Sunday, March 30, 2008

Can you keep a medical secret?

Does a doctor treating you for a broken leg need to know you had an abortion 20 years ago?
Should your dentist have access to information about your visit to a psychiatrist?
Such questions are moving center stage as patients' medical records increasingly are transferred from manila folders to the Internet, allowing easier access to medical history that the patient may not want known.
In one of the latest examples of the debate over how much patient history doctors should have access to, Dr. Marc Overhage, chief executive of Indiana Health Information Exchange, cast the lone dissenting vote as a 17-member federal panel recommended that patients get more control over electronic health records.
Overhage is a member of the National Committee on Vital and Health Statistics, which sent its recommendations to the U.S. Department of Health and Human Services last month. The panel encouraged HHS to give patients the power to sequester from their online medical records certain sensitive information such as domestic violence-related treatment, reproductive health and genetic information.
"I certainly believe it's a patient's right to protect and control their information," said Overhage, a professor at the Indiana University School of Medicine.
However, he said physicians, in order to provide the best care possible, also need access to information -- sometimes including information that is more personal in nature. The fact that a woman takes birth control pills, he said, could have an effect on how a doctor would prescribe other medications.
He also said the recommendations he voted against leave too many unanswered questions and contain initiatives that could cost hundreds of millions of dollars to implement.
To best protect their privacy, Overhage said, patients should pick doctors and providers they trust. "They should be confident that the providers and those who work with those providers handle that information appropriately," he said.
The federal advisory committee's recommendation letter is part of the federal government's process in establishing guidelines and standards to develop a nationwide health information network.
Such a network would include initiatives such as Indiana Health Information Exchange, an Indianapolis-based nonprofit organization used by roughly 33 hospitals and 7,200 providers, which transmits lab results and other patient information for providers across Indiana.
The development of large health-data networks such as IHIE, and the increasing use of electronic medical records by doctors and hospitals, could lead to the compilation of highly detailed patient medical histories.
And that has some worried.
The strongest privacy rights Americans have are health privacy rights, said Dr. Deborah Peel, a practicing psychiatrist and founder of the Texas-based advocacy group Patient Privacy Rights. "It's the most sensitive personal data," she said.
Even in the Internet age, patients should have the right to withhold certain information, she said.
"People forget that patients have never told every doctor everything," Peel said. "Patients have always carefully sliced and diced who they tell what under what circumstances. That's what the right to privacy means."
The letter crafted by the federal advisory panel, sent Feb. 20 to U.S. Health and Human Services Secretary Mike Leavitt, noted that computerized health records hold great potential for improving the effectiveness and efficiency of health care. But the letter also noted that such records also mean that every doctor, nurse, pharmacist, chiropractor and dentist, and other health-care workers, have potential access to a patient's complete medical history.
The panel also recommended that health-care workers be able to "break the glass" and access private information if needed in an emergency.
Such measures are needed in a highly connected world, said Mark Rothstein, a member of the committee, which spent about 15 months crafting the recommendations letter.
"People are suddenly going to find there's no way to compartmentalize the sensitive things in their health histories from the nonsensitive things in their health histories," said Rothstein, a lawyer who also is director of the Institute for Bioethics, Health Policy and Law at the University of Louisville School of Medicine.
"Someone who is treating you for a broken leg doesn't need to know you had an abortion 20 years ago."
Rothstein said another worry he has about highly detailed electronic patient histories is the prospect of patients being rejected by employers or insurance companies because now-scattered details of their health histories would be more easily available.
Overhage, however, said he had concerns about giving patients the power to exclude certain aspects of their health histories from their records. He said doctors might need access to such information to make important decisions about care.
"I worry about how many will be harmed versus how many people will be protected by having this information protected," he said.
Local physicians also are weighing how to best protect patient privacy.
Dr. Ben Park, chief executive of the physician practice American Health Network, said he sees a need for physicians and hospitals to be able to exchange patient data among different computer systems.
However, Park said, "It creates this point of vulnerability from a privacy standpoint." He said his practice has begun surveying patients about whether they want their information shared with an outside health information exchange.
Park recently spoke with a woman who, during a visit to her gynecologist, heard her doctor remark about the results in the Indiana Health Information Exchange system from a previous test, ordered by another doctor, for a suspected lung disease. Although she did not have the disease, the recorded result did not make that clear, Park said.
Overhage said IHIE gets its information from the patient's own providers. He emphasized that the system is "almost paranoid" when it comes to security. The patient information is encrypted, and there are tight constraints on how health-care providers may access it, he said.
Yet the word "privacy" does not appear anywhere in its 17-page 2007 annual report. "I think it's a given in the work we do," Overhage said.
He said society must find ways to balance the benefits of providing doctors with greater access to people's personal information with protection of patients' privacy.
"You can go to extremes, and I think we need to find the right pathway forward. We do have to marry the development of the privacy policies and the technology going forward," Overhage said. "We need to use this information to improve the quality of care that patients get."

No comments: