Reply
 
Thread Tools Display Modes
  #1  
Old 09-21-2019, 11:57 AM
SamuelA is offline
Guest
 
Join Date: Feb 2017
Posts: 3,711

Why is heathcare privacy valuable to individuals? Should HIPAA be relaxed?


Every person in the USA who takes a drug and experiences a side effect, or gets sick and is treated in some way and survives or dies is a data point.

To improve medical treatment for those of us who are still alive, unbiased data is critical. To get unbiased data, you either need all medical records, complete with all relevant information, or you need a random sampling from the set of all records.

This is incompatible with the default idea of "privacy". I am aware that there are exceptions to HIPAA, attempts to anonymize medical records, and people can sign away their rights to privacy. But this isn't really very efficient and voluntary releases bias the data.

For me personally, the only medical records that I feel should be kept private are psychiatric/psychological and any statement I have said verbally, or request for treatment related to STDs. And once I am no longer alive, I have no remaining privacy interest.

I feel like all medical records should be kept in massive cloud databases ("google health"), not socked away in individual clinics and hospital networks, and accessible to all authorized physicians who are seeing a specific patient. (no more filling out the same goddamn form every doctor you go to, and patients will no longer forget critical information in the "have you EVER" section)

This sort of centralization and global access would also make it possible to prevent nearly all the opiate over-prescribing and other abuses.

I don't feel that the desire of individuals to feel they have privacy exceeds the real value their fates have to other people in potentially surviving their illnesses.
  #2  
Old 09-21-2019, 12:11 PM
Joey P is offline
Charter Member
 
Join Date: Jun 1999
Location: Milwaukee, WI
Posts: 29,214
Quote:
Originally Posted by SamuelA View Post
For me personally, the only medical records that I feel should be kept private are psychiatric/psychological and any statement I have said verbally, or request for treatment related to STDs. And once I am no longer alive, I have no remaining privacy interest.
What happens when you don't get hired/get fired because your boss finds out your broke your knee a few years back?
What happens when you can't rent an apartment because all your potential landlords see that you have hepatitis?

If I'm an employer choosing between two potential employees, all else being equal, why would I pick the one that has a history of heart issues or seizures or anything else that could make them a liability?
  #3  
Old 09-21-2019, 12:21 PM
Bryan Ekers's Avatar
Bryan Ekers is offline
Charter Member
 
Join Date: Nov 2000
Location: Montreal, QC
Posts: 59,239
Quote:
Originally Posted by SamuelA View Post
For me personally, the only medical records that I feel should be kept private are psychiatric/psychological
I can see the desirability of extending this to treatment for substance abuse and admittedly there's no real bright line even then to say "this is as far as we need to go".

That said, I can picture the technology eventually affecting the issue - home blood testers and other portable diagnostic devices will allow individuals and families to compile their own medical data in quantity and to be useful, they'll have to upload it somebody for analysis, and at that point the individual has as much control over the data as they do over all the info Facebook is constantly compiling on them.
__________________
Don't worry about the end of Inception. We have top men working on it right now. Top. Men.
  #4  
Old 09-21-2019, 12:47 PM
Nava is offline
Member
 
Join Date: Nov 2004
Location: Hey! I'm located! WOOOOW!
Posts: 42,737
Spain's regional healthcare databases are mined for epidemiological data constantly, without individual records being shuffled about to anybody who shouldn't have them. The hardest part is getting all the data, but that's just an interfaces/data-mining issue.

We're also supposed to get at least one yearly checkup as part of our job-related healthcare. The employer gets an OK, a reduced (in which case the cause of the reduction and the limits thereof are spelled out) or a medical leave (specific causes are spelled out). Note that if someone gets reduction or leave, the only information given to their employer is what's directly linked to the administrative/medical situation: they're not going to get any other findings. Employers do sometimes fire someone for medical reasons, but the judges consistantly fail in favor of the employee (it's pretty easy to document, after all).

Quote:
Originally Posted by Joey P View Post
What happens when you don't get hired/get fired because your boss finds out your broke your knee a few years back?
What happens when you can't rent an apartment because all your potential landlords see that you have hepatitis?
Why would making your epidemiological data available to epidemiologists land it in the hands of your boss or of every landlord in your area? Where do you live, Epidemiologyville?

Last edited by Nava; 09-21-2019 at 12:51 PM.
  #5  
Old 09-21-2019, 12:54 PM
Railer13 is offline
Guest
 
Join Date: Nov 2017
Location: Kansas
Posts: 1,945
Quote:
Originally Posted by SamuelA View Post
I feel like all medical records should be kept in massive cloud databases ("google health"), not socked away in individual clinics and hospital networks, and accessible to all authorized physicians who are seeing a specific patient. (no more filling out the same goddamn form every doctor you go to, and patients will no longer forget critical information in the "have you EVER" section)
This.

I've had a couple of medical issues this year that have necessitated appointments with several new providers. I answer the same damn questions each time and fill out the same drug list each time. And then when my prescription needs change, I have to update that info at each provider.

This info should be in one spot, as SamuelA suggests. All I should have to do is grant access to the medical provider who requests the information.
  #6  
Old 09-21-2019, 01:08 PM
Broomstick's Avatar
Broomstick is offline
Charter Member
 
Join Date: Mar 2001
Location: NW Indiana
Posts: 29,050
I think HIPAA needs to be relaxed because there are times it interferes with providing/receiving health care.

I also think that much of my medical record is nobody's damn business but mine (and medical personnel treating me). I don't want my neighbors or coworkers able to access it out of prying nosiness.

There's a reasonable middle ground here.

Personally, I think some in the medical industry LOVE HIPAA because it makes comparison shopping very difficult.
  #7  
Old 09-21-2019, 01:12 PM
SamuelA is offline
Guest
 
Join Date: Feb 2017
Posts: 3,711
Quote:
Originally Posted by Joey P View Post
What happens when you don't get hired/get fired because your boss finds out your broke your knee a few years back?
What happens when you can't rent an apartment because all your potential landlords see that you have hepatitis?

If I'm an employer choosing between two potential employees, all else being equal, why would I pick the one that has a history of heart issues or seizures or anything else that could make them a liability?
Well in the usa right now, as we are at will employees, this can already happen. Because employers are not required to give the reason they didn't pick you for a job or fired you, they can do all the illegal discrimination they want generally with impunity. (As long as they aren't stupid enough to write it down in a company email that is later turned over in discovery)

Personally I think this should be fixed. They should be required to show why they made these decisions and the records of whoever they choose to keep/not fire. And performance evaluations should be required to be factually true and challengeable when they are not.

With this way it would be much, much harder to pull this shit. if the only difference between you and the candidate they kept or whatever is a medical diagnosis, that's a different story.

And I never said the records should be public - just not private. Any researcher represented by an accredited institution should be able to access any medical records as needed with data mining tools. Any licensed physician who can show (with biometrics or a manual review of a photo of the patient) that they are treating a specific patient should be able to access the records.

And yes, they would probably leak to the dark web. But it would still be a felony to host a website where medical records are made available to just anyone, and normal people would not be able to access the records of people they do not have a relationship with.

Last edited by SamuelA; 09-21-2019 at 01:16 PM.
  #8  
Old 09-21-2019, 01:24 PM
Joey P is offline
Charter Member
 
Join Date: Jun 1999
Location: Milwaukee, WI
Posts: 29,214
Quote:
Originally Posted by Nava View Post
Why would making your epidemiological data available to epidemiologists land it in the hands of your boss or of every landlord in your area? Where do you live, Epidemiologyville?
With no HIPAA, an employer can simply call your doctor and ask for your records. In the US you have to explicitly give your doctor permission to share your info, the OP is suggesting just the opposite.

Quote:
Originally Posted by SamuelA
Well in the usa right now, as we are at will employees, this can already happen
While that's true, it has little to do with my response.

Quote:
Originally Posted by railer13
I've had a couple of medical issues this year that have necessitated appointments with several new providers. I answer the same damn questions each time and fill out the same drug list each time. And then when my prescription needs change, I have to update that info at each provider.
You can absolutely have your records sent from one doctor to another (or anyone else for that matter), you just have to give them permission to release the records. Whether or not the new doctor uses those records to get all that info pre-filled before your appointment is up to them.

On a side note, whenever possible I try to stay within the same group. Most of the offices around here use epic, if you're within the same group, all the doctors can access it without any trouble. It's nice to see a new/specialty doc and they already know all my meds, issues I've had, doctors I'm seeing etc.
  #9  
Old 09-21-2019, 01:26 PM
SamuelA is offline
Guest
 
Join Date: Feb 2017
Posts: 3,711
Quote:
Originally Posted by Joey P View Post
With no HIPAA, an employer can simply call your doctor and ask for your records. In the US you have to explicitly give your doctor permission to share your info, the OP is suggesting just the opposite.
No I'm not. I'm saying the records shouldn't be so secure as to be inaccessible to those who genuinely have a legitimate need for them. (healthcare providers treating the specific patient the record is for and researchers)

And I know that by relaxing the restrictions there would likely be dark web leaks. I am ok with that, as employers can already illegally do all the shit they want.

They can already illegally find out your race, sex, religion, or silly things you said when you were 15 and use this against you. (the last bit is even legal)

They can find out your arrest records even in states where it isn't legal to use these. They can find out your credit records, even in states where this is not permitted. They can just look if anyone with the same name as you got in trouble and use this against you even if it isn't you.

They can discriminate against you because they don't like how tall you are. Or because you have a vague odor or a squeaky voice or a mole on your cheek.

Pretty much you have no rights, the reason why some of us have lucrative secure jobs is because of supply and demand, though employers do their absolute best to import as many foreigners as possible who will work for less.

Last edited by SamuelA; 09-21-2019 at 01:29 PM.
  #10  
Old 09-21-2019, 01:29 PM
Qadgop the Mercotan's Avatar
Qadgop the Mercotan is offline
zymolosely polydactile
Charter Member
 
Join Date: Apr 2000
Location: Slithering on the hull
Posts: 27,393
Quote:
Originally Posted by Joey P View Post
You can absolutely have your records sent from one doctor to another (or anyone else for that matter), you just have to give them permission to release the records.
Not precisely true. If I am one of your treating physicians, I can request records from other providers past and present, and get that info without your consent, unless it is for records on psychiatric disease or HIV infection.

I do this multiple times a week, and get those requested records without a release signed by the patient without issues. That is the law; a treating physician doesn't need patient permission to obtain most past records. Your submitting to treatment in the first place is implied consent for your treating physician to access past medical info.
  #11  
Old 09-21-2019, 01:36 PM
SamuelA is offline
Guest
 
Join Date: Feb 2017
Posts: 3,711
Quote:
Originally Posted by Qadgop the Mercotan View Post
Not precisely true. If I am one of your treating physicians, I can request records from other providers past and present, and get that info without your consent, unless it is for records on psychiatric disease or HIV infection.

I do this multiple times a week, and get those requested records without a release signed by the patient without issues. That is the law; a treating physician doesn't need patient permission to obtain most past records. Your submitting to treatment in the first place is implied consent for your treating physician to access past medical info.
But you can't really access all the records in a remotely efficient way.

I'm revising my proposal : I think HIPAA should require the inverse of what it does now, specifically, that all records must be stored with a licensed cloud provider. (ok, perhaps sensitive records could be locked while the patient is still alive)

And, in turn, licensed cloud providers must make their indexes and records accessible to all other licensed cloud providers.

A licensed cloud provider must then provide the complete records to healthcare providers who want to know, including all other records indexed by other cloud providers, as well as to accredited medical researchers.

This would get rid of all the bullshit once the systems were running smoothly. Any pharmacist would automatically have the system they are connected to check all active prescriptions for the patient, preventing redundant and contra-indicated prescriptions. Any doctor wouldn't need to ASK if a family member had X disease, it would automatically be detected and accounted for.

Last edited by SamuelA; 09-21-2019 at 01:40 PM.
  #12  
Old 09-21-2019, 01:43 PM
susan's Avatar
susan is offline
Guest
 
Join Date: Jul 2002
Location: Coastal USA
Posts: 9,605
Having just had yet another financial data breech announcement today, no thanks. As QtM said, medical providers already can access records with implied consent (though outpatient therapists have an ethical obligation to seek explicit consent). I get some medical services from a teaching hospital, and sometimes give consent for them to use my disaggregated data. I recognize that this may create a skewed sample, but until we figure out how to secure vulnerable information, I want my medical data as unleaky as feasible.
  #13  
Old 09-21-2019, 01:44 PM
Qadgop the Mercotan's Avatar
Qadgop the Mercotan is offline
zymolosely polydactile
Charter Member
 
Join Date: Apr 2000
Location: Slithering on the hull
Posts: 27,393
Quote:
Originally Posted by SamuelA View Post
But you can't really access all the records in a remotely efficient way.
True most of the time.

But I do now have access to the local (huge) University medical system's records, and can access any patient in it as long as I have their name, DOB, and either their University medical number or the last 4 digits of their SS number. I still have to register why I am accessing the record, declaring me to be a treating physician, and consequences are dire if one is found to be violating that. But it does give me instant access to extensive records on at least about 20% of my typical patient population.

Better systems are needed now that everyone is going EMR. We should be able to get needed records in minutes and not hours (If we're lucky) or days to weeks (more usual).

But the EMRs as a whole suck royally and are too often less useful for patients and practitioners than the old paper charts were, for so many reasons that I won't bother to list here at the moment.

And electronically transmitted records are all too often NOT secure. We need vast improvements in that area. Fax is still the mandated way to transmit copies of records, rather than scan and email, because at least fax is secure 99.9999% of the time.

Last edited by Qadgop the Mercotan; 09-21-2019 at 01:46 PM.
  #14  
Old 09-21-2019, 01:44 PM
rsat3acr is offline
Member
 
Join Date: Mar 2012
Posts: 1,609
Quote:
Originally Posted by Joey P View Post
With no HIPAA, an employer can simply call your doctor and ask for your records. In the US you have to explicitly give your doctor permission to share your info, the OP is suggesting just the opposite.


I am a dentist and HIPPA applies to us also. Before HIPPA an employer could call me up and ask for your records and I would have said no. End of story.
  #15  
Old 09-21-2019, 01:45 PM
Alessan's Avatar
Alessan is online now
Guest
 
Join Date: Jul 2000
Location: Tel Aviv
Posts: 24,753
If I see a new doctor, or end up in a hospital emergency room, all they have to do is swipe my health fund card and they'll see my medical record onscreen. If they then want to prescribe something for me, they just type it in, and I can go to any drug store and the pharmacist will swipe my card in turn and see the scrip.

My country may have problems with its healthcare system, but access to information is not one of them.
  #16  
Old 09-21-2019, 01:56 PM
Railer13 is offline
Guest
 
Join Date: Nov 2017
Location: Kansas
Posts: 1,945
Quote:
Originally Posted by Qadgop the Mercotan View Post
Not precisely true. If I am one of your treating physicians, I can request records from other providers past and present, and get that info without your consent, unless it is for records on psychiatric disease or HIV infection.

I do this multiple times a week, and get those requested records without a release signed by the patient without issues. That is the law; a treating physician doesn't need patient permission to obtain most past records. Your submitting to treatment in the first place is implied consent for your treating physician to access past medical info.
So you're telling me that basically any new medical provider with whom I make an appointment can get my medical history from any other provider that I may have seen in the past?

If true, it's never happened to me, or anybody else in my immediate family.

Quote:
Originally Posted by Joey P View Post
You can absolutely have your records sent from one doctor to another (or anyone else for that matter), you just have to give them permission to release the records. Whether or not the new doctor uses those records to get all that info pre-filled before your appointment is up to them.
And you're telling me that I can request that my current primary care physician send my records to any other doctor?

If true, why wouldn't my PCP ask me if I want this done when he refers me to a specialist? Again, I don't think that this has ever been told to me or anybody else in my immediate family.
  #17  
Old 09-21-2019, 02:07 PM
SamuelA is offline
Guest
 
Join Date: Feb 2017
Posts: 3,711
Quote:
Originally Posted by Railer13 View Post
So you're telling me that basically any new medical provider with whom I make an appointment can get my medical history from any other provider that I may have seen in the past?

If true, it's never happened to me, or anybody else in my immediate family.
He's saying that in the case of if you have records with a big local hospital, those specific records he can access with some level of hassle. (it is not the near automatic under 60 seconds, records are in their original form mechanism that would be possible with cloud-based record repositories)
  #18  
Old 09-21-2019, 02:09 PM
SamuelA is offline
Guest
 
Join Date: Feb 2017
Posts: 3,711
Quote:
Originally Posted by Qadgop the Mercotan View Post
And electronically transmitted records are all too often NOT secure. We need vast improvements in that area. Fax is still the mandated way to transmit copies of records, rather than scan and email, because at least fax is secure 99.9999% of the time.
Qadgop, assuming the records are leaked but cannot be legally used against you, and are not available on reputable websites, what interest does a typical patient actually have?

I am saying the needs of the few (people with things they wish were kept secret in their medical records) do not exceed the needs of the many (people who want to go on living and would benefit if automated systems could calculate the optimal treatment based on more complete information)
  #19  
Old 09-21-2019, 02:52 PM
guizot is offline
Member
 
Join Date: Mar 2005
Location: An East Hollywood dingbat
Posts: 8,736
What's the issue here? To make all records available to have data for research purposes, or to facilitate individual patient services? These two issues seem to be conflated here.

Researchers can get data (stripped of patient ID), but I'm not sure how comprehensive it is, or if there are any clearing houses for such data.

As an individual, I can download my medical history, and give that to any doctor I see. I've never had the need to do that, but I keep the file on a cloud drive, and could easily email it to a doctor at any time.
  #20  
Old 09-21-2019, 03:12 PM
slash2k is offline
Guest
 
Join Date: Feb 2014
Posts: 2,436
Quote:
Originally Posted by SamuelA View Post
Qadgop, assuming the records are leaked but cannot be legally used against you, and are not available on reputable websites, what interest does a typical patient actually have?
Can't LEGALLY be used against you and can't be used against you are very different things. As long as the prospective employer or landlord or creditor isn't foolish enough to reference the records directly, proving that they were used against you can be very very difficult. Then there are the rumor-mongerers, the people who live just to stir up trouble among their friends and neighbors, and the various people in church groups and boards and societies and the like.

I would argue that the number of people with things they wish were kept secret in their medical records is far far more than "few." Anyone who has ever been treated for any form of cancer, for example, or for depression, or who has even been tested for HIV or other STDs, probably needs that to be concealed from at least some of the people they deal with. That's a huge percentage of Americans.
  #21  
Old 09-21-2019, 03:29 PM
MLS is offline
Charter Member
 
Join Date: Mar 2003
Location: New Jersey
Posts: 7,856
Quote:
Originally Posted by Railer13 View Post
So you're telling me that basically any new medical provider with whom I make an appointment can get my medical history from any other provider that I may have seen in the past?

If true, it's never happened to me, or anybody else in my immediate family.



And you're telling me that I can request that my current primary care physician send my records to any other doctor?

If true, why wouldn't my PCP ask me if I want this done when he refers me to a specialist? Again, I don't think that this has ever been told to me or anybody else in my immediate family.
Anecdotal of course, and anecdotes are not data. My experience is exactly the opposite. I deal with quite a few specialists, unfortunately, and I've not had any problems in this area. ALL of the providers are told to send results of tests and procedures to my primary care doctor. When I've switched providers or looked for a second opinion, I have zero problem authorizing my records to be sent to another provider.
  #22  
Old 09-21-2019, 03:52 PM
Railer13 is offline
Guest
 
Join Date: Nov 2017
Location: Kansas
Posts: 1,945
Quote:
Originally Posted by MLS View Post
Anecdotal of course, and anecdotes are not data. My experience is exactly the opposite. I deal with quite a few specialists, unfortunately, and I've not had any problems in this area. ALL of the providers are told to send results of tests and procedures to my primary care doctor. When I've switched providers or looked for a second opinion, I have zero problem authorizing my records to be sent to another provider.
It's good to know that this can be done. I've never been told that I could do so. My PCP has sent me to several specialists and has never asked if I wanted my records sent as well. Likewise, the specialists have never asked if they should send results back to my PCP.

But I certainly will do so in the future.
  #23  
Old 09-21-2019, 03:57 PM
Qadgop the Mercotan's Avatar
Qadgop the Mercotan is offline
zymolosely polydactile
Charter Member
 
Join Date: Apr 2000
Location: Slithering on the hull
Posts: 27,393
Quote:
Originally Posted by rsat3acr View Post
I am a dentist and HIPPA applies to us also. Before HIPPA an employer could call me up and ask for your records and I would have said no. End of story.
HIPAA
  #24  
Old 09-21-2019, 04:03 PM
Qadgop the Mercotan's Avatar
Qadgop the Mercotan is offline
zymolosely polydactile
Charter Member
 
Join Date: Apr 2000
Location: Slithering on the hull
Posts: 27,393
Quote:
Originally Posted by Railer13 View Post
So you're telling me that basically any new medical provider with whom I make an appointment can get my medical history from any other provider that I may have seen in the past?

If true, it's never happened to me, or anybody else in my immediate family.
It's true. And it hasn't happened that you know of. If you told your new doc that you used to doctor with the clinic in Los Elsewhere, they can just send a record request there, and get the info. Now I tell my patients I'm doing so 99% of the time (the other 1% is generally when I decide I need the records after the patient's left my office) but there's no requirement to do so.
  #25  
Old 09-21-2019, 04:12 PM
Railer13 is offline
Guest
 
Join Date: Nov 2017
Location: Kansas
Posts: 1,945
Quote:
Originally Posted by Qadgop the Mercotan View Post
It's true. And it hasn't happened that you know of. If you told your new doc that you used to doctor with the clinic in Los Elsewhere, they can just send a record request there, and get the info. Now I tell my patients I'm doing so 99% of the time (the other 1% is generally when I decide I need the records after the patient's left my office) but there's no requirement to do so.
Thanks. Good to know.
  #26  
Old 09-21-2019, 04:29 PM
rsat3acr is offline
Member
 
Join Date: Mar 2012
Posts: 1,609
Quote:
Originally Posted by Qadgop the Mercotan View Post
HIPAA
Fat Fingers, not my day on the keyboard.
  #27  
Old 09-21-2019, 04:51 PM
Broomstick's Avatar
Broomstick is offline
Charter Member
 
Join Date: Mar 2001
Location: NW Indiana
Posts: 29,050
It's like I told my dentist last time I saw him and his was fumbling with the office computer: Dude, I'm here for your dental skills, not your typing or computer skills. I don't expect the medical professionals to be computer experts or computer professionals to be medical experts. To each their own, right?



(My dentist got some more of my savings account this month - I had some 40 year old fillings that were going bad and he suggested I have them replaced BEFORE I needed root canal. I concurred with the wisdom of this and submitted to the procedures. And the new ones look a damn sight better than the old silver-mercury amalgam so that was a bonus.)
  #28  
Old 09-21-2019, 04:54 PM
Voyager's Avatar
Voyager is offline
Charter Member
 
Join Date: Aug 2002
Location: Deep Space
Posts: 46,548
Quote:
Originally Posted by SamuelA View Post
Qadgop, assuming the records are leaked but cannot be legally used against you, and are not available on reputable websites, what interest does a typical patient actually have?

I am saying the needs of the few (people with things they wish were kept secret in their medical records) do not exceed the needs of the many (people who want to go on living and would benefit if automated systems could calculate the optimal treatment based on more complete information)
EMR - though I've read why physicians hate it - isn't an issue because it would be required if the records are on the cloud or held in the office.
This is a perfect example of need-to-know. If someone needs to know my records, I'm fine with them getting them. Most specialists I see are in the large practice I go to and share my records, but I'm also going to one outside and he got my records without my explicit approval. My agreeing to consult with him was implicit approval.
You are clearly more trusting of clouds than those of us who work on them are. My old employer, who makes clouds, didn't allow any company info on other clouds.
As for releasing records to anyone working for an accredited research institution - that's just asking for them to be leaked. Not everyone with these qualifications is ethical.

Example of need to know I heard today when I went to the Lab for a test. A guy was asking for results of tests, and the woman at the reception desk at the lab said that the Lab may do the tests but does not look at or interpret results. That's the physician's job. There is no need for lab people to have access to my records, and they don't. That's how a system should work.
  #29  
Old 09-21-2019, 06:18 PM
SamuelA is offline
Guest
 
Join Date: Feb 2017
Posts: 3,711
Quote:
Originally Posted by Voyager View Post
EMR - though I've read why physicians hate it - isn't an issue because it would be required if the records are on the cloud or held in the office.
This is a perfect example of need-to-know. If someone needs to know my records, I'm fine with them getting them. Most specialists I see are in the large practice I go to and share my records, but I'm also going to one outside and he got my records without my explicit approval. My agreeing to consult with him was implicit approval.
You are clearly more trusting of clouds than those of us who work on them are. My old employer, who makes clouds, didn't allow any company info on other clouds.
As for releasing records to anyone working for an accredited research institution - that's just asking for them to be leaked. Not everyone with these qualifications is ethical.
Again, I keep saying this over and over again. There is nothing I can say or do or find myself diagnosed with that there won't be thousands or millions of other people with the same thing. I am not famous. Nobody will give a shit what disease I personally end up with, or what sexual proclivities I tell a psychiatrist.

I am saying this is true for nearly all of humanity. Only a teensy, tiny fraction of us are famous enough to have a genuine, legitimate reason to need medical privacy. The rest of us will not benefit in any way from it.

With that said, it doesn't have to be convenient or legal to use the records for those who have no reason to use them. Employers are not permitted to use false criminal records against a candidate - for example, if a record is a mistake or a court decides to expunge it, the record is not considered to exist - and while they can in practice secretly discriminate for such reasons, they cannot do so openly.

So it's the same thing here.

TLDR: I want medical records to be as convenient to use as gmail. And I know that sometimes they will leak, in the same way that entire gmail accounts are sometimes compromised. I think the benefits exceed the cost.
  #30  
Old 09-21-2019, 07:26 PM
Voyager's Avatar
Voyager is offline
Charter Member
 
Join Date: Aug 2002
Location: Deep Space
Posts: 46,548
Quote:
Originally Posted by SamuelA View Post
Again, I keep saying this over and over again. There is nothing I can say or do or find myself diagnosed with that there won't be thousands or millions of other people with the same thing. I am not famous. Nobody will give a shit what disease I personally end up with, or what sexual proclivities I tell a psychiatrist.
If you ever have ED issues, you are free to splatter them all over the net, but don't make everyone else do so. You don't have to be famous to want this stuff private, you might not want your friends to know you have two years to live, for instance. People have the choice to make private things about them open, but when something gets out you can't stuff it back in.
Quote:
I am saying this is true for nearly all of humanity. Only a teensy, tiny fraction of us are famous enough to have a genuine, legitimate reason to need medical privacy. The rest of us will not benefit in any way from it.
We all have plenty of reasons to want to have privacy. Hell, nude pictures of most of us would be soundly ignored, but that doesn't mean we shouldn't have the expectation that they'll not get broadcast. And you can avoid having them available, you can't avoid getting sick.

As for employers, when I hired people I didn't know and didn't care about their medical records. I didn't see the medical records of people who worked for me who were out on disability. I think HR saw just enough to justify it, they did not share nor should they. And I knew even less about someone who might have qualified for a disability but chose not to pursue it. This was all pre-HIPAA. The expectation of medical privacy predates the law.

BTW a good research study would have anonymous records and just enough data to test the hypothesis of the study. Dumpster diving records looking for trends is not good science.
  #31  
Old 09-21-2019, 08:11 PM
SamuelA is offline
Guest
 
Join Date: Feb 2017
Posts: 3,711
Quote:
Originally Posted by Voyager View Post
BTW a good research study would have anonymous records and just enough data to test the hypothesis of the study. Dumpster diving records looking for trends is not good science.
You are not correct. This in fact is how we know many of the possible negative side effects of current treatments and medications - it takes huge numbers of records. The problem is that the sets are still too small and thus erroneous conclusions are constantly being made. It's a lot harder to make an error with a trend when n=10 million than when n = 100.

Last edited by SamuelA; 09-21-2019 at 08:13 PM.
  #32  
Old 09-21-2019, 08:35 PM
Jackmannii's Avatar
Jackmannii is offline
Guest
 
Join Date: Oct 2000
Location: the extreme center
Posts: 32,182
I find that the inconvenience of having to jot down a few things on an M.D. office form* is more than balanced by knowing that irrelevant details I'd prefer to keep confidential remain that way, without being accessible to insurance companies, potential employers, random computer criminals etc.
Quote:
Originally Posted by SamuelA View Post
Again, I keep saying this over and over again. There is nothing I can say or do or find myself diagnosed with that there won't be thousands or millions of other people with the same thing. I am not famous. Nobody will give a shit what disease I personally end up with, or what sexual proclivities I tell a psychiatrist.
That's wonderful. Maybe you could start a website listing your entire medical history, warts and all, and get the URL tattooed on your arm so any healthcare entity anywhere in the world could access it instantly (not to mention all your friends, acquaintances, Dopers etc.).

*I generally answer "no" to queries on the form. I keep things on a need-to-know basis with the doc.
**As I've said here before, the electronic medical record is a wonderful thing for medical professionals needing information fast (and legibly). You'd be amazed though (and possibly disheartened) at the gossipy stuff that sometimes winds up on reports.
  #33  
Old 09-21-2019, 08:42 PM
SamuelA is offline
Guest
 
Join Date: Feb 2017
Posts: 3,711
Quote:
Originally Posted by Jackmannii View Post
Maybe you could start a website listing your entire medical history, warts and all, and get the URL tattooed on your arm so any healthcare entity anywhere in the world could access it instantly (not to mention all your friends, acquaintances, Dopers etc.).
That's not how this works and again, I didn't say it would work that way. There is a magnitude of difference between a million people having their medical records leaked and just 1 person.

Last edited by SamuelA; 09-21-2019 at 08:42 PM.
  #34  
Old 09-21-2019, 10:10 PM
Odesio is offline
Guest
 
Join Date: Apr 2000
Posts: 11,574
Quote:
Originally Posted by SamuelA View Post
They can already illegally find out your race, sex, religion, or silly things you said when you were 15 and use this against you. (the last bit is even legal)
So far as I know it's not illegal to find out about someone's race, sex, religion, or silly things someone said when they were 15. I wouldn't recommend doing so before an interview because it opens you up to charges of discriminatory hiring but there's no law against it.

Quote:
They can find out your arrest records even in states where it isn't legal to use these. They can find out your credit records, even in states where this is not permitted. They can just look if anyone with the same name as you got in trouble and use this against you even if it isn't you.

They can discriminate against you because they don't like how tall you are. Or because you have a vague odor or a squeaky voice or a mole on your cheek.
It is against the law for an employer to take adverse action based on the results of a background check without giving the employee the opportunity to challenge the results. (Not hiring someone is an adverse action.) By the time we've gotten to the point of a background check the candidate has already been hired. It's a big waste of time and effort not to mention a pain in my ass to tell a candidate we're not hiring because something came up in the background check. It's much better for me to tell the candidate to call whatever third party I'm using for background checks so it can be cleared up.
__________________
I can be found in history's unmarked grave of discarded ideologies.
  #35  
Old 09-21-2019, 10:39 PM
SamuelA is offline
Guest
 
Join Date: Feb 2017
Posts: 3,711
Quote:
Originally Posted by Odesio View Post
It is against the law for an employer to take adverse action based on the results of a background check without giving the employee the opportunity to challenge the results. (Not hiring someone is an adverse action.) By the time we've gotten to the point of a background check the candidate has already been hired.
Exactly. And so if there medical records were available on the dark web, and you looked them up (you'll probably need their SSN and DOB to find the correct record which means you may have already made a hiring decision), it's going to be real hard to justify.
  #36  
Old 09-22-2019, 05:31 AM
slash2k is offline
Guest
 
Join Date: Feb 2014
Posts: 2,436
Quote:
Originally Posted by SamuelA View Post
Exactly. And so if there medical records were available on the dark web, and you looked them up (you'll probably need their SSN and DOB to find the correct record which means you may have already made a hiring decision), it's going to be real hard to justify.
Justify to whom? What leads you to think I would tell anybody that I used improperly-obtained records in my hiring decision? I just decided the other guy interviewed better, or I really liked the experience she had on product X, or the skillset somebody else had. I certainly wouldn't mention it was your weight and your history of depression.
  #37  
Old 09-22-2019, 07:47 AM
Joey P is offline
Charter Member
 
Join Date: Jun 1999
Location: Milwaukee, WI
Posts: 29,214
Quote:
Originally Posted by SamuelA View Post
And I know that by relaxing the restrictions there would likely be dark web leaks. I am ok with that
I think the problem with all of this is that you don't realize you're in the minority here. Most people aren't okay with their information (and/or their PHI) being leaked anywhere.


Quote:
Originally Posted by rsat3acr View Post
I am a dentist and HIPPA applies to us also. Before HIPPA an employer could call me up and ask for your records and I would have said no. End of story.
You would decline, but would you have been required by law to decline?

Quote:
Originally Posted by Railer13 View Post
And you're telling me that I can request that my current primary care physician send my records to any other doctor?
Yes. Call up your doctor, tell them you're going to see a different doctor and ask them to send your records over. They do it all the time. They won't even think twice about it.

Quote:
If true, why wouldn't my PCP ask me if I want this done when he refers me to a specialist? Again, I don't think that this has ever been told to me or anybody else in my immediate family.
That would be between you and your doctors. A few things that come to mind would be that a specialist may not need your entire history. If an ENT needs to know that you had your appendix removed in 2001, they'll ask. Also, if your PCP is referring you, there's a good chance you're being referred to someone in the same network that can already access your records, especially if they use a system like Epic.

Quote:
Originally Posted by SamuelA View Post
He's saying that in the case of if you have records with a big local hospital, those specific records he can access with some level of hassle. (it is not the near automatic under 60 seconds, records are in their original form mechanism that would be possible with cloud-based record repositories)
I don't think there's really any level of hassle. As I mentioned upthread, I try, whenever possible, to stay in the same medical group just to make this all easier. I can tell you that my PCP, my neurologist (migraines), a GI doc I used to see and one or two others can all pull up my records without any trouble. My PCP can prescribe me a new med and my neuro can see it the next time I'm there. In fact, my PCP has even looked over my meds and suggested I get off of one that my neuro put me on because he was concerned about it causing kidney stones. Without all the records combined, he may not have picked that up.

Relaxing HIPAA, to me, doesn't sound like a great idea. Having some sort of combined cloud system, maybe. In fact, I've often thought about a system just like that for prescriptions. A lot of people that don't know the names of meds or which ones are essentially the same, may be taking far more than they realize. I can picture someone being prescribed Vicodin by their GP for knee pain, not realizing that when then their dentist gives them Percocet for a toothache, that taking two Vicodins and two percocets is going to get them far higher than they may be prepared for.
Enough people do that by accident with OTC meds* that this likely happens more often than we realize when people blindly do what docs tell them. At least if you get all your meds from the same place, the pharmacist will hopefully catch it.


*Think about how common it is for someone to take, for example, DayQuil for a cold, and Tylenol for a headache, not knowing that there's Tylenol in the Dayquil. Or, my favorite example, Tylenol PM. I hear so many people taking that to help them fall asleep. I've told so many people that the PM part of Tylenol PM is just benedryl. If they just want to fall asleep, take some benedryl and leave the Tylenol out of it. A few years back, my sister woke up in the middle of the night because of some itchy rash or bug bite. She took a bunch of Bendryl for the itch and some Tylenol PM to fall back asleep. She didn't realize (not that it's a big deal with benadryl) that she doubled how much benedryl she thought she was taking.

TL;DR, take OTC meds based on the ingredients listed on the back, not the marketing on the front. There's a lot of overlap.
  #38  
Old 09-22-2019, 03:38 PM
Bryan Ekers's Avatar
Bryan Ekers is offline
Charter Member
 
Join Date: Nov 2000
Location: Montreal, QC
Posts: 59,239
Quote:
Originally Posted by rsat3acr View Post
I am a dentist and HIPPA applies to us also. Before HIPPA an employer could call me up and ask for your records and I would have said no. End of story.
Quote:
Originally Posted by Qadgop the Mercotan View Post
HIPAA
So you're recommending a hippa replacement?
__________________
Don't worry about the end of Inception. We have top men working on it right now. Top. Men.
  #39  
Old 09-22-2019, 04:36 PM
Voyager's Avatar
Voyager is offline
Charter Member
 
Join Date: Aug 2002
Location: Deep Space
Posts: 46,548
Quote:
Originally Posted by SamuelA View Post
You are not correct. This in fact is how we know many of the possible negative side effects of current treatments and medications - it takes huge numbers of records. The problem is that the sets are still too small and thus erroneous conclusions are constantly being made. It's a lot harder to make an error with a trend when n=10 million than when n = 100.
I'm not talking about number of records. However, if you know sampling theory, accuracy does not grow linearly with number of samples. Assuming that your samples are taken in an unbiased (in the data sense) 2,000 - 3,000 is usually enough.

What I meant by dumpster diving though is that you don't look at tons of data, see some kind of trend, and think you've demonstrated anything. Any data set is going to have some apparent correlations between variables about something. You use the apparent effect as a hypothesis, design an experiment with new data, and go from there.
  #40  
Old 09-22-2019, 05:47 PM
SamuelA is offline
Guest
 
Join Date: Feb 2017
Posts: 3,711
Quote:
Originally Posted by slash2k View Post
Justify to whom? What leads you to think I would tell anybody that I used improperly-obtained records in my hiring decision? I just decided the other guy interviewed better, or I really liked the experience she had on product X, or the skillset somebody else had. I certainly wouldn't mention it was your weight and your history of depression.
EXACTLY. It already is this, so it doesn't make any difference if medical records are also out there. You are already being discriminated against for tons of illegal reasons.
  #41  
Old 09-22-2019, 05:52 PM
SamuelA is offline
Guest
 
Join Date: Feb 2017
Posts: 3,711
Quote:
Originally Posted by Voyager View Post
I'm not talking about number of records. However, if you know sampling theory, accuracy does not grow linearly with number of samples. Assuming that your samples are taken in an unbiased (in the data sense) 2,000 - 3,000 is usually enough.

What I meant by dumpster diving though is that you don't look at tons of data, see some kind of trend, and think you've demonstrated anything. Any data set is going to have some apparent correlations between variables about something. You use the apparent effect as a hypothesis, design an experiment with new data, and go from there.
For the former, this requires access to all data per my OP. Read my OP again, I point out that voluntarily releasing of data does make available medical data in the range of numbers you name, but voluntary releases bias the data.

For the second, this is no longer true, there are many other ways.
  #42  
Old 09-22-2019, 06:30 PM
Telemark's Avatar
Telemark is offline
Charter Member
 
Join Date: Apr 2000
Location: Just outside of Titletown
Posts: 22,988
Quote:
Originally Posted by SamuelA View Post
EXACTLY. It already is this, so it doesn't make any difference if medical records are also out there. You are already being discriminated against for tons of illegal reasons.
It doesn't make sense to give vital information to people who can't be trusted. So yes, it does make a difference.
  #43  
Old 09-22-2019, 11:12 PM
Max S. is offline
Guest
 
Join Date: Aug 2017
Location: Florida, USA
Posts: 1,550
Quote:
Originally Posted by Qadgop the Mercotan View Post
Not precisely true. If I am one of your treating physicians, I can request records from other providers past and present, and get that info without your consent, unless it is for records on psychiatric disease or HIV infection.

I do this multiple times a week, and get those requested records without a release signed by the patient without issues. That is the law; a treating physician doesn't need patient permission to obtain most past records. Your submitting to treatment in the first place is implied consent for your treating physician to access past medical info.
HHS.gov cite: Does the HIPAA Privacy Rule permit doctors, nurses, and other health care providers to share patient health information for treatment purposes without the patientís authorization?

However, where I work, almost none of the other medical offices permit the release of medical records to our office without a signed release on file. But that is an office policy, not the law.

~Max
  #44  
Old 09-22-2019, 11:21 PM
Max S. is offline
Guest
 
Join Date: Aug 2017
Location: Florida, USA
Posts: 1,550
Quote:
Originally Posted by SamuelA View Post
I feel like all medical records should be kept in massive cloud databases ("google health"), not socked away in individual clinics and hospital networks, and accessible to all authorized physicians who are seeing a specific patient. (no more filling out the same goddamn form every doctor you go to, and patients will no longer forget critical information in the "have you EVER" section)
Logistically, how do you propose this be accomplished? Before you start to answer that question, can you work out a baseline as to how much data would need to be stored in such a database? Our teeny practice alone creates at least a couple gigabytes of data per day. One of the contributing factors is that we use a hybrid system (paper and EMR) our machine scans images, not text.

ETA: I remember reading that some thirty-percent of the world's data storage is already devoted to health records... and that was maybe six years ago, before Meaningful Use came into effect.

~Max

Last edited by Max S.; 09-22-2019 at 11:23 PM.
  #45  
Old 09-22-2019, 11:33 PM
slash2k is offline
Guest
 
Join Date: Feb 2014
Posts: 2,436
Quote:
Originally Posted by SamuelA View Post
EXACTLY. It already is this, so it doesn't make any difference if medical records are also out there. You are already being discriminated against for tons of illegal reasons.
You have it exactly backwards. Putting lots more records "out there" gives many more opportunities for illegal discrimination, which is a pretty big difference.
  #46  
Old 09-22-2019, 11:36 PM
Max S. is offline
Guest
 
Join Date: Aug 2017
Location: Florida, USA
Posts: 1,550
Quote:
Originally Posted by SamuelA View Post
And, in turn, licensed cloud providers must make their indexes and records accessible to all other licensed cloud providers.
A more reasonable first step might be to lay down a standard format for electronic health records. You may not realize it but the electronic records in my office are organized differently than the records in most other offices. Behind the scenes our EHR system uses some sort of proprietary XML-based system. Sure, it can export basic information according to H.L.7 standards - but not everything, and not even everything clinically relevant.

~Max
  #47  
Old 09-23-2019, 08:51 AM
jz78817 is online now
Member
 
Join Date: Aug 2010
Location: Under Oveur & over Unger
Posts: 12,333
Quote:
Originally Posted by SamuelA View Post
Again, I keep saying this over and over again. There is nothing I can say or do or find myself diagnosed with that there won't be thousands or millions of other people with the same thing. I am not famous. Nobody will give a shit what disease I personally end up with, or what sexual proclivities I tell a psychiatrist.
that's all well and good for you.

Quote:
I am saying this is true for nearly all of humanity. Only a teensy, tiny fraction of us are famous enough to have a genuine, legitimate reason to need medical privacy. The rest of us will not benefit in any way from it.
nobody appointed you to decide what is good or true for nearly all of humanity. You seem to hold tech solutions like "the cloud" as the answer to everything. And you're going to find ways to force your beloved tech into everything whether or not it's appropriate. People have legitimate reasons to not want their medical histories available to everyone. Your need for "tech everywhere" doesn't trump that.
  #48  
Old 09-23-2019, 11:00 AM
Max S. is offline
Guest
 
Join Date: Aug 2017
Location: Florida, USA
Posts: 1,550
Quote:
Originally Posted by SamuelA View Post
Again, I keep saying this over and over again. There is nothing I can say or do or find myself diagnosed with that there won't be thousands or millions of other people with the same thing. I am not famous. Nobody will give a shit what disease I personally end up with, or what sexual proclivities I tell a psychiatrist.

I am saying this is true for nearly all of humanity. Only a teensy, tiny fraction of us are famous enough to have a genuine, legitimate reason to need medical privacy. The rest of us will not benefit in any way from it.
I have underlined what I believe is your central argument: most people should not value privacy in healthcare. It appears that you support this argument by generalizing your own opinion. I will now offer four counterarguments.

First is the argument that privacy is a human right or morally good in and of itself. This is an axiom. There are tentative arguments about dignity and liberty but I think such a debate ought to be reserved until you explicitly reject the premise that privacy is a right. My understanding is that the legal community has taken the view that privacy is a right.

Second, if you do agree that privacy is a right, but argue that the right to privacy crumbles in the face of the public good provided by aggregate health studies, realize that some people outright reject that form of utilitarianism. To some, "the needs of the one outweigh the needs of the many" (Star Trek III: The Search for Spock, 1984). That debate is a topic in and of itself. Even among utilitarians, the burden of proof is on you who would stray from the status quo. You must show how potential benefits from a centralized health registry outweigh the assured violations of everybody's right to privacy.

Third is the concern, related by others in this thread, that health information may be used against you. When health information is disclosed to your family and friends, it can result in stigma or embarrassment. When health information is exposed to employers and insurers, it can result in discrimination. As you noted, this potential discrimination is not necessarily something the government can crack down on even if it wanted to. For the very famous or paranoid, health information can be exploited by bad actors to cause direct, physical harm to the person (eg: assassins injecting with venom a person who has a history of anaphylaxis to vespids).

Fourth, there is the concern that many people who value privacy for the aforementioned reasons will stop seeing doctors or withhold important information from doctors if their privacy is not guaranteed. In the industry this guarantee is known as confidentiality. We saw this most strikingly in the field of mental health, especially during debates over mandatory reporting. You have admitted that mental health should still be protected, but the point is that the same rationale extends to all forms of health information - unless the patient is at risk of harm or of harming others. Specifically, if people are not given assurances as to confidentiality, they will stop seeing or cooperating with doctors and your aggregate data will still be biased, but now people aren't being properly treated.

~Max
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Forum Jump


All times are GMT -5. The time now is 07:23 AM.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2019, vBulletin Solutions, Inc.

Send questions for Cecil Adams to: cecil@straightdope.com

Send comments about this website to: webmaster@straightdope.com

Terms of Use / Privacy Policy

Advertise on the Straight Dope!
(Your direct line to thousands of the smartest, hippest people on the planet, plus a few total dipsticks.)

Copyright © 2019 STM Reader, LLC.

 
Copyright © 2017