424. "Worth the Inconvenience" National Law Journal (July 14, 2003).
Next time you visit your doctor or are admitted to a hospital, you will be asked to endorse a privacy statement. Read it carefully. Since the new regulations protecting medical privacy took effect, trouble is breaking out all over. Most of these initial road bumps, though, are well worth putting up with to gain privacy for our most intimate information.
A few days after the new regs took effect, a child called the emergency room at Sibley Hospital in Washington. She wanted to know the condition of her father. The receptionist said she could not even disclose whether he was in the hospital—because he had not signed a privacy statement allowing the hospital to release such information. As the child cried hysterically, a nurse took pity on her, but still would not admit to the father being there. Instead, she located the mother, who took the call.
In another Washington hospital, during the first days of the new regs, 19 bouquets of flowers went undelivered and many phone calls went unrouted. Annoying, but small potatoes compared to having medical records readily accessible to anyone who wants to profit from them.
Delays in obtaining medical records exchanged between doctors have occurred also. But this is largely a result of misunderstanding the new rules. They do allow doctors to exchange information at will for continuity of care, even without written patient consent. And regs can be safely set aside in an emergency.
Above all, the medical staff is keenly aware that the new regs are complaint-driven. Anyone, not merely the aggrieved party, can take action. For instance, drug-company representatives are not supposed to enter unsupervised into areas where medical documents are kept. When one did, a lawyer in the waiting room filed a complaint.
Consider the alternative
I have been fighting for these new rules since 1999, when I reported in a study, The Limits of Privacy, that people's medical records are traded on the Internet, banks use them to call in loans when people have a heart attack or cancer, and employers use them to not hire job applicants with "bad" genes. I was delighted when the Clinton administration in its last year got around, finally, to issuing medical privacy regulations, and when the Bush administration allowed them to stand after some limited modifications. They took effect on April 14.
The staffs of even small medical partnerships, for instance the one in Rockville, Md., in which my wife practices, had to attend briefings on how to abide by the new rules. Doctors can no longer leave messages on a patient's answering machine (even with negative test results), and forget about the postcards reminding you to come in to check your blood sugar—sealed envelopes only.
Hospitals and even doctors' offices are meeting the requirement to appoint a privacy officer in charge of enforcing the rules and to whom complaints are to be filed. This led John Lawson, president of the Medical Society of the District of Columbia, to complain that the regulations set up a "whole new bureaucracy." But the role is burdensome only if there are numerous complaints.
The text the patient is typically given to endorse is dense. It is true that you may need a lawyer to understand it. The form I got from Washington Radiology Associates (WRA) runs to two pages of tight print: "We may use and disclose your PHI in the following instances....You have the opportunity to agree or object to the use or disclosure of all or part of your PHI. If you are not present or able to agree or object to the use of disclosure of the PHI, then WRA may, using professional judgment, determine whether the disclosure is in your best interest." Regrettably, different medical offices provide you with different privacy statements, so patients need to study each.
Many of these problems, though, are due merely to the newness of the regs. Soon patients will be familiar with them. Staffs at hospitals and clinics will learn that they can continue to do most things reasonably if they are truly out to serve the patients rather than those who want to have information about them for commercial purposes.
Here and there, some flowers may not be delivered, or a visitor may be unable to find a patient, but nobody will be able to legally trade in medical information anymore, abuse it for hiring and firing, undercut a loan or for other nefarious purposes.
The initial implementation annoyances are a price worth paying for the strongest protection of medical privacy ever known in the United States.
Amitai Etzioni, author of, most recently, My Brother's Keeper: a Memoir and Message, is a University Professor at George Washington University.