Some links on privacy of medical records

One student in the fall Math 103 course found a web site with a translation of part of the Hippocratic oath, together with a modern version. Some aspects of the privacy controversy are certainly well displayed in the contrasts between these statements.

Whatsoever things I see or hear concerning the life of men, in my attendance on the sick or even apart therefrom, which ought not be noised abroad, I will keep silence thereon, counting such things to be as sacred secrets. Whatever I see or hear in my attendance on the sick or even apart therefrom will be divulged to physicians, nurses, aides, surgeons, anesthesiologists, dietitians, physical therapists, admitting clerks, billing clerks, utilization review personnel, discharge planners, records coders, medical records filing staff, chaplains, volunteers, performance evaluators, insurers, medical transcriptionists, accrediting agencies, public health officials, other government officials, social workers, and employers. AND to whomever else requests them for whatever reason.
[attributed to Dale Miller, Irongate Inc.]

Below are some "talking points", questions which you might consider before Monday. Think seriously about one or two of them, please, and try to get some further information about them from the web sites listed below or from other sources. Other questions (such as what are the laws and standard practices in the U.S., in New Jersey, in other states and countries) regarding medical record privacy could also be considered.

Talking points

1. If I have had treatment for an STD (sexually transmitted disease) or for emotional distress who needs to know? A friend? A spouse? An employer (current or prospective)?
2. How can an insurance company keep control of possible health care fraud claims or be fiscally responsible if it needs to pay out and make a profit without knowing lots about its patients?
3. How can drug companies and medical device companies efficiently learn who is suffering from various diseases and conditions so that information about better drugs and treatment could be distributed?
4. How can people with rare diseases learn about the relative rates of success of various treatments? Who "owns" such information? What if it were your child with such a disease?
5. The real-life "Gattaca": right now the genetic tracking of the complete population in Iceland is taking place. Who owns the information? Who may/should have access to it? How should such information determine what schooling or care is given to an individual?
6. Shouldn't authorities be allowed to file the biological data (e.g., DNA) of criminals, so that this information can be checked against evidence obtained in new crimes? How about people on welfare? How about those who get parking tickets?

The web search engine I've been using recently gave me over 75,000 (yes, seventy-five THOUSAND!) web pages with information about medical record privacy. Issues connected with medical records seem to be attracting a great deal of attention.

I've listed a number of web sites below which I think may be useful in preparing for our discussion. Please look at some of them. Further suggestions to be included in this list would be very interesting.

Most of the links below were compiled in September, 1999, with the assistance of N. Fefferman. I've added some more today (1/26/2000).

Compiled 9/1999
  The American Bar Association's list of web resources on privacy issues in health care. A good list of links from both the medical and legal sides.
  An online privacy and consumer protection library. Reports from various agencies on their findings about privacy protection.
  European views of regulation and privacy. Links are sorted by country and date.
  A report by the U.S. Department of Health and Human Services on methods of protection for personal information and electronic health data.
  An analysis by Professor Ross Anderson (Computer Science, Cambridge University) of "Security in Clinical Information Systems". Deals with some of the ethical implications of broadbased medical information retrieval capabilities.
  A "statement by the American Hospital Association to the Subcommittee on Government Management, Information and Technology Government Reform and Oversight Committee Re: Medical Records Privacy, H.R. 52".
  EPIC's (Electronic Privacy Information Center - a good resource in general once its search engine comes back up!) page on Medical Record Privacy. Many links to related pages and papers. Includes some international references. Well organized in terms of pertinent category for the audience: i.e. medical, technical computer science, legal, ethical, practical, political etc.
  An essay/interview on the subject of medical privacy rights in the Journal of the American Medical Association
  The Electronic Frontier Foundation. An archive of papers and reports on Medical and Psychiatric Records and Drug Testing. Includes some actual bills having to do with regulation and disclosure laws.
  An essay on medical records privacy. Discussion from the standpoint of: "poor lawmakers have to figure out what to do with this tough subject".
  A news article in The Canadian Press on legislation to protect the privacy of medical records in Canada.
  A page dealing with privacy geared towards informing the doctor-going public.
  The American Academy of Family Physicians guide to medical records privacy. Includes a really interesting chart of "operational guidelines" for physicians.
  Exactly what it looks like: the Yahoo search engine page returned when you follow the links from health to privacy along the url path. A wide range of papers from different perspectives.
  The American Civil Liberties Union of Wisconsin weighing the pros and cons of the situation for you from a "union-like" (surprise) standpoint.
  The Consumer Project on Technology's home page of links -- like a Consumer Reports for buyers of privacy. An odd but effective set of references.
  A news report of another way we probably hadn't thought of that medical records can be harmful to the unprotected average person.
  The Massachusetts Medical Society policy and set of guidelines for its employees on how to deal with the issues of privacy.
  In Dutch, mostly. Actually, my Dutch isn't that good. Sorry.
  From Singapore (in English!). Examines very interesting perspectives on the issue of what can be done with medical records once they already exist: who owns them, who can read them and why, who should be able to use them and for what, who is in trouble if they are wrong?
  Discussion of medical information in support of police efforts.

Some additions 1/2000
  What has and hasn't happened concerning medical record privacy in the most recent U.S. Congress. sides.,3440,315984,00.html
  The last paragraph of this short article discloses how anonymous data bases can easily be "mined" to disclose personal information.
  Current (end of 1999) proposed Federal regulations, interesting both for what might be protected and what might not be. sides.
  An overview from the consumer's point of view, addressing the question: HOW PRIVATE IS MY MEDICAL INFORMATION? sides.
  Comments on medical record privacy from the viewpoint of epidemiology, which is "the study of the distribution and determinants of health and disease in populations." sides.

Other web sites suggested by students are listed below. Further additions to this list are welcome.
  A discussion culminating in a statement summarizing the privacy rights what this advocacy group urges.
  A page of links to "Confidentiality and Medical Records Privacy Resources"
  Medical record privacy examined in articles taken from regional business newspapers in several areas of the country. An interesting and different point of view.

K. Fife sent me the following message, which I have edited slightly:

Through the Rutgers Library online services, students can research articles on Proquest. However, this only works if you are logged into the Rutgers system-- I couldn't use this from home last semester).

The following is a list of a few interesting articles and excerpts which I found through Proquest that are relevant to Monday's topic:

"New medical regs are as private as a hospital gown"
Insight on the News; Washington; Dec 13, 1999; James P Lucier; "...Dr. Jane Orient, president of the Association of American Physicians and Surgeons, says: "What these regulations do is that they eliminate the ability for patients to authorize the use of their own information. Instead of protecting patients through their own consent, the government says the bureaucracy will undertake to protect them. In fact, it will make the records more accessible than before."

"Essential credential" American Medical News; Chicago; Nov 22-Nov 29, 1999; Anonymous; "The American Medical Association and Intel Corp have joined together to create a "digital credential" for physicians, to ensure that doctors who receive important and confidential medical information electronically are the physicians to whom the data is supposed to go."

"Why do people worry about computers?" British Medical Journal; London; Nov 13, 1999; Abi Berger; "Copyright British Medical Association Nov 13, 1999 [Headnote] Abi Berger asks Roderick Neame and Eike-Henner Kluge about people's fears of computer technology." In the interview, several countries and their computer-linked healthcare systems are mentioned. In particular, the US was cited for a profit-driven healthcare system.

"Open secrets" National Journal; Washington; Oct 9, 1999; Marilyn Werber Serafini; "JAMES JEFFORDS: "People are unaware of how intrusive the Information Age has become, or how vulnerable their records are." "

"Personal privacy vs. medical progress" The Chronicle of Higher Education; Washington; Sep 17, 1999; David L Wheeler; This article highlights the debate outlined by the title.

"Too much privacy is a health hazard" Newsweek; New York; Aug 16, 1999; Thomas Lee; "The growing concern over privacy of medical records is warranted, says Lee, a physician, but easy accessible records may also help patients with drug interactions or diseases in emergency situations. There must be a balance of privacy with responsible accessibility."

C. Gargano suggests the following link:

which links to lots of relevant information.

Maintained by and last modified 1/29/2000.