Many of us have heard the horror stories and seen them reported on the national news wire services: publicly known persons or their family members have their medical records published, names of HIV-positive persons are released, clerks are bribed to deliver the names of patients and their diagnoses, physicians are given free software in return for their lists of patients' names and addresses.
It is not that these breaches of confidentiality could not and did not take place with hard copy medical records, it is just that they are so much easier to accomplish now, and can be done in great number and from remote locations, anonymously. The National Research Council notes "...the primary threats to the confidentiality of patient information originate from the lack of controls over the legal (and generally legitimate) demands for data made by organizations not directly involved in the provision of care, such as managed care organizations, insurers, public health agencies, and self-insured employers." Mergers between various parts of the health care chain-providers, insurers, pharmaceutical companies, employers-make the acquisition of information very tempting, though unethical.
The deciding judgment must be the need to know. Decisions must continue to be made in support of the patient's right to confidentiality, unless there will be harm to patient or others.
The ability to construct secondary data bases that hold compiled information on individuals increases the risk of destructive breaches of confidentiality exponentially. The legal existence of information banks, often unknown to patient and provider, allow the accumulation of data without consent of the patient. This information is personal and it may also be inaccurate. If the banking and insurance industries, government and court systems or employers could tap into a patient's personal data, havoc could be wreaked.
Patients need to be informed about methods of recording and storing of their medical data as well as how it will be used. Insurers need to institute procedures to inform their subscribers of the information required from their medical record and how it will be obtained, handled and stored. Maintenance of medical data by nonproviders (insurers, researchers) should be time- and purpose-limited.
Patients must know of the existence of databanks holding their personally identifiable information and be given the opportunity to correct inaccuracies. Access by the patient might have some limitations, as occurs now: the physician would continue to limit the release to that information judged to cause no harm to the patient or others.
Computer experts seem to agree: as with hard copy records, if you do not want something to be known, do not record it. There is no foolproof way of protecting records from malicious or inadvertent access or alteration. Psychiatrists must be allowed to maintain a personal workfile, also secure, in which to record particularly sensitive information. This may be necessary if an electronic record is unacceptable to the patient.
In spite of the problems that are encountered with the use of electronic storage and transfer of medical data, there is much that can be done to solve and ultimately prevent such egregious breaches. The solutions must occur on every level, individual to federal. They include a change in the ethic of confidentiality itself. No longer can that ethic reside only in the medical provider, it must move with the information itself. Therefore, anyone who manufactures, transfers, compiles, or in any way works with medical data must be held to the ethic of confidentiality, as was recommended by the Institute of Medicine in 1994. The Health Insurance Portability and Accountability Act of 1996 provides for sanction of anyone who breaches the confidentiality of a patient.
Our Individual Responsibilities
As psychiatrists, we must work to be aware of the new ways that information can be accessed or misused. Most breaches of confidentiality in electronic systems are by insiders. Electronic records can be assembled and levels of authorized access granted to have information available only to those with a need to know. These are important protections to build into our office and hospital systems. Policies and procedures must be established to protect the patient's confidentiality in the electronic data base. Security measures, to protect from misuse and also from alteration, must be established and used. Sanctions for breaches of confidentiality must be implemented.
The National Research Council has called for a national debate to determine balance between the accumulation and communication of health care data in the service of the patient and the public protection of patient confidentiality. Personal awareness of privacy rights and potential abuses are the best prevention of abuses and probably necessary for passage of strong legislation. These issues are discussed and security measures that may be implemented are available from the American Psychiatric Association in two resource documents approved by the Board of Trustees in December 1996.
1. American Psychiatric Association Committee on Confidentiality. Resource Document on Computerized Records: A Guide to Security. Washington: American Psychiatric Press Inc.; 1996.
2. American Psychiatric Association Committee on Confidentiality. Resource Document on Preserving Patient Confidentiality in the Era of Information Technology. Washington: American Psychiatric Press Inc.; 1996.
3. Committee on Maintaining Privacy and Security in Health Care Applications of the National Information Infrastructure, National Research Council. For the Record: Protecting Electronic Health Information. Washington: National Academy Press; 1997.
4. Institute of Medicine. Health Data in the Information Age: Use, Disclosure, and Privacy. Washington: National Academy Press; 1994.
5. Task Force on Patient Privacy and Confidentiality. Patient Privacy and Confidentiality: as adopted by the Massachusetts Medical Society House of Delegates, November 8, 1996.