Good Houskeeping August, 1999 page 117

Medical Records, Hot Topic

Imagine that you're visiting an ob/gyn for the first time. The receptionist asks you to fill out a standard questionnaire about your family and personal health history, which probably in- cludes inquiries about previous pregnancies and any medications vou are taking. During your examination, the gynecologist is likely to ask you even more sensitive questions -- about your sexual activity, possible HIV exposure, perhaps whether you've ever had any emotional problems. You may feel uncomfortable sharing this information with your doctor. But the question that should really shake you is: Do you know whom your

Today's health care system, which is in essence health care by committee, requires that numerous parties have access to a patient's medical data. And with 30 percent of private practices and many of the country's hospitals now recording patient files electronically, your most guarded secrets can be transmitted effortlessly among doctors' offices, hospitals, insurance companies, and even employers with the strike of a computer key. "I worked at a hospital that had had online records for three years," says Dianne Brownson, a fommer inten- sive-care nurse. "All the local doctors on this computer service can access anyone else's records, as can the nurses, receptionists, secretaries, and billing clerks," she says.

Indeed, over the course of a typical hospital stay, experts estimate that between 80 and 100 individuals may have access to your chart - from doctors and nurs- es to medical students, file clerks, and insurance-company employees who review cases to determine whether hospitalization is necessary (see "Where Does Your Information Go?" page 158).

And, aside from those who have a legitimate reason to look at your records, others may also be able to log on to them with little difficulty. In Massachusetts, for example, a convicted child abuser employed at a hospital gained access to nearly 1,000 computerized patient files and made phone calls to children whose records he uncovered. And at a Florida hos- pital, a 13-year-old girl-visiting her mother, employed there as a records clerk - managed to get into a database of former emergency-room patients. As a prank, the girl phoned the patients, telling them they had tested positive for HIV. (Some patient attempted suicide as a result.)

But even without such blatant violations, there are other concerns about medical privacy. Indeed, most people probably don't realize to what degree they've given away their confidentiality rights. When you apply for health insurance, for example, you sign a release with a clause allowing the insurance company to share your medical information with other health, life, and disability insurance companies; subsequently, your insurance carrier passes your data along to the Medical Information Bureau (MIB), a database that is available to more than 600 insurance companies. Or, when you go to the hospital or file a claim to be reimbursed for a doctor visit, you consent to having your records sent to your insurance company - and if your employer pays for your health care, you, in effect, give permission for your personal medical data to be passed on to someone at your employer's office, and that person not keep it confidential.

Congress is considering various versions of a bill to address patients' confidentiality - indeed under the Health Insurance Portability and Accessibility Act of 1996, Congress is mandated to act this summer or the Administration can impose its own regulations. As we went to press, debate was still ongoing, but privacy-rights activists were concerned that insurance-industry pressure could lead to legislation that would further undermine patient privacy. (For updates, log on to

Meanwhile, without any.safeguards in place, even your peace of mind remains vulnerable. Doctor visits may begin to feel like job interviews. "Patients may become careful, guarded wondering what they should say, what they should keep secret," says Denise Nagel M.D., a Boston-based psychiatrist and director of the National Coalition for Patient Rights.

width="90%" cols=1>
Keeping the Snoops Out

  • Instruct your doctor to provide only relevant summaries (not your entire medical record) to insurers. If you want a procedure or condition kept confidential, write a note revoking your consent to release information to your insurer or employer. (You may have to pay for the treatment yourself.)

  • When filing an insurance claim, try to limit how much information is released. Look for the Authorization to Release Information clause near the space for your signature; according to the Associa- tion of American Physicians and Surgeons, you can change it so that it reads something like: "I authorize my records from [name of doctor, hospital, clinic] for the [date of treatment] as relates to [the condition treated]."

  • Going to a health fair? Before having your blood pressure taken (or filling out any questionnaires), ask who will have access to the data collected.

  • Check whether your medical information is on file with the insurance industry's Medical Information Bureau (MIB) and-if so-whether it's accurate. To obtain a copy of your file (you may have one if any of your insurers determined that you have a condition that would make you an insurance risk) write to the MIB at P.O. Box 105, Essex Station, Boston, MA 02112, or call 617426-3660. The cost of obtaining your file is eight dollars.

More distressing, the widespread sharing of medical information can cost you vital insurance coverage. That's what happened to Theresa Morelli a lawyer in Akron, OH, who applied for disabiliry insurance shortly after she began working. "I was in good health and had passed the company's medical exam," recalls Morelli, now 37, "so I thought there would be no problem." But a month later, the insurer rejected her application.

It turned out the insurance company had learned that five years earlier, Morelli's father had been diagnosed with Huntington's chorea, an incurable genetic condition. At the time, Morelli's family physician had noted the diagnosis on the outside of her file, and it was on the office records that were sent to the insurance company. Ironically, a couple of years later, Morelli's father was reevaluated and found to have Alzheimer's disease, not Huntington's. But now - fearful that the Alzheimer's diagnosis will become known - Morelli is reluctant to apply for any health insurance that requires revealing the condition.

That's just the problem, argue MIB executives. Because applicants may withhold important information, thus raising company costs and in turn the amount insurers must charge customers, the insurance industry needs to have access to significant details of your medical history. But it's how insurers interpret the details that's worrisome, say experts. Take the issue of genetic tests. "They may yield clues about your future, but they cannot offer an absolute guarantee that someone will develop a particular illness," notes Martin Teitel, Ph.D., executive director of the Council for Responsible Genetics. What's more, you don't know when a dis- ease might kick in or how severe it will be if it does. "It would be unfair to discriminate against consumers based on such uncertain knowledge," argues Teitel.

Some doctors are trying to help protect patients' privacy by limiting what they enter into their files. Joseph Heyman, M.D., an ob/gyn in West Newbury, MA, says that "When a woman tells him some- thing that she doesn't want released to anyone, he will write it in code. "My problem is that when the patient comes back a year or two later, I don't what the code means," Dr. Heyman admits. "Then I may have to force this poor woman to go through the whole thing all over again."

But it may he in the workplace that people feel most vulnerable about having items from their medical files disclosed. Not only could revelations prove embarrassing rassing (suppose you were treated for panic attacks or an STD), but they could jeoparodize your career. In a 1996 survey of 84 Fortune 500 companies conducted by the Survey Research Laboratory at the University of Illinois, just over a third of the respondents admitted to using information contained in medical records in making hiring, firing, and promotion decisions.

Although the Americans with Disabilities Act makes it illegal for employers to discriminate based on an employee's disahilities, the law doesn't cover companies with fewer than 25 workers. Nor does every health condition count. A disability is defined as something that severely lim- its one's ability to carry out major life activities; PMS, for example, is a condition that might lead to discrimination but wouldn't be covered by the act.

Because most employers are either paying claims for their employees, or paying an insurance group to do so, there is at least one person in a company (typically, the benefits administrator) who has access to all employee medical records. "The question is whether they keep the knowledge they acquire to themselves," says Lewis Malthy, director of the American Civil Liberties Union Task Force on the Workplace. "Frequently, they don't."

There is great pressure on benefits administrators to share financialy relevant information with company higher-ups explains Maltby. Employers don't want to promote someone who might get sick next month." Maltby, a former corporate attorney, says he attended meetings in which employers sat down with the benefits manager to "find out who was really sick last year," and then discussed ways to steer those indivicluals toward lower coverage rather than more expensive health plans. "Which doesn't necessarily mean they'll get bad care," he notes. "But it does mean that senior management knows all about this person's medical condition." (If you're concerned about confidentiality, call your company's human resources department and ask if medical files are secure and who has access to them.)

Finally, patient information has become a hot commodity in the pharmaceutical industry. When Thea Wachsman had a routine physical in 1996, her internist sent her to a lab near her Boca Raton, FL, home for a complete blood test. Her cholesterol level was high. Twelve days later, the 57-year-old bookkeeper was shocked to receive a letter from Sandoz Pharmaccuti- cals urging her to consider its cholesterol-lowering drug, Lescol. Your name has been selected from a list of people who have identified themselves as having high cholesterol..., the letter hegan.

"I, of course, had never identified myself as such," says Wachsman, who was outraged that her private medical problem had made its way to the pharmaceutical firm's marketing department. According to Wachsman, the drugmaker told her the information came from a questionnaire she filled out. "I would never do anything so dumb," says Wachsman "and anyway, I'd only just learned I had high cholesterol." She believes that the source was either her doctor's office or the lab, and has since found new health- care providers. *

width="90%" cols=1>
Where Does Your Informtion Go?

Step 1:

You visit your ob/gyn and the receptionist pulls your medical record. Nurses and other doctors in the office may have access to your files.

Step 2:

Your medical information-in some cases your entire file, in others only that day's record-is sent to your insurance company.

Step 3:

Your insurance company may pass your medical information along to your employer. Also, if you have a condition that affects your "insurability," the company may pass your data to the Medical Information Bureau (MIB). More than 600 insur- ance companies have access to MIB files.

Step 4:

Your records may be sent to your primary-care physician if he referred you to the ob/gyn or if you belong to an HMO.

Step 5:

Your file may be forwarded to any number of government agencies, depending on your condi- tion. If you have a sexually transmitted disease, your medical information will be sent to the state health department and/or the Centers for Disease Control and Prevention. If you have cancer, your data may be sent to state and/or Federal cancer registries.

Step 6:

Researchers may obtain your files from a cancer registry and use the information in a study.

For hospital stays, the flow is similar, though more parties, such as state licensing agencies, may have an opportunity to see your records.