Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Privacy Your Rights Online

Medical Privacy Rules To Be Gutted 26

Logic Bomb writes "The San Francisco Chronicle says the Bush administration wants to loosen privacy rules for medical records in a variety of ways. It's the sort of arrangement where insurance companies are drooling but everyone else, from doctors to Democrats, is screaming bloody murder." Not really a surprise, given the current administration. The rules proposed during the Clinton administration would have substantially protected the privacy of medical records - keeping your HMO, insurer and pharmacy from selling information about your health without your permission. Doesn't look like they're going to go into effect, though.
This discussion has been archived. No new comments can be posted.

Medical Privacy Rules To Be Gutted

Comments Filter:
  • by Anonymous Coward
    It's pretty obvious that the story submitter didn't read the entire article, and is probably a democrat anyway.

    Washington -- The Bush administration has proposed changing some of the federal rules designed to protect the confidentiality of Americans' medical records, including the ability of patients to decide in advance who should be able to use their personal health information.

    The proposal would alter a federal safeguard adopted by the Clinton administration that compels patients to give written permission before their records may be disclosed to doctors, hospitals, pharmacies and insurance companies. The new version would erase that requirement, saying instead that patients must be notified at some point of their privacy rights by those who use their records.

    In other changes that would loosen privacy rules, the administration wants to enable more parents to find out what medical services their teenage children seek and make it easier for researchers to gain access to patients' records. In addition, business associates of various health care providers would be given more time before they have to follow the confidentiality rules.

    But in at least one respect, the administration is suggesting a significant strengthening of privacy rights: allowing patients to decide up front whether to allow their records to be used for marketing purposes.

    The proposal, issued yesterday by U.S. health officials, represents President Bush's attempt to tailor a policy that has daunted presidents and lawmakers for years: how much control to give consumers over the proliferating access to medical records in an electronic age.

    TINKERING WITH CLINTON'S RULES In April, Bush announced he would move ahead with a medical confidentiality regulation adopted by President Bill Clinton -- but indicated he would modify parts of it to make them simpler and less onerous on health care companies and practitioners.

    Yesterday, in disclosing what form the modifications would take, Health and Human Services Secretary Tommy Thompson said, "The changes we are proposing today will allow us to deliver strong protections for personal medical information while improving access to care."

    The new version was largely criticized by privacy advocates, physicians and Democratic leaders on health care. It was hailed by representatives of insurers.

    "It's a major step toward creating a workable rule," said Karen Ignagni, president of the American Association of Health Plans.

    She and other insurance company representatives, however, contended that the administration should go further to ease regulatory costs and give insurers adequate time to adapt to the rules.

    Administration officials said they would allow a relatively quick, one- month period for outside comment on its proposal, before health and human services administrators begin to refine it and issue a final version. It does not require congressional approval.

    In the meantime, the parts of the Clinton-era rules with which Bush agrees have taken effect, although health care providers will not be required to comply with them until next year. The basic aspects that remain intact guarantee Americans the right to inspect their own medical records that are kept in electronic form, determine who else has seen them and complain when they are used without permission.

    CONGRESS MISSES DEADLINE The proposed changes are the latest phase in a controversy that has shuttled up and down Pennsylvania Avenue for years. In 1996, as part of a broader health reform law, Congress set itself a deadline for adopting patient- privacy protections, saying it must do so within three years -- or cede that authority to the Health and Human Services Department.

    When lawmakers missed that deadline, Clinton's aides began writing the rules, which they finished shortly before he left office. Once Bush took over, opponents of the regulations resumed fierce lobbying, trying to capitalize on what they sensed was a more lenient attitude in the new administration toward federal regulation.

    Yesterday's proposals provide the first insight into how far Bush wants to go to address their complaints.

    Civil rights officials in the Health and Human Services Department, who briefed reporters on condition of anonymity, said "very targeted changes" were intended to protect patients' privacy while simultaneously eliminating facets of the original rules that they said would interfere with patients' access to health care -- and weaken its quality. That reasoning essentially embraces the arguments that insurers have raised.

    Specifically, the new version strikes a different balance on patient control over access to records. While eliminating the requirement that patients be able to give written consent, health and human services officials said, the proposal would strengthen the requirement for health care providers to make sure patients are aware of their privacy rights. Doctors, pharmacies and other who use records would have to make a "good faith effort" to obtain written acknowledgment from patients, although not necessarily ahead of time, that they had been told about privacy practices.

    Health and human services spokesman William Pierce said the revision would prevent the possibility that "you could have been stopped in your tracks" from getting needed treatment for failing to give permission for use of records.

    Janlori Goldman, director of Georgetown University's Health Privacy Project, said the elimination of advance permission "cuts the legs off the privacy regulation."

    In another contentious change, the administration's plan would make it easier than Clinton intended for parents to see their children's medical records in any state that has its own law specifically guaranteeing minors their medical privacy rights. Privacy advocates said that change would deter teenagers from seeking sensitive health services such as abortions or treatment for mental illnesses or sexually transmitted diseases.

  • As stated by another poster. The story itself is bent on giving a bad light to the proposal. You really need to read the article, but here is one main point.

    But in at least one respect, the administration is suggesting a significant strengthening of privacy rights: allowing patients to decide up front whether to allow their records to be used for marketing purposes.

    That "But in at least" is total trash. Its not "but" it's the whole point! Instead of having rediculous procedures, the Bush proposal makes it one up front thing. This is no different than the phone company. Go read a phonebook. The local phone company will use your information unless you ask them not to in writing. Should you do it via the phone there is a "processing" fee. In other words, either advertisers pay us or you do.

    In short, this is a good proposal. The story writer is obviously biased. And the submitter is too, or just plain stupid.

    • Of course the telephone company will use your information. A reasonable person would expect the telephone company to use your information. It is, as has been called by other who studied the topic more than I ever will, a "fair information practice."

      Your doctor, your insurance company, your pharmacist, or your dealer selling information about your health to the highest bidder is not and never will be a "fair information practice," and this proposal is one more example of a government bought and paid for by corporations in action.

      • A reasonable person would expect the telephone company to use your information.

        Why?

        It is, as has been called by other who studied the topic more than I ever will, a "fair information practice."

        Without seeing any reasons or supporting evidence, I will have to disagree with you. There is nothing "fair" about it at all.

        is not and never will be a "fair information practice"

        Agreed. But when is it ever fair, if you didn't agree first?

        example of a government bought and paid for by corporations in action.

        I disagree. There is a strong tendency in the US for information sharing (or selling.) (Goverment agencies have to fight for that!) All this government proposal does, is makes it more straight-forward to opt-out.

        Currently, (I gathered from the article) there is no opt-out at all! Just every time they want to use your information, they have to ask. Say no, tomorrow we can ask again. And the next day, and the next. Under the new rules, you start off as opt-in, but you can opt-out once. And then noone can ever use your information unless you switch doctors/insurance companies. Yeah, the fact that you start off as "opt-in" is not good. But it is definitely a step in the right direction. In other words, let this one pass, and maybe next year we can have the default switched to "opt-out".

        The *real* bad thing is not information sharing. It is that anyone besides you can see it! I think everyone should have a storage of their own records, and you let the doctor see it each time the doctor looks at you. Then take it home. Never let the doctor keep it. If you are afraid that you will lose it, then have someone store it for you. Such as your doctor. But beware of what that information may be used for.

        People rely on the "system" to have all the information as needed. I am against the system itself!

        • You're right--the telephone company using information without the customer's consent isn't fair. I fell into the trap of endorsing the practice while trying to compare the degree of breach of confidence.

          I see your point of a citizen getting buried in a barrage of permission requests and finally just giving in, but that could be solved by requiring a positive response--the absence of a response could not be considered permission.

          Opt-out is just a sell-out, as, since people tend to be busy and not realize the implications of letting their information out into the wild, they don't act on the "privacy statements" sent to them. Also, once a customer who has previously not opted out decides to, there's no practical way for him to retrieve the information about him floating around. The "information wants to be free" idea works here, too, unfortunately.

          I like your idea of citizens being the custodians of their own information. We have the cryptography to make it so that the citizen could carry information without being able to alter it, and could encrypt it on a health care provider's key to transfer it. Heck, I imagine with some thought, a way to "salt" information to trace misuse could be added. Bummer that the MIB and others who make beaucoup bucks trading in citzens' health information (along with their government servants) will never allow that to come to pass.

    • Great, yeah, this sounds right:

      Patient: Jesus, I just broke my leg, please help me.
      Anonymous Unaccountable Medical Staff: Sure. Now, would you like us to resell your medical information?
      Patient: Of course not!
      Anonymous Unaccountable Medical Staff: Ok, fill this out.
      Patient: [fills out form]
      Anonymous Unaccountable Medical Staff: [waits with palm held out]
      Patient: ...and...?
      Anonymous Unaccountable Medical Staff: You'll have to pay us <jigabucks> to NOT sell your info of course...well, you *could* walk to this other hospital...
      Patient: I HAVE A BROKEN LEG!
      Patient: [aside to the audience] Well, I'm fucked aren't I?
      Audience: Yes
      Patient: Fine you bastards! Here is your <jigabucks> I'll let you know I'm voting for <Candidate N%2> next time!
      Collective Political System: [to self] har har. sucker.
      • There are two responses. One is Communism, where we force the doctor to take you anyway. The other is Capitalism, where another place opens up and gets more customers because they don't force things upon you.

        Currently we have the latter in most cases, but the former is pushed by law onto hospitals. I think we should rid that, and let hospitals be like any other store.

    • The proposal is horrible.

      If you even plan to release one piece of information on me I think we will have to meet in the streets.

      I don't care if it's some sort of aggregate data or marketing data. Whether they contact me or not I am against it. If you have an illness you may not want anyone to know for any reason. I've got to question any 'security' that would be taken after a right is taken away.

      If you want any records released, at least in my state, you need to sign and have a witness sign that form [could even be a doctor]. If the government wants to retrieve your records you must sign. They are encouraged [and this is practiced at several county based offices] to keep medical information in one room with a number and keep the number list somewhere else. Obscurity but imagine those guys in silos.

      Revolution
      • What do you disagree with? Seriously, I did not understand your comment. On what exact point of my proposal are you arguing? I read your comment twice and did not understand it.
        • make it easier for researchers to gain access to patients' records

          Sounds good but how deep? Is my name going to be used? People complain about your cable company knowing what you watch but medical release without consent is okay... no matter what situation?

          The proposal, issued yesterday by U.S. health officials, represents President Bush's attempt to tailor a policy that has daunted presidents and lawmakers for years: how much control to give consumers over the proliferating access to medical records in an electronic age

          I want total control over my records, is that hard to understand? The "Electronic Age" isn't the reason to release more records but to put up more safeguards.

          The new version was largely criticized by privacy advocates, physicians and Democratic leaders on health care. It was hailed by representatives of insurers.

          In all reality all the groups mentioned above have some personal interests. Privacy groups are charged with watching who is watching you. If they fail no more donations. Physicians don't want to loose patients because their disclosure policies and generally are against giving away information - basic ethics of working in a hospital is to keep your mouth shut. Insurers want that information because they want to drop you. People who represent those interests in Congress et. al. get cash for passing this through.

          • I want total control over my records, is that hard to understand?

            No. But you want two things. One, you want the goverment/hospitals to hold onto your records for free and always have them availible. Two, you want to be the only one who can use them. That's asking for a lot and giving nothing. Either pay the goverment/hospitals to hold your information (or let them use it as payment), or keep it yourself.

            The "Electronic Age" isn't the reason to release more records but to put up more safeguards.

            Actually it isn't the reason for *either*. It is merely the ability to ease what was done before, or to make other things feasible.

            Privacy groups are charged with watching who is watching you. If they fail no more donations.

            Privacy groups charge *themselves* with whatever the group itself decides to be. They are groups of citzens *just like you* who actually decide to make more noise then just a silly slashdot comment. If they fail, they *try harder*.
            They also do not (usually) make donations. Donations are usally made by companies, and used as a tax writeoff of some sort. If they were made by privacy groups, there would be a serious conflict of interest, and very surely charges would be raised.

            Physicians don't want to loose patients because their disclosure policies and generally are against giving away information - basic ethics of working in a hospital is to keep your mouth shut.

            What are you talking about? Physicians don't want to lose patients, because that is their source of income! Also, repeat reccomendations, and families. For a doctor to need new patients, would be forging new relationships, which is not productive to a healthy doctor-patient relationship.

            Insurers want that information because they want to drop you.

            What?!?! Insurers cannot drop you! That why it is *called* insurance. They insure you to be healthy. When you don't get sick too often, they make money both from you base premiums, and the payoff they get by investing your money. They only lose when someone gets really sick, or gets sick often. But that is part of the game. If anything, they want *previous* information, so they can say "had we known we never would have accepted you". And by law they *can* do that. Otherwise, everyone would wait until they became terribly sick, and only then pay the insurance companies to pay their bills!

            The issue here is *selling* information. Whether to other groups for studies or to market medicines.

            People who represent those interests in Congress et. al. get cash for passing this through.

            Not really. That would be illegal. The lobbyists are paid employees of some company. The members in congress echo their concerns with votes. Should you be able to prove money caused a vote, the representative would be thrown out on ethics violations (according to the Constitution each house governs their own members and can throw any of their own members out).

            • No. But you want two things. One, you want the goverment/hospitals to hold onto your records for free and always have them availible. Two, you want to be the only one who can use them. That's asking for a lot and giving nothing. Either pay the goverment/hospitals to hold your information (or let them use it as payment), or keep it yourself.


              I didn't ask them to hold or even collect my medical data. Because I was treated at St. Mary's doesn't mean I've become a slave to St. Mary's and they can do what they want with my records.

              Actually it isn't the reason for *either*. It is merely the ability to ease what was done before, or to make other things feasible.

              No, the reason is exactly that information can be fast and flowing. Companies can collect the information cheap and keep it up to date. If selling or sharing medical records without consent was legal this wouldn't be needed.

              Privacy groups charge *themselves* with whatever the group itself decides to be. They are groups of citzens *just like you* who actually decide to make more noise then just a silly slashdot comment. If they fail, they *try harder*.
              They also do not (usually) make donations. Donations are usally made by companies, and used as a tax writeoff of some sort. If they were made by privacy groups, there would be a serious conflict of interest, and very surely charges would be raised.


              Yes, they charge themselves with protecting privacy - but are almost never supported by companies. I've made donations to privacy groups [as well as other groups] - and they aren't funded by corporations. Tax right-offs can only go so high and it wouldn't outway the price of that information they seek. Privacy groups are made up of citizens, and yes they raise money from real citizens. They do what they can even if it's making a 'silly' slashdot comment [I thought that speaking up in anyway was supported in America? Slashdot comment or a flyer - it's the same message]

              ME: Physicians don't want to loose patients because their disclosure policies and generally are against giving away information - basic ethics of working in a hospital is to keep your mouth shut.

              YOU: What are you talking about? Physicians don't want to lose patients, because that is their source of income! Also, repeat reccomendations, and families. For a doctor to need new patients, would be forging new relationships, which is not productive to a healthy doctor-patient relationship.


              That was my whole point. If they are loosing patients because of a law which shouldn't pass then they will lose money. You want to be able to see the doctor and tell them that you have a rash without the concern of how many people will find out before you leave.

              What?!?! Insurers cannot drop you! That why it is *called* insurance. They insure you to be healthy. When you don't get sick too often, they make money both from you base premiums, and the payoff they get by investing your money. They only lose when someone gets really sick, or gets sick often. But that is part of the game. If anything, they want *previous* information, so they can say "had we known we never would have accepted you". And by law they *can* do that. Otherwise, everyone would wait until they became terribly sick, and only then pay the insurance companies to pay their bills!

              You are right!, they are limited in being able to 'drop' you. But if they know up front that you are a risk you can be denied coverage. Previous information is what is needed. I did form my argument wrong considering that they know everything about you if they insure you. But you don't [obviously] have an illness which needs expensive or timely care. "Managed Care" is a for-profit business. Where this change in law scares me is who will sell-out my name or information. While blind stats in all reality sound good - it won't happen.

              If a University wants to find out how many cases of Bell's Palsy there are they can call a hospital and get a tally of treatment. Numbers of drugs sold provide those numbers as well. If for some reason they want to go around and ask doctors about patient data we should be asked.

              It's that simple... Bush wants to remove the opt-in ability of such research. You likely won't be able to opt-out.

              I love that you end your article with the naive idea that a party or politician may benefit from passing a law is illegal and simply not done. I guess that is the root of the problem. Cash no, power maybe, used more to violate citizens - yes.

              Simply: Companies now need the gov't to let them do things to dirty to get support from consumers. Now we look to make loopholes so that people can make more money.

              It's my health, my life and it happens that someone keeps a copy of the records. But those records in all reality belong to me. I've even had problems getting copies of my own records because I didn't have an ID at the time -- good idea.

              • I didn't ask them to hold or even collect my medical data.

                But you took it as fact. Specifically, but medical release without consent Instead of arguing about the outcome of the laws not protecting release, you should have argued that they should not have it in the first place. By skipping that point, I assumed you agreed that they actually should hold your data. And that was the basis of my point.

                No, the reason is exactly that information can be fast and flowing.

                So when those guys created the Internet; when the government funded the Internet; when all those companies supported the Internet; they all did it for the flow of personal information? They did it to connect networks, and let people not directly connected to your network, to connect to it anyway . This does speed things up, but it does not call for laws or regulations. It just speeds them up.

                Originally, you said:Privacy groups are charged with watching who is watching you. If they fail no more donations.
                I countered with:They also do not (usually) make donations.Donations are usally made by companies,
                You then pretty much agreed with me. Am I missing something?

                You want to be able to see the doctor and tell them that you have a rash without the concern of how many people will find out before you leave.

                Then don't let anyone hold your information! Instead you like them being forced to hold your information for free. The current proposal just changes that to a simple *one-time* opt-out. While that isn't the best, it is a step in the correct direction. It forces the opt-out to be centralized. (Maybe we can wait a bit and propose that such information starts off as opt-out, then noone will have a problem.)

                You are basing your argument on the presumed intention that the proposal helps companies at the expeense of citizens. I think the current method does that, and the new proposal is a step in the correct direction. There are pros and cons to both. But it is hardly as bad as the writer of the original article (and slashdot poster) made it out to be.

                It's that simple... Bush wants to remove the opt-in ability of such research. You likely won't be able to opt-out.

                Umm... The crux of the article is a one-time opt-out. Did you miss that?

                I love that you end your article with the naive idea that a party or politician may benefit from passing a law is illegal and simply not done. I guess that is the root of the problem.

                I never said that it wasn't done. I said that if it could be proven, charges would be raised and action taken. It is certainly not as overt as your message seemed to propose.

                Simply: Companies now need the gov't to let them do things to dirty to get support from consumers. Now we look to make loopholes so that people can make more money.

                Did you read the article past the second paragraph? The fourth paragraph quite explicitly, allowing patients to decide up front whether to allow their records to be used for marketing purposes.. I think that says it all. Even in that biased article, anyone looking at the facts represented can see that this is another proposal, and if not better, at least of equal standing.

                • Okay, let me end this.

                  When a hospital holds my records they are holding them because they are required by law. They need to keep information on everything that happens between patient and doctor.

                  You may tell your doctor you are on a certain prescribed drug [maybe your family doctor prescribed it]. If he takes that note down because it may save your life it has now become a matter of record at the hospital. If the situation was reversed then your doctor may take note of a drug that was prescribed during a hospital visit.

                  In many states medical records can't be destroyed. The hospital keeps the records because it is in their best interest. They want to clear themselves of further litigation. If it wasn't required - they are taking it upon themselves to keep the records. Either way I haven't yet surrendered my rights as a patient.

                  The subject isn't where the records are kept, but the confidentiality you are currently provided under the status quo. Even with the connected world we live in most records are still kept in folders, and copies are made on a Xerox machine and not at a laser printer.

                  I currently have some of my records under lock and key with the county government because of a medical program they have. Under current law I must sign in advance to very specific releases of information. If they want to know milestones in treatment it's not assumed that they can call upon this information at anytime. Even though they are the ones keeping the records and providing some medical treatment.

  • by Caractacus Potts ( 74726 ) on Sunday March 24, 2002 @01:57AM (#3215395)

    That phrase about making a "good faith effort" to obtain written permission is crap! I'm self-employed and just switched medical plans. About a week after enrolling, I get a letter explaining how to opt-out of having my information released to my health care providers' "partners" who may have services of interest to me. Of course, since I didn't start out in an opted-out state, my information was already released into the wild. Now, I'm starting to get all of this medical junk mail aimed at senior citizens! Thank god they only got my address. If the marketing industry ever finds out I'm a hypochodriac, they'll bombard me!

    Seriously, if they allow for any relaxation of privacy regarding personal medical information, you can bet your bottom dollar that anyone who could possibly make a buck off of that information will find a way to obtain it.

  • Good grief (Score:1, Insightful)

    by Anonymous Coward
    Some said to me the other night. "The United States is Doomed".

    I said "No, the US is not doomed."

    But looking a this story and reflecting on the steady stream of similar things, I have to wonder. Such blatent disrepespect to American citizens. Seems we are required to opt-out of a hundred things a day to maintain our dignity. Like a drowning man thrashing about trying to stay above the surface of a lake.

    I get a vague sense of suffocation each time I read one of these stories. Make's me wonder if there might be better places to live.

This is now. Later is later.

Working...