At 4:22 AM 8/19/96, Black Unicorn wrote:
I listened with horror this evening to a radio program which discussed the state of medical record privacy today.
In one segment a doctor (psychologist) described an experience she had after a session which was covered by the patient's insurance plan.
A friend of mine is a psychotherapist very concerned with such issues. There are many pressures on him to reveal information about patients, most of which are "unsurprising" in a world of what can only be called "socialized medicine." (I say "socialized" in that very few persons pay cash or their own money for medical care, psychiatric treatment, sports injury therapy, etc. Most are paying only a per-visit deductible, if even that, and the rest of the charges are picked up by their employers, their insurance plans through employers, the various social welfare institutions, etc.) Insurance companies want proof that the treatments are needed, or are working, and cannot merely take the word of a shrink, for example, that his services are needed. (I can think of some solutions, such as "second opinions" and "independent review panels," but, I can tell you, such things are not common with psychotherapy regimens.)
The doctor in question received a phone message with a 1-800 .... about the patient's session in order to conduct a "utilization review to determine medical necessity." Most alarmingly, the representative could be heard typing on a computer during the entire review.
Let's hope the resulting entries did not show up on a Web page! (This has actually happened, accidentally. Only discovered when the search spiders found the data and others then found the records.)
The program went on to indicate that among the provisions in the most recent health insurance reform bill there was a provision for information sharing among insurance companies to facilitate the transfer of insurance policies when the insured switches jobs. Among the more alarming suggestions in the legislation is the use of a "unique medical identifier." Many of you will see this coming. One of the currently proposed "identifiers" is the Social Security Number.
First, Clinton's dormant Health Plan (her husband is not pushing it) would've _required_ such cross-linking of records. My friend the psychotherapist is a liberal, but was aghast at this and lobbied with his fellow mental health care professionals against this. He also got PGP as a result of this scare. Second, the "Social Security Number" worry is misplaced. They _already_ have enough identifiers to cross-link records til the cows come home. Thinking one is safe if the SSN is not used is "ostrich security." The real issue is having confidential medical or psychiatric or legal records out of the containment of a trusted holder.
Members of the list might also wish to consider that companies which self insure their employees for health benefits are entitled to all their medical records directly.
Indeed, when I was at Intel an engineer was outraged almost to the point of quitting and filing a lawsuit when he learned that his "Human Relations" bimbo in a cubicle down the hall had the details of his vasectomy. I'm sure by now the news of his vasectomy is a hundred different file system in a dozen different institutions. An Alta Vista search should turn it up. --Tim May ObCrypto Relevance: One of the ways safes (the steel kind, not the alternative to vasectomies kind) got stronger was not through imploring and lecturing, as we in the crypto community do, but through _insurance_. Why? A way to discount future costs/risks to the present. A merchant who has never been robbed probably doesn't think about the security of his safe. But his insurer does. And he says to the merchant: "The charge is $2000 a year if you continue with your current safe, and $1000 a year if you get a Mosler Titan-2 safe. Your call." The same motivation is, I think, what will eventually get security and crypto more widely used. A hospital sued for multiple millions because its records got intercepted and placed on the Web will have its insurance company rethinking policies and rates, and setting procedures for protection of information. This will drive security in a way that lectures, rules, and even scare stories will not. Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway."