Tuesday, September 18, 2007

Of Cows and Confidentiality

In February 1995, a 13-year-old girl (whose mother worked in a hospital admissions office in Jacksonville, Florida) accessed the records of several patients who had recently been admitted to the hospital. As a practical joke, the teenager called the patients’ families and informed them that those patients had tested positive for the HIV virus. Other than malicious whimsey, the teenager had no incentive to breach the confidentiality of a patient’s medical records. But after being told that she was HIV positive and had had a positive pregnancy test, one of the victims of this teenager’s prank attempted suicide.

If you’re a risk manager or statistician, you might be able to dismiss what happened in Jacksonville as an isolated incident where the system didn’t work. If you’re a hospital’s legal counsel, you understand that a significant cost is attached to the loss of patient confidentiality. If you belong to one of the families victimized by the teenager’s prank, there may be no adequate compensation for the psychological damage suffered by you and your loved ones.

Confidentiality of medical records remains intact within the United States for three reasons:


  • The honor system works because people in the health information management industry have been trained to regard confidentiality as a sacred cow.

  • We live in an extremely litigious society where there could be a high legal cost accompanied by punitive damages for breaching confidentiality.

  • There is no financial incentive for someone to release the data contained in a patient’s medical record.

That safety net may soon vanish in a way that would jeopardize confidentiality so dramatically that millions of Americans could be at risk.

During the 1992 Presidential election, Ross Perot described the result of the NAFTA trade agreement as “a giant sucking sound taking business south of the border.” Six years later, a series of advances in telecommunications technology has relocated that giant sucking sound to Cyberspace as offshore businesses attempt to get transcription contracts from American hospitals, HMOs and MTSOs (medical transcription service owners). E-mail inquiries from firms in Pakistan, India, Bangladesh, and the Philippines arrive on a regular basis -- often poorly written and containing numerous grammatical errors -- but assuring us of vast savings and a ready supply of hard working, highly qualified personnel who will transcribe for a fraction of American wages.

The concept sounds enticing. And with data encryption, why should anyone worry about confidentiality? Because the principles we cherish as part of a patient’s bill of rights may have no relevance outside America’s borders. With our faces glued to our monitors, it is often difficult to think beyond our own little lives to a larger world in which humans accessing the same technology we use may apply different standards to the use of data.

Recently, a curious set of incidents helped me to articulate why I am so vehemently opposed to sending transcription offshore:

  • Basing their claims on a “product defamation law,” a group of Texas cattle growers took Oprah Winfrey to court, charging that the TV talk show hostess caused beef prices to drop precipitously by stating that she would never eat another hamburger.

  • An Associated Press report of a lawsuit filed by Mukesh K. Rai, a devout Hindu in Southern California, revealed that Rai was suing Taco Bell for emotional damages suffered when he was served a beef burrito instead of a bean burrito. The plaintiff claimed that one bite of the forbidden meat caused nausea, loss of sleep, medical expenses and loss of wages.

  • I received a call from the Indian consulate asking me to explain how the transcription industry works in America.

  • While watching a drag queen parade down Castro Street in her Easter Bonnet, I overheard a tourist gasp “Holy cow, look at that!”

When placed together, those four incidents represent an astonishing clash of cultural values. The common denominators? Cows and communications. Is there an underlying connection?


FOLLOW THE MONEY

Anyone who has traveled extensively knows that the business ethics of people in third world countries are dramatically different from the ethics of doing business in the United States. At first the words “No problem” seem reassuring -- until one understands that they are used for saving face. A cultural imperative in many third world countries is to never give a strict “no” to a stranger’s request. By using the catch-all words “No problem,” one can avoid having any loss of honor if unable to live up to a stranger’s expectations. As a result, promises can be made for anything and everything. They frequently are.

In the United States, blanket assumptions about quality assurance, delivery, and confidentiality are often taken for granted as part of doing business according to a signed contract. In other societies, baksheesh is the magical way to eliminate any and all roadblocks. A popular form of bribery, baksheesh is routinely used to cement a mutually beneficial relationship. One gains honor or respect by being able to procure something sought by another party. And in a third world society, where a moderate amount of baksheesh can prevent one’s family from starving, one’s ability to gratify a client’s request takes on a more personal urgency. Whereas the law dominates business transactions in America, baksheesh makes things happen in many third world countries.

In the three years since the Jacksonville incident, technological advances in storing and parsing data (combined with the ability to transfer files to global destinations over the Internet) have had a phenomenal impact on the HIM industry. American law, however, cannot be expected to protect a patient’s medical record once that data travels to another country. The amount of lip service glibly being given to protecting confidentiality irritates the hell out of me.

Currently, many healthcare providers are struggling with the issue of whether to reveal a person’s HIV status. With AIDS hitting more heavily into the heterosexual population, media coverage about serial rapists who carry the HIV virus -- and who could supposedly infect large numbers of people -- is always good for throwing a sensationalist scare into public officials. Although increased calls for public health agencies to disclose the HIV status of certain patients may incite dangerously labile emotions in the public at large (prejudice, fear), such actions can easily violate a patient’s right to privacy. Physicians who desire stronger statistics to bolster their research might assure you that the added value will be used for the greater good of the public. But not everyone would agree.

According to the Wall Street Journal, 80% of health care bills can now be traced to 20% of employees. In 1997, 39% of all employers used some sort of financial incentive or penalty to encourage healthier behavior among their workers. How eagerly would forces in the healthcare industry trample a patient’s right to privacy in pursuit of larger profits? Think back a few years.

During the 1980s, insurance companies had no qualms about redlining San Francisco’s 94114 and New York’s 10014 zip codes because they contained high percentages of white male homosexuals who would be susceptible to HIV. The logic was simple. If you don’t write policies to people who could represent substantial losses, there’s a good chance you can increase your profit margin. “Right now, companies are going after smokers and fat people,” claims Paul Terry, Vice President of Education for HealthSystem Minnesota. What’s stopping them from going after diabetics or gay people? Hypertensives or mountain climbers?”

What’s stopping them is our society’s cultural imperative to protect the confidentiality of a patient’s medical records. At what point does corporate greed overcome the need to maintain confidentiality? As soon as the data leaves the United States and the people who have access to such data are beyond the reach of the American legal system. “The confidentiality of the medical record is completely tied with the sacred trust patients put in their doctors,” insists Dr. Charles Meltzer, the Kaiser surgeon who serves as President of Bay Area Physicians for Human Rights. “Therefore, any independent contractors -- inside or outside the borders of the United States -- need to have some type of ethical and legal obligation to respect this relationship.”

HOW MUCH IS YOUR SECRET WORTH?

Like all for-profit corporations, transcription companies are interested in returning a dividend to their shareholders. How they attain that goal depends on how carefully they can maximize revenues while trimming operational costs. Now that transcribed documents are being stored in soft (electronic) formats, the data contained in each document becomes invaluable to target marketers, actuaries and a wealth of interested parties. If the data is worth a price, that price can create a new and extremely lucrative revenue stream for transcription firms that build data repositories using their transcribed reports. With little effort, that data can be mined, sold and resold to a large number of consumers.

If compromising the confidentiality of a patient’s medical record can lead to greater profits, then we need to determine at what point a patient’s privacy becomes expendable. When Dianne Gregory attended the Medical Transcription Industry Alliance’s annual conference in New Orleans in 1997, she was shocked by what she heard. “Most of the national sweat shops were represented at the conference. A lot of them were owned by MBAs with fresh diplomas who couldn’t give a rat’s ass about anything but the bottom line,” recalls the former medical transcription service owner.

Let me put this into a more human perspective for you. I’ve lost nearly 400 friends to AIDS. While I’m grateful that protease inhibitors have given so many of my colleagues a chance to dream about a future they once thought they would never have, many of these people remain terrified of losing confidentiality. Why? Because they know exactly what it might cost them. “I don't care who transcribes my medical information, or what language they speak,” confesses an HIV+ friend who works in Silicon Valley. “I do, however, need it to be done accurately and confidentially, with the ultimate control over disclosure resting with me and my physician.”

“Back in 1992, when I was thinking of buying a place, a friend asked if I wouldn’t need the money when I got sick. He didn't realize that I couldn't live as if I were going to die tomorrow, and that if I got sick, well, that's what insurance is for,” recalls a computer programmer who earns approximately 80K per year. “A mortgage company with my HIV information would have more than the ability to ask such a question; they'd have the ability to deny the loan, regardless of the legality of such action. And who would blame them? Even though they might not hesitate to write a 30-year mortgage for a 60-year-old man who smokes, the actuarial data on me might tell them that I'd be dead before the end of the 30-year note!”

My friend Jeff recently disclosed his HIV status to his manager in an attempt to get him to lower some of the stress in his job position. “Not only did it not work, he repeated this information to the head of engineering (who had no “need to know”) and to the head of accounting (who purchases the insurance policies for my employer and now undoubtedly regards me as a reason for the company’s premiums being raised). I feel handicapped in my position and will probably leave the company because of this violation of my privacy. Is this right?” he asks. “No. Do I have recourse? Yes, but at great expense: Litigation increases stress -- which is the very thing I sought to avoid.”

With those examples in mind, open up your wallet, look at the magnetic strip on the back of your favorite credit card and think about your last ten transactions. The data generated regarding price, inventory, and point of sale sold to professional list managers within 24 hours of each transaction. When parsed, that data paints a fascinating consumer profile which outlines the types of products you buy, your travel habits, how much you spend, etc. Such data is routinely used by the target marketers who produce the junk mail that reaches you day after day, week after week.

What happens when your consumer profile -- which contains a unique identifier like your Social Security number -- can be linked to a similar field in either your medical record or your medical billing? A much clearer profile of you becomes visible to people who can make or break your future. For better or worse, that data has suddenly been given an added value that can provide some businesses with a critical advantage akin to insider trading, but which might not be appreciated by:


  • A patient newly diagnosed with cancer who is bombarded with direct mail and telephone solicitations.

  • A person predisposed to diabetes who may not be able to get hired unless willing to pay for his/her own health insurance premiums.

  • A woman who undergoes a therapeutic abortion and starts receiving hate mail from the religious right.

If any of this sounds preposterous, think again. With data becoming the ripest commodity for trading in black markets, ask yourself if a business owner would want his competitors to be able to purchase all of his financial data overseas. Then ask yourself how you would feel if the confidentiality of patient medical records that you try so hard to protect as part of your job could easily be sacrificed by purchasing that data overseas.

Many companies run routine credit checks on prospective employees. “Imagine yourself being the job candidate for a medium to high-stress position with long hours. The manager pulls your credit check and, somehow, gets your HIV status. He knows that you're protected by the American Disabilities Act (ADA) and he might need to make ‘reasonable business accommodations’ to help you deal with the HIV. That could extend to travel, hours, or purchasing special office equipment,” explains an HIV+ graphics designer. “But if the manager thinks you’re not worth the trouble, you don't get the job.”

Let’s take this one step further: Imagine if a firm outsourced the screening of actuarial and personal data to the same offshore company that transcribed medical records but there were no laws to keep the information separate. What an efficient way for an insurance company to avoid writing policies on everyone except those who are healthy! The concept becomes more frightening if genetic testing for a predisposition to certain diseases is widespread.

HOW SACRED IS YOUR COW?

Today’s technology has placed in our hands a Pandora’s box filled with some very enticing and convenient options. Which brings us back to the culture clash involving cows and confidentiality. It’s no secret that Americans embrace beef as a staple of their diet. Japan (where quality beef is a highly prized delicacy) imports tons of the stuff. However, in India -- where the dominant religion is Hinduism -- the cow is a sacred animal. For many Indians, eating beef is a horrific sin, equivalent to a crime against nature.

A clash of cultural values is what now threatens to undermine the concepts that American citizens assume will automatically protect the confidentiality of their medical records. If India and other third world countries want Americans to respect their cultural values when doing business overseas, don’t Americans have the right to demand that third world countries respect America’s cultural values?

What we’re really looking at is the price of maintaining a secret. And if a doctor’s responsibility is to “first do no harm,” then we have to be sure that no harm can be done by sending dictation overseas. In many third world societies, the potent combination of the “No problem” phenomenon with a steady supply of baksheesh means that a foreign contractor can happily assure an American client that his data is secure and then turn around and sell it to whoever offers a reasonable bribe -- without ever losing face.

Hospitals, HMOs and MTSOs wishing to outsource transcription will undoubtedly be approached by offshore companies whose cost savings seem like a dream come true. But before agreeing to work together, I heartily recommend doing some consciousness raising with the physicians whose dictation might be sent beyond America’s borders. The pros and cons of sending their work overseas should be explained in detail, with all of the potential risks and liabilities made crystal clear.

As part of their education, your physicians should have a chance to discuss the matter with hospital risk managers and legal counsel who can measure any immediate savings against the cost of potential medical malpractice and class action lawsuits from patients whose confidentiality might be lost. All parties need to give serious consideration to whether a patient’s right to privacy can be violated and, if so, how any harm caused by “leaks” in the system will be undone.

What you’re doing is simply asking your physicians for their informed consent. If anyone involved in the process of generating medical records for your facility feels that patient confidentiality might be compromised by sending dictation overseas, then I strongly suggest you take your next cue from Nancy Reagan:

Just say no.







No comments: