Dartmouth-Hitchcock Medical Center 1998 Koop Lecture Series

May 26, 1998

I am delighted to be here with you all today and to take part in this distinguished and influential forum.

These are exciting times. For those of us outside of the medical professions, it seems that we are on the cusp of a golden age of pharmacology and gene therapy. New breakthroughs are coming so quickly that medical reporting has become a growth field in journalism.

We are rushing headlong into these revolutionary changes without any comprehensive federal policy or law to protect the privacy of our personal health records. We are on a wild roller coaster ride into the future, but we are rushing ahead without seatbelts.

You far more than federal policymakers in Washington know how fast the world is changing and how difficult the privacy decisions are becoming. When I talk to doctors, hospital administrators, insurers, or anyone else in healthrelated industries we all seem to agree on the broad principles of protecting health records, but as usual, the devil is in the details.

We need you, as health care providers and health researchers, to come to the table with other interested parties such as insurers, pharmaceutical manufactures and HMO representatives and consumer, disability and privacy rights groups. We need for everyone to talk to one another and stop talking past one another.

Until we agree to this there is no chance to find the common ground necessary so that individuals can be assured that their medical information is kept confidential and to ensure we can continue to reap the benefits of greater efficiency in the health care system and important societal goods such as medical research continues.

The explosion in information technology is an enormous boon to our society. But it also poses new challenges in protecting our privacy. Financial service conglomerates are offering a wide variety of services, each of which requires a customer to provide financial, medical or other personal information. There is really nothing to prevent subsidiaries within the conglomerate from sharing this information for uses other than the use the customer thought he or she was providing it for.

Highlighting the Problems

The reason for the level of public concern is clear: Medical records contain intimate, highly sensitive personal information such as family history; testing; diagnosis and treatment of illness and diseases; drug and alcohol use; sexual history; and the medications that doctors prescribe.

Contrary to some, I believe that computerization can assure more privacy to individuals than the current system if legislation like mine is enacted. But if we do not act the potential for embarrassment and harassment is tremendous.

A few years ago, Rep. Nydia Velazquez awoke from a primary election victory to see her hospital emergency room visit reported on the front page of New York newspapers.

The National Law Journal reported on a banker who also served on his county's health board who cross referenced customer accounts with patient information. He called due the mortgages of anyone suffering from cancer.

A state of Florida public health worker improperly brought home a computer disk with the names of 4,000 HIV positive patients. His roommate took the disk and sent it to two Florida newspapers.

One science journal reported on a 24yearold woman who was fired from her job shortly after her employer learned she was at risk of getting Huntington disease. Yet in the 8month period before she was fired she had received three promotions and, in fact did not have that disease, although she did have a possibility of getting it.

As medical science moves forward and we understand better what may cause a disease or who may have a greater possibility of contracting a disease or condition, we should not create barriers to individual learning more about themselves and their health needs by creating the situation where they get a genetic test and then turn around and have a possibility of a disease be used against them.

Unfortunately, there are many more stories like these. And while these stories highlight the problems that are out there due to the lack of privacy and security of individuals medical records, so many other breaches of privacy are more subtle.

In the most recent of the legion of reports on medical privacy, the National Research Council notes the adverse impacts regarding selfinsured businesses where few legal restraints to prevent corporations from using such information to refuse to promote or continue to employ workers on the basis of their health care history.

Health information is more and more in possession of or accessible to third parties: Doctors and patients find themselves required to use information processors, billing agents, third party payers, and to have to report to government agencies, professional associations, employers, and insurers.

Growing computerization is fueling both the supply and demand for health data.

Understanding the Issues/Increasing Consumer Involvement

In 1993, I began a series of hearings before the Technology and the Law Subcommittee of the Judiciary Committee. We explored the emerging medical technology and opportunities being presented to deliver better and more efficient health care services, especially in rural areas.

In the United States, managed care programs, HMOs, drug companies, hospitals and other entities have spent up to $15 billion in one year alone on information technology to acquire vast amounts of medical information about Americans.

The difficulty in wrapping our hands around the magnitude of this is that measures to address the confidentiality of an individual's medical record generally apply to a single organization. Once the information leaves the hands of a health care providers control over the confidentiality of the information in lost.

A recent article in a trade magazine described an outcomes research group that has online access to 700 million pharmacy claims, which represent the past 25 months of filled prescriptions. That data becomes available online within 48 hours after the prescription is dispensed.

Collecting information like this may or may not in and of itself be a problem. It can be useful for quality assurance and to provide more cost effective health care. But it does raise such questions as how and why is it being collected? How is it being used? Do the customers or clients know about it?

Do consumers care about these privacy implications? When they learn about them, they certainly do. Look no further than the public concern fueled by recent press reports about the widespread disclosure of personal health information by pharmacies without the expressed consent of consumers.

Many of the problems result directly from the advent of new technology. Computer matching was not feasible until recently, and ideas like interactive telemedicine was confined mainly to science fiction novels. The problem of course is not the technology.

The problem is that there are inadequate safeguards to prevent technology from swamping personal privacy. Existing legal and ethical rules governing patient data are inadequate to cope with modern public and private sector information practices.

So that there is not a total loss of control over an individual's information as information flows across electronic systems, you need to help me make the case for when you need to use personally identifiable information to do your job.

Making that case will help us find solutions, because I think the majority of us agree that once the information is depersonalized, much of the concern over an individual's privacy can be muted.

Difficulty in Defining an Intrusion on Privacy

We find few easy answers to the underlying problem of problem of protecting privacy. It may be hard to even arrive at a single definition of the problem itself.

Much of the "intrusion" may be seen by some as consensual

For instance, if a person steps into a hospital or doctor's office for care, does he or she impliedly consent to the use made of the data that is gathered? Should the individual be told how their information will be used and who will have access to it in advance and if so in what detail? Is this even feasible, given the speed of developments?

I expect that many, if not most, consumers tend to focus on the benefits rather than the privacy detriments.

Patients walking in your door know that for you to provide the best possible care they need to provide you with their personal information. With this information you can provide better care and researchers can help us learn more about specific ailments and find cures.

Because of the difficulty in writing meaningful definitions of privacy interests where information technology is involved, the solutions have focused on institutional relationships.

And so the Privacy Act of 1974 tries to protect the privacy interests in the citizen's relationship to government. We have seen privacy as a function of our relationships with institutions like schools, credit institutions, employers, or cable providers.

Improving our health system – need for accurate information

Last fall, Secretary Shalala said this in concluding her report to Congress on medical privacy: she said, "without safeguards to assure that obtaining health care will not endanger our privacy, public distrust could turn the clock back on progress in our entire health care system."

If citizens do not trust that their most sensitive information will be treated confidentially once it leaves the hands of their health care provider, how can we trust that the patient will be willing to reveal all of his or her most sensitive information?

I have heard from health care providers that they may alter diagnosis or treatment codes on claim forms and send on incomplete information for claims processing in order to encourage a patient to more fully communicate. I have heard from others who make cryptic notes that only they can decode in the margins of a health record, to keep the detailed nature of a patient's problems from others.

The reliability of research outcomes depends on the reliability of the information going in.

Many have suggested that if we ask patients' permission to use their identifiable information for research, the result would be an "authorization bias" that would skew the research.

I would like to know and this is something else I hope to have your comments on how, if at all, does it skew your research to have incomplete or inaccurate information?

Are researchers already dealing with a host of error rates when doing medical research?

This socalled "authorization bias" may add to errors, but do you think that it might also be able to clear up so many others dealing with the quality of the data of the individuals that do agree to provide their full information?

Federally funded health researchers have been a model of how to deal with using a patient's identifiable information. Through the IRB system you already weigh the privacy of other needs of patients before allowing any research to be done using identifiable data.

The legislation that I have proposed does not change the current IRB system. It uses the system as a model for how to deal with research that currently does not come under the IRB system.

Overall, I would like to see a national health privacy policy that creates incentives for researchers to use depersonalized or "anonymized" health information.

Protecting privacy can and must go handinhand with improving the health care system.

Congressional Action on Electronic Data Interchange

I am sure that few of you will disagree with me when I point out that Congress has added far more to the problem than it has offered solutions when it comes to safeguarding health information.

In 1996, Congress passed the Health Insurance Portability and Accountability Act (HIPAA). A provision in that law requires that personal health care information be available for electronic transmission without proper protection. The law gives patients no method to withhold consent for those insecure transfers of their health information. The first set of draft regulations on the electronic transmission of health information were just made public by HHS earlier this month, on May 7.

Unless Congress acts sooner, we will not see privacy protections formulated until the year 2000.

The two track system for first establishing national computer networks of health care information and getting to the fundamental issue of privacy protection some two or three years later is backwards, and doing it that way would needlessly complicate our work in finding solutions.

Many of the businesses and pharmaceutical companies that have complicated and delayed passage of a federal medical privacy bill are the strongest backers of administrative simplification. It is telling in the HIPAA legislation that trade secrets are expressly protected, though it is unlikely that personal privacy will be protected.

Once nationwide systems for exchanging and analyzing health information are built, it will be next to impossible after that to bring it all back to square one to devise and implement a privacy regime.

Bob Dole, when he was the Senate's Majority Leader, put his finger on this problem when he said that a "compromise of privacy" that sends information about health and treatment to a national data bank without a person's approval would be something that none of us would accept.

Unfortunately, this is exactly what is happening.

Medical Information Privacy and Security Act (MIPSA)

I have introduced medical privacy legislation in the last three Congresses. This time around, Senator Kennedy has joined me in introducing the Medical Information Privacy and Security Act, which we have come to fondly call "MIPSA."

If enacted, our bill would be the first comprehensive federal health privacy law. It would close the existing gaps in federal privacy law to ensure protection of personally identifiable health information.

My bill is broad in scope: It applies to medical records in whatever form paper or electronic. It applies to each release of medical information including rereleases. It covers doctors, hospitals, researchers, insurers and many other categories.

Let me outline the key features and objectives of the bill: