Health Privacy Compromised, But When Is It Okay To Share?
Posted by Peerapong Tantamjarik
While not involving computer hackers, here's a story about an old-fashioned invasion of privacy. The Kansas City Star reported on September 28th that a University of Missouri hospital faces a class-action lawsuit after allegedly releasing confidential medical records for hundreds of patients to a company it hired to solicit business. The suit was filed earlier this year on behalf of approximately 800 patients with liver diseases, including hepatitis C. The complaint alleges that records were turned over by University Hospital's internal medicine chairman to a home health care provider dba Option Care, who then allegedly called the patients in an effort to sell them antiviral drugs and keep them in the hospital network. The Option Care nurse who contacted the patients using the list from the hospital stated that the calls were not for solicitation, but for patient safety.
This complaint, whether valid or not, highlights the major privacy concerns surrounding access to patients' medical records. The privacy discussion reached a fever pitch in the build-up to the passage of the federal Health Insurance Portability and Accountability Act, more (un)popularly known as "HIPAA." HIPAA has been touted as a major step in affording patients their proper privacy protections, as the law and regulations outline the parameters and limitations in which providers and businesses can access, share, and transfer certain protected health information of individuals as well as security requirements. In fact, one of the highlighted concerns leading up to HIPAA was access to patient medical records by private companies for business solicitation purposes.
The concerns only multiply when dealing with electronic medical records, or EMRs, given the ease and speed with which such records can be disseminated and exploited. Privacy advocates recently have had to grapple with this issue in the national push for widespread use of EMRs, which are touted for their efficiencies and for the potential safety benefits that arise from appropriate parties having quick access to patient records. A recent story run by the Washington Post in the wake of Hurricane Katrina would seem to confirm this latter perspective, highlighting the way in which uniform EMRs can save lives. In short, countless paper medical records were lost due to Katrina, but doctors still needed to treat patients. The federal government's Department of Health and Human Services spearheaded an effort to make medical information on Katrina evacuees available online to doctors. This data included prescription drug records, with the involvement of national pharmacy chains. Overall, the system took about 10 days to organize and federal officials did note that privacy was among the top concerns in setting up the online database.
While hard to dispute the immediate benefits to Katrina evacuees from these EMRs, privacy advocates are concerned that even beneficial efforts during an emergency can expand beyond the scope of the original crisis. For example, certain HIPAA and state privacy regulations were suspended in light of the dire nature of the circumstances. Overall, the discussion involving EMRs and access to EMRs will be a forum to address the tension between individual privacy rights and public health improvements - the classic example of the individual's right versus the common good. For example, while there is a need to limit access to each individual's medical record, public health authorities can benefit greatly and better track progression of diseases or epidemics from the enormous wealth of data that EMRs, in centralized depositories, can provide. Maybe one of the lessons that Katrina can provide is how to better strike the balance and understand the different contexts in moving forward on establishing EMR networks.
I think important aspect of provision of public goods in health care would relate to government support to research and development ,unfortunately ,health planner and the people at the helm of affairs have not sensed the real issue and have therefore not came up with logical solution to the problems.
I had an employer violate my federal HIPPA rights and the employer forced me to disclose a medical condition I have to other employees.
How or rather where can I find an attorney to represent me?
I have my Union behind me.
This Boss is Non Union, I am a Union employee.
We work for a major Non Profit Org in New York City
This is a serious concern with Health Care providers comprimising patients info. The more scary part is the fact that they tend to loose information with out of their knowledge. Hence HIPAA transactions can go a long way to ensure that secure data is not comporomised.
Ashok