Life Support for Confidentiality in the Electronic Database

Some states' legislatures have been working on this issue. Maryland statutes require substantial reporting to the state of medical visits. North Carolina legislators have been developing a bill addressing electronic data collection. A bill has been introduced to the Massachusetts legislature limiting and defining the amount of information provided companies for the purpose of utilization review of the services provided by licensed mental health professionals. This bill limits who may see much of the information, provides for the removal of personal identifiers and requires that the time this data can be held is limited.

We need to be aware of pending legislation in our own states. It is crucial that we inform our legislators of the risk of loss of trust in the doctor-patient relationship. This loss of trust is inevitable if we cannot protect the confidentiality of the patient's health care data. That loss will result in poorer health care due to incomplete or inaccurate information given us by patients in an effort to preserve their own privacy. It will also render the data bases of deidentified information used for legitimate purposes, such as research or economic planning, inaccurate and misleading. The Massachusetts Medical Society has addressed these problems and their policy statement, "Patient Privacy and Confidentiality," can be used as a model for other groups.

The steps necessary to protect patient confidentiality are more than we as clinicians can provide. Federal legislation is also important. The Health Insurance Portability and Accountability Act of (August) 1996 requires the Secretary of Health and Human Services to propose measures for the protection of patient confidentiality within 18 months of the institution of the law. Many in Washington are now working to assist the secretary, including members of the mental health community who are giving testimony on Capitol Hill. In this act, the secretary is directed to "adopt standards for a standard unique health identifier for each individual, employer, health plan, and health care provider for use in the health care system."

The social security number is already widely used. Although it was initiated with the idea it would be used for social security purposes only, it becomes easy to identify persons through the construction of secondary data bases. It is imperative to protect against such a development with unique health care identifiers.

The secretary shall publish in the Federal Register any recommendation of the National Committee on Vital and Health Statistics regarding the adoption of a standard. The Leahy bill, which responds to some of the requirements of the Health Insurance Portability and Accountability Act of 1996, as of this writing, is very protective of patient confidentiality. It will require vigilance and hard work to maintain it in this form throughout the legislative process.

Many protections are necessary. It is important that the physician continue to be the guardian of the patient's record. In this role, physicians have controlled access to the record, let patients know when others are seeking access, and served as advisors to patients as to the consequences of releasing the information. We are able to resist pressures that patients find difficult to resist alone. Confidentiality also requires that release of the information in the record only be allowed with informed patient consent; that secondary release without patient consent be prohibited, unless the medical information is completely deidentified.

Deidentification is best accomplished in the physician's office before the release of the record. The practice of having patients sign blanket releases for insurance or other purposes should be discontinued. Physicians should not be requested to send copies of their records as a requirement for insurance payment. Researchers should have access only to deidentified records, unless patient consent is given in addition to the approval of an institutional review board.

Increasingly, data bases are being constructed for outcomes research. At least some involved in this research recognize the imperative of protecting patient confidentiality and that the ability to deidentify data and still have valuable aggregate data enables the protection of confidentiality and quality of research.

Law enforcement authorities should still be required to have access only through court order. The courts have recognized the importance of the patient's right to confidentiality as a necessary ingredient in successful medical treatment. The Supreme Court, in Jaffee v. Redmond, upheld the importance of confidentiality to treatment.

Audit trails need to be a part of every medical electronic data base and the audit trails should be reviewed. Patients should be able to review them to see who is accessing their records. The electronic medical record offers numerous benefits to good patient care. It also presents serious threats to the right of patient confidentiality. Our responsibilities to our patients of helping them maintain this right and of being the guardian of the medical record require that we inform ourselves and then others of these potential benefits and threats. A "team" of health care providers, patients and others can be very effective in ensuring the confidentiality of electronic medical records.