about reproductive health, drug treatment, or psychological counseling. I'm also concerned about individuals who become "uninsurable" once they can no longer conceal past medical problems. I find myself wondering what the chances are that we will eventually wind up with a nationwide "blacklist" database of uninsurable or unemployable individuals who have flunked a drug test at some time in their lives, have bad backs, a genetic susceptibility to some health problem, etc.

-- What burden would overwhelm the right of patients to not have their medical records available to people that they do not want to have access? I can't imagine any.
-- We should all have the right to decide who we do not want to share our records with.

I'm more comfortable with the idea of a distributed, peer-to-peer model rather than a large central database.
posted by sheauga at 9:11 AM on March 24, 2002

« Older NYT is realizing   |   Newer »

This thread has been archived and is closed to new comments