| BUSINESSWEEK ONLINE : DECEMBER 11, 2000 ISSUE | ||||||||
| ||||||||
 | ||||||||
| BUSINESS WEEK E.BIZ -- SPECIAL REPORT
Commentary: Who's Prying Now? Hospitals and Web sites sell health records online--compromising patient privacy When Jamie Smith was admitted to Brigham & Women's Hospital in Boston in 1993 for a rare ectopic pregnancy disorder, she discovered that about a half-dozen hospital workers had reviewed her records without her permission. So just before Smith left the hospital, she requested in writing that her records remain confidential. As a precaution, she also requested that the hospital maintain an audit trail of her file, so that she could track who accessed it over time. Smith says she forgot about the incident until last spring, when she was thinking about applying for new insurance. She then asked the hospital if she could see her records and the accompanying audit trail--and was shocked by what she found. Since she demanded confidentiality seven years ago, more than 200 people--including medical insurers--had requested and received access to her documents without her permission. ''Why were all these people accessing my file if I expressly denied them the permission to do so?'' Smith asks. Hospital spokespeople declined to comment on Smith's case, citing confidentiality. As health care goes digital, even the best hospitals face increased pressure to profit off of patient health data. In some cases, they may sell it to marketers, or position it as a key asset as they negotiate mergers or partnerships. Whichever route hospitals choose, they will place the privacy of all their patients at risk, and that's particularly troublesome because at one point or another, everyone is a patient. Hospitals are simply the most visible offenders. Consider what passes for medical ethics on the Web. In a recent study of 21 prominent health sites, Janlori Goldman, director of the Health Privacy Project at Georgetown University in Washington, D.C., found that 19 had privacy policies. Of those, 15 notified consumers about when and how their information was collected--but ''mostly in language that was hard to find on the site, and confusing,'' Goldman says. ''And none of [these] sites actually did all of what their privacy policies promised.'' The public is not pleased. In a survey released on Nov. 26 by the Washington-based Pew Internet & American Life Project, 86% of Net users expressed concern that a health-related Web site might sell or pass on information about what they did online. Eighty-two percent were concerned that insurance companies might raise their rates or deny them coverage because of a health site they visited, and 51% worried about their employer finding out. These are not idle fears. The past year alone produced a parade of embarrassing privacy breaches. Global HealthTrax, which sells health products online, inadvertently posted the names, home phone numbers, bank accounts, and credit card information of thousands of customers on its Web site. Kaiser Permanente mistakenly directed e-mail responses to the queries of almost 900 members to the wrong people. And the University of Michigan accidentally made thousands of patient records available to the public on its Medical Centers Web site. Privacy clauses in a new set of federal medical regulations known as the Health Insurance Portability & Accountability Act of 1996 (HIPAA) may address some concerns. But HIPAA is no privacy panacea. The regulations, which should become law in two years, may not cover patients whose care providers submit paper claims, or who choose to pay out of pocket. And patients will no longer be able to choose who will--or who will not--be allowed to see their medical records. Worse, says Goldman, HIPAA ''may create the illusion of legal protection where none exists.'' The term health privacy doesn't have to be an oxymoron. We need to strengthen the laws that cover offline and online data to include medical Web sites. There must be severe legal consequences for the people who ignore those laws. Anything short of this will endanger the privacy of all Americans. Just ask Jamie Smith. By MARCIA STEPANEK Stepanek covers privacy issues _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ BACK TO TOP |
|  |
 | |
 e.biz Contents for Dec. 11, 2000 issue INTERACT E-Mail to Business Week Online | |||
|
Copyright 2000-2008, by The McGraw-Hill Companies Inc. All rights reserved.
Terms of Use Privacy Notice  |