Keep privacy in health records

The recovery bill's plan to digitize people's health records needs an opt-out provision.

The economic recovery package being debated in Congress sets one ambitious goal: Put every person's medical records in digital form. The $20-billion five-year plan would link records to a nationwide health network that aims to improve patient care and reduce rising costs. But at what cost to privacy in this most personal part of life?

Advocates see great benefits in transferring people's lab results, medications, X-rays, dentistry, pre-natal care – in short, their medical history – from paper in a file cabinet to an electronic network. Wider access, for instance, can reduce emergency room errors and eliminate unnecessary procedures.

And yet, surveys show Americans want modernized records, but worry about misuse – a worry that has held up past "e-health" legislation.

A 2006 survey by the Markle Foundation found 80 percent very concerned about identity theft, 77 percent very concerned about medical information being used for marketing, and more than 50 percent worried about employers and insurers having access to their personal health information. The American Civil Liberties Union reports at least a third of Americans don't share their complete medical histories for privacy reasons.

The ACLU and other privacy groups hail stronger privacy provisions in the stimulus bill that passed the House last week – even if the bill's "not perfect," as the group Patient Privacy Rights puts it.

The House bill – and similar e-health provisions in the Senate – spreads accountability to more types of health organizations; it includes audit trails to trace who has looked at records, data encryption, and authority for individuals to see their records; it strengthens enforcement and improves patient notification of breaches.

But its imperfections are not minor. The legislation does not resolve, for example, the debate among privacy advocates over patient consent in the use of records.

Some advocates say individuals should control use. Others argue patients can't know the needs of the health industry (it's common for more than 200 people to have access to patient records); they say privacy should be protected by narrowing the players who use records.

Current law actually allows information to be shared without patient consent when it comes to treatment, payment, and "healthcare operations" – a term that can include marketing and data-mining.

The House bill bans selling medical information for marketing, but allows it for "research or public health activities." It asks the secretary of health to revisit the definition of "healthcare operations."

The bill also does not contain an "opt-out" provision for people who don't want to participate in an e-network – in whole or in part. Most local health networks allow an opt-out clause. So must the stimulus.

Americans should not be starry-eyed about e-health. Look at Britain, which is years behind in its e-health program. And in the US, studies differ greatly on the savings from electronic records.

The House held no hearings on electronic medical records; the Senate held one last week – even as the bill was being marked up elsewhere. With no resolution of patient consent, with no opt-out clause, and with questions over savings and time frame, this legislation is too important for a rush job.

You've read  of  free articles. Subscribe to continue.
QR Code to Keep privacy in health records
Read this article in
https://www.csmonitor.com/Commentary/the-monitors-view/2009/0202/p08s01-comv.html
QR Code to Subscription page
Start your subscription today
https://www.csmonitor.com/subscribe