- Email: [email protected]
Who's looking in our medical records now?
1
therefrom, which ought not be noised abroad, I will keep silence thereon, counting such things to be as sacred secrets.
--Oath of Hippocrates, Fourth Century, BC H o w can an issue from the Fourth Century hold so much relevance in t o d a y ' s health care industry? While Hippocrates talked about "sacred thoughts," I w o n d e r if he knew the problems w e w o u l d uncover in the future as we seek to maintain confidential patient information. Read any juicy medical records lately? Did you learn something about an important person in your community or even a neighbor that surprised you? Do you have (or think you m a y ever have) some skeletons in your closet that you w a n t kept from an employer, insurance company, or colleague? Well, this article m a y be for you! In the "old days," I recall w e were never allowed to take a medical record out of the "medical records library." We even n e e d e d to complete a special form to have the record pulled from the shelf so we could read it in the confines of the medical record offices. Each record was coded and filed according to the patient's Social Security number, and only employees with special permission could touch those sacred documents. Obtaining copies required court orders, a n d the necessary p a p e r w o r k n e e d e d to be accompanied with a check to p a y for the copies a n d their delivery. Wow, were we ever careful! As case managers and health care profesTCM 16
January/February1999
determine whether we are continuing to move in the right direction. O u r experience tells us to carefully protect the medical record. We are trained to follow certain policies and procedures regarding the release of information shared with us by our patients/customers. New times, however, require a n e w set of procedures and protocols. I believe the issues regarding medical privacy need increased attention and further discussion. With the advent of m a n a g e d care, networks, alliances, and new technology, where does patient confidentiality reside? The list of people asking for medical information is almost endless, including employers, public health departments, and insurers (life, health, a n d disability policies). W h o is entitled to read all about us? W h a t steps are being taken to ensure that a p r o g r a m exists for maintaining confidentiality? Does the public even care about the release of information? Do you care? In 1994, the American Civil Liberties Union issued a report that said 75% of the public are concerned a "great deal" or "fair amount" about health insurance companies putting medical information about them in a computer information bank to which others have access. Lou Harris, a nationally recognized public ' polling company, said in 1993 that 85% believe that protecting the confidentiality of medical records is "absolutely essential" or "very important" in health care reform. We have m a d e some progress in preserving the confidentiality of electronic communications. The Electronic Communications Privacy Act was enacted to combat
by all personas a n d businesses, not just the government. This expansion m a y m e a n you!
M,xIl~l ~
$~
H o w you keep records, where you store them, and what is included are topics that each d e p a r t m e n t and c o m p a n y must address. M a n y of these issues n e e d to be included in a c o m p a n y ' s confidentiality statement/policy. You also n e e d to u n d e r s t a n d the principles of a good medical privacy system. You should determine: • What will be kept private • Who will be allowed access to this information • Who will provide enforcement a n d oversight of these records • H o w third p a r t y access will be granted Whether you will allow information to be included in any national database; if so, what a n d h o w this information will be transferred • H o w patients/customers will be identified These questions are just a few that need to be addressed. Each aspect will have several options to pursue because each organization has different information collected by a variety of people. Many people have questioned the value and confidentiality of identifying patient records by Social Security numbers, a common system in m a n y offices. Their fear was that this information m a y be too
easily obtainable by people outside the system. Each organization should consider identification methods as we move closer a n d closer to the technological medical record. We must realize that, unfortunately, such medical information can influence personal credit, admission to educational institutions, a n d employment. These data also m a y effect the ability to get health insurance or coverage rates. W h a t m a y be even more important is that the information can be used in some personal w a y that will lead to loss of dignity.
¢o.-II~n'i~HI II~NIIi~I IIImNl~ With computerized medical records becoming the standard practice in m a n y institutions, I have reviewed several hospitals' guidelines regarding the confidentiality of these records. These standards are not exhaustive, but they are a starting point as you plan y o u r c o m p a n y ' s confidentiality program. Consider these policies: • W h e n an employee leaves or transfers to another department, he or she no longer is authorized to access patient information and his or her user code is deleted. ° Discarded computer printouts with patient in(ormation of a n y kind are placed in designated waste containers and are not carried out of that area. • All requests for computer printouts of information are referred to and screened by the designated person in charge of releasing patient/client information. • Only people w h o have been give specific authorization that is on file in the administrative offices are permitted to become an authorized user and are assigned a user code. I know one facility that requires all
employees to participate in special training about confidentiality and has developed systems to monitor user access. The system completely shuts d o w n w h e n not in use. W h a t I find very interesting is that each system user is assigned a level of information access that allows access only to information n e e d e d for his or her position or function.
the Privacy Act of 1974, which states that no federal agency m a y disclose information without the patient's consent. W h a t about y o u r o w n c o m p a n y ' s privacy act? Does it exist? Has it been u p d a t e d to include information regarding the electronic transfer of information? Have you created an a p p r o v e d user list to limit access to patient/consumer information?
Y u r I ~ n m N I II~on~l, I also have uncovered suggestions that you as a consumer should consider regarding your o w n medical records and will find valuable as you reevaluate your o w n confidentiality programs. As a consumer you m a y w a n t to: • Protect the privacy of your Social Security number Tell your physician everything necessary for p r o p e r treatment but think twice before d i s d o s i n g information that has no bearing on your health Ask your health care provider w h e t h e r your records can be accessed from outside his or her office a n d for w h a t purpose
As you begin the n e w year, make confidentiality a priority before y o u r o w n medical record becomes public information y o u never w a n t e d disclosed! W o u l d n ' t it be interesting if y o u r poor driving record became conversation in the lunchroom? Q
Louis Feuer, MA, MSW, president of Dynamic Seminars & Consulting, Inc., is a nationally recognized lecturer and consultant specializing in the health care industry. He can be reached at (954) 435-8182 or at www.Dynamicseminars.com. Reprint orders: Mosby, Inc., 11830 Westline Industrial Dr., St. Louis, MO 63146-3318; phone (314) 453-4350; reprint no. 68/1/96063
Ask that, before your medical records are sent to another person (eg, insurance company), you be permitted to review what is being sent Although electronic medical records do offer tremendous opportunities to improve and rapidly provide quality care to our customers, they come with their share of problems. Hopefully this article inspires you to take another look at the important issue of confidentiality. Take time to review the 1996 KennedyKassenbaum health care act that talks about privacy guidelines. Read the recommendations from Donna Shalala, Secretary of the D e p a r t m e n t of Health a n d H u m a n Services, regarding the passage of medical privacy legislation in 1997 a n d January/February1999
T C M 17
therefrom, which ought not be noised abroad, I will keep silence thereon, counting such things to be as sacred secrets.
--Oath of Hippocrates, Fourth Century, BC H o w can an issue from the Fourth Century hold so much relevance in t o d a y ' s health care industry? While Hippocrates talked about "sacred thoughts," I w o n d e r if he knew the problems w e w o u l d uncover in the future as we seek to maintain confidential patient information. Read any juicy medical records lately? Did you learn something about an important person in your community or even a neighbor that surprised you? Do you have (or think you m a y ever have) some skeletons in your closet that you w a n t kept from an employer, insurance company, or colleague? Well, this article m a y be for you! In the "old days," I recall w e were never allowed to take a medical record out of the "medical records library." We even n e e d e d to complete a special form to have the record pulled from the shelf so we could read it in the confines of the medical record offices. Each record was coded and filed according to the patient's Social Security number, and only employees with special permission could touch those sacred documents. Obtaining copies required court orders, a n d the necessary p a p e r w o r k n e e d e d to be accompanied with a check to p a y for the copies a n d their delivery. Wow, were we ever careful! As case managers and health care profesTCM 16
January/February1999
determine whether we are continuing to move in the right direction. O u r experience tells us to carefully protect the medical record. We are trained to follow certain policies and procedures regarding the release of information shared with us by our patients/customers. New times, however, require a n e w set of procedures and protocols. I believe the issues regarding medical privacy need increased attention and further discussion. With the advent of m a n a g e d care, networks, alliances, and new technology, where does patient confidentiality reside? The list of people asking for medical information is almost endless, including employers, public health departments, and insurers (life, health, a n d disability policies). W h o is entitled to read all about us? W h a t steps are being taken to ensure that a p r o g r a m exists for maintaining confidentiality? Does the public even care about the release of information? Do you care? In 1994, the American Civil Liberties Union issued a report that said 75% of the public are concerned a "great deal" or "fair amount" about health insurance companies putting medical information about them in a computer information bank to which others have access. Lou Harris, a nationally recognized public ' polling company, said in 1993 that 85% believe that protecting the confidentiality of medical records is "absolutely essential" or "very important" in health care reform. We have m a d e some progress in preserving the confidentiality of electronic communications. The Electronic Communications Privacy Act was enacted to combat
by all personas a n d businesses, not just the government. This expansion m a y m e a n you!
M,xIl~l ~
$~
H o w you keep records, where you store them, and what is included are topics that each d e p a r t m e n t and c o m p a n y must address. M a n y of these issues n e e d to be included in a c o m p a n y ' s confidentiality statement/policy. You also n e e d to u n d e r s t a n d the principles of a good medical privacy system. You should determine: • What will be kept private • Who will be allowed access to this information • Who will provide enforcement a n d oversight of these records • H o w third p a r t y access will be granted Whether you will allow information to be included in any national database; if so, what a n d h o w this information will be transferred • H o w patients/customers will be identified These questions are just a few that need to be addressed. Each aspect will have several options to pursue because each organization has different information collected by a variety of people. Many people have questioned the value and confidentiality of identifying patient records by Social Security numbers, a common system in m a n y offices. Their fear was that this information m a y be too
easily obtainable by people outside the system. Each organization should consider identification methods as we move closer a n d closer to the technological medical record. We must realize that, unfortunately, such medical information can influence personal credit, admission to educational institutions, a n d employment. These data also m a y effect the ability to get health insurance or coverage rates. W h a t m a y be even more important is that the information can be used in some personal w a y that will lead to loss of dignity.
¢o.-II~n'i~HI II~NIIi~I IIImNl~ With computerized medical records becoming the standard practice in m a n y institutions, I have reviewed several hospitals' guidelines regarding the confidentiality of these records. These standards are not exhaustive, but they are a starting point as you plan y o u r c o m p a n y ' s confidentiality program. Consider these policies: • W h e n an employee leaves or transfers to another department, he or she no longer is authorized to access patient information and his or her user code is deleted. ° Discarded computer printouts with patient in(ormation of a n y kind are placed in designated waste containers and are not carried out of that area. • All requests for computer printouts of information are referred to and screened by the designated person in charge of releasing patient/client information. • Only people w h o have been give specific authorization that is on file in the administrative offices are permitted to become an authorized user and are assigned a user code. I know one facility that requires all
employees to participate in special training about confidentiality and has developed systems to monitor user access. The system completely shuts d o w n w h e n not in use. W h a t I find very interesting is that each system user is assigned a level of information access that allows access only to information n e e d e d for his or her position or function.
the Privacy Act of 1974, which states that no federal agency m a y disclose information without the patient's consent. W h a t about y o u r o w n c o m p a n y ' s privacy act? Does it exist? Has it been u p d a t e d to include information regarding the electronic transfer of information? Have you created an a p p r o v e d user list to limit access to patient/consumer information?
Y u r I ~ n m N I II~on~l, I also have uncovered suggestions that you as a consumer should consider regarding your o w n medical records and will find valuable as you reevaluate your o w n confidentiality programs. As a consumer you m a y w a n t to: • Protect the privacy of your Social Security number Tell your physician everything necessary for p r o p e r treatment but think twice before d i s d o s i n g information that has no bearing on your health Ask your health care provider w h e t h e r your records can be accessed from outside his or her office a n d for w h a t purpose
As you begin the n e w year, make confidentiality a priority before y o u r o w n medical record becomes public information y o u never w a n t e d disclosed! W o u l d n ' t it be interesting if y o u r poor driving record became conversation in the lunchroom? Q
Louis Feuer, MA, MSW, president of Dynamic Seminars & Consulting, Inc., is a nationally recognized lecturer and consultant specializing in the health care industry. He can be reached at (954) 435-8182 or at www.Dynamicseminars.com. Reprint orders: Mosby, Inc., 11830 Westline Industrial Dr., St. Louis, MO 63146-3318; phone (314) 453-4350; reprint no. 68/1/96063
Ask that, before your medical records are sent to another person (eg, insurance company), you be permitted to review what is being sent Although electronic medical records do offer tremendous opportunities to improve and rapidly provide quality care to our customers, they come with their share of problems. Hopefully this article inspires you to take another look at the important issue of confidentiality. Take time to review the 1996 KennedyKassenbaum health care act that talks about privacy guidelines. Read the recommendations from Donna Shalala, Secretary of the D e p a r t m e n t of Health a n d H u m a n Services, regarding the passage of medical privacy legislation in 1997 a n d January/February1999
T C M 17