Medical data: How private? Doubt about data's value

Defense: HCACC's descriptions called vague, speculative.

July 28, 1996

The Health Care Access and Cost Commission developed a fact sheet on its data collection efforts, which it distributed to state legislators. The Maryland Psychiatric Society prepared a response to the fact sheet which rebuts arguments made by HCACC and its chair, Donald E. Wilson. Here are excerpts from the MPS response:

Why is the HCACC collecting information about medical expenditures?

While the data base initiative has arisen from a well-motivated desire to improve health care, the probable value of the effort is extremely doubtful either for health care planning or consumer protection purposes.

HCACC's description of the purpose of the data base, and explanation of its utility, are both vague and speculative. It is unclear why purely aggregate composite data, or individualized sample data obtained with consent, will not suffice. Serious questions also exist about the reliability and usefulness of claims-based data in research and planning. The dubious value of the data does not begin to justify its cost in terms of patient privacy, potential deterrence of treatment and financial expense. Privacy should be jeopardized only if there is absolutely compelling cause, such as child abuse, threats of violence or severe contagious illness risk.

What type of information is being collected?

While patient identification numbers are encrypted, HCACC is simultaneously collecting unencrypted demographic data about each patient, including sex, month and year of birth, and zip code, which would make tracing patient identities an easy matter using the technique of electronic cross-referencing with other data bases that contain names and addresses.

Moreover, for each patient encounter included in the data base, HCACC is requiring diagnostic and treatment information. Such highly stigmatic conditions such as sexual dysfunctions, psychiatric problems of all sorts and HIV positivity are included, specifically correlated with the other patient-identifying data that have already been described.

Encryption is always vulnerable to decoding and relying on today's encryption methods to protect archived data over the long run is questionable, especially in view of the rapidity of technological change.

HCACC characterizes its data collection "anonymous" but that is simply incorrect and highly misleading because identities can be discovered. Only under pressure from privacy advocates did HCACC realize it didn't need the exact day of birth and it has ignored the fact that some zip codes have very few citizens.

Is the state creating an "on line" medical record?

HCACC seeks to distinguish its gathering of so-called "medical billing information" from collection of "medical records." The "billing information" HCACC is collecting, however, includes detailed diagnostic and treatment information for the vast majority of patient encounters in Maryland, specific demographic information about the patient, the doctor's unencrypted ID number and encrypted patient ID numbers. A patient's medical diagnosis is obviously the heart of any "medical record" and is precisely the information which most patients would want to keep confidential, and subject to their own control, rather than state control.

While it is true that HCACC's current data collection is not "on line," HCACC's statutory mission is to encourage the adoption and expansion of electronic claims submission. Electronic claims transmittal is by definition "on line" and will necessarily involve transmission of, and accessibility to, massive amounts of diagnostic and treatment information about Maryland citizens.

Pub Date: 7/28/96

Baltimore Sun Articles
Please note the green-lined linked article text has been applied commercially without any involvement from our newsroom editors, reporters or any other editorial staff.