Slashdot Mirror

← Back to Stories (view on slashdot.org)

Medical Privacy Rules To Be Gutted

Posted by michael on from the no-surprises dept.

Logic Bomb writes "The San Francisco Chronicle says the Bush administration wants to loosen privacy rules for medical records in a variety of ways. It's the sort of arrangement where insurance companies are drooling but everyone else, from doctors to Democrats, is screaming bloody murder." Not really a surprise, given the current administration. The rules proposed during the Clinton administration would have substantially protected the privacy of medical records - keeping your HMO, insurer and pharmacy from selling information about your health without your permission. Doesn't look like they're going to go into effect, though.

15 of 26 comments (clear)

  1. Story is misleading by Chacham · · Score: 2
    As stated by another poster. The story itself is bent on giving a bad light to the proposal. You really need to read the article, but here is one main point.

    But in at least one respect, the administration is suggesting a significant strengthening of privacy rights: allowing patients to decide up front whether to allow their records to be used for marketing purposes.

    That "But in at least" is total trash. Its not "but" it's the whole point! Instead of having rediculous procedures, the Bush proposal makes it one up front thing. This is no different than the phone company. Go read a phonebook. The local phone company will use your information unless you ask them not to in writing. Should you do it via the phone there is a "processing" fee. In other words, either advertisers pay us or you do.

    In short, this is a good proposal. The story writer is obviously biased. And the submitter is too, or just plain stupid.

    --
    Have you read my journal today?
    1. Re:Story is misleading by Anonynnous+Coward · · Score: 2
      Of course the telephone company will use your information. A reasonable person would expect the telephone company to use your information. It is, as has been called by other who studied the topic more than I ever will, a "fair information practice."

      Your doctor, your insurance company, your pharmacist, or your dealer selling information about your health to the highest bidder is not and never will be a "fair information practice," and this proposal is one more example of a government bought and paid for by corporations in action.

    2. Re:Story is misleading by Chacham · · Score: 2
      A reasonable person would expect the telephone company to use your information.

      Why?

      It is, as has been called by other who studied the topic more than I ever will, a "fair information practice."

      Without seeing any reasons or supporting evidence, I will have to disagree with you. There is nothing "fair" about it at all.

      is not and never will be a "fair information practice"

      Agreed. But when is it ever fair, if you didn't agree first?

      example of a government bought and paid for by corporations in action.

      I disagree. There is a strong tendency in the US for information sharing (or selling.) (Goverment agencies have to fight for that!) All this government proposal does, is makes it more straight-forward to opt-out.

      Currently, (I gathered from the article) there is no opt-out at all! Just every time they want to use your information, they have to ask. Say no, tomorrow we can ask again. And the next day, and the next. Under the new rules, you start off as opt-in, but you can opt-out once. And then noone can ever use your information unless you switch doctors/insurance companies. Yeah, the fact that you start off as "opt-in" is not good. But it is definitely a step in the right direction. In other words, let this one pass, and maybe next year we can have the default switched to "opt-out".

      The *real* bad thing is not information sharing. It is that anyone besides you can see it! I think everyone should have a storage of their own records, and you let the doctor see it each time the doctor looks at you. Then take it home. Never let the doctor keep it. If you are afraid that you will lose it, then have someone store it for you. Such as your doctor. But beware of what that information may be used for.

      People rely on the "system" to have all the information as needed. I am against the system itself!

      --
      Have you read my journal today?
    3. Re:Story is misleading by Hard_Code · · Score: 2

      Great, yeah, this sounds right:

      Patient: Jesus, I just broke my leg, please help me.
      Anonymous Unaccountable Medical Staff: Sure. Now, would you like us to resell your medical information?
      Patient: Of course not!
      Anonymous Unaccountable Medical Staff: Ok, fill this out.
      Patient: [fills out form]
      Anonymous Unaccountable Medical Staff: [waits with palm held out]
      Patient: ...and...?
      Anonymous Unaccountable Medical Staff: You'll have to pay us <jigabucks> to NOT sell your info of course...well, you *could* walk to this other hospital...
      Patient: I HAVE A BROKEN LEG!
      Patient: [aside to the audience] Well, I'm fucked aren't I?
      Audience: Yes
      Patient: Fine you bastards! Here is your <jigabucks> I'll let you know I'm voting for <Candidate N%2> next time!
      Collective Political System: [to self] har har. sucker.

      --

      It's 10 PM. Do you know if you're un-American?
    4. Re:Story is misleading by Anonynnous+Coward · · Score: 2
      You're right--the telephone company using information without the customer's consent isn't fair. I fell into the trap of endorsing the practice while trying to compare the degree of breach of confidence.

      I see your point of a citizen getting buried in a barrage of permission requests and finally just giving in, but that could be solved by requiring a positive response--the absence of a response could not be considered permission.

      Opt-out is just a sell-out, as, since people tend to be busy and not realize the implications of letting their information out into the wild, they don't act on the "privacy statements" sent to them. Also, once a customer who has previously not opted out decides to, there's no practical way for him to retrieve the information about him floating around. The "information wants to be free" idea works here, too, unfortunately.

      I like your idea of citizens being the custodians of their own information. We have the cryptography to make it so that the citizen could carry information without being able to alter it, and could encrypt it on a health care provider's key to transfer it. Heck, I imagine with some thought, a way to "salt" information to trace misuse could be added. Bummer that the MIB and others who make beaucoup bucks trading in citzens' health information (along with their government servants) will never allow that to come to pass.

    5. Re:Story is misleading by ImaLamer · · Score: 2

      The proposal is horrible.

      If you even plan to release one piece of information on me I think we will have to meet in the streets.

      I don't care if it's some sort of aggregate data or marketing data. Whether they contact me or not I am against it. If you have an illness you may not want anyone to know for any reason. I've got to question any 'security' that would be taken after a right is taken away.

      If you want any records released, at least in my state, you need to sign and have a witness sign that form [could even be a doctor]. If the government wants to retrieve your records you must sign. They are encouraged [and this is practiced at several county based offices] to keep medical information in one room with a number and keep the number list somewhere else. Obscurity but imagine those guys in silos.

      Revolution

      --
      Get your Unix fortune now!
    6. Re:Story is misleading by Chacham · · Score: 2

      There are two responses. One is Communism, where we force the doctor to take you anyway. The other is Capitalism, where another place opens up and gets more customers because they don't force things upon you.

      Currently we have the latter in most cases, but the former is pushed by law onto hospitals. I think we should rid that, and let hospitals be like any other store.

      --
      Have you read my journal today?
    7. Re:Story is misleading by Chacham · · Score: 2

      What do you disagree with? Seriously, I did not understand your comment. On what exact point of my proposal are you arguing? I read your comment twice and did not understand it.

      --
      Have you read my journal today?
    8. Re:Story is misleading by ImaLamer · · Score: 2

      make it easier for researchers to gain access to patients' records

      Sounds good but how deep? Is my name going to be used? People complain about your cable company knowing what you watch but medical release without consent is okay... no matter what situation?

      The proposal, issued yesterday by U.S. health officials, represents President Bush's attempt to tailor a policy that has daunted presidents and lawmakers for years: how much control to give consumers over the proliferating access to medical records in an electronic age

      I want total control over my records, is that hard to understand? The "Electronic Age" isn't the reason to release more records but to put up more safeguards.

      The new version was largely criticized by privacy advocates, physicians and Democratic leaders on health care. It was hailed by representatives of insurers.

      In all reality all the groups mentioned above have some personal interests. Privacy groups are charged with watching who is watching you. If they fail no more donations. Physicians don't want to loose patients because their disclosure policies and generally are against giving away information - basic ethics of working in a hospital is to keep your mouth shut. Insurers want that information because they want to drop you. People who represent those interests in Congress et. al. get cash for passing this through.

      --
      Get your Unix fortune now!
    9. Re:Story is misleading by Chacham · · Score: 2
      I want total control over my records, is that hard to understand?

      No. But you want two things. One, you want the goverment/hospitals to hold onto your records for free and always have them availible. Two, you want to be the only one who can use them. That's asking for a lot and giving nothing. Either pay the goverment/hospitals to hold your information (or let them use it as payment), or keep it yourself.

      The "Electronic Age" isn't the reason to release more records but to put up more safeguards.

      Actually it isn't the reason for *either*. It is merely the ability to ease what was done before, or to make other things feasible.

      Privacy groups are charged with watching who is watching you. If they fail no more donations.

      Privacy groups charge *themselves* with whatever the group itself decides to be. They are groups of citzens *just like you* who actually decide to make more noise then just a silly slashdot comment. If they fail, they *try harder*.
      They also do not (usually) make donations. Donations are usally made by companies, and used as a tax writeoff of some sort. If they were made by privacy groups, there would be a serious conflict of interest, and very surely charges would be raised.

      Physicians don't want to loose patients because their disclosure policies and generally are against giving away information - basic ethics of working in a hospital is to keep your mouth shut.

      What are you talking about? Physicians don't want to lose patients, because that is their source of income! Also, repeat reccomendations, and families. For a doctor to need new patients, would be forging new relationships, which is not productive to a healthy doctor-patient relationship.

      Insurers want that information because they want to drop you.

      What?!?! Insurers cannot drop you! That why it is *called* insurance. They insure you to be healthy. When you don't get sick too often, they make money both from you base premiums, and the payoff they get by investing your money. They only lose when someone gets really sick, or gets sick often. But that is part of the game. If anything, they want *previous* information, so they can say "had we known we never would have accepted you". And by law they *can* do that. Otherwise, everyone would wait until they became terribly sick, and only then pay the insurance companies to pay their bills!

      The issue here is *selling* information. Whether to other groups for studies or to market medicines.

      People who represent those interests in Congress et. al. get cash for passing this through.

      Not really. That would be illegal. The lobbyists are paid employees of some company. The members in congress echo their concerns with votes. Should you be able to prove money caused a vote, the representative would be thrown out on ethics violations (according to the Constitution each house governs their own members and can throw any of their own members out).

      --
      Have you read my journal today?
    10. Re:Story is misleading by ImaLamer · · Score: 2

      No. But you want two things. One, you want the goverment/hospitals to hold onto your records for free and always have them availible. Two, you want to be the only one who can use them. That's asking for a lot and giving nothing. Either pay the goverment/hospitals to hold your information (or let them use it as payment), or keep it yourself.

      I didn't ask them to hold or even collect my medical data. Because I was treated at St. Mary's doesn't mean I've become a slave to St. Mary's and they can do what they want with my records.

      Actually it isn't the reason for *either*. It is merely the ability to ease what was done before, or to make other things feasible.

      No, the reason is exactly that information can be fast and flowing. Companies can collect the information cheap and keep it up to date. If selling or sharing medical records without consent was legal this wouldn't be needed.

      Privacy groups charge *themselves* with whatever the group itself decides to be. They are groups of citzens *just like you* who actually decide to make more noise then just a silly slashdot comment. If they fail, they *try harder*.
      They also do not (usually) make donations. Donations are usally made by companies, and used as a tax writeoff of some sort. If they were made by privacy groups, there would be a serious conflict of interest, and very surely charges would be raised.

      Yes, they charge themselves with protecting privacy - but are almost never supported by companies. I've made donations to privacy groups [as well as other groups] - and they aren't funded by corporations. Tax right-offs can only go so high and it wouldn't outway the price of that information they seek. Privacy groups are made up of citizens, and yes they raise money from real citizens. They do what they can even if it's making a 'silly' slashdot comment [I thought that speaking up in anyway was supported in America? Slashdot comment or a flyer - it's the same message]

      ME: Physicians don't want to loose patients because their disclosure policies and generally are against giving away information - basic ethics of working in a hospital is to keep your mouth shut.

      YOU: What are you talking about? Physicians don't want to lose patients, because that is their source of income! Also, repeat reccomendations, and families. For a doctor to need new patients, would be forging new relationships, which is not productive to a healthy doctor-patient relationship.

      That was my whole point. If they are loosing patients because of a law which shouldn't pass then they will lose money. You want to be able to see the doctor and tell them that you have a rash without the concern of how many people will find out before you leave.

      What?!?! Insurers cannot drop you! That why it is *called* insurance. They insure you to be healthy. When you don't get sick too often, they make money both from you base premiums, and the payoff they get by investing your money. They only lose when someone gets really sick, or gets sick often. But that is part of the game. If anything, they want *previous* information, so they can say "had we known we never would have accepted you". And by law they *can* do that. Otherwise, everyone would wait until they became terribly sick, and only then pay the insurance companies to pay their bills!

      You are right!, they are limited in being able to 'drop' you. But if they know up front that you are a risk you can be denied coverage. Previous information is what is needed. I did form my argument wrong considering that they know everything about you if they insure you. But you don't [obviously] have an illness which needs expensive or timely care. "Managed Care" is a for-profit business. Where this change in law scares me is who will sell-out my name or information. While blind stats in all reality sound good - it won't happen.

      If a University wants to find out how many cases of Bell's Palsy there are they can call a hospital and get a tally of treatment. Numbers of drugs sold provide those numbers as well. If for some reason they want to go around and ask doctors about patient data we should be asked.

      It's that simple... Bush wants to remove the opt-in ability of such research. You likely won't be able to opt-out.

      I love that you end your article with the naive idea that a party or politician may benefit from passing a law is illegal and simply not done. I guess that is the root of the problem. Cash no, power maybe, used more to violate citizens - yes.

      Simply: Companies now need the gov't to let them do things to dirty to get support from consumers. Now we look to make loopholes so that people can make more money.

      It's my health, my life and it happens that someone keeps a copy of the records. But those records in all reality belong to me. I've even had problems getting copies of my own records because I didn't have an ID at the time -- good idea.

      --
      Get your Unix fortune now!
    11. Re:Story is misleading by Chacham · · Score: 2
      I didn't ask them to hold or even collect my medical data.

      But you took it as fact. Specifically, but medical release without consent Instead of arguing about the outcome of the laws not protecting release, you should have argued that they should not have it in the first place. By skipping that point, I assumed you agreed that they actually should hold your data. And that was the basis of my point.

      No, the reason is exactly that information can be fast and flowing.

      So when those guys created the Internet; when the government funded the Internet; when all those companies supported the Internet; they all did it for the flow of personal information? They did it to connect networks, and let people not directly connected to your network, to connect to it anyway . This does speed things up, but it does not call for laws or regulations. It just speeds them up.

      Originally, you said:Privacy groups are charged with watching who is watching you. If they fail no more donations.
      I countered with:They also do not (usually) make donations.Donations are usally made by companies,
      You then pretty much agreed with me. Am I missing something?

      You want to be able to see the doctor and tell them that you have a rash without the concern of how many people will find out before you leave.

      Then don't let anyone hold your information! Instead you like them being forced to hold your information for free. The current proposal just changes that to a simple *one-time* opt-out. While that isn't the best, it is a step in the correct direction. It forces the opt-out to be centralized. (Maybe we can wait a bit and propose that such information starts off as opt-out, then noone will have a problem.)

      You are basing your argument on the presumed intention that the proposal helps companies at the expeense of citizens. I think the current method does that, and the new proposal is a step in the correct direction. There are pros and cons to both. But it is hardly as bad as the writer of the original article (and slashdot poster) made it out to be.

      It's that simple... Bush wants to remove the opt-in ability of such research. You likely won't be able to opt-out.

      Umm... The crux of the article is a one-time opt-out. Did you miss that?

      I love that you end your article with the naive idea that a party or politician may benefit from passing a law is illegal and simply not done. I guess that is the root of the problem.

      I never said that it wasn't done. I said that if it could be proven, charges would be raised and action taken. It is certainly not as overt as your message seemed to propose.

      Simply: Companies now need the gov't to let them do things to dirty to get support from consumers. Now we look to make loopholes so that people can make more money.

      Did you read the article past the second paragraph? The fourth paragraph quite explicitly, allowing patients to decide up front whether to allow their records to be used for marketing purposes.. I think that says it all. Even in that biased article, anyone looking at the facts represented can see that this is another proposal, and if not better, at least of equal standing.

      --
      Have you read my journal today?
    12. Re:Story is misleading by ImaLamer · · Score: 2

      Okay, let me end this.

      When a hospital holds my records they are holding them because they are required by law. They need to keep information on everything that happens between patient and doctor.

      You may tell your doctor you are on a certain prescribed drug [maybe your family doctor prescribed it]. If he takes that note down because it may save your life it has now become a matter of record at the hospital. If the situation was reversed then your doctor may take note of a drug that was prescribed during a hospital visit.

      In many states medical records can't be destroyed. The hospital keeps the records because it is in their best interest. They want to clear themselves of further litigation. If it wasn't required - they are taking it upon themselves to keep the records. Either way I haven't yet surrendered my rights as a patient.

      The subject isn't where the records are kept, but the confidentiality you are currently provided under the status quo. Even with the connected world we live in most records are still kept in folders, and copies are made on a Xerox machine and not at a laser printer.

      I currently have some of my records under lock and key with the county government because of a medical program they have. Under current law I must sign in advance to very specific releases of information. If they want to know milestones in treatment it's not assumed that they can call upon this information at anytime. Even though they are the ones keeping the records and providing some medical treatment.

      --
      Get your Unix fortune now!
    13. Re:Story is misleading by Chacham · · Score: 2

      Okay, let me end this.

      OK, but I still don't think the proposal is any worse then the current law. Nice chat though. :-)

      --
      Have you read my journal today?
  2. Medical Marketing Paradise by Caractacus+Potts · · Score: 3, Insightful


    That phrase about making a "good faith effort" to obtain written permission is crap! I'm self-employed and just switched medical plans. About a week after enrolling, I get a letter explaining how to opt-out of having my information released to my health care providers' "partners" who may have services of interest to me. Of course, since I didn't start out in an opted-out state, my information was already released into the wild. Now, I'm starting to get all of this medical junk mail aimed at senior citizens! Thank god they only got my address. If the marketing industry ever finds out I'm a hypochodriac, they'll bombard me!

    Seriously, if they allow for any relaxation of privacy regarding personal medical information, you can bet your bottom dollar that anyone who could possibly make a buck off of that information will find a way to obtain it.