|
|
|||
|
|||
|
|
Medical 'Privacy' Rules Advance a National ID Charlotte TwightEditor’s note: This is part two of an article on how federal regulations that purportedly protect medical privacy have in fact done the opposite. Part one: Medical 'Privacy' Regulations Destroy Privacy. Why should ordinary people bother to read the medical privacy rules anyway? Media and government sources continue to assert the benign nature of the new regulations, which are said to promise cost savings through database standardization along with protection of people’s medical privacy. Why be concerned? One reason for concern is that recent HHS regulations have created an architecture for the standardization of our medical records that facilitates their integration into comprehensive medical portraits of individuals. Carrying out its HIPAA mandate, HHS in August 2000 published a final rule titled "Standards for Electronic Transactions” (hereafter, the "transactions rule”), a regulatory package that specifies uniform nationwide formats and codes for electronic medical records (U.S. Dept. of HHS HCFA 2000). Although data formats and codes may sound boring and technical, they lie at the heart of the federal government’s current quest to acquire centralized medical data about us. Intended to standardize most electronic medical records nationwide, the transactions rule makes it much easier to transmit and combine medical information about an individual from diverse sources. Calling it the "most dangerous aspect of the new regulations,” Rep. Ron Paul, R-Texas, a physician, stated:
All health care providers, including private physicians, insurance companies, and HMOs, will be forced to use a standard data format for patient records. Once standardized information is entered into a networked government database, it will be virtually impossible to prevent widespread dissemination of that information. . . . The truth is that a centralized database will make it far easier for both government agencies and private companies to access your health records. (Paul 2001) Even Shalala Noted the Danger Even Clinton HHS Secretary Donna Shalala acknowledged the threat to privacy created by the transactions rule, stressing the importance of adopting privacy rules to offset it. HHS stated, "If the privacy standards are substantially delayed, or if Congress fails to adopt comprehensive and effective privacy standards that supercede [sic] the standards we are developing, we would seriously consider suspending the application of the transaction standards or taking action to withdraw this rule” (U.S. Dept. of HHS HCFA 2000, 50365; my emphasis). How often does one encounter a federal agency that, having just created a regulation, immediately expresses a willingness to suspend it? A close reading of the transactions rule clarifies the reasons for these extraordinary expressions of concern. The transactions rule mandates nationwide use of specific, standardized code sets for recording medical information (data elements) applicable to "standard transactions.” The eight identified standard transactions are:
These categories are broadly defined. "Health care claims or equivalent encounter information,” for example, include not only actual reimbursement claims but also, in the absence of any direct claim, "the transmission of encounter information for the purpose of reporting health care” (U.S. Dept. of HHS HCFA 2000, 50370, §162.1101b). Be Careful What You Tell Your Doctor In other words, even without a claim for reimbursement, reports of personal conversations with our physicians — deemed by the federal government to be "encounter information” — are to be treated as valid input to the ever-growing medical databases. With such a broad interpretation of the key terms, what medical transaction would not fit into at least one of the listed categories? Records of these standard transactions must conform to the uniform data elements and code sets mandated by the new regulations. Data elements denote categories of information to be reported, and code sets establish the specific codes to be used to "fill in” a data element. Thus, the code sets establish uniform codes for items such as specific diseases, injuries, impairments, diagnoses, treatment, drugs, physician services, radiologic procedures, clinical laboratory tests, and so on (U.S. Dept. of HHS HCFA 2000, 50370, §162.1002). For example, a health care claim transaction document might contain, as one of its data elements, the attending physician’s "diag-nosis.” The diagnosis data element would then be filled in using one of the uniform codes covering the full range of potential diagnoses. All covered entities — health plans, health care clearinghouses, and every health care provider "who transmits any health information in electronic form” — must use the standardized codes and data elements (U.S. Dept. of HHS HCFA 2000, 50365, §160.103). Even Birth Control and Menstruation Are Coded The number and detail of these codes and elements are astonishing. Not counting the actual codes, the basic data elements to which the codes pertain fill 11 pages, three columns per page (U.S. Dept. of HHS HCFA 1998a, 25310). These data elements include such things as patient Social Security number, claim submission and reason code, condition codes, diagnosis code, date of last menstrual period, mammography-certification number, family-planning indicator, patient primary identifier, subscriber current weight, subscriber previous weight, reason for last visit, occupation code, prognosis code, service-type code, surgical-procedure code, and hundreds of additional items of intensely personal information. Unique identifiers for employers, providers, and patients are also required for the standard transactions. HHS has proposed as the "national standard employer identifier” the employer identification number (EIN )— that is, the employer’s "taxpayer identifying number” — stating that "each health care provider must use the national employer identifier whenever required on all transactions the health care provider transmits electronically” and that health plans and health care clearinghouses must use the EIN whenever required as a data element on standard transactions (U.S. Dept. of HHS HCFA 1998b, 32798). Another proposed HHS rule would require health plans, health care clearinghouses, and health care providers to use as their unique identifiers the "national provider identifier” supported by the Health Care Financing Administration (HCFA), consisting of "an 8-position alphanumeric identifier, which includes as the eighth position a check digit” (U.S. Dept. of HHS HCFA 1998c, 25356). This proposed rule would require each health care provider to "obtain, by application if necessary, a national provider identifier,” ordering all covered entities to supply and use national provider identifiers for all standard transactions. National ID More contentious are the HIPAA-mandated unique health identifiers for every American. Many people recoiled in 1998 when HHS issued a "White Paper” describing the alternate forms that the unique identifier might take, including biometric identifiers such as retinal-pattern analysis, iris scans, and voice-pattern analysis, among other candidate identifiers (U.S. Dept. of HHS 1998, sec. IIIC; Twight 1999, 182–84). When Congress later postponed implementation of the identifiers on a year-by-year basis,2 privacy advocates expressed hope that eventual congressional repeal of the mandate for unique health identifiers might yet protect our medical privacy. It is a vain hope. Even if Congress, bowing to political pressure by privacy groups, "permanently” prohibited creation of new identifiers, our medical records would still carry a unique health identifier: namely, the Social Security number (SSN) that health care providers for years have demanded and used to identify our records. HHS itself listed the SSN as a candidate identifier, citing its status as "the current de facto identifier” as an advantage of its use. With or without new identifiers, medical privacy thus remains in jeopardy. Either way, the HIPAA-envisioned system of standardized, widely shared personal medical information will proceed unimpeded. Ironically, repeal of the new identifier requirement, though not negating the threat to medical privacy, might even encourage public acquiescence to the emerging federal health information system. Whatever the chosen patient identifier, with our detailed medical histories transcribed into standard transactions and formatted with standard data elements and uniform codes as the new regulations require, a treasure trove of personal information about each of us will exist in an easily manipulable and transferable form. The proffered shield against devastating abuse of this information is the HHS final rule, "Standards for Privacy of Individually Identifiable Health Information,” which took effect April 14, 2001 (U.S. Dept. of HHS OPE 2000). Do these privacy standards create an effective shield, or are they instead a sieve through which individually identifiable health information can readily pass?
Next: Media whitewash the anti-privacy regulations.
Footnote
This article is adapted with permission of the publisher from the article "Health and Human Services 'Privacy' Standards: The Coming Destruction of Medical Privacy," by Charlotte Twight, in The Independent Review: A Journal of Political Economy (Spring 2002, vol. VI, no. 4, p. 485-511). © Copyright 2002, The Independent Institute, 100 Swan Way, Oakland, Calif. 94621-1428; http://www.independent.org. Charlotte Twight is a professor of economics at Boise State University.
Read more on this subject in related Hot Topics:
A product that might interest you: |
|
|||||||||||||||||
|
|||||||||||||||||||
|
| All Rights Reserved © 2009 NewsMax.Com |