Medical privacy? You Jest
By DEBORAH C. PEEL
Special to the Star-Telegram
How many times have you walked into a doctor's office, signed a privacy notice and worried you signed away important medical privacy rights? Let me put your mind at ease: You didn't. You don't have any medical privacy rights in the first place. Signing the form is a farce.
In 2003, without fanfare or publicity, the Bush administration amended the federal medical privacy rule known as HIPAA (Health Insurance Portability and Accountability Act), allowing the prying eyes of any health-related business to read your medical records, any time they want, without your knowledge or permission.
Now President Bush tells us in his State of the Union Address that -- thanks to his leadership -- Congress is poised to pass legislation to put every American's medical records online so they can be zapped around the world via a national electronic health network without the delay and fuss of photocopying and snail mail.
The bill isn't a bad idea. We need a more efficient way to move and share medical records to improve the quality of our healthcare and reduce costs. But an electronic system to handle the most sensitive information must be built with patient control of who sees and uses that information.
Without patient control, we will simply be creating the most valuable commercial database in the world. The purpose of medical records is to improve treatment, not corporate profits.
The Bush administration amendment to HIPAA lists examples of the more than 600,000 businesses that can fish through identifiable medical data. They include employers, drug and insurance companies, marketing firms, accountants, banks and financial service companies, data warehousers, medical transcribers, legal firms, pharmacies and government agencies.
This past summer, a
The patients were mortified: How did the drug company know they were taking an antidepressant? How did the drug company obtain their addresses? How could they be allowed to send drug samples in the mail? What if their children had opened the mail and taken the drugs?
The patients settled the lawsuit because they have little if any legal standing. HIPAA allows medical centers, drug companies and pharmacies to ship around your medical records for their own profit motive.
To date, more than 15,000 medical privacy complaints such as these have been filed with the U.S. Department of Health and Human Services' Office of Civil Rights. Next to nothing has been done about these complaints because they don't violate our watered-down, virtually nonexistent federal privacy rule.
How many more complaints will be filed when exposure of the entire nation's medical records increases exponentially via the proposed national cyber-network?
Open access to 295 million medical records via a national electronic health network will cause massive discrimination. Employers and bankers could use medical records to decide whether we get jobs and credit.
Bankers could think twice about giving cancer survivors loans or mortgages. More than 35 percent of Fortune 500 companies already admit using patient health records for hiring and promotion. How high will that percentage be when all employers can data-mine everyone's medical records?
On several occasions, Bush has promised to protect medical privacy in the bill. In January 2005, he said: "I think my medical records should be private. I don't want people prying into them ... unless I say it's fine for you to do so."
It's time for Congress to admit that we don't have a privacy law any more and to build patient control into the national electronic health system before we start uploading Americans' medical records into cyberspace for private corporations to see, use and abuse -- and profit from -- as they please.
Deborah C. Peel is past president of the