In the Spotlight

News & Features
The Surveillance Society: Medical Records
By Brent Wolfe
November 1999
Click for audio RealAudio 3.0

Many people consider information about their body and medical history to be their most private, personal data. They expect it to be locked away in their medical records until a doctor needs it to make a diagnosis or prescribe a cure. But those who want to protect privacy rights say plenty of other people want access to health data.

The Clinton administration is moving to protect electronic medical records, but those who worry about privacy warn the computerization of health data could lead to large-scale invasions of privacy.

PEOPLE TAKING A CPR class at the American Red Cross in Rochester are no strangers to medicine or technology. Some work at the Mayo Clinic or IBM but the idea that all their medical records are in computer files still makes them nervous.
The California Healthcare Foundation conducted a nationwide poll which included the question, "How concerned are you that medical claims information you provide under a health plan at work might be seen by your employer and used to limit your job opportunities or affect your job status?

Doctors and hospitals are computerizing complete patient records because they can access and manage the information more efficiently. It can be especially helpful in an emergency if a doctor can pull up a patient's health history on the emergency-room computer instead of waiting for a patient's file from the records department. The Minnesota Health Data Institute estimates about 15 percent of patient records are computerized nationwide and technology experts expect a rapid increase in the coming years. But Twila Brase with a watchdog group "Citizens Council on Health Care" says the convenience comes at a cost.
Brase: There is a definite danger that the information can be shared and be transmitted and it can be linked all in ways that the patient isn't comfortable with. And in the end, the convenience won't be as important anymore as is the protection of confidentiality.
Most people concerned about the privacy of their medical records worry about insurance companies or their employer getting too much information. Life insurance companies decide who to underwrite and how much to charge them based on an assessment of their health. That assessment is checked against information from a health database called the Medical Information Bureau.

For More Information
HealthKey Program
Health Privacy Project

National Coalition for Patients' Rights

Insurers set up the M.I.B. at the turn of the century to fight fraud. Member Companies send in medical information gathered from their questionnaires to see what pre-existing conditions applicants have reported to other members. George Battis, Chief Medical Director with Minnesota Life, says the company needs to verify the health of its applicants.
Battis: We have an obligation to our clients that already have insurance to price risks correctly and accordingly and if we don't do a good job, we won't have money around for them. So we watch very carefully, do we want to continue on a contract where we can't get a hold of any medical information and they won't answer any questions? It puts us at a very hard choice as to how do we proceed or do we proceed.
There are also concerns that some companies may access health records to help make personnel decisions, something federal law clearly seeks to prohibit. Joe Thompson, staff vice president at 3M, says that would be unethical as well as illegal.
Thompson: There isn't a lot to be gained by getting this information as I see it from an employer's perspective. All you can get is controversy and questions about something that you really can't use if you have it. It's hard to fathom how that data could help.
Those who tout the benefits of electronic records say the computer data can be protected using technology. But right now, health institutions are responsible for deciding how much security to provide.

Medical Records and the U.S. Government
After Congress failed to pass new regulations regarding the privacy of medical records, President Clinton proposed new rules. Read his remarks, and review the proposals.

The public comment period lasts through the end of 1999.
Earlier this year, technicians at the University of Michigan Health System accidentally put all patients' scheduling data on two unprotected Web servers which were accessed by online reporters tipped off to the Web address. And some doctors, like Dr. Tim Schacker, who heads the University of Minnesota's HIV clinic, worry that too many people within a hospital can access a patient's records.
Schacker: Any computer that I can sign on to, I can access their laboratory information, their x-ray information, their pathology; that's not wrong, that's good. In order for me to provide effective care, I have to be able to do that. But the down side is that we don't have a good way yet to make sure that the people who shouldn't see that information don't.
Schacker says he's heard medical staff gossiping about HIV diagnoses in hospital elevators. He tries to head that off by sometimes using aliases on the chart on a patients hospital door but he cant change their name on the computer records.

The Clinton administration recently issued regulations restricting the use and release of electronic medical records. That may spur health-care providers to install new protections for their data.

One of those helping Minnesota health care providers tighten security is John Fraser, Director of Information Services with the Minnesota Health Data Institute. He says the institute is developing military grade encryption software and electronic signatures and keys to protect health data.
Fraser: What we want to do is provide so much security that it will be easier to break into the office and get the paper record than to attack the electronic side. I think if we can raise the security level to that height then we truly will have increased security over the paper record.
And Fraser says people have a misconception of how secure their paper records are.
Fraser: It's simply a folder that gets put down on a counter, it gets put in the door of your waiting room, and it's all paper based. There really is no security on that except there's some physical security, it might get locked up at night. But it gets transmitted through fax machines, it gets transmitted through mail, through couriers
The beauty of the new technology is also its weakness. It's highly efficient. One computer disc can hold information on thousands of patients; in the wrong hands, it can cause significant damage. Those who worry about the misuse of medical documents hope the new federal regulations from the Department of Health and Human Services will deter most people from violating the privacy of computerized health data. But they still worry it will be too difficult to detect and prosecute those who do.