Proposed Health Database Has Privacy Advocates in Uproar

At first, it seems like a smart way to organize the millions of medical files Americans leave scattered in doctors' offices and HMOs across the country.

Assign every person a mandatory number, or "identifier," for their entire medical history, and tuck each file away in a single national repository. Doctors would then have easy access to a patient's complete history, aiding their diagnosis.

On the plus side, health-care professionals could access old records and update information with a keystroke. America's transient culture, where people change jobs and health-care providers several times in a career, makes the idea seem even more logical.

But to privacy experts, it sounds like an "X-Files" sequel - a prelude to a futuristic central database that would keep tabs on every aspect of a person's life, from what color their eyes are to what they had for breakfast. Without updated privacy laws, they fear it could expose an individual's most personal information.

"The American people are being told that in order to get top-notch health care there is something to be given up, [and] that something is privacy," says Dr. Margo Goldman, a member of the Coalition for Patients' Rights. "Our position is it doesn't need to be traded."

Many people can access medical records already - from doctors to insurers and even law-enforcement officers, in some cases. But the information is scattered all over - what some call "security through obscurity." The plan would centralize information, making it easier for unauthorized people to gain access.

The mandate for the identifier system was established in the 1996 Health Insurance Portability and Accountability Act. Its intent was to provide seamless health-care coverage as workers move from job to job. But as the administration moves this week to fulfill the mandate, the plan aimed at bureaucracy busting is running up against stiff preliminary opposition.

The US Department of Health and Human Services (HHS), tasked with developing the system, is soliciting public feedback. At hearings this week in Chicago, privacy concerns were raised across a broad spectrum of issues, even down to how to identify the files.

Use of the Social Security number has been discussed. But implementation is unlikely because it would give credit-card companies and credit-report firms access to sensitive medical information. It would make it easier for computer hackers, who bust Pentagon and CIA computers regularly, to steal someone's identity. Use of a unique physical feature - a fingerprint or retina scan has also been considered. This raises all sorts of danger signs for ethics experts. For example, an HMO might refuse to insure someone whose family showed a history of cancer.

"Everyone who testified [at this week's hearings] said we can't even talk about a unique health identifier in the absence of federal privacy legislation," says Kathleen Frawley, a member of the National Committee on Health and Vital Statistics, a citizens' panel consulting with HHS Secretary Donna Shalala on the issue. "Your credit records, video-rental records are protected by law. But not your medical records."

Several bills pending in Congress would create just such a legal firewall to protect medical records, including one crafted by Rep. Jim McDermott (D) of Washington, who is also a physician.

Once those protections are in place, Representative McDermott supports creating a national health database. "In Scandinavian countries, if you want to find two left-handed plumbers under the age of 40 in a town of 50,000, you can," he says admiringly, believing all would benefit from similar research currently impossible in the US.

Research gains aside, the American Medical Association remains opposed to the idea, believing it will have an adverse effect on health care. Patients, they argue, won't be entirely forthcoming if they aren't certain they can trust the confidentiality of information they give physicians. "Patients will no longer have confidence their medical information will be kept confidential. Without trust ... we may miss the diagnosis," says Dr. Donald Palmisano, who serves on the AMA board of trustees.

A solution would be to repeal this aspect of the Portability and Accountability Act before the 1999 deadline. "It got stuck in at the last minute.... It horrifies almost everybody," says George Annas, chairman of health law at Boston University.

Knowing they face a long road ahead, officials are gearing up for a hard fight. Asked how Chicago hearings were shaping the program, a testy Secretary Shalala bristled, "We haven't decided yet. We don't know what the hearings will produce."

The next round of hearings is scheduled for September in Washington.