navigation
About Town

Northern Dutchess

Calendar

Area Attractions

Directory

Articles & Stories

Where to pick-up a copy		 About Town(image)

(head)


Keep Your Hands off My Medical Records!
by Ken Rude, PT

by James Warhola

Since April 2003, every health-care provider and health organization has been mandated to comply with the privacy regulations of the Health Insurance Portability and Accountability Act of 1996, or HIPAA. That’s why you get that sheet of paper telling you your privacy rights when you go to the hospital. HIPAA applies to essentially everybody who works in any job even remotely related to health care. Not only can’t Dr. Smith tell her patients that your sister is pregnant; her receptionist isn’t allowed to say she has a cold. When my patients ask how their friend’s doing with their PT, I tell them, “Listen, if you see your friend come in here holding his head in his hands, I’m not even allowed to tell you his head fell off.”

Nobody can unconditionally guarantee against information being leaked, of course. But if I as your physical therapist spill some sensitive information about you to my next patient, who happens to be your boss—well, you and your lawyer can have your way with me in court thanks to my stupidity.

There are certain commonsense exceptions when medical personnel can share information about you. Your doctor can consult about your case with his colleague. The medical office has to let the insurance company know what you’re being treated for in order to bill for your care. And the pharmacist is allowed to let your spouse pick up your medicine at the drug store. These allowances violate neither the letter nor the spirit of HIPAA.

So, that takes care of medical privacy problems, right? All my medical info is at the doc’s and he ain’t talkin’. End of discussion, right?

Wrong. Strong though its protections may be, HIPAA is not a universal safeguard. Under this privacy law, your medical information is absolutely private—but only in the context of the established medical system. Medical information in the hands of doctors, nurses, psychiatrists, hospitals and the like may not be divulged, and stiff penalties are the remedy for any provider who might think otherwise. There are however a whole host of entities outside the health care profession who may be able to obtain sensitive health info about you.

Consider this story: Dr. Brian Beningsen, an oncologist from Bellingham, Washington, was involved in a tragic highway accident in early spring of 2003. On a rainy road, a car swerved in front of his, and in the collision a child was killed. Investigators sampled some of Dr. Beningsen’s blood spilled at the scene, and found traces of morphine. It was never clear who bore responsibility for the accident, and the child’s mother brought Dr. Beningsen to trial. As Dr. Beningsen found out when the lawyers got access to his medical records, you have no privacy rights in court. Finding morphine at the scene of the accident had made Dr. Beningsen’s medical history fair game, and his addiction to the narcotics he used to treat his terminal patients became the grounds for his losing his license. Dr. Benningson was a caring and beloved doctor, and public exposure of his closely-guarded secret became the case’s second tragedy.

Or this story: Ann Everett finally broke up with her boyfriend when she found out he was having an affair with her married cousin. Actually, she was glad to have him out of her life—he was abusive, took her money, forced her to have sex when he was drunk. Good riddance, she thought. Then she found out she was pregnant.

She despaired because she was alone, she was barely earning any money and she sure didn’t want to be a single mom. She didn’t even want her mom, her neighbors and her church to know she’d been sexually active. Abortion seemed like the best way out of the trap she was in. Getting past the crowd of anti-abortion protesters at the clinic she chose in a faraway town, where people wouldn’t know her, was weird. These were people like the ones she knew back home, good folks from churches much like hers. Yet she did what she felt she had to do, and determined to just wall off the whole experience and forget about it.

A couple of months later, everything hit the fan. Pictures from the abortion protest showed up on a national anti-abortion group’s website, as a part of their fundraising campaign—and there was Ann walking into the clinic as a protester offered her a pamphlet. Someone from Ann’s church saw it, and showed it to someone else, who showed it to someone else...

Ann’s story shows that there are plenty of groups out there who may not be shy about exploiting your medical realities for their own ends. Financial companies, for instance, may have operations in multiple fields. A single company may have a banking component, a credit card line, an insurance business and so forth. This gives them potentially a lot of information about you. Let’s consider Ronnie, who has been battling breast cancer. She made several visits to Hilltop Oncology Associates in Springfield, Massachusetts. She had to pay a co-pay for her care, and innocently used her credit card.

She never suspected that someone in her credit card company was pocketing a little money by selling lists of cardholders and their purchases to a marketing firm that uses data-mining technology. Ronnie’s name came up several times when the lists were edited for “oncology,” and the marketers sold her name along with some others to a client with cancer products to sell. Ronnie moved from Massachusetts to an apartment building in Poughkeepsie, where sometimes the mailman leaves junk mail on a table in the lobby. Her neighbors were about as nosy as everybody else, and they quickly put two and two together and decided she had cancer. Now she found people she barely knew who knew all about her disease. Her privacy was certainly violated, and she may have had other legal recourses, but no, HIPAA restrictions did not protect her.

Or let us consider the Medical Information Bureau (MIB). This is a central database that holds medical information on about 15 million Americans and Canadians, in the form of codes. For instance, let us say you applied for health insurance, and the company sent out a nurse to assess your health. The interview and exam might show you’re an overweight gun enthusiast with a bad heart. This information would be entered with codes for the different conditions and, if the insurance company uses the MIB, it may find its way into this very large central database.

A few years later, you try to get life insurance. If the life insurance company uses this large database, they’ll find the codes for “overweight,” “bum ticker” and “plays with guns,” and will jack up your rates accordingly, despite everything you did to try to hide this stuff from the insurers. How can this happen? The MIB is not subject to HIPAA regulations. That information you freely gave the insurance nurse is now out of your control.

One more story: At the downtown street fair one fine Saturday, Doug Doolittle decided to stop at the table where the nurse was giving free health screenings. The nurse checked Doug’s weight and blood pressure, and drew a blood sample to check his cholesterol levels. Doug wanted to know what would show up: he’d been putting on a few pounds because—well, he’s a Doolittle. Sure enough, the cholesterol levels came back high enough that Doug knew he had to do something about it.

He wasn’t the only one who knew. Within a few days, he began getting mail for cardiac and cholesterol drugs, followed by calls from telemarketers. The nurse performing the screenings was not a public health nurse, as Doug had assumed. She had been hired by a marketing firm to help them compile a list of potential customers for their pharmaceutical clients. The innocent setting lulled Doug into giving out personal medical information, which is now available for whatever use future buyers might be able to dream up.

HIPAA is a laudable first step towards protecting medical privacy, but clearly there are other ways sensitive information can get into the wrong hands. And in a world where medical conditions from early pregnancy to HIV status to depression can have significant social and workplace implications, it should be no surprise that many of us feel we have to keep the decisions about releasing that information to ourselves. Sometimes we even risk our own health in order to protect our privacy. A recent national survey by the California HealthCare Foundation found that one in eight of us engage in medical “privacy protection behaviors” such as avoiding medical tests, asking doctors not to record a health problem, or going to another doctor for specific concerns so that the regular doctor remains in the dark. These surprisingly common behaviors are risky—a doctor can’t care for you properly if he or she doesn’t know your real condition. While this speaks volumes about our fear of information getting into the wrong hands, it also illustrates a widespread misunderstanding of our medical privacy rights. Readers, please understand that medical information in a medical setting is protected. The privacy risks are significant only when you provide that information outside of the medical system.

Concerns over medical privacy are bound to continue in the future as we see an increased use of electronic medical record-keeping. While such records may prevent a recurrence of the kind of loss brought about by Hurricane Katrina, when thousands of paper medical histories were wiped out by floods, they could leave our personal data exposed to the ravages of computer viruses and clever hackers. The potential swarm of prying eyes that want to dig into our medical files to get dirt on us or just to make a buck shows no signs of diminishing any time soon. The ultimate problem may have to do less with our technologies and more with ourselves—about our willingness to put too much faith in manmade systems before their flaws become tragically apparent.

Our society knows a little about a lot of people. We know about Dick Cheney’s lousy heart—which we should know—and about a lot of celebrities’ drug problems, which are frankly none of our business.

What don’t you want known about yourself? No matter who you are, at some point your health is going to be a lot worse than it is now. If you’re still in the workforce, you’ll be facing an ever-more-sophisticated array of data-miners, software at the ready to detect when you’re too much of a liability to your boss or your insurer. You’re going to have enough to do just making your best health decisions. You don’t want unseen others making life-altering decisions for you.
About Town - Home Ulster County About Us Contact Info Area Weather Map Quest How to Advertise
AboutBooks Blog
About Sports Blog