Would you let a priest share your confessions in a government database? Or everything you confided in your therapist? Well, your doctors are about to share all of your priviledged medical information with the federal government.
I never thought I’d see the day where our own government wanted to assemble a database to catalog every American’s private medical information. It used to only be in science fiction movies that the government built databases of people with AIDS, or some kind of mental defect, or some other medical issue. The implications of this are many. Imagine a government five or ten years from now that limits your ability to vote based on your mental history, or limits your ability to fly on an airplane because you suffered from depression. Imagine being catalogued and the premiums of your healthcare jacked up because you fall within one of the demographics cited in Obama’s healthcare legislation that have a poor “community rating”. Or perhaps some day, your children will be sent to the poorer school in town because your family’s health history suggests a lower IQ.
And should you be OK with the federal government spying on your medical history, consider that it won’t be just the government having access to it. As an expert in the field of computer security, the idea that any government system could possibly be secure is a far fetched pipe dream at best. Our federal government’s systems have among the lowest ratings in computer security, typically ranging from D to F-. If classified defense information systems can be hacked, certainly a healthcare database will be at some point too. Expect your personal medical information to be subject to the same data breaches as the credit card industry, only in this scenario you can’t simply cancel out a card and get a new one. Whether it’s hackers or shady marketing companies working with unsavory doctors, your private medical information could at some point be accessible to a malicious party that has no business reading it.
Once a technology is in place, big business inevitably finds ways to abuse and exploit it. If the rest of this science fiction reality plays out, doctors could at some point be contracted by employers to access these (now centralized) records, and make employment decisions based on your medical history. This may all seem far fetched, but up until recently, so was the idea of an American government collecting everyone’s personal medical records.
As patients, our medical history was provided under a relationship of trust afforded to us by the physician-patient privilege existing today in both common law and case law. This privilege is strictly between you and your doctor. It is this privilege of confidentiality that allows patients to confide in doctors so that they can receive the right treatment. The relationship of trust afforded to us by physician-patient privilege is so cherished that our court system will not even permit such confidential information to be presented as evidence in a court of law.
When these bonds of trust are broken by overambitious politicians, the ability for doctors to provide care fails. When patients can no longer trust their physicians to keep their medical history private, patients will no longer confide in or trust their physicians to deliver the care they took an oath to provide – essentially the integrity of medicine falls apart.
Our physicians took a Hippocratic oath which includes swearing to keep our private information a secret. Doctors bear an ethical and moral obligation to protect our medical information and respect the trust that has been in place for centuries. This ethical obligation supersedes any legislation that should attempt to state to the contrary, or otherwise force me to make my personal medical records available to the government or to others. Our private medical information should also fall under the protections of the 4th amendment.
Your own medical information is in the works to be used against you, to base your healthcare premiums on what Obama’s healthcare legislation cites as “community rating”; to judge you by what your neighbors eat and how well they take care of their own health. Insurance company lobbyists would love to see this information made available to jack up your insurance rates. Criminals would love to use this information to steal your identities. Today, more than ever, your privacy and your dignity is being targeted.
After spending some time discussing this with my state reps, they asked me to put together some text suggesting what should be done about it. If anything is to be done, it must be done before our data is made available to any new system. I’m certainly open to any other ideas which might improve this text as well. It’s my hope that this will pick up some traction not only in my state, but that others might also push for this legislation to protect privacy in other states. If you like your right to privacy, consider sending a copy of this to your state reps, and ask them to push a bill like this through. When an overreaching federal government tries to seize information that does not belong to them, it’s up to the states to pass laws to the contrary.
Rev. 4
STATE OF NEW HAMPSHIRE
In the Year of Our Lord Two Thousand Ten
AN ACT prohibiting the sharing of patient records in a health information
exchange without authorization from the patient.
Affirming that the confidentiality of a person's medical history is essential
to both human dignity and forthcoming communication between a patient and
physician, and acknowledging that the trust of patient-physician privilege is
both sacred and essential to delivering adequate treatment, and affirming every
human being's inalienable right to be secure in their persons, houses, papers,
and effects against unreasonable searches and seizures, be it enacted by the
Senate and House of Representatives in General Court convened:
I. Notwithstanding any federal law or mandate, no doctor, hospital, medical
professional, or any other person or entity conducting business in, operating
in, or practicing medicine within the State of New Hampshire shall release,
provide, insert, or otherwise permit any information pertaining to a patient's
medical history to be shared, copied, or otherwise transmitted into a health
information exchange, without consent of the patient.
a. Any institution conducting business in, operating in, or practicing
medicine within the State of New Hampshire whose operation involves the
processing or retaining of records pertaining to a patient's medical
history shall implement reasonable technological and procedural measures
to safeguard patients' medical histories from being subjected to,
shared, copied, or otherwise transmitted into a health information
exchange without the consent of the patient.
b. Nothing in this section shall prohibit a doctor, hospital, or other
health care provider from transmitting a valid claim to a health
insurance company to collect a debt, or from providing information
to a law enforcement agency under a valid subpoena, HOWEVER
c. A health insurance company conducting business in or operating in the
State of New Hampshire shall subsequently be subject to all provisions
of this bill in their handling of a patient's medical history.
d. A patient may, at any time, revoke their consent, at which
point the party which originally transmitted the patient's medical
history must issue a deletion of all medical history which was submitted
by said party within thirty (30) days.
II. The Consent Process
a. During the course of a patient's first visit to a health care provider,
or the course of a patient's most recent visit having not yet been
given an option to opt-out, the health care provider shall inform the
patient in common language of their right to opt-out of sharing their
identity and/or private medical records in a health information exchange.
The patient will be asked, "Do you wish to opt out of sharing your
identity and/or private medical records from a health information
exchange?" The patient's consent shall be implied unless the patient
conveys their desire to opt-out.
b. If, during a visit, the patient conveys their desire to opt-out of sharing
their identity and/or private medical records in a health information
exchange, the healthcare provider shall present an opt-out request form
to be signed by both the patient and healthcare provider. The request
form shall specify, in common language, whether the patient desires to
opt out of sharing their identity, private medical records, or both
in a health information exchange.
c. Once an opt-out request form has been signed by the patient, the patient
shall be considered perpetually and retroactively opted out from sharing
his or her identity and/or private medical records, as specified by
the patient, from a health information exchange. A copy of the signed
opt-out request shall be provided to the patient prior to the end of the
visit, and another copy kept on file with the healthcare provider.
III. No doctor, hospital, medical professional, or any other person or entity
shall discriminate or refuse service to a patient based on their providing
or not providing consent to share their identity or information about their
medical history in a health information exchange.
IV. Any person or entity in violation of sections I or II of this bill
shall be subject to a $50,000 fine per patient, per incident of violation of
each section.
DEFINITIONS
"Health Information Exchange" shall mean any network, computer system, or
other system by which -
1. any person not directly employed by, contracted by, or operating
under the authority of the entity in posession of the patient's medical
history who has obtained or might obtain access to patient medical
history with or without authorization OR
2. any automated system or instrument controlled by a person or entity not
directly employed by, contracted by, or operating under the authority of
the entity in possession of the patient's medical history which has
obtained or might obtain access to patient medical history with or
without authorization
OR any instrument, whether electronic or otherwise, whereby a patient's medical
history might be relayed into such a system.
"Medical History" shall mean any record of past, present, or speculated
medical conditions, symptoms, treatments, procedures, advice, notation,
requests, or any other information pertaining to the patient which describes,
indicates, or suggests a particular state of physical or mental health.