There is a health care records concern I have about “global consent” — whereby your records are stored in one big state file, to which, if you sign a release, any health care provider may have access. This story was on Vermont Public Radio — link to it http://digital.vpr.net/post/new-patient-information-system-sparks-privacy-debate . For information on the information exchange, see vitl.net .
This is what I sent to my legislators regarding this issue:
I am fundamentally opposed to the global consent likely to go into effect for medical records in Vermont. I could list all my reasons, but I think you probably are familiar with all that are out there, and I will wager that I agree with at least 99 percent of them. Please do whatever you can to stop this horrible potential reality, and if it cannot be stopped, please do whatever is necessary to MANDATE that the patient be informed in writing (whatever format said person indicates is preferred — postal mail, email, text, etc.) EACH TIME his or her record is accessed, by whom, what date and time, and for what purpose. It should be fairly easy to automate this process. Notification ideally should be at the latest simultaneous with the access. Further, please be sure that every person whose records are in the system should be aware that they are in the system, that each
person has full access to his or her records the minute they are posted, without doctor/provider having to okay this. There should be NOTHING in one’s file that one is not aware of and does not have access to, as far as I am concerned. Last, please MANDATE that no health care provider may refuse treatment to someone choosing not to be in the system, nor should there be any penalty or detrimental effect other than the acknowledged delay in getting information to a provider who would like to see the record. This concept of global consent is an outrageous violation of human decency.
Are others concerned about this issue? If so, please not only respond here, but contact your legislators!
This is a complex issue
I generally agree that health care providers should not be asking patients to sign away their privacy rights. It’s a lazy way to get around privacy laws. There are lots of complicated issues surrounding this though, for example when you receive services at a hospital there are hundreds of people who see your records (the billing companies, the insurance providers, laboratories, clinics, Medicaid, pharmacies, transcription services, pharmaceutical companies, etc.) If you received a letter informing you each time someone had access to your records you would receive hundreds of letters a month. Do all those people need to see your complete record? Probably not, but there is no easy way to limit what they see to just the parts they need to see. Sharing your records so that doctors can look for health trends and see what works and doesn’t is a great way to advance medicine, but the researchers don’t need to know who you are. Anonymizing those records helps, but it turns out to be very easy to de-anonymize the records using public databases. So should you allow your medical records to be shared for research purposes if they are anonymized? The main reasons for this global-consent option would appear to be reducing costs for companies (less paperwork) and reducing legal liability for companies (they can’t get sued if they release your records.) This is already the way many hospitals handle HIPAA privacy requirements, you have to sign away your rights in order to be admitted to make it easier for the hospital to share your information and so they can’t be sued for sharing your information (not that they want to compromise your privacy, they just don’t want to get sued for it if it happens). Global-consent is the same thing but signs away your rights for all hospitals instead of having to sign at each hospital individually. Signing away your privacy rights may actually get you care faster if the hospital won’t treat you until someone signs a similar form, but it basically appears to be an end run around federal privacy laws, in my opinion. If you’re interested in learning more about the technical aspects of data and health data privacy issues browse this site: http://www.ists.dartmouth.edu/
not sure if you were addressing me specifically
Rapjr, I am not sure if you meant your reply to be directed at me, or the general public. I do not see the issue as complex; I see it has having a lot of components, but they are not complex to me. It is very simple in my mind. That is not to say I don’t understand the ramifications of my beliefs and preferences, should they ever prevail again. That said, I am aware of and respect that for some this is nowhere near a clear cut, 100% to 0% decision, and could well be as close as 50.1 to 49.9. For individuals who have given this serious thought I will fully support their right to their opinions. I do not, however, respect the bureaucrats who seem entitled to make “expert” decisions for all us “Done to’s”. I would welcome a serious, truly educational (not manipulative PR campaign) process to engage citizens on these issues.
For me, on just about every factor, I come down on the not only PRIVACY side, but the CONFIDENTIAL side. Privacy meaning, to me, it stays within the realm of whomever beyond the one original person has access to the info, which, as you point out, these days encompasses MANY people, and confidential meaning it is between the patient and the provider. Period. I may be willing to acknowledge that there are maybe 10% of the issues that I personally have to at least consider and wrestle with. That’s about it. I just want the citizenry to be fully informed, and have the legal right to make their own decisions without fear of imposed repercussions/denial of services.
I have seen, especially in psychological/psychiatric services, people labeled “non-compliant” and much worse for denying current providers access to past records, and be denied service. However, this happens in many other instances, as well. Are there treatment ramifications when one denies access? Absolutely. Does it make it harder for a provider? Very probably. But implementing a bureaucratic solution, especially one that punishes people for wanting confidentiality, strips human beings of their autonomy, and that, to me, is the greater tragedy/sin/violation/etc. in just about every individual case as well as for the long term “health” of a democratic, respectful society. And in my hierarchy of values, goals, guiding principles, etc., helping our country become a democratic, respectful society pretty much always sits at the top. (Yes, that implies I do not think we are there.)
Marketing Health
I see putting our health records in an Internet accessible database as about 3 minutes away from people buying, stealing, or otherwise mining those records for marketing purposes. One day, you’re surfing the web, Facebook, wherever, and all the ads are targetted at your past and present health problems. You start getting spam email about them. You feel kind of weird but then you get used to it. Privacy, what’s privacy?
But seriously, it’s going to happen because it’s possible to do and there are always going to be people who see the benefits as outweighing any concerns about privacy. Then again, an opt out would be nice, assuming that your life belongs to you and not the govt healthcare system.
If privacy could be assured, it would be a good thing. But they’re not guaranteeing privacy, I don’t think.
Already legal and happening
Lise, it is already legal for drug companies to know the info and to market to people. Even prior to ubiquitous internet use, people were getting US postal mail marketing for certain medication and medical conditions. I believe it is no longer legal, but for a time, the state of Vermont was selling information in its driver’s license database showing who is overweight and those people were targeted for weight loss programs and products marketing by private companies. There is much profit in access to this information, and it will be too tempting to take advantage of that as an income stream as we do get more used to less and less privacy.
I guess I am just an errant dinosaur waiting (as long as I can!) to complete the extinction of my type.