Privacy protection or legalized prowling? – Who should have access to your medical record? – proposed Medical Records Confidentiality Act

Privacy protection or legalized prowling? – Who should have access to your medical record? – proposed Medical Records Confidentiality Act – Head to Head

James Love

Privacy protection or legalized prowling?

Congress is addressing the question of privacy for medical records, and the major bill, introduced in October, was originally expected to sail through the Senate. The principal sponsors, Republicans Robert Bennett of Utah and Patrick Leahy of Vermont, seem fired up about the issue, and the list of co-sponsors forms a who’s who of the Senate leadership. This includes the Senate President and Senate Minority Leader and the Chair and Ranking Minority member of the Senate Committee on Labor and Human Resources plus about a dozen others. The initial hearings on the bill featured nine supporters and only a single opponent. Nevertheless, doubts about the legislation have grown as consumers have examined it more carefully.

S.1360 is titled the “Medical Records Confidentiality Act,” but it reads more like the “Medical Records Access Act.” The bill seeks “to ensure personal privacy,” but it allows a host of “other purposes” that are mostly about granting millions of persons access to your medical records without your consent and often without any notice. Who would have these broad rights?

* Companies like Equifax or TRW could obtain your records, without your knowledge, and make them available to any number of third parties without your consent. The firm could do this as a federally regulated “Health Information Service” or simply as one of many contractors for other “health care trustees” such as your insurance company.

* Medical researchers, including those who work for profit-making accounting firms, could obtain your records, with virtually all personal identifiers intact. There isn’t any real incentive for researchers to invest in “blinding” the data.

* Public health officials from just about any city or state qualify for access to all your records.

* You work .for an insurance company? No problem, just get “consent.” You know, as in, anybody who wants to process a claim has to sign away his confidentiality.

* Employers or schools? Well, be careful about the Americans for Disabilities Act, but yeah, you get everything you want, too.

* Law enforcement officials? No need for consent, as long as the information is thought to be “relevant” to an investigation. Suppose a local deputy sheriff wants to search for records on a person whose identify is unknown. Serve a warrant or subpoena? On whom? Let’s see, that one looks familiar. Oh excuse me, that’s not the individual I’m looking for, let me try another.

I’m not making this up. S.1360 anticipates all of these types of access to your medical records.

Supporters say the bill simply recognizes the reality that people lost their medical records privacy 20 years ago. You can’t get it back, you can only make the process a bit more manageable. Of course, to make things more manageable, S.1360 takes away your right to sue for invasion of privacy under common law and pre-empts a wide range of state laws. No wonder the medical records industry is so excited about the bill.

What really needs to be done? Here are a few of the suggestions that consumer groups are making:

* Protect consumers from giving “consent” for access to records under coercion.

* Prevent health insurance companies from sharing identified records with third parties.

* Require tougher notice and warrant requirements for the millions of government officials who want access to your records.

* Provide special protections for mental health, genetic and other especially sensitive information.

* Set a federal floor on privacy, not a ceiling.

Do we need a federal medical records privacy bill? Well, maybe, but certainly not a bill that purports to give privacy and doesn’t deliver.

COPYRIGHT 1996 A Thomson Healthcare Company

COPYRIGHT 2004 Gale Group