The healthcare industry is moving towards adoption of electronic health records. There are associated privacy and security implications to this move towards electronic collection and storage of sensitive health information. This chapter suggests that the impact on the privacy and security of health information for disabled individuals is greater than that for the general populace. Contributors to this increased risk are related to the increase in dependence on the clinical care system and the related increase in volume of the data that is collected, stored and exchanged as a function of providing care to this population.
TopIntroduction
Recent technological advances in online healthcare services are providing patients and care providers’ unprecedented access to medical records. Consequently with expanded online availability of medical records, the potential for privacy and security issues increases dramatically. Medical records can contain detailed information regarding a wide variety of personal medical data regarding disease information, family histories, genetics, substance abuse and even mental health issues. Patient sentiment is echoed by a Harris Interactive (2005) survey on medical privacy revealing that over 70 percent of patients were concerned that their private medical information might be compromised.
Patients with disabilities generally have a greater need for medical specialty care and the ability to access online medical records delivers many added benefits. Because disabled individuals amass a higher than average volume of medical data, they naturally have a statistically higher exposure to privacy and security violations. When online medical records are available, healthcare communication and information access is made more efficient for referrals, prescriptions, appointment scheduling, obtaining specialty consultation and other medical information. Additional efficiency is provided for disabled patients who need to rely on guardians, caregivers and family members to help administer medical records, billing and insurance claims.
This unprecedented access to medical data is not without risks, as privacy violations frequently occur at odds with the rigid requirements of the Health Insurance Portability and Accountability Act of 1996 (HIPAA 2009). In the Conn (2007) interview with Paul Tang of the Medical Foundation, Tang asserts that vendor IT contracts have provisions that counter HIPAA guidelines. “There are contracts that say they will have real-time access to the database, that they will have exclusive access to the data, that they can resell the data. I think it would be unlawful that covered entities abide by that.”
Leveraging and commoditizing patient medical information have become common practice by employers, insurers and medical providers to help manage risk and maximize profits. D’Allegro (2000) reports from a study by California HealthCare that 6 out of 21 companies surveyed, forwarded results of online health assessment survey to outside companies for analysis, disregarding privacy consent requirements. In quote from the D’Allegro article, Sam Karp CIO of California HealthCare states, “Information is being collected without consumers' knowledge and consumers are not being told and some companies that say they don't transfer information to third parties do.”
There is continued pressure in the insurance markets to reduce costs and limit exposure. Access to confidential patient data can help make actuarial decisions about a patients potential for generating insurance claims. Compromised genetic information can provide insurance companies with definitive information about the potential for acquiring a disease later in life or even the potential for children of the insured to develop any of over 6,000 known single gene disorder currently known in the medical field (Center for Disease Control, 2009).
Genetic testing is now becoming much more common and such information can be stored in the patient history and used for profiling susceptibility to illnesses. Other information such as participation in pharmaceutical clinical trials, exposure to environmental hazards, even applications for life, disability or accident insurance can be included.
Our disabled population is put at great risk for continuity of care when medical and insurance decisions are made using private medical information. Furthermore, employers and insurance companies may ask applicants to grant access to private medical information in the conditional application process. Any employment and insurance decisions under these guidelines can constitute unfair privacy practices. If an employer offers a position conditionally in a non-binding contract for employment, they can ask the prospective employee to sign an insurance waiver granting access to their private medical records. Loopholes in privacy law may allow for third parties to circumvent privacy legislation by outsourcing patient data to Managed Care Organizations (MCOs) operating outside HIPAA guidelines. Soon after HIPAA was introduced in 1996, Acuff (1999) discusses the dilemma faced by mental health providers in regards to the ethical access of private patient data. This is especially problematic for the developmentally disabled population that may have limited understanding of their privacy rights.