By Lawrence D. Blum, M.D.

(A slightly abbreviated version of the article was published by the Philadelphia Daily News on February 14, 2000)

The need for privacy in medical care has been recognized since the days of Hippocrates. But these days large, for-profit, corporate medical enterprises are throwing aside two and a half millennia of good sense and tradition, acting to drastically diminish doctor-patient confidentiality. The degree to which Big Brother can know your most intimate medical and emotional concerns is currently being debated in Washington, with little public attention.

The need for confidentiality

Many people delay getting medical care as a result of feeling ashamed, embarrassed, or even guilty their ailments. Knowing that the doctor will keep the matters in confidence helps people to obtain care despite their misgivings. This is especially important when the illness is related to things like family conflicts, problems at work, or sexual indiscretion. For one major aspect of medical care, psychotherapy, in which a patient reveals his or her innermost feelings and fantasies, the need for strict confidentiality is even more crucial, as was recognized by the Supreme Court in the 1996 Jaffee-Redmond decision.

Confidentiality or privacy?

Confidentiality and privacy are closely related but not the same. Privacy is a person’s right not to have others know his affairs or disturb him. Confidentiality is the duty of a professional, such as a doctor, to keep to himself a person’s private matters. Both privacy and confidentiality are being eroded.

The erosion of medical privacy

Medical privacy is under attack on several fronts. Computers enable transfer of vast amounts of information in ways never before imagined, and are being put to very creative and lucrative use. For example, some pharmacy chains electronically collect data about what prescriptions have been filled by whom and sell this information to other companies. These companies then sell this data to pharmaceutical companies, which then use it to target their advertising, sometimes to the individual consumer. In the most egregious instances, people have received telephone calls pushing products relating to an illness that another member of the family wished to keep secret.

HMO’s and other insurers which require large amounts of information in order to approve (or disapprove) of payment for medical, surgical, or psychological services are also prime culprits in the diminishment of medical privacy. Insurers have frequently bought and sold each other, transferring large volumes of medical data, which itself can have a price tag in the sale. Health data about particular “high users” has been shared with employers. In pre-corporate days of medicine, personal information simply remained in doctors’ offices, or even simply in their minds. Release of this information required patients’ notice and consent. Now many, perhaps most, insurers require patients to sign a blanket “consent” statement, giving the insurer broad discretion for use of the information, for payment of claims to be considered. This “consent” is of course a sham consent, as most ill people cannot afford waive their insurance payments in order to safeguard their privacy; many do not know what they are signing.

Confidentiality, like privacy, is eroding, as more physicians and therapists become accustomed to submitting to HMO and insurance company dictates. It is not simply the doctors’ fault: although most Americans don’t know it, the law provides much better protection for their conversations with lawyers and clergy, than with doctors or psychotherapists.

Congress and HHS

In passing the Health Insurance Portability and Accountability Act in 1996, Congress required itself to pass comprehensive medical privacy legislation by August, 1999, and failing that, required the Secretary of Health and Human Services to promulgate medical privacy regulations by February, 2000. Initial HHS regulations have been proposed with remarkable good and bad features.

The best news is that HHS has established a special privilege for psychotherapy notes, which would be a separate, better protected, part of the medical record. Also beneficial are that state laws protecting privacy more stringently will not be pre-empted, and that patients would be entitled to know their healthcare companies’ privacy policies.

But the bad news is just as critical. Congress did not give HHS authority to regulate many companies which possess electronic medical data, nor did it provide for individuals whose privacy rights are violated to have any legal remedy. Of most profound significance, HHS rules would permit, with some regulation, numerous circumstances in which personal health information could be disclosed without authorization by the patient. Today’s customary sham disclosure consents would be history, but so would the authority of the patient and doctor to decide. This release of medical information without patient consent represents an important change in the practice of medicine, another departure from the Hippocratic Oath. Doctors should be wary of this, and so should you!