MEDICAL PRIVACY: Congress Grapples with Medical Records

As health care providers increasingly rely on the Internet, Congress faces a number of difficult issues this fall, including how best to protect patients' electronic medical records, Investor's Business Daily reports. The government already is working on a draft version of medical privacy rules set to be finished later this year. The rules include security measures such as access authorization and technical safeguards, and privacy measures such as allowing patients to request that their information be restricted and requiring health providers to disclose only the minimum amount of information necessary. However, online privacy comes with a hefty price tag. According to a Blue Cross and Blue Shield Association study, the proposed rules could cost $40 billion over five years, including $4 billion for the measure that would allow patients to review and amend their records. Alissa Fox, executive director for policy at Blue Cross and Blue Shield, said that the proposed rules say "everyone has to be thinking about disclosing only the minimum necessary for the (given) purpose ... and you need to be very cautious how you do it." However, she cautioned, "What if a doctor needs to talk to another doctor? Do you tell the other doctor that this person has a mental health problem, is taking Prozac, when they're going for a hip operation? Not doing so could really jeopardize that person's health." Still, advocates of the privacy rules say they will "prevent privacy gaffes" like an incident last year in Indianapolis, when a computer glitch posted patient records, including names, email addresses and details on their sex lives on a psychiatrist's Web site.

Do Doctors Need Privacy, Too?
Meanwhile, doctors are scrambling to protect their privacy by keeping the National Practitioner Data Bank off limits to consumers. While House Commerce Committee Chair Thomas Bliley (R-Va.) is set to propose legislation that would allow public access to the database, which contains information on medical malpractice cases. Doctors argue that the data is "in too raw a form for public use" leading consumers to "shun a doctor with any smudge on his record." However, Kerry Hicks, CEO of HealthGrades.com, a Colorado-based Web site that features data on 600,000 physicians, hospitals and nursing homes, argues that consumers have the right to access data that "could be crucial to their health." HealthGrades.com researchers create their files on providers and hospitals using 75 private and public databases. Hicks said, "We've found it disconcerting if not a little condescending to suggest that this information [in the national data bank] is only understandable to health care providers" (Howell, 9/7).

This is part of the California Healthline Daily Edition, a summary of health policy coverage from major news organizations. Sign up for an email subscription.