ConsumerReports.org - Electronic medical records, eyes on your record 3/06

Home > Health & fitness > Health care > Electronic medical records 3/06

Health & fitness

In this report: Overview; From folders to networks; The promises; Errors across the Internet; Eyes on your record; Safeguarding against theft; Taking charge of his health

March 2006

Eyes on your records

As things stand now, HIPAA regulations allow your medical information to be shared by hundreds of thousands of people without your knowledge--to treat you and to process billing. But the data can also go to health-care-related businesses. “Medical ethics have always allowed doctors to share information about you with your consent to ensure you are properly treated and to process insurance claims,” says Pyles, the privacy expert. “It’s that third category, sharing with health-care-related businesses, that’s troublesome.” Troublesome because there are 600,000 health-care-related companies in the U.S., according to estimates by the Department of Health and Human Services (HHS), including drugmakers, fund-raisers, health-care researchers, law practices, law enforcement, marketing companies, and transcription services. And those businesses can share your data with their affiliates.

That could total over a million firms, and there is no requirement in the rule that says you have to be notified when your record is shared with them,” Pyles says. HHS estimated that obtaining your consent every time your data were shared could cost $103 million over 10 years.

Your information could also be included in health-care research or public-health programs without your knowledge. Even if you find out about the research and request that your data not be included, the public-health organization is not required to acquiesce.

In January 2006, for example, the New York City Department of Health began a program to monitor the blood-test results of more than 500,000 diabetic city residents. Labs are required to send test results electronically to the department, which analyzes them to identify people who are having trouble managing the disease. Patients are unable to have results excluded.

Patients deemed at risk may receive letters or phone calls from physicians urging them to take their medication, get more frequent checkups, or alter their diet; patients can, however, opt out of the intervention portion of the program.

Although many companies might already have access to your data, a network of electronic records has the potential to spread it much farther at a more rapid rate. “It’s a lot harder to share information that’s sitting in paper files in lots of different doctor’s offices now,” Peel says.

The HIPAA law allows data to be shared with health-care businesses, and privacy advocates worry that an electronic system could allow your insurer to share data about you with its affiliate, which could be your bank, which in turn may be doing some health-care consulting. Your employer may obtain your info if it is an affiliate of a health insurer or if it self-insures. And note that any negative results of an employer-sponsored physical or test are not adequately protected information under HIPAA.

A corporation that is considering acquiring a pharmacy group or insurance company will be able to view its members’ records as part of its due diligence. Data warehouses that process prescription data for pharmacies may share information with drugmakers about who takes which medicines to improve marketing.

The information may include your name, a diagnosis code, and the amount you paid, for example, but that could be enough to derail your prospects for a loan or a job. “You could be charged higher loan rates or lose a job because of what’s in your medical record,” Pyles says. “And it will be impossible to prove it was because your data was shared, rightly or wrongly, because there is no disclosure audit.”

Taking charge of others' health


	Photograph by John Rae

WHO Lynn Silver, the assistant commissioner for chronic-disease prevention and control at the New York City Department of Health.

WHAT New York's health department monitors the diabetes-test results of city residents without their consent. "Diabetes has reached epidemic proportions in the city, and this step will help us reduce many unnecessary deaths," Silver says. Currently, some 1,900 people die from diabetes-related complications in the city every year. The program monitors patients’ conditions and contacts their doctors if it concludes they are having difficulty managing their illness.