http://www.ornl.gov/sci/techresources/Human_Genome
/medicine/tnty.shtml
Fast Forward to 2020: What to Expect in Molecular Medicine
Last modified: Wednesday, October 29, 2003This
article was originally prepared for the online magazine
TNTY Futures. Written by
Daniel Drell (U.S. Department of Energy) and Anne Adamson (Oak Ridge
National Laboratory). It speculates about how genetic advances sparked by
the Human Genome Project may affect the practice of medicine in the next 20
years.
The first phase of the ambitious international effort to determine the
entire sequence of the human chromosome set is virtually complete. Human
Genome Project scientists plan to finish the human sequence by 2003, along
with a database of the most common sequence variations that distinguish one
person from another. This knowledge base,
freely available to any interested person over the Internet, will
revolutionize biology and medicine. But how? What will be different 20 years
from now because the human genome was sequenced?
Only time will prove the accuracy of the following predictions, but
here is a list of some effects we might expect in 2020.
(That is a very long wait. Is there a way to accelerate it? )
More Effective Pharmaceuticals
A virtually complete list of human gene products will give us a vast
repertoire of potential new drugs. From 500 or so drugs in 2000, at least
six times this number will have been identified, tested, and commercialized
in 2020. All will be manufactured by recombinant DNA
technology so they will be "reagent-grade pure," just as human insulin and
growth hormone are today.
Your medical record will include your complete genome as well as a
catalogue of single base-pair variations that can be
used to accurately predict your responses to certain drugs and
environmental substances. This will permit you to be treated as a
biochemical and genetic individual, thus making medical interventions more
specific, precise, and successful. In addition, the increased power of
medicine to predict susceptibility to specific diseases will allow you to
alter your lifestyle to reduce the likelihood of
developing such diseases or to be treated with preventive or
disease-delaying medicine.
Treatment failures occasionally happen today with drugs for hepatitis
C infections, antihypertensives, and certain anti-depressants (selective
serotonin reuptake inhibitors like Prozac). In the next 15 to 20 years, more
effective drugs will be developed, and doctors will test individual genetic
profiles against panels of drugs available for a specific condition and
choose the treatment with the greatest potential
benefit.
Today, some 100,000 people die each year from
adverse reactions to drugs, and millions of others must bear
uncomfortable or even dangerous side effects. We see such current examples
as heart-valve abnormalities from diet drugs, muscle damage from some
hormone-regulating drugs, and nervous system effects with certain types of
anti-depressant medications. As genes and other DNA sequences that influence
drug response are identified, we can expect the number of toxic responses to
drop dramatically and most side effects to be
eliminated.
Societal Implications
Another consequence of greater knowledge about individual variation is
more disturbing, and we may face some unpleasant consequences unless society
makes some hard choices. These considerations include
the likelihood that your medical information will be available to others not
in the medical profession--your insurer or employer, perhaps.
Employers may have a strong motive to learn about your risks of developing
certain conditions and to avoid hiring you or restrict the kinds of work you
may do.
Genetic Testing, Therapy
Although now plagued by technical difficulties, gene therapy for
single-gene diseases will be routine and successful in 20 years. Certain
aberrant disease-associated genes will be replaced with normally functioning
versions, and several hundred diseases will be curable. Neonatal genetic
testing for these treatable conditions will be routine.
Some of the mysteries of early embryonic development will be solved.
We should know the timing of expression of most, perhaps all, of the human
gene set. We may have learned how to direct differentiation so that a
desired cell type or even relatively "simple" organs and parts of more
complex organs can be grown for transplantation. In 2020, we will have made
substantial progress towards true "cloning" of certain organs, but many
difficult technical steps will remain before successful cloning of a heart
or liver.
As genetic testing using DNA sequence becomes more common, less
expensive, and more accurate, it will be used commonly and reliably in cases
of mistaken identity, false or misattributed paternity, and the
identification of missing persons. Misguided attempts to ascribe behavioral
tendencies to a person's genes will cause many problems, not least for the
courts that must resolve disputes when an individual's behavior and actions
conflict with laws. Should society (via the courts) interpret behavior as a
consequence of free will or as influenced by genetic constitution?
At what point does society mitigate responsibility or
punishment?
Understanding Life
On the brighter side, an inevitable consequence of the genome project
will be a much greater understanding of fundamental biology. Already, some
three dozen organisms (mostly one-celled microbes) have been completely
sequenced. The fruit fly, the latest organism to be sequenced, is being used
to model the essential features of human disorders such as Parkinson's,
making possible a powerful genetic approach to garnering knowledge about
diseases as well as to developing more effective treatments. In 2020,
perhaps 1000 complete genomes will be in hand. Besides furnishing insights
into evolution, this vast repertoire of new genes and their products can be
explored for their potential in solving challenging problems such as
environmental cleanup.
We will fitfully and slowly gain some insights into biological
complexity. In 2020, we will know how to build a functioning cell capable of
free-living existence. We will understand certain pathways used by this
simplest cell, but there still will be unanswered questions about it. We
will be virtually no closer than we are today to the mysteries of such true
"emergent" properties as intelligence in complex multicellular organisms.
Challenges
So the Human Genome Project will have vast and largely positive
impacts on people living in 2020. Of the various predictions noted above,
the last two are the most profound because the most powerful and momentous
impacts come from fundamental knowledge, usually in unforeseen ways. As this
astonishing treasure trove is introduced into society, we need to be alert
to challenges and misuses of the knowledge about ourselves. Society as a
whole, not just genome scientists, must address these considerations. It has
to be all of us. [Daniel Drell (DOE) and Anne Adamson (HGMIS)]
|
http://www.oreilly.com/catalog/dbnation/chapter/ch06.html
Database
Nation
The Death of Privacy in the 21st Century
By Simson Garfinkel
1st edition January 2000
1-56592-653-6, Order Number: 6536
320 pages, $24.95
As the 21st century dawns, advances in technology
endanger our privacy in ways never before imagined. Purchasing databases,
surveillance cameras, mobile phone tracking, wiretapping, misuse of medical
records and genetic testing--all put privacy, the most basic of our civil
rights, in grave peril. Database Nation, Simson Garfinkel's captivating
blend of journalism, storytelling, and futurism, is a call to arms. It will
frighten, entertain, and ultimately convince us that we must take action now
to protect our privacy and identity before it's too late.
Chapter 6
To Know Your Future
Most Americans consider their medical
records to be the most sensitive pieces of personal information that they
have. Medical records are beacons into our past. They reveal secrets about
families. They strip us naked, as if we had been prepped for surgery. They
remind us about things we would rather forget--and things that we don't want
others ever to discover.
Medical records are also windows into our
future. They are imperfect oracles, to be sure--a healthy person walking
across the street can be hit by a truck--but many
illnesses and medical conditions follow a predictable path. People
with untreated blockage of their coronary arteries tend to have heart
attacks; diabetics who can't control their blood sugar are apt to go blind;
people with untreated chronic depression are inclined to attempt suicide.
Genetic records can be even more revealing.
But medical records tell as much about the
temporarily healthy as they do about the chronically ill. In a world of
uncertainties, the precision that comes from knowing a healthy person's
weight, blood pressure, and cholesterol level conveys a feeling of
predictability. A doctor can't say for sure that you'll live to be 92, but a
statistician can tell you that your odds of doing so are 35%. Insurance
companies use this information to set rates. Businesses can use this
information to help decide who they should train and promote for positions
of responsibility.
No Bigger Gap
Medical records are also among the most
difficult kinds of personal information to protect. While the actual paper
or electronic files can be protected with locks or passwords, individual
facts from those records are easily revealed out of malice, for profit, or
even by accident.
A
doctor can be disciplined or lose his or her license for violating patient
confidentiality. Hospitals are required under the state's hospital
regulations to have a medical records department that "ensure[s] the
confidentiality of patient records". But few state or local laws criminalize
the unauthorized release of medical records themselves. A secretary or a
janitor who walks into the hospital's records room and faxes out the records
might be violating the hospital's rules, but they are rarely committing a
criminal act.
"Most people think it's illegal to release
medical records. They are unaware that no law exists," says Robert Ellis
Smith, publisher of The Privacy Journal.
As of 1995, 43 U.S. states lacked laws
criminalizing the release of medical records. Likewise, there is no federal
law criminalizing the improper release of medical records.
"Most patients would be surprised at the
number of organizations that receive information about their health record:
their provider, insurer, pharmacist, state public health
organizations--perhaps even their employer, life insurance company, or
marketing firms," says Paul D. Clayton, who chaired the National Research
Council's Committee on Healthcare Privacy and Security. "Sharing of
information within the healthcare industry is largely unregulated and
represents a significant concern to privacy advocates and patients alike
because it often occurs without a patient's consent or knowledge."
Once upon a time, medical records had a
very specific purpose: they provided a detailed record of a person's
encounters with the medical establishment so that future encounters might
have a higher chance of having a positive outcome. People had a vested
interest in making sure that their medical records were correct.
"A person's willingness to share
sensitive, often embarrassing information is dependent on being assured
confidentiality. It is the basis of trust in the relationship," says Nagel.
Recovery from many kinds of mental trauma and diseases requires that the
issues discussed during therapy remain secret. The U.S. Supreme Court
reached the same conclusion in the 1995 case Jaffe v.
Redmond. Nagel notes, when the Court ruled that conversations between
a patient and a licensed social worker or therapist, even one who does not
have a medical license, are nevertheless protected conversations about which
testimony cannot be compelled unless the judicial need for disclosure
clearly outweighs the patient's privacy interests. "Quality healthcare is
rooted in the imperative need for confidence and trust," and that trust must
not be lightly breached, the Court concluded.
Privacy Is Your Doctor's Responsibility
A placard on the wall of my local hospital
says "Please Respect Patient Confidentiality." And in a very important way,
this sign says it all. Hospitals and other medical facilities need to rely
on the ability of their employees to hold patient secrets. Doctors, nurses,
clerks, and even janitors all see highly charged information. A hospital
that tried to shield its employees from all sensitive patient information
would quickly cease to function.
Fortunately, in most cases, this trust
seems well placed. I have never met a doctor or a healthcare professional
who did not seriously undertake their responsibility for patient
confidentiality. Patient privacy is at the very core of the healthcare
profession. It goes all the way back to Ancient Greece and the Hippocratic
Oath, which says, in part: "All that may come to my knowledge in the
exercise of my profession or in daily commerce with men, which ought not to
be spread abroad, I will keep secret and will never reveal."
What complicates the confidentiality
process is the fact that between 50 and 75 people need access to a patient's
chart during a typical hospital visit. Keeping a secret requires everybody's
cooperation: revealing it requires just one bad apple. Many hospitals hire
temporary administrative workers who have little or no training in medical
ethics. Other healthcare facilities are actively downsizing, creating
employees who have a grudge against their employer.
Over the past 50 years, military
intelligence agencies and major corporations have developed techniques for
preventing the theft of confidential information and for tracing the sources
of leaks. People are given personalized copies of records. Photocopies are
logged. People have their bags searched upon entering or leaving a secure
facility. These techniques are simply impossible to implement in the
healthcare workplace. And for the most part, they are unnecessary.
Some
people take the reverse point of view. They think that the best way to
handle the morass of medical privacy is simply to eradicate it: unlock the
files and the databanks, and make everybody's medical records freely
available. David Brin, author of the Transparent
Society, is a big proponent of this viewpoint. I actually believed it
once myself; transparency has a simple elegance. I figured that everybody
has some sort of medical condition or problem: the best way to destigmatize
our diseases is to air them in public.
The problem with opening everybody's
medical records is that everybody has a different body. Some of those bodies
are diabetic. Some have asthma. Some have inherited genetic diseases. Some
have brains that are mildly schizophrenic, but controllable with medication.
And some bodies are genuinely healthy. Opening up everybody's medical
history to public scrutiny opens up people to all manner of discrimination
and personal attack, for which there are seldom workable remedies. One of
the purposes of privacy in society is to protect us from other social
problems that we have not yet eradicated.
Even if some futuristic and enlightened
society manages to respect and value the sick in ways that we can't today,
there is yet another overriding reason to abide by patient privacy. People
who have managed to master their own physical or mental ailments deserve to
go about their day-to-day lives without being constantly reminded of those
problems by well-wishers.
People deserve and require control over
their own medical matters and privacy for their medical records. Doctors and
nurses understand this. But the healthcare establishment increasingly
doesn't care.
The American public may feel otherwise.
According to the 1993 Harris-Equifax survey on healthcare privacy issues,
15% of those who had their medical confidentiality violated--representing
7.5 million people--said that it had been violated by insurance companies.
Forcing Physicians to Lie
Indeed, insurance companies obtain
information from a variety of sources, including the Disability Insurance
Record System (DIRS) and the Health Claims Index. And the fact that
insurance companies are lawfully allowed to deny consumers health or life
insurance because of preexisting conditions has put doctors under a
tremendous amount of pressure. On the one hand, doctors clearly have a
professional and legal requirement to keep accurate records on their
patients and submit truthful billing statements. On
the other hand, doctors know that if they are truthful in their diagnoses,
they might be creating notations in their patients' healthcare records that
will prevent the patient from getting insurance in the future. Even
without a written diagnosis, much of what insurance companies want to learn
can be gleaned automatically from billing codes.
"Insurance companies collect tremendous
amounts of information," says Dr. Peter Tarczy-Hornoch, who directs numerous
telemedicine projects at the University of Washington Medical Center. The
information is "not the really cool sexy information." Instead, it's things
like "What medical diseases did your grandmother have? Have you ever been
hospitalized with a drug or alcohol problem? Do you have a problem that is
expensive to take care of that you have previously taken care of? They are
not particularly concerned with accuracy. It's a screening process. Ninety
percent is good enough for a lot of this stuff."
Ninety percent is good enough for a
medical insurance company to figure out if it should try to sell you life
insurance, or if it should turn down your application. Ninety percent is
good enough to decide how far to hike your or your company's insurance rates
when it's time to renew. Ninety percent is good enough to systematically
exclude the people most likely to need health insurance in the first place.
And what if you happen to be one of the unlucky 10% who are denied insurance
or face higher premiums even though there is really nothing wrong with you?
Your best bet is to try another insurance company and
hope that your erroneous information hasn't been forwarded to MIB.
Faced with this dilemma,
some doctors have chosen to lie. Instead of putting
down a particular diagnosis or billing code, they use a code that has
a similar reimbursement rate but lacks the social stigma and long-term
insurance implications. For example, says Tarczy-Hornoch, a doctor might use
the billing code for "adjustment disorder" instead of "depression."
Medical professionals call these alternate
diagnoses surrogates. The practice has
questionable legality--it is a kind of fraud, after all--and there are no
good statistics regarding its prevalence. But it is clear that surrogates
create a kind of cat-and-mouse game between doctors and insurers, with
insurance companies constantly trying to figure out what surrogates are
currently in vogue, and with doctors trying to figure out new ones.
In
August 1996, President Clinton signed the Health Insurance Portability and
Accountability Act. Under this law, U.S. health insurance companies are
forbidden from excluding new employees from
their employer's group health insurance packages because of preexisting
conditions. But that is as far as the act goes. Insurance companies must
offer coverage for preexisting conditions, but they can do it at
astronomical rates. They can also choose not to renew an entire company's
health insurance package because one person joined the company who had an
expensive preexisting condition. This might not impact a company like IBM or
Exxon, but it can be a major factor for small businesses. The act covers
only employees who are changing from one employer's health insurance program
to another--it doesn't cover people who are self-employed, or those who have
to buy their own health insurance because they work at companies that don't
provide health insurance to their employees. Finally, the act says nothing
about life insurance, which has a long history of using medical records in a
discriminatory manner. After all, it's life insurance companies that created
MIB in the first place.
A Right to Your Self
As we move into the twenty-first century,
it is unthinkable that people would be denied access to their own medical
records. Indeed, 96% of Americans believe that the right to be able to
obtain a copy of their own medical record is important, and 84% believe it
is "very important." Yet for many Americans, no such right exists.
According to the
Privacy Journal compilation of state and
federal privacy laws, only 23 states give patients the right to view their
own medical histories (see the boxed list). Despite the laws,
however, even residents of these states sometimes find that their doctors
deny them access to copies of their records.
|
Arizona
California
Colorado
Connecticut
Florida
Georgia
Hawaii
Illinois
Indiana
Kansas (mental records only)
Louisiana (partial access)
Maryland (partial access)
Massachusetts
Nevada
New York
Ohio (law applies only to hospitals)
Oregon (law only encourages open access)
Rhode Island
Tennessee (law applies only to hospitals)
Utah (records provided to patient's attorney, not to patient)
Virginia
Wisconsin |
According to the 1993 Harris-Equifax
survey, most Americans (87%) believe that they "know everything" or "have a
general idea, but don't know in detail" what's in their medical records. And
approximately one in four Americans have asked to see the contents of their
medical records. When they've asked to see it, 92% were able to get a copy.
Of those who were denied this fundamental right, 31% were told that the
medical record couldn't be located; 25%, representing four million
Americans, were simply denied the request, with no reason given.
Denying people access to their own medical
records is fundamentally wrong. Twenty-five years ago, the drafters of the
Code of Fair Information Practices realized that there must be no records
kept on a person that the person cannot inspect and correct. It is
astonishing that, even in countries with progressive privacy protection,
this practice continues.
Ironically, increased access to a
patient's own records is one of the benefits of the lack of medical records
privacy today. With physicians so willing to send medical records to
insurance companies and to other doctors, it's all but impossible to keep
these records out of the hands of a determined patient. In fact, the
combination of patient rights movements, increased health insurance
portability, and the trend toward self-employment will all likely result in
giving people increased access to their own medical records in the coming
years.
The ultimate goal of the
computerization process is medicine's equivalent of the paperless
office--the computerized patient record. This
record will contain the patient's full medical history, from conception,
including immunizations, meetings with doctors, childhood diseases, and
results from annual physicals. The record will include payment information,
reminders for future checkups, and notes. X-rays will be digitized and
stored in the record, as will laboratory test results.
Part of the push for computerized patient
records comes from the need to handle increasing amounts of information more
efficiently. Many hospitals are legally forbidden to throw out patient
records. As a result, they spend millions storing paper records in
warehouses. This same information can be digitized and
stored in just a few cubic feet using modern data storage techniques.
The savings of storage space, combined with decreased
costs for film and processing, is one of the primary reasons why hospitals
are turning to digital X-ray systems.
Moving to a
computerized patient record poses tremendous technical challenges.
When you first walk into a doctor's examination room, a nurse or medical
assistant writes down your blood pressure and pulse. How does this
information get into the computer? Likewise, how do the doctor's notes get
digitized? When the doctor wants to order medical tests or X-rays, they're
usually written down on a piece of paper--it's faster than typing them into
a computer. When you go down to the lab, there's more paper still.
Advancing technology, combined with new
business practices, is overcoming many of these problems. For example, at
one hospital I visited in Seattle, doctors are now dictating their notes
into tape recorders. The doctor's voice is then
transmitted electronically to India, where labor is cheap and English is
widely spoken. There, skilled transcribers listen to the doctor's
voice and type the notes into computers. The text is
then sent back over a computer network.
The Japanese film company Fuji, meanwhile,
has developed an electronic plate that is sensitive to X-rays. This plate
can be used with conventional X-ray equipment to directly digitize an X-ray
and send it into a computer. Although the plate costs nearly a thousand
dollars, it is reusable--saving substantial money in film. And once the
X-rays are digitized, they can be stored on magnetic tape for a fraction of
the cost of a climate-controlled warehouse.
One of the factors
contributing to the rise in the cost of medical care is the large number of
repeated medical tests. Tests are repeated because the results get
lost, or because a patient transfers to another institution without all of
his or her records. The 1997 Kennedy-Kassebaum healthcare portability
legislation tried to solve the problem of repeated tests by forcing
healthcare providers to adopt a universal healthcare
identification number. The idea of the legislation was simple: if all
hospitals and doctors offices used the same identification number, then test
results would be less likely to get lost. The legislation justified the
adoption on the grounds of "administrative simplification." However,
implementation has temporarily been halted by Congress, largely as the
result of objections by privacy groups.
Once the medical record is computerized,
the information can be put to many new uses. One simple technique is to have
the computer scan its records each time a patient shows up, and print a
little reminder if there is some routine test that's overdue. The reminders
can make sure that women get Pap smears and mammograms; they can encourage
parents to have their children tested for lead; they can even prompt adults
to be checked regularly for high blood pressure and cholesterol. The
reminders are written in English and printed on the patient's chart. When
the patient shows up with a complaint or for a routine checkup, the doctor
sees the reminder and, during the visit, performs or schedules the needed
procedure.
When Dr. Harold Goldberg, a specialist in
medical informatics at the University of
Washington, first proposed the idea of reminders to his fellow physicians,
they sneered--the physicians said that they had been trained to remember
which patients needed what procedures. But when the program was implemented,
something miraculous happened: the rate at which patients got their
necessary tests skyrocketed.
Computerized Patient Records:
The Threat
Physicians are less sanguine about the
potential threat to privacy that computerized patient records will bring.
According to the Harris-Equifax 1993 survey, 74% of physicians thought that
computerized systems were "almost certain to weaken" medical
confidentiality, compared to 26% who thought that computers "could be
managed to strengthen confidentiality."
The problem is the inherent difference
between the physical and the electronic. Paper records are physical. Paper
records can only exist in one place at one time. And while paper records can
be faxed all over town, a person must be physically holding the records in
order to do so.
The principal advantage of electronic
records is that they are easy to manipulate, but this ease cuts both ways.
With electronic laboratory records, it's unlikely that the results of a
patient's last blood test will be lost. That's good for patients--especially
patients who don't like getting stuck with needles. But computerized record
systems make it equally likely that a curious nurse or intern might walk up
to an unattended terminal, type in a name, and see the results of that
person's test. And since that same computerized file can be accessed at
hundreds of terminals throughout a hospital at the same time, controls are
all the more difficult.
In its 1997 report on medical records
privacy issues, the National Research Council identified the following five
"threat levels" for information stored in healthcare computers:
- Insiders who
make "innocent" mistakes and cause accidental disclosures of confidential
information. This could be as simple as a lab
sending a fax to a wrong phone number, or a nurse pulling up one patient's
medical records instead of another.
- Insiders who
abuse their record access privileges. Browsing
seems to be a problem with many electronic record systems. The Internal
Revenue Service, for example, has had persistent problems with curious
employees looking through the tax records to which they have access. It's
unreasonable to think that hospitals will somehow avoid this affliction.
- Insiders who
knowingly access information for spite or for profit.During
the 1992 Democratic primaries, a pathologist I know at Beth Israel
Hospital in Boston was contacted by a member of the press who wanted
access to candidate Paul Tsongas's medical records. The reporter offered
good money, and a less ethical pathologist could easily have retrieved the
file without leaving a trace.
- An
unauthorized physical intruder who gains access to information.
Many hospitals rely on physical security to protect
information stored inside a computer: the terminals are put in a special
room or behind a desk to which only authorized personnel are supposed to
have access. But hospitals are not as secure as hospital administrators
would like the public to believe. If that journalist had simply put on a
white lab coat and a fake badge, he could probably have retrieved
Tsongas's medical records unassisted.
- Vengeful
employees and outsiders, such as vindictive patients or intruders, who
mount attacks to access unauthorized information, damage systems, and
disrupt operations. A doctor who practices at
an HMO recently told me of a problem that her group has been having: an
employee--they think they know who--has been accessing the HMO's
scheduling computer and deleting patient appointments. The scheduling desk
then thinks the appointment slot is free, and two or three patients show
up at the same time.
There are a variety of techniques that can
be used to minimize the threats of unauthorized access. At Beth Israel
Hospital in Boston, for instance, certain patient files are marked as "VIP."
When these files are accessed for any purpose, the name of the person making
the access is logged; a human has the duty of auditing the log files on a
regular basis to make sure that all of the accesses were legitimate.
Just who should be a VIP? Currently, the
hospital marks files as VIP if there is some reason that employees at the
hospital might be curious about the person's records. Celebrities and
political figures are obvious candidates. But hospital employees and their
families also get VIP status, in order to cut down on inquiries from nosy
(or well-meaning) coworkers. Ideally, anybody who wants the VIP label should
get it. In practice, Beth Israel does not notify patients that they have
this right.
Some computer professionals suggest that
encryption can be used to create a simple solution for the problems caused
by computerized patient records. Give everyone a copy of their medical
history that they can carry around on a smart card. Store a copy of the
medical record someplace else, to guard against the theft of the card, and
encrypt that backup so no one can access it without authorization.
But doctors are worried about such
cryptography-driven technological fixes. They fear
that in an emergency, it might become impossible to decode or even locate a
person's medical history. Most people, they argue, are not willing to
die for the right to their privacy.
Other Threats
Computerization creates other privacy
risks that are only now becoming apparent. Take the case of those dictation
services in India. What if an employee of the Indian transcription firm
recognized the name of one of the people whose medical charts were being
transcribed and decided to sell this information to an American tabloid
newspaper? Even assuming that the leak could be traced back to that
employee, it is hard to imagine how the employee could be adequately
punished.
But computerization also opens up the
possibility for improved patient confidentiality. The person in India
doesn't need to know the true name of the individual whose medical records
are being transcribed--a code number would work just
fine. And instead of making that code number the patient's Social
Security number, make it a case number, or the time of day the patient was
seen, or some other kind of code generated by the admitting hospital. The
records being transcribed could essentially be anonymous--at least from the
point of view of the person in India.
The ability of computers to shield
identity and hide information is perhaps one of the reasons that a slim
majority (53%) of hospital CEOs think that computers
will actually strengthen patient confidentiality. Among insurance
company CEOs, the majority is even higher--61%, compared with 35% who think
computers will harm confidentiality.
Why the disparity between the CEOs and the
doctors? Probably because the CEOs know what is possible with information
technology, but doctors see the way it's actually being implemented. And
doctors know that any technology that makes it harder for people in a
hospital to access medical information could cost some patient his or her
life in an emergency. Even simple anonymizing codes increase the chances
that two patients' records will be confused--with potentially disastrous
results. Would you want to be treated in an emergency room where the
computer forces people to type usernames and passwords before ordering a
test?
When the University of Washington Medical
Center installed its medical record system, the information technology
managers gave each physician and nurse his or her own username and password.
The system was designed to make people accountable for the files they saw by
logging every access. The system even had a timeout feature, so that if
somebody left a terminal while still logged on and walked away, that person
would be automatically logged out. But a month later, a scan through the log
files revealed that the only person using the system on a particular ward
was the chief resident. A walk up to the terminal revealed why: the chief
resident's username and password had been written on a sticker and pasted to
the terminal, so when the chief resident was logged out, any nurse or doctor
who happened to be standing near the terminal could log the chief resident
back in.
Today, we can easily imagine a better
solution to the problem of auditing access to medical records at places like
this medical center. First, make sure the terminals are placed in secure
locations, so only authorized individuals can access a patient's medical
record. Then place a small video camera on top of each terminal, so when
each access is made, the image of the person making the access is recorded.
Currently, such videotaping systems are purely hypothetical.
Rethinking Medical Care
and Medical Insurance
Most Americans consider their medical
records to be the most sensitive pieces of personal information they have.
But for HMOs and insurance companies, medical records are merely scoreboards
for an elaborate game of musical chairs. Insurance companies know that if
they wait long enough, there's a good chance that any given patient will
soon be covered by another insurance company--because that person (or their
company) switched carriers, because they lost their job, or because they
turned 65 and are now covered by Medicare--the United States' socialized
medical insurance program for the elderly. Insurance companies that have a
high churn rate actually have an incentive to avoid offering preventive care
and to close their eyes during the early, cheaper stages of most
diseases--hoping that by the time the disease progresses, the patient will
be somebody else's financial responsibility.
When they are taking on new contracts,
insurance company underwriters use medical records the way a bookmaker uses
a sports lineup--as rate cards for calculating odds. Underwriting, in fact,
is the real devil of health and life insurance. Fundamentally, the
underwriting process weighs the premiums paid by the insured and the profits
on that revenue against the chance of a possible payout. It's an inexact
science, but one that is getting increasingly more accurate as insurance
companies consider more and more pieces of information. And there are few
limits on what kind of information can be considered. Today, an insurance
company might think that a person who has high blood pressure or high
cholesterol is a bad risk and needs to be charged a correspondingly higher
monthly premium; tomorrow, the insurance company might adjust your premiums
on a month-by-month basis depending on how many pizzas you are eating.
A great many of the abuses mentioned in
this chapter could be solved by fundamentally changing the way that medical
care is paid for in the United States. Instead of tying health insurance to
employment (a policy that dates to the wage and price controls of the
1940s), health insurance could be based on residency and citizenship. The
simplest, easiest way to end discrimination in health insurance would be to
adopt universal, state-sponsored health insurance. Doing so, however, is
politically impossible given the size and wealth of the nation's health
insurance industry--an industry that makes its money by gambling on the
lives of the healthy and the diseases of the sick.
In the absence of a systemwide redesign,
consumers are best protected by the combination of transparency and
regulation--transparency of insurance industry
practices to prevent the most egregious antiprivacy cases, and
regulation to protect consumers in their
day-to-day interactions with the medical establishment. Without a policy
turnaround, things will only get worse. |
