Medical Records Privacy
Who Has Access to Your
Records? Today, individual health and medical data can
be collected, combined, analyzed and distributed faster and easier
than ever before. Data collection of health and other records has
become an enormous industry in response to demands from a wide
variety of potential users of that data, including:
- Insurance companies that issue life, health and disability
insurance. The companies use data to pay claims, for utilization
review (the process of deciding whether an enrollee should receive
certain health care treatments, often used by HMOs as a cost
control measure), and for underwriting and coverage decisions.
Virtually every insurance company offering these types of policies
requires you to release your medical records to them before they
will grant you coverage.
Many life insurance companies
also require applicants to sign a release to access that
individual's record at the Medical Information Bureau, which collects
medical information on individuals from applications submitted to
its member companies. In fact, these member companies are
required to report medical conditions that are "significant
to health or longevity," including height and weight, blood
pressure, ECG readings and lab results, as well as non-medical
information such as an adverse driving record and participation in
"dangerous" sports.
- Employers, who use health data to identify employees who may
be costly in the future, and to reduce their health care and
workers compensation costs. A 1996 poll by the University of
Illinois found that 35% of Fortune 500 companies use medical data in
their employment decisions. (Note: The Americans with Disabilities Act specifically
states that an employer may not ask specific questions about an
applicant's disability conditions or require a medical exam
before an offer of employment is made.) Employers get
access to medical records through a waiver signed by employees,
usually as part of the employee's application for medical
insurance
- Health care providers and facilities, which use the data for
research, to bill insurance companies and other payers, to
coordinate diagnosis and treatment options between different
departments or facilities, and to monitor quality
assurance.
Americans Are Concerned
About Their Privacy Technological advances that allow
central storage of vast amounts of health information and the number
of people who can access that information are of great concern to
consumers. A 1994 ACLU poll found that:
- 75 percent of respondents are concerned a "great deal" or
"fair amount" about health insurance companies putting medical
information about them into a computer information bank that
others have access to.
- 60 percent believe that health insurance data is accessed by
others for secondary uses.
- 70 percent are concerned a "great deal" or "fair amount" about
insurance companies getting more information about them than is
needed from their doctor.
And a January 1999 survey by the California HealthCare
Foundation found that one in five adults in the United States
believes that a health care provider, insurance plan, government
agency, or employer has improperly disclosed personal medical information.
Half of those affected say that disclosure resulted in personal
embarrassment or harm.
The Need for Medical
Privacy Legislation Currently, the United States has
no coherent, consistent privacy policy. What exists is a patchwork
of privacy laws that protect movie rentals, books we check out at
libraries, and cable television records. There is no federal law to
protect the far more sensitive medical, insurance or employment
records. While there seems to be widespread agreement that medical
privacy legislation is needed, there are conflicting views about
what such legislation should look like. Congress, the Clinton
Administration, scientists, health insurance organizations,
datamining firms and other businesses, privacy advocates and law
enforcement agencies are all engaged in complicated maneuvering over
medical records and who should have access to individual data.
These battles began with the passage of "Administrative Simplification," a little-known
amendment to the 1996 Health Insurance and Portability Act, which
required the Department of Health and Human Services to make medical
privacy recommendations to Congress. However, instead of improving
the privacy of individual medical records, the recommendations made
by HHS contain a grave threat to privacy: a mandate to assign every
American a "unique health identifier." This de facto national
I.D. would give government agencies and corporations access to a
massive database of our most private information like Social
Security Numbers, medical conditions,and financial information.
Unless Congress passes privacy legislation by August 1999, HHS
can establish its recommendations as binding rules. States, however,
could provide greater privacy protections for their residents.
What You Can Do to
Protect Your Medical Privacy Send a FREE FAX to your members of Congress
telling them that privacy rights must be part of any “Patients’ Bill
of Rights”.
Request a copy of your file from the Medical Information Bureau
by downloading a copy of the MIB Request Form
(requires Adobe Acrobat Reader) and sending it to the MIB.
There is an $8.00 charge for this search.
The Privacy Rights Clearinghouse also offer these
tips:
1. When you are asked to sign a waiver for the release of your
medical records, try to limit the amount of information
released. Instead of signing the "blanket waiver," cross it out and
write in more specific terms.
- Example of blanket waiver
: I authorize any physician,
hospital or other medical provider to release to [insurer] any
information regarding my medical history, symptoms, treatment,
exam results or diagnosis.
- Edited waiver:
I authorize my records to be released from
[X hospital, clinic or doctor] for the [date of treatment] as
relates to [the condition treated].
2. If you want a specific condition to be held in confidence by
your personal physician, bring a written request to the
appointment that revokes your consent to release medical information
to the insurance company and/or to your employer for that visit; you
must also pay for the visit yourself rather than obtain
reimbursement from the insurance company. To be especially certain
of confidentiality, you may need to see a different physician
altogether and pay the bill yourself, forgoing reimbursement
from the insurance company.
3. Use caution when filling out medical questionnaires.
Find out if you must complete it, what its purpose is, and
who will have access to the information that is compiled. Also,
before participating in informal health screenings, find out
what uses will be made of the medical information that is collected.
Use the same caution when visiting Web sites and when
participating in online discussion groups.
4. Ask your health care provider to use caution when
photocopying portions of your medical records for others.
Sometimes more of your medical record is copied than is necessary.
5. If your records are subpoenaed for a legal proceeding,
they become a public record. Ask the court to allow only a specific
portion of your medical record to be seen or not to be open at all.
A judge will decide what parts, if any, of your medical record
should be considered private. After the case is decided, you can
also ask the judge to "seal" the court records containing your
medical information.
6. Find out if your health care provider has a policy on the use
of cordless and cellular phones and fax machines when
discussing and transmitting medical information. Cordless and
cellular telephones are not as private as standard "wired"
telephones. Because they transmit by radio wave, phone conversations
can be overheard on various electronic devices.
Fax machines offer far less privacy than the mail. Frequently
many people in an office have access to fax transmissions. Staff
members at all levels of the organization should take precautions to
preserve confidentiality when sending and receiving medical
documents by fax machine. DEFEND YOUR DATA
Unless we quickly oppose further intrusions into our privacy,
what little control we still have over our own personal information
will soon disappear. That's why the ACLU has launched its Defend
Your Data Campaign. We're urging our members and everyone who values
their increasingly fragile right to privacy to support the campaign.
Take
Action Now -- -- -- Join
the ACLU |