A few days ago I wrote a blog post in which I asked why there is so much fear about medical privacy.
There were many comments on the post, but they mostly missed my point. So let me try again.
Many people wrote about public humiliation. I understand why people wouldn’t want the size and location of their hemorrhoids published on the front page of the newspaper. We can all agree on this.
What I was really trying to say is that no one else cares about your hemorrhoids. They aren’t going to publish stories about them in the newspaper, and if the information was widely available on the web, I doubt many people would have any interest in searching for it. As a criminal, there would be no money to be made by stealing this information. All this makes me think that we don’t need to worry about this private information being made public because nobody has any incentive to make it public.
Let me give a parallel example. I think most people would be embarrassed if the contents of their trash was printed as the headline of the local newspaper. Yet, almost everyone is content to leave their trash out in the alley for anyone who wants to pick through. It turns out that neither reporters nor neighbors are interested enough in the contents to make a habit out of going through trash.
So let me pose the question another way: why do people think that absent stringent rules there would be such demand for access to their medical records when there is no demand for looking through other people’s garbage?
From 1 to 25 of 41 Comments
I think you are missing the reasonable economic issues here. People are bright by instinct fairly often.
Most individuals can see that if medical records were stolen, the records could be used against them. Just as insurance companes fight against anonymous testing services, other entities might discriminate based on medical care. The actual mechanism of abuse would take a bit of setting up. For example, a credit score company with opaque scoring methods would maximize profit by trading in medical data in some jurisdiction where it is legal. Average people understand this data could hurt them personally when used by corporations of questionable ethics.
Politicians are quick to heed this call. A political career can be derailed by grief counselling records, any mental illness, revelations of using alternative medicine, etc. After the first national political level incident, they were quick to pass restrictive laws.
Finally, all of this does bring back the value of people being in control of medical data. Doctors make enough mistakes and questionable judgements that they generally refuse to hand over the medical records to patients. Medical records are not stored with passports, birth certificates, and other personal records. One cannot take their entire medical record with them and compare notes on an anonymous chatroom.
— CharlesMerriamWhen I worked in an insurance agency, we did have unauthorized people try to get information about health records - spouses wanting to know what the other was up to, employers wondering about employees..
It’s not the “just any old person” that the rules are in place for. It’s the very specific people who have the power to hurt/fire/whatever you who could use medical information in a harmful way.
— dd“So let me pose the question another way: why do people think that absent stringent rules there would be such demand for access to their medical records when there is no demand for looking through other people’s garbage?”
You honestly think no one cares about the privacy of their garbage?
http://www.wweek.com/story.php?story=3485
http://www.fightidentitytheft.com/shred_supreme_court.html
http://talkleft.com/new_archives/001114.html
http://www.privacy.org/archives/001558.html
http://news.com.com/2061-10796_3-5820618.html
People have an expectation to privacy, whether or not they realize there aren’t “stringent rules” protecting them. Plus, with regards to garbage, there is a booming of business of the paper shredder: one can keep prying eyes off their credit card statements by shredding it or burning it. An individual has some level of control of what goes in their garbage — they can choose what people can and can’t see, to an extent. Not so with medical records. I can’t say, “Yes, you can see that I’m of a healthy weight, but I *don’t* want you to see about this medical condition.”
Your last post had tons of comments that were right on target: yes, there are people who *would* care about *your* hemorrhoids in particular, be they employers, family members, someone looking to get revenge, insurance company, an opposing political party, etc. etc. It’s all well and good that you don’t care if *your* medical records (or, apparently, garbage contents) are released, but don’t for a second think that your viewpoint is the right one and should extend to all others.
— MarkDid you read any of the responses to your earlier post? We offered several reasons from identity theft to employment and insurance discrimination. It isn’t about people tracking down one specific random patient’s data (most of the time).
Of course, trash is under the control of the person throwing it away, so if you need it disposed of confidentially, then you can do so. I don’t know of any way a patient can be in control of their medical information other than through laws like HIPAA that require patient’s consent before someone is allowed to share it with a third party.
I recommend you talk to someone who’s been though a nasty divorce — even though nobody cared about their trash until that day, it is absolutely one of the things a private investigator will dig through to find leverage. Medical and psychiatric records are likewise a major trarget of investigators — show that one parent is “crazy” and child custody just got easier. The term “dumpster diving” was not invented for kicks, it was the number one method of identity theft and investigation before online databases were generally available.
I understand you don’t work in any of these fields or haven’t had any of these negative experiences, and that’s great for you. But you’ve had a dozen people with first-hand professional and personal experience telling you why we lock down this data. This is starting to smack of push-polling.
— NathanielThe information for most part is useless, but in the wrong can be no good. A real world example (not a medical one but you can draw an analogy). When I was at Stony Brook University, the salary info of all professors, staff, dean, grad students were stolen and posted on http://www.stonybrooksucks.com (an unofficial student union run website) Here’s what happened.
Setting:First day of a senior electrical engineering course
— NabeelCProfessor: You all are lucky to make it so far (20% freshmen graduates). Just hang on till you graduate. This is a good time (year 2004) as corporate activity’s picking up. You will all find good jobs with average starting salary of $60K.
Student: Thats a bunch of crap coming from a professor with a PhD and 15 years teaching experience making $56K.
Maybe its about control.
I can control what goes into my trash, or who I donate money to. I can’t control my medical history.
— danielmorrisonThe results of a single test, by itself completely inconclusive, can and have been used in a discriminatory manner by employers, insurance companies, spouses, etc..
As somemone else said above, it’s not joe q. public we’re worried about, it’s spouses, employers, insurers, and the like.
— chkMedical privacy is not that large of an issue. However, the American public is obsessed with self protection. It is my right to lie to my spouse, employer, etc. about my medical information. The real question is why is everyone drawing so much attention to it nowadays. The answer of course being HIPAA.
— shannonHIPAA was originally written with “portability” in mind. It required all health facilities to convert to a standardized electronic code system. This eliminated physicians’ ability to “own” a patients medical records (usually under the guise of illegible hand written records). It had a surprising difficult time passing through congress. By adding the patient privacy clause it passed through congress. It had given legislators something to publicly support and was more easily understood. Portability and Accoutability refer to the doctors behavior of not being able to share patient records when someone requested a 2nd opinion or switched physicians. It only mentioned privacy as a token to get it through legislation. By creating a ficticious arena where our medical records become sacred, HIPAA gained all the support necessary.
I say ficticious because if we are asked for our social security number anywhere in a hospital we will rattle it off in a heartbeat and usually within earshot of other patients and staff.
Given all the fuss about identity theft, and the enormous amount of time a person has to waste if it happens to him or her, a lot of us now use shredders, not that those are foolproof. In the cities, at least, you see people going through dumpsters, and, while most are harmless, you just have no idea what they might do.
It’s the same way with medical information. I just don’t know what somebody might do with it. So it’s much much better not to blather it about. And it’s probably not a good idea to blather out a Social Security number these days either. I think people blather them out at the hospital desk because they’re under a great deal of stress - or they wouldn’t be there - and not in a real good position to think through the consequences at Wallet Biopsy Time.
In other words, we have made for ourselves a world where we have to assume everyone else is a crook until we find out otherwise. Partly because technology has made it so much easier to associate information together and misuse it, and partly because vigorous law enforcement - isolating and punishing the bad guys - has become Politically Incorrect.
— PaulS2First: What makes publishing the contents of trash and medical records different?
In the coming years, electronic medical records will replace hard-copies. Any legal issues aside, this will make it much easier for someone to publish a large corpus of medical records. Publishing the data would be a matter of writing a few programs or scripts to gather the data into a form that could be searched or published. But still, what incentive would someone have to do this?
As you indicated there wouldn’t be much incentive for someone to publish these in a newspaper. I suspect this is because a randomly selected reader is unlikely to care about the records of a few other randomly selected people. But, with internet access and powerful search technology, a random user could then find the records of a handful of people that s/he cares to read about.
To make an analogy, there is little incentive for the New York Times to publish some fourteen year-old’s livejournal, because any randomly selected NYT reader is unlikely to care. But it may still make sense for the fourteen year-old to publish to livejournal, because her friends who do care can easily access it.
AOL recently made headlines by releasing search records which could, in many cases, be traced back to specific users. Again, a newspaper would have little interest in publishing a large number of specific records. But if a businessperson knew that a competing company used AOL and could instantly access its search records, he would have a significant incentive to do so.
— avidreaderPatient confidentiality has been a part of the Hippocratic Oath for almost 3000 years. It’s also a part of the AMA’s Declaration of Professional Responsibility.
This isn’t a “fictitious” issue or some modern American obsession. It’s a part of the most fundamental bargain we make when seeing a physician — we’ll be completely honest so you can treat us, and in return you won’t share our secrets.
Yes, when we moved medical records to a standard, portable, easily readable format, we also had to insure privacy was protected since it would be so much easier to violate. Why this should shock anyone I can only wonder.
— NathanielIt’s also worth noting that it’s a common observation in security situations that where security needs to be applied by an otherwise disinterested party rather than by the person who is directly affected by a security problem you tend to need some kind of enforcement to ensure that people can get the security that they need. See for example Bruce Schneier’s articles here and here.
— broonieI think the appropriate analogy to public access to medical records, social security # aside, would be similar to public access to credit reports. Technically, only a potential lender should care about your credit history, but once the information falls into the right or wrong hands, it can provide fodder for vicious innuendo.
— cosmoI will disagree on the point of criminals caring about your medical records. I work with patient files every day, and every single file contains the patients name, address, date of birth, social security number, work number, and insurance information. Right off the top, this is enough information for an identity theif, but a more potentially lucarative aspect would be to sell this information to any one of the millions of Americans that can’t afford health insurance. They take on the identity of someone just to use that persons health plan.
— jgendelIf you aren’t worried about people knowing about your anal boils, then how about abortions?
— wdbarthThese days you don’t need a major newspaper to embarrass somebody with their private information. It’s so easy to publish on the Internet.
This blog is an example:
http://amirtofangsazan.blogspot.com/
The person buys the laptop on eBay, but the laptop was actually broken. The seller forgot to erase the hard drive, so the buyer took revenge by publishing his embarrassing files in his hard drive. Somehow people really cared about his files too, as this site was once very popular. The buyer did this without a major newspaper’s help.
I can imagine people doing this with medical records.
As for the incentive in this case….revenge?
— TThere IS a demand for making the contents of your trash public, however the costs are way too high relative to the potential payoff. And there is no incentive for the customer to help with the data collection, whereas there is in the medical case. Making medical information public is FAR less costly (data collection costs are largely born by the customer), and therefore more likely to be done. Medical records are already electronic, easily sortable and searchable, and therefore easy to monetize. How would one begin to think about collecting the data on your trash?
The day the trash company makes you fill out a 32 page form detailing the contents of your weekly trash, and then they charge you to enter it into a database, is the day you have a hippa for the trasha.
— tjbrooksThe first thing that comes to my mind is that people regularly confess illegal activities to their doctors, and it’s important that they do this in order to make effective treatment possible. “I smoke marijuana, shoot heroin” etc. The less protected those records are, the less likely people are to expose themselves to possible legal problems.
— johnsu01There are two things about medical records and the impact of medical information becoming public that I would comment on:
First, to a great extent it’s society and social mores which determine what information should be kept confidential. For most of history and still in many societies today, being adopted, being a victim of rape, having a child out of wedlock, being of mixed race, having clinical depression, alchoholism or even plastic surgery were socially unacceptable and stigmatized an individual. They would not want that information to be known. Not so today in many societies. And as societies better understand and more readily accept various medical conditions, there is less need to keep them secret out of fear. This is not to say that one should go around making announcements, but the disclosure of this kind of medical information in fact has little negative impact when society learns to accept it. For many medical conditions, that is still not the case.
As for politicians (and celebrities) being particularly susceptible to damage from exposing confidential medical information, in almost all cases, the damage comes not from the medical information itself, but from the fact that the individual denied it or lied about it (or even criticized others for having the same condition). Politicians in particular are asking people to trust them with their money, their safety and their futures. In return they are expected to be candid and honest about themselves. Any medical information that if disclosed is considered important enough to destroy their careers should have been important enough for them to tell their constituents about in the first place. It’s the dishonesty that usually ruins the career, not the medical condition.
Discounting the personal identity information that usually accompanies it, people want to keep their medical history confidential mainly for three reasons. They have a condition that is taboo or socially embarassing (usually involving sexual activity, substance abuse, or mental illness); they have done something illegal; or they have been dishonest about their medical history for personal gain (job application/security, potential spouse, insurance, public office). In only the first case is the individual really a ‘victim’ if the information becomes known. In the other two cases, society and other individuals are victimized by keeping the information secret.
— George SBut the first case outweighs the other two and is good enough reason to maintain confidentiality safeguards.
The price of unsecured records is the degree of potential humiliation multiplied by the likelihood of discovery. A very small risk of discovery, multiplied by immense damage still yields a quantifiable price.
If the price is greater than the benefit of disclosure then it is rational not to disclose the records.
The benefit of disclosure is very low, perhaps zero. Perhaps the cost of securing records (although that cost is itself complicated by the cost to medical treatment of people withholding information they fear could be disclosed).
So very low benefit measured against substantial price. Doesn’t that explain why we don’t want records made public?
The humiliation does not have to be public - on the front page of newspapers - for the potential damage to be immense. A teenager with a sexually transmitted disease is not worried about the front page of the newspapers so much as a parent, friend or even future partner discovering the information. Could one single person track down details about you? Of course - most of us have googled a friend’s name. If the information is available it is potentially stored and if it is stored it is probably discoverable. Someone would seek out records knowing they were available precisely because information that a person doesn’t want disclosed intrinsically has some value.
The analogy with rubbish is poor.
First, we ARE selective about what goes in the rubbish. While we might put some private information in the rubbish, few of us would put detailed financial statements, compromising pictures and the like in there (at least without tearing them up first).
Second, there is a very high cost to searching rubbish - the smell, dirt, time and disgust. The return is very low: there are very few fascinating details in rubbish compared to the quantity of diapers, moldy foods, shattered glass and cigarette butts.
In contrast, data in medical records could be scanned much more efficiently. And to someone who gets their kicks from reading about other people’s bodies the return is going to be orders of magnitude higher.
This is true whether the searcher knows our identity or not. We would not want a stranger fondling our underpants on the washing line, or spying on us in the toilet, and for the same reason we do not want a stranger getting anonymous gratification from our medical details.
So the cost of searching rubbish is much higher than the cost of searching medical records, while the return is predictably lower.
In addition, some of us don’t put any personal information in the rubbish. You can’t know which of us have information we want to protect and therefore we therefore protect everyone to ensure we don’t inadvertently fail to protect valuable information. We lack the information to decide which records would be searched and valuable…so the cost of protecting all information is less than the cost of potential harm from disclosure, even though that harm might not be felt by everyone.
— pagnzI’ve heard of interviews where the employer hands you a sheet of paper face down. Then they ask you to flip it over. On the sheet of paper is your myspace/friendster/facebook profile, with red circles of what the HR department didn’t like.
So obviously employers care about whether young potential employees like to get sloshed on the weekends. Are you telling me employers won’t care about whether you have liver disease, were in rehab, or went to AA? Or whether you had a stent implanted in your arteries or maybe had an angioplasty? Cancer survivor? HIV positive?
— TheQuitterFirst and formost Identity Theft.
— EmmytheSquirrelSecondly, accountability for confidentiality.
While it is true that confidentiality is covered by and hippicratic oath and nurses pledge, these are not legally binding. The doctors and nurses are also NOT the only people handling the records. While a medical professional has alot to lose by not BEING professional, others would often gain by using the very personal information they could find.
Previously, not all facilities had rules about WHICH employees COULD look in your records.
While you may feel that the confidentiality would only apply to public figures, I can almost promise that each of you will, at some point, find yourself in a position that you want as few people as possible to know what is going on with you and your medical professionals.
As one poster recounted, HIPPA BEGAN as a portability act, but lacked the appeal of the implied threat to privacy in a time when the selling of information was beginning to become a big deal. (remember all the letters from your mortage company to the electric company reguarding to whom they give your info ?)
sorry Hippocratic Oath
— EmmytheSquirrelYou’re working under the premise that no one cares about YOUR anal boils.
You’re wrong. I’m guessing you don’t read the local gossipy blogs maintained by busy bodies in small cities. I have read very intimate details of random government employee’s sex lives (or reported sex lives) on such blogs. Most of these details are revealed for political reasons and to embarrass someone into being silent. The tactic seems to work.
I agree with the previous poster - why don’t you publish your medical records, in the hopes that that might relieve some of the irrational fear you’re convinced we have?
And here’s another possibility that it seems you don’t want to consider: That we DO get your point and just disagree.
— sosoleftMost people don’t care about most people’s garbage. However, when it comes to celebrities or politicians, newspapers may have incentive to bring the information public. Look at the garbage example again. Imagine the headline “Bill Clinton Throws Away Old “Naughty Nurses” magazines.” The New York Times may not run the story, but some tabloid might. When it comes to past psychological problems, the issue becomes greater. “Justin Timberlake Attempted Suicide, Medical Records Say.” Imagine if we could get access to Michael Jackson’s medical records. I would have a party going through that information. Celebrities can hire private employees to handle their garbage so it doesn’t become public. Imagine if President Bush dragged his garbage to the corner of Pennsylvania Ave every week. Some liberal reporter looking for a big break would go digging every trash day. 99% of the time, you’re right Mr. Levitt, people wouldn’t care. But there will be cases when the incentive is there.
— 58saavedra