Thursday, April 10, 2008

Effectiveness of medical privacy law is questioned

You can be sure this issue is only going to become bigger and more important in the months and years to come as our medical records will continue their transition into the digital age. That of course means electronic records being shared by increasing numbers of people and in an increasing number of ways and for an increasing number of reasons (many perhaps illegal).

In fact, you won't see a health plan these days that doesn't already factor in the claimed costs savings that such electronic records will bring to consumers. Now, that debate is for another time - but a debate that needs to be had right now, is how far will we go to protect our most private information?

The LA Times reports on some new data suggesting that the current safeguards in place are inadequate:

When Congress passed a federal medical privacy law more than a decade ago, it was hailed as a new level of protection for patients nationwide. But even though the government has received about 34,000 complaints of privacy violations since it officially began enforcing the law five years ago, only a handful of defendants have been criminally prosecuted. The half a dozen or so cases mainly involved clerical workers who pilfered patient information, using it to open credit card accounts or selling it to crooks who tried to bilk Medicare and the Internal Revenue Service.


Critics say the government's approach -- which focuses on getting providers to correct violations -- may be too lenient, particularly at a time when medical records are increasingly being shifted from file folders to computers. In addition, a Justice Department legal opinion has stated that the law applies primarily to organizations -- hospitals, health insurance plans and doctors' offices -- and only secondarily to individuals such as the low-level clerks most often implicated in information theft.


Some privacy advocates say the law should be changed to give patients and their families explicit authority to specify who can -- and cannot -- see their medical records, although others in the industry argue that such stipulations would be very difficult to enforce.


California has its own medical privacy law. Under the 1981 Confidentiality of Medical Information Act, any "person or entity" that "obtains, discloses or uses" patient information without authorization faces civil fines of $2,500 to $250,000. But no one seems to know how often or even whether such fines have been levied.

This will be an issue I will follow regularly on this blog, because as I said in the intro, its only going to get bigger. And from our perspective, privacy comes first, and we would rather fault on the safe, than the sorry side when it comes to information as personal as your medical records.

Click here to read the article in its entirety.

No comments: