Emerging Issues: The Privacy of Medical Records

Maxwell J. Mehlman, J.D.

Within the past two years, a substantial amount of attention has been paid to the issue of the privacy of patient records. The Health Insurance Portability and Accountability Act of 1996 required the Secretary of Health and Human Services to make recommendations to Congress on ways to protect the privacy of medical records. Secretary Shalala submitted her proposals to Congress on September 11, 1997. The National Academy of Sciences and the National Association of Insurance Commissioners have issued recommendations of their own. Senator Robert Bennett (R. - Utah) has circulated draft legislation entitled the "Medical Information Confidentiality Act" that may well be the focus of congressional action.

Two developments account for this flurry of interest. The first is the growth of electronic medical record-keeping in place of paper records. The National Academy of Sciences report states that the health care industry spent between $10 and $15 billion on information technology in 1996. Much of this expenditure is attributable to creating electronic records systems and converting conventionally stored data to electronic formats.

Electronic medical records ("EMRs") appear to present new threats to maintaining the privacy of patient-identifiable medical records. An EMR can be called up instantaneously by someone with access to the data system and the relevant passwords. Although a paper record can be photocopied and faxed, it is less easy to distribute widely, and requires physical possession for accessibility. Computerized records systems are "black boxes" to many health professionals who are otherwise familiar with traditional records systems; they fear losing control of the systems and having to rely on computer experts who may not have internalized the privacy-related ethics of the medical profession. At the same time, one hears proposals to link all medical records systems so that patient data can be accessed wherever and whenever patients require medical services. This raises the prospect that access to one portion of one record may afford access to all records on an individual.

The Managed Care Conflict

A second reason for the increased concern over medical records privacy is the growth of managed care organizations. In the traditional, fee-for-service model of health care delivery, patient records would be produced and retained by the physician or other provider of services. The patient's health insurer would be given access to selected records needed for claims review. Disclosure of the records required patient authorization, although, typically, patients executed these authorizations automatically and in blanket fashion. In a managed care organization, on the other hand, the provider of care and the insurer, in some sense, are the same entity. Any medical information in the possession of the provider also is held by the insurer. This is clearest in a closed-panel HMO like Kaiser but is present, to a varying degree, in all forms of managed care.

1 | 2 | Next >

NOTE: We regret that we cannot answer personal medical questions.

No comments have been made

View More Features >

The Doctor Will See You Now |

LEGAL RESTRICTIONS AND TERMS OF USE OF THIS SITE. USE OF THIS SITE IS YOUR AGREEMENT TO THESE TERMS.
Copyright 2010 interMDnet Corporation. All rights reserved.
About Us | Privacy Policy | Disclaimer | System Requirements