Divided loyalties: A physician's responsibilities in an information age

0277-9536186 Sj.00 + 0.00

Sot. Sci. .Med. Vol. 23, No. 8. pp. 817-826. 1986 Printed in Great Briratn

Pergamon Journals Ltd

DIVIDED LOYALTIES: A PHYSICIAN’S RESPONSIBILITIES IN AN INFORMATION AGE ROBERT M. GELLMAN B-349-C

Rayburn

House Office Building,

Congress

of the United

States, Washington.

DC 205 15, U.S.A.

Abstract-Increasing demands are being placed on medical care providers for the disclosure of identifiable patient information for use in the medical treatment and payment system as well as for unrelated uses. The legal and ethical principles that are supposed to guide physicians with respect to confidentiality of medical records are neither consistent nor complete. Physicians are required to make decisions regarding the disclosure of patient information without clearly defined, up-to-date legal or ethical guidance and in circumstances in which the physician and the patient may have different interests. Ke): words-privacy, confidentiality

physician-patient

privilege,

lNTRODUCl’lON

Recent years have witnessed tremendous growth in the ability to use, store, communicate, and disseminate information. Almost every facet of modern life has already been significantly affected by this ability. Information has become so important that some have declared that the United States is now entering, an ‘information age’ where the production and apphca. tion of information and knowledge will be the determining factor in the economy [I]. The twentieth century has also witnessed tremendous innovation in medical care and the medical care delivery system. Some of this is the result of scientific advances and new medical technologies. Expanded government programs have also transformed many aspects of medicine, including treatment, training, and payment for services. The effect of the information age on medicine has also been profound, both directly and through its effects on other institutions. One consequence of all of these changes is a restructuring of relationships among physicians, patients, government, and other individuals and institutions. The growth in the role of the federal govemment and private insurers in paying for health care is only one measure of the extent of this restructuring. In 1982, federal government health outlays were projected to be almost 95 billion dollars. This represents almost 30% of all national health expenditures [2]. The percentage of health expenditures covered by private insurance more than tripled between 1950 and 1979 [3]. These growing interrelationships magnify the importance of medical information in the modern health care system. For example, the amount of medical information routinely recorded has increased tremendously. In its 1977 report the Privacy Protection Study Commission described the changes: “Like all records, the medical record is in part a memory aid. It serves to remind the physician of conditions’dis--_._ The views expressed in this article are solely those of the author and do not represent the views of the House Committee on Government Operations or its Sub_ committee.

physician-patient

relationship.

medical

record

covered, drugs prescribed, tests and treatments administered, and the charges levied. Earlier in this century. when most medical professionals were family physicians in solo practice, the typical medical record was simply a small ledger card with entries showing the date of the patient’s visits, the medications prescribed, and the charges. The physician was usually able to file the intimate details of a patient’s medical or emotional condition in the ‘safe crevices of his mind’. In contrast, a modem hospital medical record may easily run to a hundred pages. The records of a family physician may still hold information on ailments and modes of treatment, but also now note the patient’s personal habits, social relationships, and the physician’s evaluation of the patient’s attitudes and preferences, often in extensive detail” [4].

The expanded data contained in medical records make the records useful to more and more people. Medical records now attract interest from schools, social workers, police, epidemiologists, and others far removed from the treatment process. The transfer of medical information is also increasing. Enormous quantities of identifiable patient information must be exchanged in order to fuel the third party payment system and to maintain routine fiscal controls. There are other factors too. Advances in medical knowledge and practice as well as the use of medical records in judicial proceedings have increased the size, importance, and transferability of the medical record. Peer review, public health, and medical reserch have also contributed to the growing demand for data disclosure. These increasing demands for dissemination of identifiable medical information have troublesome implications for the relationship between doctor and patient. That relationship, although not unaffected by the revolution in health care, retains many of its traditional elements. One of these is the confidence of the patient that information disclosed to his doctor will go no further. The importance of confidentiality has been recognized since the dawn of medicine. The Hippocratic Oath, which is still in use today, contains the following pledge: “Whatever, in connection with my professional practice, or not in connection with it, I see or hear, in the life of men,

817

818

ROBERTM. GELLUA~

which ought not to be spoken abroad. I will not divulge. as reckoning that all such should be kept secret” [5]. The reason for confidentiality has remained the same throughout the years; failure to protect information may hinder the physician’s ability to provide needed medical care to his patient. Practicing modern medicine in today’s information age makes it difficult for physicians to preserve the confidentiality of patient information. Demands for disclosure may- come from numerous agencies of government at all Levels; health and life insurers; medical and social researchers; police; public health officials; the Secret Service; and others. Most of those seeking patient information have clean hands and noble intentions. It has always been true that a patient could be embarrassed by the disclosure of information about. his medical condition. However, society’s increasing interest in information and its ever-expanding ability to manipulate data can magnify the consequences of disclosure. Alan Westin has described the potential effects:

..

the outward flow of medical data.. has enormous impact on people’s lives. It affects decisions on whether they are hired or fired: whether they can secure business licenses and life insurance; whether they are permitted to drive cars; whether they are placed under police surveillance or labelled a security risk; or even whether they can get nominated for and elected to political office” [6]. While the consequences of disclosure fall primarily upon the patient, decisions about the propriety of disclosure are increasingly made by the physician alone. Patient consent may be sought. However, in some instances, it is impractical to seek consent. Also, where the records of many patients are needed, it is easier for a user to seek the cooperation of one physician rather than the consent of many patients. In his role as record keeper, a physician stands between the medical record and its many potential users. When asked to reveal patient information, a physician may find that his duty to his patient is different than and conflicts with other duties to society. In addition, a physician may find that his personal interests add new factors to an already difficult decision. The Hippocratic Oath demonstrates that physicians have always been aware of the conflicts that result from the possession of information about others. However, a one sentence oath on confidentiality is no longer sufficient to deal with the questions that arise today. The ‘physician’s responsibilities in the information age have become increasingly complex. The law has occasionally recognized the existence of a physician’s information conflicts and has reacted in ways that appear to lessen the problems. Part one of this paper will examine the ways that statutes and traditional legal principles address some of these issues. This review will demonstrate &at the law either does not resolve conflicts over irtfwation in a satisfactory manner or that other, more difficult problems result from the approach taken. Part two will examine conflicts of the information age. Generally, the information age will be shown to exacerbate

existing problems and to increase the pressure on physicians. Having stated what this paper is intended to accomplish. a few qualifications must also be stated. First, the distinctions made here between traditional problems and those of the information age are, admittedly, somewhat artificial. There is no clear line of demarcation, and the basic point of this paper is unaffected if the line is shifted to one side or another. Second, the information age is not the same thing as the computer age. Processing. transfer, and storage of data are central features of the information age. and all of these tasks are facilitated by the computer. However, the basic issues of the appropriate use and maintenance of information that haunt the information age are not the result of computerization. These issues exist whether or not data are in electronic form. The computer does raise new technological questions and may complicate existing problems, but the computer is not the villain of this paper. Third, legislatures have not been totally blind to the information age. Some states have passed comprehensive medical records confidentiality laws. However, most states simply do not have well defined, modern laws on medical records confidentiality [7]. Older state laws are usually limited in scope, provide little if any meaningful guidance on disclosure questions. and are likely not to be aggressively enforced [8]. In fact, health professionals seldom know the laws of their own states [9]. Even newer state laws that are more sophisticated cannot deal with the increasing disclosure demands made by federal agencies [IO]. Congressional efforts to pass a medical records law at the federal level failed in the 96th Congress [I I] and have not have been revived. Finally, the discussion that follows focuses on issues that might confront an individual practitioner. However, for most physicians, that is only one of several contexts in which information questions might arise. For example, a physician who is on the staff of a hospital creates patient records that are owned by the hospital. The interests of hospital management in those records may well differ from the interests of the physician as well as from the interests of the patient. Physicians who practice in groups, clinics, or in occupational settings may be faced with similarly convoluted information questions. Time and space do not permit exploration of all of these potential issues. PhRT ONE: TRADlTIOKAL LEGAL ISSCES There are several aspects of physician-patient confidentiality that traditionally have been addressed by most state legislatures. The physician-patient testimonial privilege defines when confidential communications are protected by law. State reporting laws, on the other hand, define when breach of that confidentiality is required as a matter of law. The final issue considered in this part is the question of ownership of medical records. While ownership is not very interesting by itself, related issues pose difficult problems for physicians. Physician-patient

privilege

Existing law in most states recognizes, to a limited degree, the need for confidentiality in the medical

Divided

loyalties:

a physician’s responsibilities

care relationship through a physician-patient testimonial privilege. When it applies, this privilege generally provides that the physician cannot testify about confidential communications with his patient in the course of treatment unless the patient waives the privilege. The physician-patient privilege is similar to privileges recognized for confidential communications between attorney and client and between husband and wife. However, unlike the latter privileges. the physician-patient privilege was not recognized at common law. It was first created by a New York State statute in 1828 [12]. Since the privilege belongs to the patient and cannot be asserted by the physician even if the patient abandons it [ 131,the physician is not forced to decide on his own whether it is appropriate for him to testify. That decision is made by operation of law. As a result, the privilege might appear to be a useful conflict resolving device for the physician. However, this is not to say that a physician only has to testify in court when his patient agrees to the testimony. In fact, the physician-patient privilege only occasionally resolves the physician’s testimonial dilemma in this fashion. It is not uncommon for a physician to be required to testify notwithstanding the desire of the patient for confidentiality or the desire of the physician to preserve that confidentiality. There are a number of reasons why the physician-patient privilege is of limited utility. First, the privilege does not exist in all states. Only two-thirds of the states have created some form of physician-patient privilege by statute (131. The privilege is not recognized in federal criminal trials [ 141or in non-diversity cases in federal court [15]. Second, even where the privilege does exist, it is a testimonial privilege. That is, it only applies when the physician is testifying in court or in related proceedings This represents only a small fraction of the disclosure demands that may confront a physician. The Privacy Protection Study Commission put it this way: “The most important thing to remember about the testimonial privilege is that it has virtually nothing to do with normal. everyday use and disclosure of records maintained by a medical-care provider. The discretion to disclose or not IO disclose. in most circumstances, resides solely with the protider” [ 161.

Third, the privilege is much narrower than it seems. Statutory exemptions and judicial limitations have so limited the privilege in many states that little is actually protected. In California. for example, the privilege does not apply in: cases in which the patient puts his condition in issue; criminal proceedings; will contests; malpractice cases; disciplinary proceedings; and in several other types of cases as well [17]. The California statute is not an exception. In considering the desirability for a physician-patient privilege in the Federal Rules of Evidence, the Judicial Conference Committee that drafted a proposal said: I -_c “While many states have by statute created the privilegeTthe exceptions which have been found necessary in order to obtain information required by the public interest or to avoid fraud are so numerous as to leave little if any basis

819

for the privilege. Among the exclusions from the statutory privilege, the following may be enumerated: communications not made for the purposes of diagnosis and treatment; commitment and restoration proceedings; issues as to wills or otherwise between parties claiming by succession from the patient; actions on insurance policies: required reports (venereal diseases, gunshot wounds, child abuse); communications in furtherance of crime or fraud; mental or physical condition put in issue by patient (personal injury cases); malpractice actions; and some or all criminal prosecutions” [18].

Fourth, there is a considerable amount of hostility. toward the privilege on the part of legal commentators. Wigmore, author of one of the leading legal treatises on evidence, disputes the premises upon which the privilege rests. He questions whether physician-patient communications are in fact confidential; whether patients would be less communicative in the absence of a privilege; and whether the injury to the physician-patient relationship as a result of the disclosure of confidential communications would be greater than the expected benefit to justice by the disclosure of the communications when relevant in court [19]. Wigmore’s comments are reflective of doubts on the part of the legal profession about the need for a physician-patient privilege. Since the privilege does not exist in some jurisdictions and there is no evidence that medical practice in the jurisdictions is significantly affected as a result, it is difficult to put these doubts to rest in any definitive way. In any event, it is reasonable to conclude that legislatures are not likely to expand the physician-patient privilege to make it more comprehensive [19]. Fifth, it is possible to argue that patients covered by third-party payment plans have alreadv waived any applicable privilege. When making a claim under a health insurance policy, a patient is normally required to sign an authorization permitting the insurer to have access to medical information needed to process the claim. Typically, these authorizations are broadly written and permit insurers complete access to medical records. Authorizations of this type are a common feature of the information age [4]. In general, courts will not recognize a testimonial privilege when the information has been disclosed to a person who is not a party to the privileged communication. If a patient has agreed to permit confidential information to be disclosed to a third party (i.e. an insurer), the patient may be deemed to have waived the privilege that might otherwise attach to the information. Such a patient may find it difficult to argue for privacy when he has already ‘abandoned’ the privacy that the privilege was intended to protect [20]. This ‘blanket waiver’ argument has not been definitively litigated to date. What can the concerned doctor conclude from the current states of the physician-patient privilege? In theory, the privilege should have a strong attraction for physicians because it resolves conflicts over the disclosure of confidential patient information without calling for a decision by the physician. Where the privilege applies, the physician cannot testify. Where it does not apply, testimony is required. Nevertheless, the severe limitations placed on the privilege by statute and judicial interpretation are

810

ROBERT M. GELLSIAN

probably not well-known to either physicians or patients. As a result, the privilege is overrated as a protection for the confidential medical relationship. For the physician seeking guidance on noncourtroom disclosures, the privilege is not useful at all. This is due, in part, to the large number of exceptions. Also, the nature and circumstances of a disclosure made in the rarified context of a courtroom are far removed from the disclosure dilemmas faced everyday by the physician. In many respects, the physician-patient privilege seems old-fashioned and out of place in the information age. The privilege as generally formulated harks back to the days of the family physician and the ledger card medical record. The rare courtroom appearance for that physician probably presented the only disclosure dilemma that he ever faced. Today, not only are medical records larger and more complete, but disclosures are more routine. One need only consider the demands of health insurers for patient information to know that this is so [4, pp. 277-3171. It is possible that the general physician-patient privilege will eventually disappear entirely. There is little of that privilege left to defend now, and the difficulty by the ‘blanket waiver’ problem will have to be confronted some time. Given the hostility towards the privilege. it seems unlikely that the courts will be willing to twist the principles upon which testimonial privileges are based in order to avoid this problem. Also, there is evidence to suggest that some patients do in fact view release of information to an insurer as an invasion of privacy. A significant percentage of psychiatric patients pay their own bills despite insurance coverage in order to keep their relationship with a psychiatrist private [2l]. Any discussion of the physician-patient privilege must acknowledge that the negative views toward this privilege do not extend to the psychotherapistpatient privilege. For example, the Advisory Committee on the Federal Rules of Evidence recommended adoption of a psychotherapist privilege even though it recommended against the regular physician-patient privilege [22]. The more favorable reaction to the psychotherapist privilege appears to be based on the recognition that confidentiality is of special importance in the psychiatric relationship. Nevertheless, the questions presented by the routine disclosure of patient information to health insurers continue to be present. Thus, there is a possibility that the psychotherapistpatient privilege might be available only to those patients who are able to pay ‘for psychotherapy without health insurance. Reporting

statutes

Every state requires health care providers to report certain types of identifiable patient information to state agencies. Reportable information may include: communicable diseases; violent injuries (e.g. gunshot wounds); occupational diseases or injuries; epilepsy; congenital defects; and injuries from child abuse or neglect. In addition, an increasing numbe; of states are requiring the reporting of informati~
lature that a patient’s interest in the confidentiality of his medical condition is outweighed by another societal interest. The interest that is served by the disclosure depends on the nature of the information and of the agency that receives it. For example. communicable disease information is used by public health agencies to institute control measures to interrupt the transmission of disease. The reporting of gunshot wounds to police agencies assists in the identification of crimes and criminals. Cancer data may be collected for use in medical research. From the physician’s perspective, these laws impose a specific duty to breach the confidentiality of his records. Thus, the question presented to the conscientious doctor relates not to his duty to the state but to his responsibility to the patient in his role as third-party record keeper. In order to explore this issue more fully, the venereal disease reporting requirement will be used to provide a specific example. Does the physician have an obligation to inform a patient suspected of suffering from a venereal disease that the patient’s identity and diagnosis will be disclosed to a public health agency? A consequence of so informing a patient is that the patient may not seek treatment, may refuse treatment, or may accept treatment only on condition that the physician agree to violate the law and not report the disease. All of these results could have undesirable effects on the patient, the physician, and society at large. Full consideration of this issue requires an understanding of general principles of personal information management that have emerged primarily in the last decade. Perhaps the earliest comprehensive statement of fair information practices can be found in the 1973 report of a Department of Health, Education and Welfare advisory committee on automated personal data systems. The five principles of fair information practices defined by that committee include the following: “There must be a way for an individual to find out what information about him is in a record and how it is used” [24]. This report has been influential. Its principles were used as a basis for the federal Privacy Act of 1974 [25]. In addition, the Privacy Protection Study Commission built on these principles in making recommendations for information practices both within and without government [26]. If it is generally agreed that the subject of a record should have a right to know how information about him is to be used, then what should a physician tell his patient about the venereal disease reporting requirement? One answer is to rely on the assumption that everyone has notice of all laws and tell the patient nothing. This is an unsatisfactory solution for many reasons. The assumption, while useful and even necessary in a wide variety of contexts, is patently untrue. It is highly unlikely that any significant percentage of patients are aware of venereal disease (or other) reporting laws. Additionally. a patient who is unaware of the reporting requirements and who assumes confidentially in the medical care relationship may feel betrayed by his physician if the patient is later contacted by a public health investigator. This could have a detrimental effect on future relations between the patient and his physician. Such effects are precisely what the

Divided

loyalties:

a physician’s

confidentiality of medical information was intended to avoid. Notice could be given to the patient regarding possible disclosures from his medical record. However, the effectiveness of a legalistic and potentially lengthy notice in conveying useful information is questionable. Of course, if the notice is both timely and meaningful, then patient willingness to seek or accept treatment might be diminished. Failure to notify would, however, be inconsistent with basic information policy principles. There is no solution that is consistent with all principles. Ultimately, regardless of how or even if notice is provided to a patient, reporting statutes demonstrate that a physician cannot guarantee confidentiality to his patients. No honest physician can provide adequate assurances to the patient who asks “You won’t tell anyone, will you?” By being forced to be an agent [27] of the state for the purpose of protecting the public health, enforcing criminal laws, or for other reasons, the physician’s duty toward his patient is affected. There is a conflict between the desirable goals of patient confidentiality and (in the case of communicable disease reporting laws) preservation of the public health, and the physician is the person in the middle. Ownership of medical records

Although there are few cases and fewer statutes on the question of ownership of hospital and physician records, there is little doubt about it. A treatise on hospital law states unequivocally: “The records of the hospital, including the medical records, are the property of the hospital” [28]. In one of the few reported cases on ownership, a New York state court held that:. . “records taken by a doctor in the examination and treatment of a patient become property belonging to the doctor” [29]. But it turns out that knowing who owns medical records tells us very little. There are limitations on the ability of a physician to disclose or even dispose of the medical records that he ‘owns.’ Medical ethics, state law, and in some instances, federal law, regulate or restrict disclosure and maintenance of medical records. Even the destruction of medical records ordered by one doctor in his will was determined to be against public policy by one court. The records were found to have too much value to the patient and to a subsequent physician to permit their destruction [301.

The important question here is not that of ownership or of the doctor’s rights with regard to his records. It is the patient’s interest in those records that is critical. The judges and authorities that recognize the doctor’s ownership of records also recognize that some type of patient interest also exists. The same treatise that readily asserted hospital ownership also conceded: “The medical record is a peculiar type of property; physically, it belongs to the hospital . . The patient, however, has an interest in the contents of the record which cannot be deniedsl]. The patient’s interest cannot be denied. -tinfortunately, it is not fully defined either, and the few cases that address the question provide little guidance to the practicing physician.

responsibilities

S?L

The most instructive court case on the issue of an individual’s interest in records maintained by a third party is United States I’S .Miller [32]. The case, which involved bank records and not medical records. was decided by the United States Supreme Court in 1976. In Miller, a United States Attorney had subpenaed from a bank the financial records of a customer of the bank who was a suspect in a criminal investigation. That subpena was challenged by the customer in the course of his subsequent trial, but the challenge was ultimately denied by the Supreme Court. The Court found that the bank records were not owned by the customer or in his possession. Therefore, the customer had no interest in the records and was not entitled to notice of the subpena or an opportunity to challenge the subpena in court. In other words, the law does not recognize that a bank customer has any protectable interest as against the government in the records of his account. The Court reached this result notwithstanding the personal nature of checking account information and the expectation of the customer that documents transmitted to the bank would remain private [33]. .&filler is a seminal case on the privacy of thirdparty records. The Privacy Protection Study Commission described the case as “starkly underscor[ing] an individual’s present defenselessness with respect to records maintained about him” [4]. Much of the work of that Commission, including its recommendations on the privacy of medical records, reflects the view that Miller should be overturned by statute and that an individual must be given an enforceable interest in records about himself [4, pp. 19-211. Why is Miller important in the medical context? The significance of the case for a third-party record keeper is that if the subject of a record has no legal, protectable interest in those records, then either the record keeper (physician) must take steps to protect the interests of the subject (patient) or else those interests will go unprotected. Physicians have always recognized that confidentiality of their communications with patients are essential to the practice of medicine. If the patient cannot protect his own interests, then what are the responsibilities of the physician toward his patient and toward himself? This question will be discussed in part two. The Miller decision applies to bank records only. and it is not certain that the Supreme Court would reach the same result in a case involving medical records. There are, however, reasonable grounds to believe that a similar result might be reached. First, although there are clearly many differences between the personal nature of bank and medical records, there are many similarities as well. From the perspective of an individual concerned about disclosure of his private life, both records may be very revealing. Checking account records [34] contain a tremendous variety of personal information. Supreme Court Justice William 0. Douglas put it this way: “In a sense a person is defined by the checks he writes. By examining them the agents get to know his doctors, lawyers, creditors, political allies, social connections, religious affiliation, educational interests, the papers and magazines he reads, and so on ad infinitum” [35].

8’2

ROBERT M. GELLMAN

In short, it is not at all clear that medical records are more private or more worthy of protection than bank records. The healthy individual, for one. might well argue that his checking records are more revealing than his medical records. Second, a recent Supreme Court case involving medical privacy issues provides at least some indirect support for the application of the Miller doctrine. In Whalen L’SRoe, [36] decided the year after Miller, the Court decided that it was not a violation of a patient’s constitutional right to privacy for the State of New York to record in a centralized computer file the names and addresses of all persons who have obtained specified drugs by prescription. The Court reached this result even though it acknowledged that: “Unquestionably, some individuals’ concern for their own privacy may lead them to avoid or to postpone needed medical attention” [36]. This is, of course, the specific reason why the medical profession has always been so protective of patient confidentiality. If the Court was unswayed in Whalen when it conceded the validity of the doctors’ concerns, it is questionable whether the same argument would succeed in another case. There is, therefore, adequate reason for the physician to be concerned about Miller and about his responsibilities toward his patients’ interests [37].

PART TWO: EMERGING INFORMMhTION CONFLICTS

Many of the disclosure demands that are a feature of the information age are accomplished with the consent of the record subject. For example, health insurers routinely require claimants to agree to access to records as a prerequisite to payment. Questions have been raised about the breadth of the access demanded by insurers and about whether the consent is freely given by the patient (381. Nevertheless, for present purposes, it is reasonable for a physician to accept a signed authorization from a patient as adequate grounds for making a disclosure. There are other disclosures now becoming more commonplace that cannot be justified on the basis of While government operated patient consent. payment-for-service programs, such as Medicare, typically obtain patient consent for routine access to information, other government activities using patient information do not. These include medical peer review, fraud and abuse investigations, management and utilization controls, and medical research. Other demands for records for non-health related purposes may come from law enforcement agencies, intelligence agencies, the Secret Service, schools, and others. Unlike disease reporting laws, which call for the disclosure of specific data on patients, demands for records under other programs tend to be broader in scope. Management auditors, fraud and abuse investigators, and peer reviewers seek larger portions of a medical record. Requests are not limited to records of federally paid patients. Privately paid patient records are frequently needed as well. ---Z Many of these demands for records present dilemmas for physicians. In some instances, requesters ask for the cooperation of the physician. Others may

have the power to compel disclosure. Patient consent is only occasionally sought by these requesters. This leaves the physician with questions about his own responsibility for protecting his records and his patient’s privacy rights. Discretionary disclosures

When a request for medical information has not been consented to by the patient or is not required by law, then any disclosure is at the discretion of the physician. A good illustration of the issues confronting physicians comes from Secret Service requests for medical information to be used in connection with the protection of the President. Although such requests are likely to be limited to psychiatric information and are relatively uncommon, the conflicting pressures on the psychiatrist can be intense. The Secret Service uses medical information to identify individuals who may pose a threat to the security of the President or other public officials. The Service will typically ask a psychiatrist to evaluate a specific individual’s propensity for violence. Patient consent for the disclosure is only occasionally possible. In support of its need for the information, the Secret Service cites the fact that more than 90% of those considered dangerous have a known history of mental problems [39]. A psychiatrist who is approached by a Secret Service agent seeking information on a patient is under no statutory obligation to cooperate. In fact, some state laws may prohibit or restrict psychiatrists in state mental hospitals or elsewhere from disclosing some or all patient information to the Secret Service [40]. However, for most psychiatrists, as for most physicians facing similar questions. there is little guidance and the decision is a personal one. In facing that decision, a psychiatrist would be aware that all of the arguments in favor of confidentiality of routine medical information apply to psychiatric information as well. Indeed, psychiatrists argue strenuously that their records require even more protection than ordinary medical records. It seems unlikely that patients would consult a psychiatrist who made it known that he cooperated with the Secret Service or other law enforcement agencies. A psychiatrist who made such a disclosure might be sued by a patient for invasion of privacy, breach of a confidential relationship. or breach of contract. On the other hand, the importance of protecting the President and other high government officials cannot be denied. The Secret Senice, which is charged with this responsibility, believes that the availability of information from psychiatrists is important [41], and there is congressional agreement [42]. The majority of psychiatrists approached by the Secret Service apparently agree with the need for the information, as there is a high degree of cooperation [431. There is another factor that weighs is on the side of disclosure. In Tarasoff L;sRegents of the Unicersit) of California [44], the California Supreme Court held that a psychiatrist could be liable to a third party for failure to warn that a patient was a danger to the third party. The court found that a psychiatrist had

Dwided

loyalties:

a physician’s

a duty to exercise reasonable care to protect an individual who might be harmed by a patient. One of the most controversial aspects of Turaso# was the court’s acceptance that psychiatrists are sometimes able to predict accurately whether or not a patient will resort to violence. Psychiatrists argue strongly that accurate predictions cannot be made [44]. Based on its finding that such an ability existed-at least under the peculiar facts of the case-the court decided that a duty to warn also existed. If a psychiatrist decided that a patient was a danger to another and issued a warning, could the patient sue over the disclosure of confidential communications? Unless a statutory prohibition against the disclosure existed, it seems most likely that the courts would recognize the duty to warn as a defense against such a lawsuit [45]. Confidentiality is not as important as life and limb. Does this conclusion solve the Secret Service dilemma? It does in the case where the patient is reasonably judged to be a danger. However, if a patient is not a danger and the Secret Service inquires about his mental state, what can or should be revealed? If the disclosure of any confidential information can only be justified by an overriding public interest, then it is difficult or impossible to justify disclosure of even negative information (e.g. the patient is not a threat) in the absence of such an interest. The analysis can be carried further. Can a psychiatrist agree to cooperate with the Secret Service only in those instances where a patient is a danger to the President and refuse to disclose information in those instances where the patient is not a danger? If the terms of cooperation are clearly understood by all, then the answer is no. Refusal to discuss a patient’s propensity for violence will be the equivalent of saying that the patient is not violent. This result is unavoidable in cases where the Secret Service (or any law enforcement agency) actively seeks information about a patient. If a psychiatrist is left on his own to issue warnings if a patient is a danger, then existing ethical and legal principles can cope. However, the unrestricted ability of law enforcement authorities to seek information on their own initiative makes it difficult for the psychiatrist or physician to properly refuse to reveal information without revealing the very information that is being sought. The only completely consistent position for a physician is to refuse to cooperate under all circumstances. However, if information is to be shared to prevent violence, the next issue is what type of violence is enough to justify the breach of confidentiality. Its disclosure permissible to identify criminals after-the-fact? Since police can be expected to seek all relevant information about criminals, the cooperative physician will have to face these questions unless clear limitations are imposed on-physicians, police, or both. The Secret Service dilemma is perhaps the%ost complex of the discretionary disclosure issues confronting physicians. The factors that argue for or against disclosure to the Secret Service are generally common to other disclosure questions. However, in

responsibilities

823

almost all other cases, the arguments for and against disclosure are not as compelling. For example, medical research and fraud prevention are important goals, but they are not as important as protecting the life of the President. On the other hand, information sought by researchers and investigators. while still confidential, may not be as intimate as psychiatric Communications, The occupational physician may face a similar duty-to-warn dilemma as the psychiatrist in those instances where a patient/employee is a threat to others. The dilemma may be lessened, however, since the relationship of the physician to the employer is known to the patient/employee. In some areas, the law does provide an answer to physicians. The disease reporting laws discussed above offer clear and unambiguous direction for selected disclosures. A federal law offers some guidelines permitting or prohibiting disclosures from records in federally funded alcohol or drug abuse programs [46]. That law includes a provision allowing a court to order any disclosure after weighing the public interest and need for disclosure against the injury to the patient, the physician-patient relationship, and the treatment service. As the different factors that influence the disclosure decision vary with each circumstance, it may well be that the propriety of disclosure also varies. Currently, the physician in his role as record keeper is left to make the necessary decisions on his own. A physician concerned about both the confidentiality of his records and liability for improper disclosure could refuse to make any discretionary disclosures. This is one way to deal with the problems attendant upon such disclosures. Another approach is to make disclosures only where the patient has been informed of the specific disclosure or of the possibility of a disclosure. An occupational physician would be well advised to follow this procedure since disclosure to a third party is certain to be an issue at times. Yet another approach is to make only those disclosures not likely to become known to the patient. The Secret Service, for example, has procedures to protect its information and its informants [17]. Medical researchers also traditionally provide adequate protection for identifiable information. Protection of data disclosed to local police or prosectors is more uncertain. None of these alternatives is completely satisfying. Any of them may work in some circumstances beare cause all patients not concerned about confidentiality or because concerned patients may not be knowledgeable enough to ask the right questions. An honest physician confronted by a knowledgeable and concerned patient may find it difficult to admit to a disclosure policy that includes any possibility of discretionary disclosures. Compulsory process Given the difficulties presented by requests for discretionary disclosure of patient information, a physician might think that receipt of a summons or subpena would generate fewer ethical conflicts. Unlike a simple request for information-which can be readily rejected-compulsory process [48] usually requires production of records or a formal legal re-

823

ROBERT

M. GELLMA?;

An initial question in the NIOSH cases is whether sponse of a different type. Compliance with a lawful the company has legal standing to defend the right of subpena will insulate a physician from liability to a privacy of its employees. Although the relationship patient on account of the disclosure. But the physbetween the employer and employee may not be as ician who casually complies may be ignoring a profesintimate as the relationship between physician and sional responsibility to protect the confidentiality of his records. patient, the courts have found that the company has sufficient interest to assert the privacy claim. One The possibility that a compulsory process will be used to obtain medical records can no longer be court noted: dismissed as rare or limited to private litigation. Private litigation is of lesser importance because the “As a practical matter, the absence of any notice to the employees of the subpoena means that no person other than patient is usually a party and is either seeking the Westinghouse would be likely to raise the privacy claim. records for his own use or is able to defend his own Indeed, this claim may be effectively lost if we do not hear interest. The growth of government involvement in it now” [52]. health matters has resulted in an expansion of the power to compel the production of records. Health program auditors, investigators, and prosecutors at It is probable that a physician raising privacy claims all levels of government may have compulsory proon behalf of his patients would also have standing cess powers. Other government programs involving [53]. If so, the Miller issue would not arise. Miller health matters, such as disability programs, may have would probably only be raised in a suit brought by similar powers. Occupational health and safety laws a patient. also confer summons or subpena power, as do drug A second question is whether the employee/patient regulatory laws. In short, the power to compel proshould be notified of the subpena. Companies and duction of medical records is now vested in a surcourts have taken different approaches to this issue. prisingly large number of government agencies. In one case, General Motors notified 704 workers and The discussion in Part One about U.S. L’SMiller is sought their consent for the disclosure. Almost 500 of highly relevant when a physician considers a response these workers did not consent to the release of their to a subpena. The holding of Miller was that an records [54]. In the Westinghouse case. the company individual has no protectable interest in his bank did not notify the employees initially. Notice was records. Miller has been overruled by statute. The later required by the court in order to permit employRight to Financial Privacy Act of 1978 [49] provides ees to raise personal claims of privacy [55]. that a federal agency seeking bank records, either by A physician who receives a subpena but does not compulsory process or by request, must notify the notify his patients may feel more of a moral oblicustomer. The customer may fight the agency by gation to resist disclosure. If the physician neither going to court to protect his privacy interests. The notifies the patients nor resists the subpena, then no privacy claim will be raised. Right to Financial Privacy Act is an example of how Another complicating factor if the effect of sending an individual can be permitted to protect his own notices to patients. Notice could have detrimental interest in records maintained by third parties. While consequences for the relationship between the physthese protections appear to be attractive and could be ician and his patients. For example, if patients are extended to other records, the Act is filled with notified that their records have been subpenaed in a limitations, exceptions, and restrictions that make the fraud investigation of their physician, the patients rights less meaningful than they seem. might be confused or upset by the fact of the If Miller applies to medical records, then only the investigation. Some might assume from the mere physician is in a position to protect the confidentiality initiation of an investigation that the physician is of the doctor-patient relationship. However, even if guilty of a crime. On the other hand, if no explaa patient’s medical records are found to be different nation of the subpena were provided to patients, then than bank records and the patient’s interest is ultimany might believe that they were the targets of the mately recognized by the courts, there is no current investigation. This would produce even more disprocedure whereby the patient can protect that interest. Government agencies with powers of process are turbing results. Notice would also involve an expense to the physnot required to notify patients, and patients have no clear legal standing to protect their own interests. ician. Although printing and postage might not be terribly expensive, the time consumed in explaining Thus, practically speaking, at the present time the the circumstances to each inquiring patient could be physician is the only person who can protect the significant. Still, the notices would probably be less patient’s interest in confidentiality. Recent litigation over demands by the National costly to the physician than resisting the subpena. Institute for Occupational Safety and Health (NI- 1The costs of a complex court case could be as high OSH) for access to medical records maintained by as SlOO,OOOor more. It may not be coincidental that employers illustrates many of the issues confronting reported cases involving resistance of subpenas frephysicians who receive subpenas [50]. In the typical quently involve large corporations that are capable of case, NIOSH issues a subpena for occupational financing the litigation. medical records in connection with a hesalt hazard A third issue in the NIOSH cases involves reinvestigation conducted under the OccQational strictions on maintenance and reuse of the medical Safety and Health Act of 1970 [jl]. The company records by the issuer of the subpena. Protection of resists the subpena in whole or in part, and the data was an issue in both the General Motors and agency goes to court against the company to enforce Westinghouse cases, and both courts reviewed the its subpena. security arrangements. Since NIOSH regulations gen-

525

Divided loyalties: a physician’s responsibilities erally prohibited redisclosure. that was not an issue, although it might be in a different case. For example, if a medical record containing evidence of criminal activity on the part of patients (e.g. drug abuse) was subpenaed for use in a fraud investigation of the physician, could the evidence against the patient be turned over to police by the investigators? On these points, there may well be differing interests on the part of the physician and the patient. A redisclosure or reuse that might be acceptable to one party might be objectionable to another. As a result, it is not clear that a physician could fully represent his patient’s interest. The court in the Westinghouse case seemed to recognize that there could be differing interests on the part of the record keeper and the record subject. This is why notice to patients was required. The court stated that each employee is uniquely capable of evaluating the degree of confidentiality which he attaches to specific items of information in the medical record [jj]. This rame conclusion would seem to apply any time that medical records are subpenaed. Other Issues can arise in connection with compulsory process, but the basic problems have already been outlined. The physician who receives a subpena for his records is placed in a difficult, if not untenable, position. He may not be able to comply with his legal and professional obligations in any convenient or inexpensive way. Existing law and legal principles are uncertain at best and totally inadequate at worst.

CONCLUSlON

The legal and ethical principles developed in the past to guide physicians with respect to the confidentiality of medical records are neither consistent nor complete. These principles have nevertheless been adequate because they were only applied infrequently. The increase in the contents of medical records, the development of psychiatric treatment, the expanded use of medical records by government agencies for non-treatment purposes, and other factors are exacerbating the shortcomings inherent in existing principles. Although confidentiality has never been recognized as an absolute value. confidentiality is increasingly taking second place to a growing list of competing interests. There are three major consequences of this trend. First. as demands for medical records increase, the physician as record keeper must play a more active role in the protection of confidentiality. This is difficult because legal and ethical guidance on confidentiality is out of date. Second. the new uses of medical records have begun to highlight the growing differences in interest between a physician and his patient with regard to information in the record. Those differences, although still subtle, are increasing at the same time as the responsibilities of physicians become more uncertain. Third, unless specific protections are enacted&to law, the widespread dissemination and use of me%cal records may give rise to the general belief that information provided in confidence to a physician is no loneer confidential.

REFEREXCES

1 Domestic Council Committee on the Right of Privacy, Nalional Informorion Po1ic.v: Reporr to the President of rhe Cnited Stares, p. 9, 1976. See also Subcommittee on Science, Research and Technology of the House Committee on Science and Technology, Informarion and Telecommunications: An Ocewiew of Issues, Technologies, and Applications, 91th Congress. 1st Session. I-5, Committee Print, 1981. 2 Budget of the C;nired States Gocernmem, Fiscal Year 1982. p. 231, 1981. 3 Carroll M. S. and Arnett R. H.. Prirafe Health Insurance Plans in 1978 and 1979: .4 Rciew of Corerage. Enrollment and Financial Experience, Vol. 3. Health Care Financing Review, p. S5, 1981. 4 Privacy Protection Study Commission, Personal Priraq in an Informarion Society, p. 282, 1977 (hereinafter cited

as ‘PPSC Report’). Cited in Veatch R. M. ef al. The Teach&

of Medical Ethics. p. 146. 5. Hastings Center Publicakons. 1973. Westin A. F. Computers. Health Records. and Citizen’s Righu, p. 60, Naional Bureau of Standards, 1976. H.R. Rep. No. 96-832 Part I, 96th Congress, 2nd Session, 29, Report accompanying H.R. 5935, Federal Privacy of Medical Information Act, 1980. For an example of a more modern state law, see the California Confidentiality of Medical Information Act, California Civil Code $56, West, Suppl., 1981. Commission on Confidentiality of Health 8 National Records, Health Records Confidentiality Laws in the States, 6, 1979. to National Commission on 9 Annas G. J. Introduction Confidentiality of Health Records. Healfh Records Confidenriality Laws in the States at iv, 1979. 10. H.R. Report No. 96-832 Part I, 96th Congress, 2nd Session. 29, Report accompanying H.R. 5935, Federal Privacy of Medical Information Act, 1980. II. H.R. 5935, 96th Congress: S. 503 96th Congress. revised edi12. Wigmore J. Evidence $2380. McNaughton tion. 1961. 13. See [ 121,$2380. The Privacy Protection Study Commission found that 43 states have some form of testimonial privilege. See PPSC Report. supra note 4 at 284. 14. United Slates us Meagher, 53 1 F.2d 752, 5th Cir., cert. denied, 429 U.S. 853, 1976. 15, See United States cs Kansas Ci!y Lutheran home and Hospilal Association, 297 FSupp. 239. W.D. MO., 1981. 16. PPSC Report, supra note 4, at 285 (emphasis supplied). 17. California Evidence Code &990-1007, West, 1966. 18. Advisory Committee on Federal Rules of Evidence, Notes to Rule 504, cites in Saltzburg S. and Redden K. Federal Rules of Evidence Manual, 2nd edn. p. 757, 1977. The proposals of the Advisory Committee on testimonial privileges were not accepted by Congress. privilege prob19. Legal hostility to the physician-patient ably arises from the fact that it tends to be used in those cases-primarily personal injury and life and health insurance-where-the patient has voluntarily come to court. See 18. supra note 12. at 62380al. Whether or not questions df physician-patient privilege will continue to be limited to these types of litigation in the information age remains to be seen. 20. See [S, supra note 12, at $23891. Medical privacy legislation considered by the 96th Congress addressed this issue. Section 102(d) of H.R. 5935 as reported by the House Committee on Government Operations attempted to preserve the privileged nature of medical records notwithstanding the existence of a patient authorization for disclosure. See H.R. Report No. 96-832 Part I, 96th Congress, 1st Session at 79, 1980. It is not clear what effect this provision would have had. 11 Thousands with mental health insurance choose to pay

816

22. 73.

24.

25. 26. 27.

28. 29.

30. 31. 32. 33. 34.

35. 36. 37.

38.

ROBERT Xl. GELLMAS own bill. .Ve:r, York Times August 1, 1981. Privacy of I\ledicai Records: Hearings before a Subcommittee of the House CommIttee on Government Operations, 96th Congress. 1st Session, April 4.9.1 I. June 14, July 9.14, and September 17. 1979. Testimony of Dr Jerome Biegler, Chairperson, Committee on Confidentiality. American Psychiatric Association (hereinafter cited as ‘Medical Privacy Hearings’). Advisory Committee on Federal Rules of Evidence, supra note 19. Sates to Rule 504. National Commission on Confidentiality of Health Records. Healrh Records Conjidentiaiify Law in rhe Srates, pp. 2-3, 1979. U.S. Department nf Health. Education and Welfare. Secretary’s Advisory Committee on Automated Personal Data Systerrrs..Records, Computers, and the Rights o/Citizens, p. 41, ICT3. Public Law 93-553. 5 I:.S.C. $552a, 1976. See S. Report No. 93-l 183. 93:d Cor?gress, 2nd Session at 6, 1974. PPSC Report. supra r&e 4, at 15. John F. Burnum cites treatment of venereal disease as one of many instances where the physician “may be forced to wear two hats and to be thrown into mild ethical conflict.” Dr Burnum uses the term “double agent” to describe the reole of the physician in these instances. Burnum J. F. The physician as a double agent. New Engl. J. Med. 278, 1977. IIA Hospiral Law Manual, Medical Records P2-1 (Attorney’s Volume), 1973. In re Culberrson’s Will. 57 Misc.2d 391, 292 N.YS.Zd 806, Surr. Ct.. 1968. See Estate of Finkle, 90 Misc.Zd 550. 395 N.Y.S.2d. Surr.Ct., 1977. See Gorkin cs Miller, 379, 379 F. Suppl. 859, E.D.N.Y.. 1974, affd. 514 F.2d 125, 2d Cir.. 1975; Medical Privacy Hearings. supra note 25, 238. testimony of Robert Belair, Counsel to Sational Commission on Confidentiality of Health Records. In re Culberrson’s Will, 57 Misc.2d 391, 292 N.Y.S.Zd 506. Surr.Ct.. 1968. IIA Hospiral Law Manual. Medical Records P2-1 (Attorney’s Volume), 1973. 425 U.S. 435. 1976. 425 U.S. 435. 447 (Brennan. J. dissenting) citing Burrobt’scs Superior Court, 529 P.2d 590. Cal.Sup.Ct., 1974. In order to comply with requirements of the Bank Secrecy Act. 31 U.S.C. 1051-1122. 1976, most banks keep microfilm copies of all checks written by their customers. Prior to the enactment of this Act in 1970, copies of checks were not maintained by banks. See PPSC Report, supra note 4, at 103-105. California Bankers Associarion TS Shultz, 416 U.S. 21. 85, 1974 (dissenting opinion). 429 U.S. $589. 1977. See also H.R. Report No. 96-832 Part I. 96th Congress, 2d Session at 2j, Report accompanying H.R. 5935, Federal Privacv of Medical Information Act. 1980. See Medical Piivacy Hearings. supra note 25, 306310 (testimony of Jane Rogers, Director of Legislative

39. 40.

41. 42.

43. 44 45

46.

47. 4s.

49. 50.

51. 52. 53.

54. 55.

Affairs. American \Iedlcal Records Association). See also [l2. supra note 4. at 31-11. Testimony of Bette B. Anderson. Cndcr Secretar). Department of the Trcasurq. See e.g. Illinois Mental Health and Development Disabilities Confidentiality Act, S.H.A. Chap. 91 1:2, P812. $12(a), Suppl. 1981-Z: limiting disclosure to name. address. age. and dates of admission and discharge: Medical Privacy Hearings. supra note 25 at 733 (testimony of H. Stuart Knight. Director. Secret Service). Medical Privary Hearings. supra note 15 at 733 (testimony of H. Stuart Knight. Director. Secret Service). H.R. Report No. 96-832 Part I. 96th Con_gress. 2nd Session (Committee on Government Opcratlons) and Part II (Committee on Interstate and Foreign Commerce). Report accomoanvinp H.R. j935. Federal Pri\acy of Me&Cal Info&at&&t. 1980: S. Report So. 96935. 96th Congress. 2nd Session (Committee on Governmental Affairs), Report accompanying S. 503. H.R. Report No. 96-832 Part 1. 96th Congress. 2nd Session 63. 1980. 551 P.2d 334, Sup.Ct.Cal.. 1976. See Annot.. Physician’s Tort Liability. .Apart from Defamation. For Unauthorized Disclosure of Confidential Information about Patient. 20 .1LR_% 1109, 1968. Section 333 of the Comprehensive Alcohol Abuse and Alcoholism Prevention. Treatment and Rehabilitation Act of 1970 as amended by Section 122(a) of the Comprehensive Alcohol Abuse and A!coholism Prevention, Treatment. and Rehabilitation Act Amendments of 1974. 42 U.S.C. $4582, 1976. 5 U.S.C. $552a(k) (3). 1976. Search warrants have also been used to obtain medical records. As a result of the Supreme Court decision in Zurcher rs Sranyord Daily. 436 U.S. 5-l: (1978), and subsequent legislation restricting searches for First Amendment materials. the issue has become too complicated to consider in this article. See Public Law 96-440. See also Hawaii Psvchiawic Sociery. District Branch o/ the American Psych>avic Associarion L‘S.-lriyoshi. 48 I F. Supp. 1028, D.C., Haw., 1979. I2 U.S.C.A. 53401 et seq., 1980. See e.g. General .Motors Corporation rs Direclor of NIOSH. 636 F.2d 163, 6th Cir.. 1980; I.nited Stares L’S Wesringhouse Electric Corporation, 638 F.2d 570, 3rd Cir.. 1980: E.I. DuPont de Nemours and Co. cs Finklea. 442 F. Supp. 821, S.D.. W.Va., 1977. 29 U.S.C. $651 et seq. 1976. United Slates cs Wesringhouse Electric Corporation. 638 F.2d 570, 574, 3rd Cir., 1980. See Hawaii Psyhiarric Society, Disrricr Branch of he American Psychialric Association L’S .-iriyoshi. 48 I FSupp. 1028, 1037. D.C., Haw., 1979. General .tlolors Corporarion vs Direcror of .VIOSH. 636 F.2d 163, 6th Cir.. 1980. C’nired Slates vs Weslinghouse Eiecrric Corporarion, 638 F.2d 570, 3rd Cir.. 1980.