Your Health History - Up For Grabs?
By: Judy Foreman
07/20/1998 

Today, the federal government is taking the first steps toward a national system that would give each of us a single number or "identifier" linked to every medical record ever kept on us. It's a prospect that privacy advocates fear may destroy what little confidentiality remains in the era of computerized medical records.

Granted, so many people can already legally view your medical file - not just doctors or nurses but insurers, self-insured employers and even law enforcement officials under some conditions - that some nihilists figure things can't get worse.

"Big brother has already found you. He knows where you live. He knows you go to a psychiatrist. He studies your drug behavior," says Arthur Caplan, director of the center for bioethics at the University of Pennsylvania.

Because most medical care is paid for by third party insurers, he says, when it comes to real safeguards of privacy, "I don't think we have any way. . . We are not at T-minus 30 seconds and holding. We are trying to grab a missile that has cleared the atmosphere and bring it back."

But others concerned about medical privacy say things could get worse if the Department of Health and Human Services, as required by the 1996 Kennedy-Kassebaum law on health insurance portability, goes ahead with regulations on what's become known as the "unique health identifier." HHS says it will only proceed if there is "sufficient national consensus."

The identifier, the subject of hearings by an HHS advisory panel that begin today in Chicago, could be a number, perhaps your Social Security number or an "enhanced" version of it, according to a white paper that the agency recently posted on the Web.

Although many health plans already use Social Security numbers to track patients, some let you pick a less-traceable number instead. But having a single, mandatory "womb to tomb" number could make it even easier for claims information and pharmacy data to be linked to other data bases - like tax records, voter registrations, motor vehicle data and credit card records, privacy advocates fear.

If your employer is self-insured, for example, the only health care information it can see is its own records. If there were a health identifer, the employer could access your entire medical history, privacy advocates say.

The unique health identifier, the HHS white paper notes, need not be a number at all. It could be a sample of your DNA, which horrifies advocates like Wendy McGoodwin at the Cambridge-based Council for Responsible Genetics. Or it could be some other unique "biometric marker" like a fingerprint, distinctive patterns on the retina or iris in the eye, or a voice pattern.

To some, streamlining the electronic processing of medical records is an overdue cost-saving reform.

In October, the Sequoia Software Corporation in Columbia, Md., won a multi-million dollar grant from the US Commerce Department to develop a national "Master Patient Index." The goal, the company said, is to develop a "massively distributed medical records system across a national computer backbone."

As of now, the company lamented, the electronic flow of information from patient records is hampered because "there has been no common indexing to correlate and cross-reference patient identifiers such as name, birthday and Social Security number." The state of affairs that the company bemoans is one that grateful privacy advocates dub "security through obscurity."

Kathleen Frawley, vice president for legislative and public policy services for the American Health Information Management Association, a Chicago-based group, says the horse is already out of the barn:

"Right now, there are 1,500 different claim forms used by insurers that require hospitals and doctors to process information differently. . . We are already in a privacy crisis. This doesn't make it worse.

"People don't realize their health information is already going out the door," she adds. At least, she notes, the 1996 law that calls for a health identifier also says that Congress must enact privacy legislation by August, 1999, and that if it doesn't, HHS must issue privacy regulations.

Advocates for some sort of health identifier system aren't backing down. Because people now typically have than half a dozen health plans over a lifetime and see many doctors, there is a need for "different enterprises and consumers to be able to track medical history over time," argues Elliot Stone, executive director of the Waltham-based Massachusetts Health Data Consortium, a private, nonprofit group that builds large data health care bases.

Though Stone does "not necessarily" favor a single identifer, he believes it's possible to "blend confidentiality policy with technology."

And there are potential benefits - at least to society at large - of making it easier to access private medical data. These include better tracking of diseases, quicker detection of fraudulent billing and better medical care if, say, you're insured in Massachusetts and wind up in an emergency room in California.

At Brigham and Women's Hospital, having computers analyze patient records and doctors' orders has produced "an order of magnitude decrease in medication errors" by alerting doctors to potential drug interactions or allergic responses, says John Glaser, vice president and chief information officer at Partners HealthCare System, Inc., of which the Brigham is a part.

Even so, says Glaser, a health identifer "would be a mistake. Medical data already leaks all over kingdom come. The risk of an identifier outweighs any benefits."

Many others agree.

Last year, a National Research Council panel concluded that while there are ways to make electronic records more secure than paper records - like "audit trails" listing everyone who accesses a record - the benefits of a health identifier must be weighed "against the potential risks to privacy."

Peter Szolovits, a member of that panel and a professor of computer science at MIT, puts it this way: "Now, your only confidentiality comes from the fact that most people don't want to take the trouble to find out stuff about you.

"Adopting a single, universal health identifier will make things worse because it will make it that much easier and cheaper to link up records. Encryption techniques could make it possible to let me, as a patient, control whether my medical records at MIT can be linked with my insurance records. But my fear is this is not what would be adopted as a health identifier."

It might make sense to have national health identifier if we had a national health care system to go with it, says George Annas, professor of health law at the Boston University School of Public Health.

But "getting rid of the national health care system and keeping the identifer is crazy," he says. "Very large HMOs, etc. like it because they can track their members. It's more efficient. I'm sure public health people like it, too, and researchers love it.

"But anyone interested in privacy and confidentiality should be horrified. The average person gets nothing out of this."

"It's incredibly scary," agrees A.G. Breitenstein, director of the Justice Resource Health Law Institute in Boston, who adds that law enforcement officials are already pressing for "total, open access" to medical records. "Right now, law enforcement personnel have to physically present a warrant or subpoena to each holder of your records. With the unique health identifier and the linkage of computerized data systems, almost anyone, including law enforcement personnel, pharmaceutical companies, biotech companies, employers can link into the whole system at the touch of a keystroke without your knowledge or consent."

"Well-meaning intentions often have very unfortunate consequences, and that is likely to happen with a permanent individual health identifier number," adds Richard Sobel, a fellow at the Berkman Center for the Internet and Society at Harvard Law School.

One solution would be to repeal the part of the Kennedy-Kassebaum law, also known as the Health Insurance Portability and Accountability Act of 1996, that calls for the identifier, says Dr. Denise Nagel, a Lexington psychiatrist and head of the National Coalition for Patient Rights.

In fact, the HHS advisory panel whose hearings begin today (called the National Committee on Vital and Health Statistics) has already recommended that HHS not adopt a health identifier until after privacy legislation is enacted.

Currently, there are half a dozen bills dealing specifically with medical privacy in Congress, as well as others addressing patients' rights in managed care organizations.

But privacy advocates fear that, despite slogans touting "patients' rights," some bills may undermine confidentiality by allowing too easy access to

"We're at a crossroads," says Nagel. The HMO industry wants "Congress to allow them to control and use our personal medical information without our consent. They'll win if we don't speak up."

 To learn more

 To read the HHS "White Paper" on the unique health identifier, go to this web site:

http://aspe.os.dhhs.gov/admnsimp/nprm/noiwp1.htm

To listen live to the hearings the National Committee on Vital and Health Statistics, go to:

http://aspe.os.dhhs.gov/ncvhs

For more information on privacy concerns, go to:

http://cyber.law.harvard.edu/spaces.html

www.nationalcpr.org (This web site, run by the National Coalition for Patient Rights, will be on line by July 27.)

www.epic.org (The Electronic Privacy Information Center)

For other information, go to:

http://www.ahima.org

http://www.sequoiasw.com

Judy Foreman’s column runs every other week. Past columns are available on www.myhealthsense.com.

 Listen to her live call-in webcast radio show every Wednesday night from 8:30 to 9:30 EST on http://www.healthtalk.com.