"Utilization Review"

[Timothy C. May]

At 4:22 AM 8/19/96, Black Unicorn wrote:
>I listened with horror this evening to a radio program which
>discussed the state of medical record privacy today.
>
>In one segment a doctor (psychologist) described an experience
>she had after a session which was covered by the patient's
>insurance plan.

A friend of mine is a psychotherapist very concerned with such issues.
There are many pressures on him to reveal information about patients, most
of which are "unsurprising" in a world of what can only be called
"socialized medicine."

(I say "socialized" in that very few persons pay cash or their own money
for medical care, psychiatric treatment, sports injury therapy, etc. Most
are paying only a per-visit deductible, if even that, and the rest of the
charges are picked up by their employers, their insurance plans through
employers, the various social welfare institutions, etc.)

Insurance companies want proof that the treatments are needed, or are
working, and cannot merely take the word of a shrink, for example, that his
services are needed. (I can think of some solutions, such as "second
opinions" and "independent review panels," but, I can tell you, such things
are not common with psychotherapy regimens.)

>The doctor in question received a phone message with a 1-800
....
>about the patient's session in order to conduct a "utilization
>review to determine medical necessity."  Most alarmingly, the
>representative could be heard typing on a computer during the
>entire review.

Let's hope the resulting entries did not show up on a Web page!

(This has actually happened, accidentally. Only discovered when the search
spiders found the data and others then found the records.)

>The program went on to indicate that among the provisions in the
>most recent health insurance reform bill there was a provision
>for information sharing among insurance companies to facilitate
>the transfer of insurance policies when the insured switches
>jobs.  Among the more alarming suggestions in the legislation is
>the use of a "unique medical identifier."  Many of you will see
>this coming.  One of the currently proposed "identifiers" is the
>Social Security Number.

First, Clinton's dormant Health Plan (her husband is not pushing it)
would've _required_ such cross-linking of records. My friend the
psychotherapist is a liberal, but was aghast at this and lobbied with his
fellow mental health care professionals against this. He also got PGP as a
result of this scare.

Second, the "Social Security Number" worry is misplaced. They _already_
have enough identifiers to cross-link records til the cows come home.
Thinking one is safe if  the SSN is not used is "ostrich security." The
real issue is having confidential medical or psychiatric or legal records
out of the containment of a trusted holder.

>Members of the list might also wish to consider that companies
>which self insure their employees for health benefits are
>entitled to all their medical records directly.

Indeed, when I was at Intel an engineer was outraged almost to the point of
quitting and filing a lawsuit when he learned that his "Human Relations"
bimbo in a cubicle down the hall had the details of his vasectomy.

I'm sure by now the news of his vasectomy is a hundred different file
system in a dozen different institutions. An Alta Vista search should turn
it up.

--Tim May

ObCrypto Relevance: One of the ways safes (the steel kind, not the
alternative to vasectomies kind) got stronger was not through imploring and
lecturing, as we in the crypto community do, but through _insurance_. Why?
A way to discount future costs/risks to the present. A merchant who has
never been robbed probably doesn't think about the security of his safe.
But his insurer does. And he says to the merchant: "The charge is $2000 a
year if you continue with your current safe, and $1000 a year if you get a
Mosler Titan-2 safe. Your call."

The same motivation is, I think, what will eventually get security and
crypto more widely used. A hospital sued for multiple millions because its
records got intercepted and placed on the Web will have its insurance
company rethinking policies and rates, and setting procedures for
protection of information. This will drive security in a way that lectures,
rules, and even scare stories will not.

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."