Paul McClelland, MD
[Winter 1998; Vol.25 No. 3]
The official position of the MedChi, The Maryland State Medical Association in the area of privacy and confidentiality is that informed consent must precede any release of patient-specific information. This strong position statement reflects, in part, the effective leadership of Drs. Jennifer Katze, James Kelly, and Richard Epstein and other Maryland psychiatrists, working together with other physicians. This was an important victory and it formed the basis of Med Chi's support of the consent bill in recent legislative sessions.
Unfortunately, pediatricians and emergency room physicians did not agree with this position and actively lobbied against the consent bill which did not pass. Many medical researchers also had serious reservations about the bill. Last fall, MedChi's president Dr. Thomas Allen, a member of MPS appointed a task force charged with finding a way for MedChi and its constituent groups to speak with one voice on this topic. The following executive summary is taken from the 20 page Task Force report which was approved by the MedChi House of Delegates at its September meeting.
Readers looking for an unequivocal statement about the right to privacy may feel that the Task Force has diluted the positions of MedChi and the MPS in this area. It is important to realize that this was not a position paper, nor was it written for the MPS. It provides MedChi and the AMA with a list of 14 immediate actions along with a process for resolving current and future conflicts between medical privacy and other interests.
Maryland's psychiatrists need to continue to advocate for privacy, as noted in Dr. Katze's article in the October edition of the MPS News, while encouraging Med Chi and the AMA to proceed on the parallel track outlined in the Task Force report.
The loss of privacy and confidentiality in the physician-patient relationship and its consequences for patients are well documented in the medical literature. These problems have been compounded by the growth of numerous large electronic databases. Maryland's Health Care Access and Cost Commission (HCACC) has made notable improvements in the security provisions of its medical database, but it does not yet meet the achievable safeguards recommended by the Committee on Maintaining Privacy and Security in Health Care Applications of the National Information Infrastructure. These realities mean that physicians in Maryland and elsewhere often have to choose between adequately protecting confidentiality, an explicit requirement of the American Medical Association (AMA) code of ethics, and satisfying the demands of insurance companies, a financial necessity for patients and physicians.
The erosion of privacy poses another dilemma for physicians. No one denies the value of readily available medical records which are accurate and appropriately detailed for emergency care; coordination of care provided by multiple physicians in inpatient and outpatient setting; monitoring of drug-drug interactions; recording inoculations; tracking sexually transmitted diseases; and researching treatment effects. Many physicians would also defend the importance of such data for research involving healthcare utilization and costs. Privacy-conscious physicians who oppose insurance claims databases, electronic charts, and unique patient identifiers are seen as blocking progress in these important areas.
The House of Medicine will remain divided in this area until all interested parties work together to clarify areas of conflict and devise solutions. A united medical community could lead efforts to restore confidentiality and privacy to the physician-patient relationship, while also insuring that physicians, researchers, healthcare regulators, and insurers have ready access to the data necessary to meet their respective responsibilities.
It is in this spirit that MedChi formed the Task Force for Privacy and Confidentiality. The Task Force was established because of the need for MedChi to speak "with one voice" in the increasingly contentious debate in Maryland over privacy and confidentiality in the medical setting. Its mission was to "develop consensus on a list of standards governing confidentiality of medical records and the privacy of the physician-patient relationship." It was then mandated to "use these standards to develop recommendations for legislative and other initiatives by MedChi."
Members were appointed by MedChi's then-President, Thomas Allen, MD, to represent a broad range of constituencies from within MedChi, including those specialties that had previously disagreed about matters in this area. Members and the organizations they represent are listed in Appendix A on the MedChi web site at www.medchi.org.
In 1996, the Massachusetts Medical Society published a policy statement entitled, Patient Privacy and Confidentiality. The Task Force used this document to identify areas of consensus and to outline the scope of its work. In June, after the Task Force had finished meeting with a series of expert consultants, the AMA published an extensive position paper, based in part on the Massachusetts document. Both of these documents are important and the Task Force endorsed both after finding only minor disagreement with a small number of positions. A careful reading of the documents, however, reveals that neither offers solutions for the dilemmas described above.
The Task Force chose to focus on four broad areas: the clinical setting; public health and research; healthcare regulation; and insurance. Members agreed to use consensus throughout its proceedings in an attempt to encourage all parties to work together at understanding conflicts and finding solutions, rather than defending previously defined positions.
The Task Force heard repeatedly that it was too late or otherwise impractical to effect many privacy protections. Insurance companies, healthcare regulators, and groups such as Equifax already have large databases containing confidential medical information. Employers, bankers, insurers, and pharmaceutical firms have demanded and obtained access to detailed medical information, sometimes using it to the detriment of physicians and/or their patients. The federal government is the largest and most powerful consumer of this information. MedChi and its members must realize that none of these groups have allegiance to the AMA code of ethics. However great the challenge, failure to act to restore the right to privacy and confidentiality is itself a violation of that code.
Years ago this country dealt with the environment with the same disregard it now shows for confidentiality and privacy in medicine. Powerful industries asserted that adequate protections for the environment were not practical, affordable, or compatible with full employment. The federal government may have been the biggest offender. Now attitudes about the environment are different and, although far from complete and often costly, efforts to protect the environment have led to substantial progress and a growing environmental protection industry. Organized medicine must lead a similar effort to change attitudes and practices involving the handling of medical data.
MedChi will not succeed in this activity by serving as a watchdog, attacking threats to privacy and fostering adversarial relationships with healthcare regulators, insurers, and others. Instead, MedChi should serve as a catalyst for the understanding and resolutions of conflicts between privacy of medical data and competing interests.
The Task Force report illustrates how this might be done. Finding substantial and often creative approaches to privacy in the public health and research communities, the Task Force suggests that healthcare regulators and insurers be encouraged or required to invest in technologies for data protection and to institute effective Institutional Review Boards (IRBs) and other protections. It is noteworthy that Maryland's HCACC is already starting to move in some of these directions.
In order to play a leadership role, MedChi must first develop a serious, thorough, and well-publicized program to increase confidentiality and privacy in hospitals, clinics, and physicians' offices. By increasing the security of medical records within their professional practices, physicians can more fairly ask other organizations who use medical record databases to strengthen their security measures.
a. Ensure adequate, informed consent of the patient before disseminating clinical information.
b. Discourage inappropriate information exchange in settings not designed specifically to benefit the patient and/or to promote the knowledge of medicine.
c. Encourage practitioners to adhere to current guidelines regarding intra-familial release of medical information.
8. MedChi should work legislatively and at the AMA level to insist that patient-specific databases contain user information which provides an audit trail, similar to identification of those mishandling financial databases, to establish recourse for the misuse of medical data. Those owners of databases without such an audit trail should bear a legal presumption of liability.
9. MedChi should work legislatively and otherwise to assure that all research in Maryland using databases, whether or not they contain identifiers and regardless of funding source, be approved by an Institutional Review Board (IRB) adhering to federal requirements for IRBs.
10. MedChi should propose legislation to reduce the likelihood of medical information identification by establishing a confidentiality commission.
11. MedChi should work at the AMA level to support the phasing out of the use of the Social Security Number (SSN) in medical records.
12. MedChi should work at the AMA level to repeal the 1996 HIPAA law Unique Patient Identification Numbrer (UPIN) because of the need to clarify the safety, necessity and privacy ramifications.
13. MedChi should work at the AMA level to oppose further development of the new, HIPAA-mandated specific provider identifier numbers until there is greater assessment of the indirect privacy threats versus need to know.
14. MedChi should work at the AMA level to replace the current system which uses all-encompassing waivers for unlimited access to medical records with a system of limited waivers specific to patient needs.
Dr McClelland is co-chair, MedChi Task Force on Privacy and Confidentiality