Saturday, November 14, 2009

How Would You Feel If Someone Eavesdropped On You And Your Doctor?

If you hadn't thought about it much, you should know that electronic medical recordkeeping is on the horizon and the government is already making critical decisions on how those records are kept, shared and safeguarded. When I say medical records, I'm talking about physicians' notes and observations, patient recommendations, referrals, prescriptions etc.-- anything you and your doctor say to each other will eventually find its way into an electronic medical record.

Regulators are already in a tug-of-war with health care lobbyists over how these electronic records will be safeguarded. Some lawmakers, consumer groups and industry analysts argue that hospitals and insurance companies should be required to let patients know about any unauthorized disclosure of their health data. However, under a provisional rule released by HHS this week, a health care provider only would have to notify patients if the provider determines the breach "poses a significant risk of financial, reputational, or other harm to the individual.''

Officials from the hospital and insurance industries have long contended that it is unnecessary to notify patients of every routine error in handling data--saying that it not only would be costly but also would overwhelm consumers and make them less likely to notice when a real problem occurred.

But some do not believe the definition of harm should be left for the hospitals or insurers to interpret. "It's sort of like letting the fox guard the hen house," said Paul Cotton, a lobbyist for the AARP who works on health information technology issues.

California first advanced the idea that consumers should be told when their data is mishandled, passing a law in 2003 requiring notification whenever protected information got into unauthorized hands.

Few people took notice until 2005 when ChoicePoint, a Georgia-based data-collecting company, was forced to notify tens of thousands of Californians that their files had been accessed by unauthorized users who might have been identity thieves. No other state had a similar requirement, so initially ChoicePoint refused to notify people elsewhere, sparking outrage from many consumers and government officials.

Folks, you should contact your lawmakers and insist on the more stringent rule for privacy protection on your medical records-- you already know the consequences of letting corporate medicine decide what's best for you (vs. them).

No comments: