WASHINGTON — WASHINGTON -- Frolicking teen-agers occasionally bust into the computer systems of the Pentagon, banks and other supposed bastions of electronic security. If they can do it, what's to prevent intrusions into computerized medical records by nosy employers, anxious lovers, professional rivals, crafty salesmen and curious kooks?
Actually, very little. Over the past decade, that's been the consistent conclusion of a variety of studies by specialists in medicine, law and computers.
They were mainly looking ahead to the inevitable day when computer wizardry would be extensively employed for the improvement of patient care. Up-to-date information on health status, previous treatments and insurance coverage for individual patients would be stored in data bases for instant access by emergency personnel, attending physicians and nurses, distant consultants and pharmacists.
Far ahead of expectations, that day is here, with the amalgamation of the health-care industry into great conglomerates of hospitals, insurers and associated networks of physicians. The enabling technology for these new corporate empires is the computer, with its wondrous capacity for tracking, sorting and deriving patterns from the records of countless health-care transactions involving millions of individuals.
Without computer-based record-keeping, the scale of business essential for marketplace success would be impossible. But the magnitude of available information draws others, too, among them pharmaceutical firms sniffing out market potential and medical researchers studying the relative efficacy of treatments.
With more sure to come, there are already many horror tales of indiscriminate release of personal medical records. As related in an article in the quarterly journal Issues by Don E. Detmer and Elaine B. Steen, both of the University of Virginia, "Medical records of average citizens have been posted in a computerized record system without adequate safeguards in Massachusetts, dumped in a parking lot after the closing of a psychiatric clinic in Louisiana, and sold in Maryland."
There's a company, they add, that buys medical records "from a variety of organizations" and sells them to drug companies, and in several instances, employers have received information from insurers that allowed them to determine that employees had AIDS or received psychiatric treatment.
Long on record in support of the sanctity of doctor-patient confidentiality, the American Medical Association has lately expressed concerns about the growing problem of computer security.
While the public naively assumes that law and custom assure medical confidentiality, security is often a mirage. It's not that the doctors are blabbing. Rather, from insurers to medical and clerical personnel at all levels, many hands have access to the record, even before the computer hackers join the scene.
The federal Privacy Act applies only to federal programs and facilities.
State laws and regulations vary so widely, Mr. Detmer and Ms. Steen write, that in "some states, movie-rental records are better protected than medical records."
Several bills have been introduced in Congress to provide federal protection for medical records, including the Medical Records Confidentiality Act, sponsored by Sen. Robert Bennett, R-Utah, with the backing of Robert Dole when he was Senate majority leader. But the problems of medical-record disclosures remain far below the political boiling point, and the proposed legislation has not even been the subject of a hearing.
The stakes, however, are destined to grow because of another technological marvel -- genetic screening, which can reveal dispositions to maladies that can cause prospective employers to slam the door.
When even supposedly secure computer systems turn out to be porous, assurances of confidentiality warrant little or no confidence. Can confidentiality laws with penalties make a difference? Well-crafted legislation with severe penalties for 1b violators would be worth trying. But don't wager anything precious on its effectiveness.
There's an awesome possibility that the computer is the nemesis of privacy.
Daniel S. Greenberg is editor and publisher of the newsletter Science & Government Report.
Pub Date: 8/06/96