The Clinton administration's health care reform proposal, announced by the President on September 22, 1993, places substantial reliance on telecommunications and information technology to reduce costs and improve health care delivery. By linking computerized health information through a national network, the proposal envisions a system that would allow an efficient exchange of information to improve patient care and expand resources for medical research and education, while lowering health care costs. While automation may or may not achieve these goals, it will raise serious questions about individual privacy and proper use of the health care information system. This report analyzes the implications of computerized medical information and the challenges it brings to individual privacy.
In its analysis, the report examines: 1) the nature of the privacy interest in health care information and the current state of the law protecting that information; 2) the nature of proposals to computerize health care information and the technologies available to both computerize and protect privacy in the information; and 3) models for protection of health care information.
This study was requested by the Senate Subcommittee on Federal Services, Post Office, and Civil Service, and the House Subcommittee on Government Information, Justice, and Agriculture. The Subcommittees asked the assistance of the Office of Technology Assessment in confronting the issue of confidentiality of health care information in a fully automated medical environment. OTA drew upon the contribution of participants at two workshops, and received valuable assistance from officials of the U.S. Department of Health and Human Services, the National Institute of Standards and Technology, the French Ministry of Health and the European Economic Community, as well as a broad range of individuals and professional organizations from the medical community, public interest groups, industry, and academia.
OTA appreciates the participation of the advisory panelists,workshop participants, Federal agency officials, and interested citizens, without whose help this report would not have been possible. The report itself, however, is the sole responsibility of OTA.
ROGER C. HERDMAN, Director
PROTECTING PRIVACY IN COMPUTERIZED MEDICAL INFORMATION
CONTENTS
1 Introduction, Summary, and Options
Background and Study Approach
The Need for Privacy in Health Care Information
The Computerization of Medical Records
Protection for Privacy in Health Care Information
Special Policy Problems Raised by Computerization
Models for Protection of Computerized Medical Information
Congressional Options
2 The Right to Privacy in Health Care Information
Why is Privacy in Health Care Information Important?
Unregulated Computerization and Marketing of Health Care Information
Potential for Increased Demands for Computerized Information
Issues Raised by Computerization
Right to Privacy in Health Care Information
Federal Law Protecting Privacy in Medical Records
Sources of the Confidentiality Obligation--State and Common Law
Sources of Confidentiality Obligation--State Statutes
Inadequacy of Existing Protection Scheme and the
Need for Federal Legislation
3 Systems for Computerized Health Care Information
The Technology of Computerized Health Care Information
The Unique Patient Identifier
Standards for Computerized Medical Information
Informed Consent to Disclosure of Information
4 Designing Protection for Computerized Health Care Information
Fair Information Practices and the Privacy Act
Features of Health Care Privacy Legislation
APPENDIXES
A Selected Topics in Computer Security
B Model Codes for Protection of Health Care Information
REPORT BRIEF
The Clinton administration's health care reform proposal places substantial reliance on telecommunications and information technology to reduce costs and improve health care delivery. By linking computerized health information through a national network, the system envisioned in the proposal would allow an efficient exchange of information.
This capability could potentially improve patient care and expand resources for medical research and education, while lowering health care costs. While automation may or may not achieve these goals, it will raise serious concerns about individual privacy and proper use of the health care information system.
Protecting Privacy in Computerized Medical Information analyzes the implications of computerized medical information and the challenges it brings to individual privacy. OTA found that the present system of protection for health care information offers a patchwork of codes, State laws of varying scope, and Federal laws applicable only to limited kinds of information. The present legal scheme does not provide consistent, comprehensive protection for privacy in health care information, and it is inadequate to guide the health care industry with respect to obligations to protect the privacy of medical information in a computerized environment. The legal system fails to confront the reality that, in a computerized system, information will regularly cross State lines, and will therefore be subject to inconsistent legal standards.
*
Why Is Privacy in Medical Information Important?
*
Health information and the medical record reveal some of the most intimate aspects of an individual's life. In addition to diagnostic and testing information, the medical record includes the details of a person's family history, genetic testing, history of diseases and treatments, history of drug use, sexual orientation and practices, and testing for sexually transmitted diseases. Subjective remarks about a patient's demeanor, character, and mental state are sometimes a part of the record.
The medical record is also the primary source for much of the health care information sought by parties outside the direct health care delivery relationship. These data are important because health care information can influence decisions about an individual's access to credit, admission to educational institutions, and his or her ability to secure employment and obtain insurance. Inaccuracies in the information, or its improper disclosure, can deny an individual access to these basic necessities of life, and can threaten an individual's personal and financial well- being.
At the same time, accurate and comprehensive health care information is critical to the quality of health care delivery, and to the physician-patient relationship. Many believe that the efficacy of the health care relationship depends on the patient understanding that the information recorded by a physician will not be disclosed. Without these assurances, many patients might refuse to provide physicians with certain types of information needed to render appropriate care.
*
The Computerization of Medical Records
*
The health care industry is currently moving toward linking institutions through a proposed information infrastructure and communications networks. Linkages would allow transfer of patient data from one care facility to another to coordinate services, and would allow collation of clinical records of each patient over time among providers and at various health sites to provide a longitudinal record, one that forms a cradle-to-grave view of a patient's health care history. Electronically connecting the health care industry by an integrated system of electronic communication networks would allow any entity within the health care system to exchange information and process transactions with any other entity in the industry.
As a result of the linkage of computers, patient information will no longer be maintained, accessed, or even necessarily originate with a single institution, but will instead travel among a myriad of facilities.
Smart cards have also been proposed as a means to computerize and maintain health care information. Smart cards can function to store information, which can be accessed when a patient presents the card to a health care practitioner, and/or as an access control device, carrying out security functions to maintain a more secure and efficient access control system for health care information computer systems.
A major focus of security and confidentiality measures for these systems is preventing privacy invasion by trusted insiders. For online computer systems, security is generallyprovided by use of user identification names and passwords, and by menus to control access to computer system functions.
Some systems also use audit trails to record significant events on a system. However, technology alone cannot completely secure a system. Organizational education, policies, and disciplinary actions supplement technical protection for confidentiality. Smart cards can serve as an access control device, providing the security functions that are normally carried out by the user.
*
Issues in Computerization of Health Care Information
*
All health care information systems, whether paper or computer, present confidentiality and privacy problems.
Computerization can reduce some concerns about privacy in patient data and worsen others, but it also raises new problems. Computerization increases the quantity and availability of data and enhances the ability to link the data, raising concerns about new demands for information beyond those for which it was originally collected. The potential for abuse of privacy by trusted insiders to a system is of particular concern.
In addition, special policy problems are raised by computerization. Proposed use of a unique patient identifier assigned at birth and retained throughout a patient's lifetime raises concerns among privacy advocates, who claim that if the Social Security number is used for this purpose, linkage of a wide variety of information resulting in dossier type files on individuals would be possible.
Policies governing requirements for informed consent could be challenged as well, since currently patients have limited access to their health care record and may have little choice in consenting to its disclosure for certain purposes.
*
Congressional Options
*
Health professional organizations, privacy advocates, and academics specializing in health information privacy believe that as computerization of patients' records goes forward, Federal legislation is necessary to address issues of patient confidentiality and privacy. Congress may wish to enact a comprehensive health care information privacy law.
Such a law could:
Back to the Health Law Resource