Subject: Fw: Confidentiality

-----Original Message-----



Date: Wednesday, November 11, 1998 2:02 PM
Subject: Confidentiality

I forward FYI. Mary Kilburn

Medical data up for grabs
NEW HAVEN, Conn. (AP) _ Dr. Robert M. Stark realized just how little privacy his
patients have when he was visited by a representative from a pharmacy management
company.

``He showed me a computer list of 40 or 50 of my patients who had been
prescribed a certain cholesterol-lowering drug,'' the Greenwich cardiologist
said. ``He asked me if I wanted to shift the patients to a less expensive but
equally effective drug.''

Stark wants to know how the representative _ who was retained by his health
maintenance organization _ compiled a list of his patient's names.

``It's truly the tip of the iceberg,'' he said.

Some state organizations agree, and officials are trying to deal with the
explosion of private medical information about people that is becoming very
public.

It is possible that every detail of a visit to the doctor could turn up in a
computer database available to health plan administrators, billing departments,
pharmacists, drug companies, life insurers, prospective employers, mortgage
lenders, state agencies and researchers.

Connecticut law has nothing to govern the dissemination of patient histories,
and Congress is still dealing with a federal law to curtail the heavy traffic of
medical records. Many experts predict that privacy provisions added to the bill,
the Health Insurance Portability and Accountability Act of 1996, are at best a
first step.

Peter Kane, a New Haven social worker and chairman of the Connecticut Coalition
for Patient Confidentiality, said the extent of computer records is a major
issue.

``What should be on computers? The government and third-party payers say
everything,'' Kane said.

Perhaps patients should be required to give consent whenever the record travels,
he said. Right now, virtually no one knows who has their records.

Hospitals and other health care agencies are preparing for the new federal
legislation. The law was amended to include privacy codes, which are being heard
by congressional committees. The act calls for standardized codes to allow a
seamless flow of information. All health plans and providers that make or keep
electronic patient records must adopt comprehensive information security
measures. Breach of confidentiality is punishable by fines up to $250,000
and//or up to 10 years in prison.

Meanwhile, patient records remain open books.

Harry Rhodes, practice manager at the American Health Information Management
Association in Chicago, estimates that if a person goes to the hospital, about
150 different people will look at his records.

``The information can be in 100 databases,'' he said. ``More and more eyes are
looking at your records.''

----------------------------

Mary Kilburn, Ph.D.
4016 Barrett Drive, Suite 104
Raleigh, North Carolina 27609
919-781-5162
www.mindspring.com/~marykilburn