How Much Are Your Secrets Worth?

Earlier this year, a Los AngelesTimes editorial entitled “Medical Privacy Cannot Wait” warned that “Americans might be surprised to learn that there are no comprehensive federal laws protecting the privacy of health records. Video store owners are barred from disclosing our rental histories and cable companies cannot divulge our channel choices but nothing prevents medical record keepers from selling our most intimate medical information without our consent. It's estimated that HMOs, drug companies and hospitals spend up to $15 billion a year on technology to acquire and exchange medical information about, say, our blood pressure and psychiatric medications.”

In that May 10 editorial, the L.A.Times further warned that “a recent survey by the California HealthCare Foundation found that one in seven adults, in an effort to prevent violations of the legitimate zone of privacy, had lied to a doctor or withheld information concerning his or her medical history. Survey respondents worried, for instance, that employers or insurance companies would find out about a debilitating condition and then deny them insurance or a job.”

I know how this happens from personal experience. Nearly 25 years ago, when I applied for a job as a medical transcriptionist with one of California’s largest HMOs (Kaiser), I was denied employment because I had a pre-existing medical condition: hypertension. Another hospital with a different employee benefits package was willing to hire me providing I sought treatment from one of the physicians on its staff. But if Americans can be denied access to employment and/or healthcare because of pre-existing medical conditions, then insurance companies and HMOs essentially have the power to create a class of “unemployables.” By not writing policies for such people – or refusing to insure them – they take fewer risks, thus allowing them to deliver higher dividends to shareholders.

If, earlier this year, you were unnerved by the revelation that Chinese spies had infiltrated America’s defense laboratories – and had been stealing nuclear secrets for the past twenty years – then perhaps it’s time to think about corporate espionage and wonder what the healthcare industry might have to offer private investigators. The sad truth is that no amount of corporate assurance that hospital data is protected by electronic firewalls and/or encrypted files is going to protect patient confidentiality if someone’s integrity can be compromised with money.

If you’re even the slightest bit unclear about how favors, bribery and corporate espionage are handled in the business world, rent a copy of Warren Beatty’s brilliant political satire: Bulworth. Alas, too many Americans are painfully naive. On March 1, 1979,when Stephen Sondheim’s Sweeney Todd premiered on Broadway, audiences were horrified, titillated and eventually forced to take delight in the frenzy with which a demented barber sought revenge on society by slitting the throats of innocent men and using their remains as the stuffing for his partner’s tasty meat pies. To Nellie Lovett’s amoral way of thinking, the bottom line was pure and simple:

“Seems an awful waste....
Such a nice plump frame
Wot’s-his-name
Has...
Had...
Has...
Nor it can’t be traced.
Business needs a lift –
Debts to be erased –
Think of it as thrift,
As a gift.....
If you get my drift....
No?
Seems an awful waste.
I mean,
With the price of meat what it is.
When you get it,
If you get it....
Good, you got it!”

Sweeney Todd and Mrs. Lovett had no problem agreeing on two things:

• These are desperate times and desperate measures must be taken.

• Everybody goes down well with beer.

Just like someone who invests in Microsoft or AOL, investors in publicly-traded hospitals, HMOs and medical transcription services want to make money. At some point corporate greed is bound to overrun America’s healthcare system and trample a patient’s right to confidentiality in the pursuit of increased profits. Don’t forget that, in 1997, three executives of Columbia/HCA Healthcare Corp were indicted by a federal grand jury on charges of conspiring to overbill Medicare and Medicaid by more than $1.7 million.

The recently published Book of Horrible Questions offers a series of gruesome situations to test the extent of one’s morality -- or lack thereof – in determining how much money it would take to tempt you to betray a friend, a relative, or a total stranger. A shining example of what someone might do for $10 million? “Push the red button in front of you and 100 random people under age 30 from around the world will die of natural causes. You are guaranteed not to know any of the people or ever hear about their deaths.”

Would you do it for $10? Of course not. But with a family to feed, a mortgage, car payments and a huge amount of debt ruining your life, would you do it for $10 million? Hmmm. If you think you are beyond corruption, just recall what some so-called pillars of the community have done for money:

• According to Associated Press, Delores Hill (a principal at the Tabernacle Church of God Elementary School in Brooklyn, NY) -- who was known for her good works and tough words about drug abuse -- was charged with running a narcotics ring where she allegedly sold $25 bags of cocaine to an undercover policewoman on school grounds. School nurse Patricia Kersey was charged with participating in two drug sales.

• On March 31, 1999, the Reverend Henry Lyons (former President of the National Baptist Convention USA) was sentenced to 5-1/2 years in prison after swindling nearly $4 million (including nearly $250,000 that had been collected from the Anti-Defamation League of B’nai Brith to help rebuild black churches that had been burned to the ground in the South).

• And who can forget the sight of a phalanx of lawyers and tobacco company executives testifying before Congress that their companies had no knowledge that nicotine was addictive or that smoking could lead to cancer!

Should anyone be questioning authority? Or should we merely accept the fact that some people talk out of both sides of their mouths. And that anyone can be had for the right price.

In a society driven by tabloid journalism -- where people will pay big money for celebrity secrets – how long do you think it will take before the tabloids get access to a celebrity’s medical records? If you think such issues can’t affect medical institutions, ask Mary Poppins.

On June 1, actress Julie Andrews announced plans to file a defamation lawsuit against unnamed publications. What prompted her lawsuit? After the actress (who was depressed over both the loss of her famous singing voice and the death of her aunt) sought grief counseling, the Globe ran an article saying that Andrews had checked into the Sierra Tucson Center in Arizona to battle a drug addiction. How did the Globe get that information? From someone inside a medical facility?

Regardless of the source, what price do you think a tabloid would pay for proof that some very bankable male film star -- whose movies are guaranteed to send millions flocking to theaters -- had been treated for condyloma acuminatum (anal warts)?

Think back to the sample quoted from The Book of Horrible Questions and ask yourself how much it would cost an insurance company to acquire data that could generate larger profit margins. Don’t forget that the price goes down dramatically when you’re dealing with sources in Third World nations because it won’t require $10 million to get the desired information.

Since there is a limited pool of celebrities (and an infinitely larger population of average people with diseases), the challenge for those of us processing medical records is to remain on the lookout for chinks in the armor of America’s healthcare system which could compromise the confidentiality of a patient’s medical records in such a way as to ruin someone’s life.

Prior to last April’s tragic massacre at Columbine High School, students in Littleton, Colorado had alerted police about the behavior of the two young men who went on a shooting rampage. Sadly, nothing was done. No action was taken by the police to investigate.

While some MTSOs think all that is necessary is to find a proper business model for sending dictation overseas, I see the issue as a political hot potato with frightening social and legal ramifications. When I discussed this with my primary physician (whose practice has a high percentage of patients with HIV) he was appalled at the mere thought that any portion of his patients’ medical records could be going overseas. Stressing that if he didn’t know about offshore transcription, most doctors probably wouldn’t know about it, my physician surmised that most doctors would be extremely unhappy to learn about this phenomenon and encouraged me to “enlighten” our local medical society about what is happening in the medical transcription industry.

And what about a patient’s supposed bill of rights? When I mentioned my concerns about offshore transcription to San Francisco Supervisor Leslie Katz and California State Senator Jackie Speier (who is trying to make HMOs accountable to a government agency with more bite than California’s Department of Corporations) they were horrified by what might happen. Even as Congress debates privacy legislation that could impact members of AHIMA, AAMT and MTIA, the electronic barn door remains wide open for confidential medical data that has been sent overseas to fall victim to corporate espionage.

The greed, gullibility and blind faith in technology which allows some business owners to send confidential patient information overseas is especially appalling in light of the testimony of Retired Admiral David Jeremiah. Speaking before Congress after the CIA was caught off guard when India began nuclear testing, he stated that the agency “did not take risks with its analysis but instead stayed with old patterns of thinking about how India would behave. We should have been more aggressive in thinking through how the other guy thought.”

Suppose someone succeeds in purchasing confidential medical information from an offshore transcription firm that might just be warehousing data parsed from the reports it has transcribed. Where does the liability fall? Three business models quickly come to mind:

• An American transcription service which has an offshore office that receives dictation via the Internet or satellite technology (a class action lawsuit could easily be filed against the company so that the plaintiffs could go after a corporation’s “deep pockets”).

• An American transcription service which has agreed to “partner” with an offshore transcription service (the American transcription service would probably take the legal hit as the business entity which subcontracted work to a foreign firm).

• An offshore transcription service which contracted directly with American hospitals and clinics (although the foreign company might not be able to be held accountable under American law, the clinic or hospital that sent its dictation offshore could easily become a target for a class action lawsuit).

Liability issues can take a long time to resolve in a court of law. But for the patient who becomes unemployable – or loses access to healthcare – the results can be devastating. Take a hard look at the next homeless person you see and ask how that person became homeless. Lack of work? Inability to find work? Inability to gain employment because of a pre-existing medical condition? Inability to pay for medications or have access to healthcare?

Then ask yourself how you would feel if you knew that homeless person. Or if someone in your circle of friends and family had fallen through the cracks in America’s healthcare system because data contained in that person’s medical record – whose confidentiality should have been protected by American law – had been compromised through the sale of classified information overseas.

Not a pretty picture? Then perhaps it’s time for a rude reality check. Business people tell lies all the time. Lots of people will lie to you. It’s only when someone gets caught that things can really get ugly. It’s time to determine whether your hospital administration and local medical society believe in protecting the confidentiality of their patients’ medical records or if they are merely giving lip service to the concept. If they won’t take a stand on this issue, here’s what you can look forward to:

Imagine the sight of your hospital administrator, risk manager or the CEO of a chain of 200 American hospitals testifying in court (or before Congress) that an unfortunate breach of confidentiality -- which compromised the future welfare of untold numbers of patients – happened because of a software glitch. Or because proper procedures to protect the confidentiality of a patient’s medical records were not followed.

As a health information management professional whose job involves protecting the confidentiality and integrity of patient documentation, how will you feel when listening to someone say “No one told us this could happen!” You’ll probably feel the same way you did while watching an angry President Clinton wave his finger at the camera, stating that “I did not have sexual relations with that woman, Ms. Lewinsky.”

If corporate doublespeak is not to your liking, think about the conspiracy theories that drive the writers who create the “X-Files.”