Medical Privacy Alert

Tue Mar 3 06:24:12 PST 1998

99 Chauncy Street, Suite 310, Boston, MA 02111
(617) 482-3170  Fax (617) 451-000

CONTACT:	John Roberts
(617) 482-3170


	The confidentiality of the doctor-patient relationship will be totally
undermined as medical records become widely available without patient
knowledge or consent.	

	BOSTON - February 27, 1998.   On Thursday 2/26/98 the United State Senate's
Labor and Human Resources Committee heard testimony concerning a bill proposed
by Senators Bennett and Jeffords that, if passed, would license the widespread
disclosure of personal medical information contained in files held by doctors,
hospitals, employers, educational institutions, and others.
	The bill which purports to be a privacy bill is, in fact, just the opposite.
It places virtually no restrictions on the disclosure of personal medical
records within health care entities (no matter how large and geographically
widespread) or to a long list of other entities and agencies including the
	-  any agents or contractors of the health care entities 
	-  Public Health Agencies, Oversight Agencies
	-  Health Care Accreditation Agencies
	-  State Health Care Databases

There are major loopholes in access provisions for
	-  Health Care Researchers
	-  "Outcome" analysts ("cost/benefit" analysts for hospitals, HMO's,
insurers, etc)
	Even law enforcement agencies will have easy access to browse computerized
medical record systems for so-called "legitimate" investigatory purposes.
This will make every American's medical record part of a new massive law
enforcement database.
	The bill will destroy the confidential "doctor-patient relationship" and
replace it with a new "patient-health care industry relationship."
	"This bill serves only the interests of the burgeoning health care industry,"
said John Roberts, Executive Director of the ACLU of Massachusetts.  "It
allows the transfer of your medical records to many entities that stand to
profit from its information.  Gone is doctor-patient confidentiality.  Your
doctor cannot protect your most sensitive medical information from many
entities outside your medical facility.  Even employers who have health plans
are considered 'health care providers' in the Bennett-Jeffords bill.  How many
of us want our employers to have access to any of our medical records without
our knowledge or consent?"  
	The bill will also
	-  Impose requirements that patients sign blanket consent forms for release
of information as a condition of getting treatment, even for self-pay patients
	- Redefine "treatment" to make the patient's record a subject of continuous
	- Blur the boundaries between individual patient care and the so-called
"Population Management" and "Disease System Management"
	The bill will pre-empt all state laws which may be more protective of the
confidentiality of medical records.
	The bill will not apply even its own minimal privacy protections to so-called
"non-identifiable" medical records information.  But...interestingly, the bill
also refers to issuing "keys" to re-identify previously purportedly "non-
identified" information.  A formal logical analysis of this reveals that the
bill itself admits that what it calls "nonidentifiable" medical record
information is actually identifiable (i.e. containing patient information).
	The ACLU of Massachusetts believes that what is really needed for medical
privacy protection would be the following:
	-  Federal law should set a foundation or floor of privacy protection
	-  State laws which are more-protective of patient's rights should not be
	-  No "Unique Patient Identification Numbers"
	-  No electronic "linkage" of patient records stored in various sites
	-  Computerized patient records must be encrypted with keys provided only to
those directly involved in the individual patient care
	-  The right of the individual patient to contract directly with physicians
and health care providers regarding the privacy of the patient's medical


More information about the cypherpunks-legacy mailing list