Statement of the Association of American Physicians and Surgeons on the Medical Records Confidentiality Act of 1995 S. 1360 Submitted to: The Senate Labor and Human Resources Committee November 30, 1995

The Association of American Physicians and Surgeons, Inc.
1601 N. Tucson Blvd. Suite 9
Tucson, Arizona 85716
Telephone: (520)327-4885; FAX: (520)326-3529

The Association of American Physicians and Surgeons (AAPS), founded in 1943 to protect private medicine and the patient-physician relationship, represents physicians in all specialties nationwide.

We are deeply concerned that this Act will have an effect opposite to the one suggested by its title. It establishes procedures permitting and facilitating the disclosure of information for which disclosure is now either prohibited or practically impossible.

Subtitle B, Sec. 311 (b)(3) recognizes the incentives for abuse by establishing harsh criminal penalties for offenses ``committed with intent to sell, transfer, or use protected health information for commercial advantage, personal gain, or malicious harm.'' However, such penalties can be imposed only after the harm has been done. The damage to the patient may be irreversible. Furthermore, the Act establishes so many loopholes and exceptions that serious harm may be legally inflicted on patients who have no recourse, especially by agencies of the federal government.

We are especially concerned about the availability of confidential information for administrative procedures, in which the protections accorded to accused criminals do not apply. The privacy interest of the individual is never absolute according to the Act; it can be outweighed by ``the need of the respondent for the information.'' What constitutes ``need for the information'' is subject to very broad interpretation.

An individual who claims to be harmed by improper disclosure may be able to recover attorney's fees at a future time if he or she prevails. However, it is clear that individuals may face a protracted, exhausting, and extremely expensive gauntlet if they desire proactively to defend their privacy.

The ``safeguards'' established by the Act are actually only paper deterrents, not real barriers. In fact, a true safeguard against the dissemination of information in a central computer is physically impossible. Once in a computer, information, no matter how erroneous, can be extirpated only with great difficulty, if at all, especially when there are archival backup files or if the computer is linked to a network. Information could be securely encrypted, but its usefulness would be thereby much diminished. And one would still have a problem if the holders of the keys were not completely trustworthy.

One must query why computerized information is needed in the first place.

Computerized information is not needed for optimal clinical treatment of a patient. The key to correct diagnosis and successful treatment is the interview and examination of the patient. This can be accomplished only by face-to-face, hands-on contact by the physician responsible for the patient. It cannot be accomplished solely by review of a record, computerized or not.

As part of the clinical examination, review of previous records can be helpful if not in some cases essential. However, these data do not need to be on a central computer. It may be inconvenient to request information from other physicians or institutions, but usually the treating physician can obtain needed information by telephone with minimal delay. The most useful information from the standpoint of patient care is obtained from old radiographs and pathologic examinations (not just the reports), neither of which will be found in the proposed computerized record.

In a truly emergent situation, the most important history is what happened in the last few hours, or the last five minutes. This information must be obtained directly from the patient, or if the patient cannot communicate, from a family member or other witness, and supplemented by direct observation (including physical examination, imaging, and laboratory procedures). Patients with a serious problem that may affect emergency treatment (such as an anaphylactic reaction to penicillin) especially if it is not obvious on a routine laboratory examination such as a blood sugar determination should wear a bracelet, even if information is on a central computer. (The computer might be down or identification unavailable.)

Reasons for advocating computerized information are not related to direct patient care, and have nothing to do with benefiting the individual patient. They include:

1. Research
2. ``Utilization review/quality assurance''
3. Cost containment
4. Other governmental functions, including law enforcement

A case can be made for clinical outcomes research. However, to require everyone to participate in a clinical research project as a condition of receiving medical care violates the basic ethical principles for research on human subjects, namely, that participation should be strictly voluntary and that fully informed consent should be obtained. Having one's record in a central computer, accessible to numerous unidentified third parties, most of whom are not involved either in the patient's treatment or the research project, is probably objectionable to many if not most Americans.

Third-party payors demand the right to review pertinent data as a condition of payment. However, they have this right only because the patient has voluntarily granted it in exchange for receiving an insurance benefit. Patients sometimes forgo insurance coverage rather than open their records to third party review; this is a basic civil right.

Cost containment is the driving force behind utilization review/quality assurance programs. The quality assurance is needed primarily as a protection against overzealous utilization review (i.e. treatment denial). Patients should have the right to make their own assessment of their treatment and not forced to accept the governmental or third-party assessment. They should be allowed to use their own resources to obtain what is of value to them and not be restricted to that which is defined to be of value to society.

Electronic transmission and storage of medical information is not needed for government to exercise its constitutional law-enforcement functions. This function is legally exercised through search warrants and subpoenas, which are lawfully issued only for reasonable cause. The Fourth Amendment would, in effect, be suspended by requiring all medical records to be submitted to a central computer. Computer records can be surreptitiously invaded much more easily than physical premises.

Although this Act is nominally intended to protect patients, its actual beneficiaries appear to be the same special interest groups that were involved in the Clinton secret Health Care Task Force: for example, vendors of hardware and software who hope to obtain lucrative contracts, and managed-care corporations that make enormous profits by ``managing resources'' instead of offering optimal service to the sick and the injured.

One of the goals of the institutions involved in the Task Force, as documented in Health Affairs and in Task Force documents released as a result of the lawsuit AAPS v. Clinton was to gain control of the rulemaking process, circumventing the checks and balances of the legislative and judicial branches of the government. This aim would be furthered by S. 1360, as in Subtitle B, Sec. 111 (b)(1)(B)(i): ``If the Secretary determines that a negotiated rulemaking committee shall not be established as permitted by section 583 of title 5, United States Code, the Secretary shall appoint and consult with an advisory group of knowledgeable individuals.'' Third party payors/administrators and undefined ``health care entities'' would be included in such an advisory group of 7 to 12 individuals (Subtitle B, Sec. 111(b)(1)(B)(ii); physicians would not necessarily be represented. In traditional medical ethics, the interest of the patient is the overriding concern; the composition of the advisory group suggests that other interests would predominate.

AAPS believes that effective protection of patient privacy requires the following:

1. The right of all Americans to seek medical treatment outside of any medical insurance plan in which they may be enrolled should be explicitly guaranteed especially (but not exclusively) if the plan requires electronic data storage or transmission as a condition of coverage.
2. Electronic data storage or transmission should require the patient's explicit, fully informed consent.
3. No medical professional may be required to perform any act that violates his conscience as a condition of being permitted to practice his profession or specialty.
4. Patients should have a cause of civil action against any individual, including an agent of the government, who causes him harm by the misuse of computerized data. To this end, any electronic data processing system established under this Act should include a mechanism for tracking all individuals who access identifiable records.

REFERENCES:

Hoare, Geoffrey, Mayers, Marilyn, and Madden, Carolyn, ``Lessons from Implementation of Washington's Basic Health Plan,'' Health Affairs, summer 1992, pp. 212-218.

Briefing Book for the President and First Lady, ``Transition to the New System.''

DISK076\2PLATFOR from President's Task Force on Health Care Reform

DISK076\LIVING from President's Task Force on Health Care Reform

``Federal Government Implementation of Health Reform'' from documents released to National Archives from President's Task Force on Health Care Reform