Medical Privacy Is A Sick Joke

by Robin Harris on Tuesday, 26 December, 2006

I’m still on a light posting schedule until next year but this was too choice to ignore.

In a front page article today, (available online, but subscription required) the Wall Street Journal details a medical records horror story.

A middle-aged woman’s fiance commits suicide. For that and other reasons she decides to move across the country taking a job in a new firm. Her hiring boss leaves, she doesn’t get along very well with the new boss, has sleep problems. She talks to a sleep center psychologist about the turmoil of her last few years after being assured her comments are confidential.

Of course, it turns out they aren’t.

Then, in 2001, she was rear-ended at a red light. When she later sought disability benefits for chronic back pain, her insurer turned her down, citing information contained in her psychologist’s notes. The notes, her insurer maintained, showed she wasn’t too injured to work.

But wait, there’s more!
Another horror story: the bill collector can see your medical history!

Dawn Ross, a 37-year-old Los Angeles hairstylist, says she was startled to discover how much a bill collector knew about her. Federal rules permit the release of medical records in connection with “payment.” Soon after Ms. Ross returned home from an uninsured hospital stay, the hospital’s collection agency began dunning her for $8,600. When she disputed the bill, she learned that the agency had detailed records about her miscarriage and the treatment she received for it.


Complaints: 23,896; Enforcement actions: 0
It turns out that under the federal rules:

The rules also do not require patient permission for the release of records for “health-care operations,” a broadly defined category that includes some marketing, data warehouses and fund-raisers. John Metz, chairman of JustHealth . . . says he has encountered patients who were diagnosed with borderline diabetes — then inundated with marketing materials . . . from their medical providers.

How thoughtful and caring!

OK, medical privacy is a sick joke. Now what?
As I noted earlier this month (see Help Wanted: Storage Leadership Position Open) the storage industry needs to show some leadership if they want Americans to buy into electronic medical records. This is a win for everyone: improved medical care, lower costs and a huge storage market.

So I’ll say it again:
Medical records are one of the biggest storage opportunities of the next decade – if Americans can be persuaded they are secure. Right now they aren’t, and with the continuing stories about lost laptops and illegal data access, there is no reason for people to get comfortable. Without public support electronic medical record systems are dead and millions of Americans will suffer from medical delay and even death.

EMC, with their recent acquisition of RSA, would seem best positioned to take on the challenge of creating, in conjunction with system integrators, truly secure medical record storage systems. HP, who is as big as IBM, is much less visible in this space even though their big storage business stands to gain the most.

Medical data security can never be solely a storage problem. Yet storage vendors have a huge vested interest is seeing that this problem gets solved. Time to get off the sidelines, big guys. Do yourselves and your country proud.

joe martins December 27, 2006 at 2:12 pm


Great post…this is definitely a subject that deserves greater attention from the storage industry and government policymakers alike.

It’s infuriating…

A pediatrician isn’t permitted to discuss a teen’s medical condition with her parents (without her permission), yet healthcare providers will provide confidential medical information to other organizations (without permission).

Today’s healthcare privacy policies are about as effective as the National Do-Not-Call List.

Dave February 23, 2007 at 1:52 pm

You should think yourselfe luck for not living in the UK.
We have some of the worst, if not the worst, protection there is when it comes to medical data and to make things worse, our goverment what to force people to stick it on one big national database that will have something like 1.3 million users!
They also want to make doctors share medical data about children and their families with others, such as social services, schools, police local housing authority and a list of others (for example if you were to see your doctor for emotional, alcohol or gambling issue and ask for helps, they will be allowed/forced to ‘flag’ your file to inform others (short list above) they want to share data. If your child makes a comment on your drinking, gambaling or emotional state of mind, you get your file ‘flaged’ again.

Some have even went as far as to say all those under the age of 18 who MIGHT be sexually active should be reported to the police, forced to give name of their boyfriend/girlfriend and have some very intrusive interigations. The met office (London police) went as far as to say that this would be held on their computer and used as ‘soft inteligence’ and would show up if the patient was to have a background check to see if they have had any criminal activities!

Andrew April 3, 2007 at 10:35 pm

Here in Australia Family doctors (GPs) all use electronic records but dont share them with anyone else. Hospital doctors generally dont used EMRs. The Aussie govt has poured millions into schemes looking at sharing health info but time and again the people have chosen privacy over convenience. The latest casualty is a Medicare (our universal free health scheme) card which was to have included other info and a photo ID. Well, not any more.
Insurance companies frequently ask for whole patient records to base their premiums on and to give the excuses to refuse claims. I think that there needs to be new legislative control on their demands. They are really very slack about getting proper consent for their activities.

Dave April 8, 2007 at 7:10 am

In the UK doctors use electronic records (al though the goverment like to make people think it is all on ‘insecure’ paper, . That does not protect privacy, infact it makes it worse especiall as doctors/nurses ober here dont seem that bothered about privacy (at most practices you are not allowed to report rape to the GP unless you are willing to tell all doctors, nurses and even admin staff).

Insurance compaines, employers and others in the UK all want our medical info. No wonder our health is going down the pan! According to 1 GP in Grampian (North East Scotland), 90% of his patients have “no idea’ about who he is sharing their medical onformation with, and that does not bother him as the end product should futify the means of collection.

I think the title ‘Medical Privacy Is A Sick Joke’ is perfect, only it is no joke and sicker than most people think.

Comments on this entry are closed.

Previous post:

Next post: