Personal Privacy in an Information Society. Keepers and Users of Medical Records


In the early part of this century, physicians, most of them practicing alone, delivered 85 percent of all medical services in the country. Today less than five percent of the providers of medical-care services are physicians.8 It has been estimated that in most hospitals today only a third of a patient's hospital medical record is created by the attending physician.9 In addition, there have been major changes in the way medical care is paid for, and these changes, together with corollary efforts to monitor and improve the quality of medical care, have had and continue to have profound effects both on the flow of medical-record information and on the way medical records are maintained.

Private health-insurance coverage has risen steadily over the last 25 years. In 1950, third-party payment covered about a third of personal health expenses; in 1975, two-thirds, including almost 90 percent of hospital expenses and 61 percent of physicians' services was covered.10 So many of these payments are now made under group policies that employers either administer or finance, or both,11 that employers have begun to rival insurance companies as major keepers and users of medical-record information. Tax revenues also cover an increasing share of the nation's health-care bill. In 1974 Medicare and Medicaid together accounted for three-fifths of the total government expenditure for medical services, with 71 percent and 37 percent of their funds, respectively, going for services provided by hospitals.12

The magnitude of these public and private expenditures has focused attention on controlling the cost and monitoring the quality of medical services with the medical record becoming the primary instrument for cost control and quality assessment. Today, third-party payers not only want to know whether services billed to them are wholly or partially covered, but also whether they were consistent with the medical problem stated on the claim form, or indeed have been performed at all. To answer those questions in any particular instance the third-party payer may need copies of the entire record when only a particular episode of treatment is at issue. In 1972, the Congress in P.L. 92-603 authorized the formation of Professional Standards Review Organizations (PSROs) to monitor the appropriateness, quality, and outcome of the services provided to beneficiaries of the Medicare, Medicaid, and Maternal and Child Health Programs. The professional review mandated by the PSRO legislation depends upon information in the medical record being precisely documented, and in standardized form so that it can readily be retrieved. Since the program is not yet fully operational, its effectiveness cannot yet be evaluated, but if the PSRO program succeeds in controlling medical care costs, private-sector third-party payers will undoubtedly develop similar programs or use the PSRO. The Congress, too, is watching PSRO performance with an eye to its implications for proposed legislation to create a universal health insurance program, covering all aspects of medical care.

It must be understood, of course, that these impositions on the presumed confidentiality of the physician-patient relationship are not without precedent. Mandatory filing of birth and death certificates is a form of intrusion into the physician-patient relationship that has long been accepted as socially justified by the need for population statistics and epidemiological research. Today vital statistics records provide a vast data resource for many research and statistical activities. When communicable diseases were a major cause of death, legislation was enacted requiring that medical-care providers report information about individual cases to publichealth authorities. Many States now also require medical-care providers to report cases of cancer and other diseases in which an environmental or occupational factor is suspected, and some require reports on drug addiction, gunshot wounds, child abuse, and other violence-related injuries. The justification for each of these intrusions into the medical-care relationship is that society's need for information outweighs the individual's claim to personal privacy in that particular case.

Through expenditures in support of medical research, both government and the private sector indirectly contribute to third-party intrusions into the medical-care relationship. As Chapter 15 points out, government funding supports most of the organized research and statistical activities in this country and medical research accounts for a high proportion of the research expenditures of government and many of the large private foundations. Federal rules governing the funding of medical research require the informed consent of the individuals who participate in it as research subjects, but do not require their consent when medical records are reviewed and abstracted for retrospective epidemiological research studies.

Epidemiological research was originally concerned with the cause and prevention of infectious diseases,13 but during the last two decades the focus of the discipline has expanded to include the chronic, noninfectious diseases, such as emphysema and cancer, which have emerged as primary causes of illness and death in this country. Because these conditions typically cluster in time and place at a rather low level of intensity; because their progression may be slow; and because their causes are frequently insidious, studying them often requires medical surveillance of a substantial population at widely disparate points in time. For example, an epidemiologist who wants to know whether a particular chemical employed in certain industrial processes was causally associated with bladder cancer might well be required to survey a large number of employees who have been exposed to the chemical at five-year intervals for at least 20 years. Such a task, however, would be impractical, if not impossible, without recourse to the medical records of the population being studied.

There are few statistics indicating the number of requests for medicalrecord information that are not directly related to the delivery of medical care, but testimony before the Commission suggests that the number is high. For example, the director of the medical record department at a 600-bed university teaching hospital testified that he receives an estimated 2700 requests for medical-record information each month, some 34 percent of them from third-party payers, 37 percent from other physicians, eight percent in the form of subpoenas and 21 percent from other hospitals, attorneys, and miscellaneous sources.14 The attorney for a large and well known medical clinic testified that the clinic receives an estimated 300,000 requests for medical-record information a year, some 88 percent of them patient-initiated requests relating to claims for reimbursement by health insurers.15 Representatives of a California photocopying firm told the Commission that in 1975, their firm photostated 365,000 medical records for the State disability insurance program. This same firm, which acquires medical-record information pursuant to patient authorization for use primarily by lawyers and insurers, has amassed a microfilm library of approximately 780,000 records. 16

The results of a 1970 survey of requests directed to the offices of California psychiatrists are equally revealing. Of the 346 respondents, 89 percent reported that they had been asked for medical-record information by insurance companies, 56 percent by schools, and 49 percent by employers.17

These figures give some idea of how heavily a variety of institutions in our society have come to depend upon the information in medical records in order to perform their basic functions. They also suggest that medical record information is now the key to many societal gatekeeping functions.18 This is clearly revealed when the individual with venereal disease is denied a marriage license; when the person with heart disease is denied life insurance; when the epileptic is denied employment; or when a convicted felon is sent to a mental hospital instead of to prison. There are, however, many less dramatic and thus less visible examples. Chapter 6, on record keeping in the employer-employee relationship, describes some of the ways in which medical-record information figures in assignment and promotion decisions. The chapter on public assistance and social services takes special note of how medical-record information influences eligibility determinations. An incident recounted later in this chapter illustrates that much harm can come to an individual when medical-record information being used for research is casually disclosed to another. Indeed, as Westin has observed:

. . . the outward flow of medical data . . . has enormous impact on people's lives. It affects decisions on whether they are hired or fired; whether they can secure business licenses and life insurance; whether they are permitted to drive cars; whether they are placed under police surveillance or labelled a security risk; or even whether they can get nominated for and elected to political office.19

The Commission agrees that the secondary use of medical records "raises the sharpest clash between society's interest in protecting medical confidentiality and its interest in a wide variety of other important functions . . . 20 Yet this clash is not easy to resolve or even mitigate. From a privacy protection point of view, however, the confidentiality of the medical-care relationship has been seriously eroded and clearly needs to be restored. Simply blocking third-party access to medical-record information is not the answer. New balances must be struck, recognizing not only that existing law and public policy on the subject are inadequate but also that many of the gatekeeping and credentialling functions that depend on information derived from medical records are essential.