Two recent op-eds discuss the privacy risks that can arise for medical data, including prescription data. At the Wall Street Journal, Patient Privacy Rights founder Deborah Peel, a psychiatrist, writes an opinion piece headlined “Your Medical Records Aren’t Secure,” about electronic health (e-health) records:
A patient’s sensitive information should not be shared without his consent. But this is not the case now, as the country moves toward a system of electronic medical records.
In 2002, under President George W. Bush, the right of a patient to control his most sensitive personal data—from prescriptions to DNA—was eliminated by federal regulators implementing the Health Information Portability and Accountability Act. Those privacy notices you sign in doctors’ offices do not actually give you any control over your personal data; they merely describe how the data will be used and disclosed. [...]
Electronic records, Mr. Obama said in his 2009 speech, “will cut waste, eliminate red tape and reduce the need to repeat expensive medical tests [and] save lives by reducing the deadly but preventable medical errors that pervade our health-care system.”
But electronic medical records won’t accomplish any of these goals if patients fear sharing information with doctors because they know it isn’t private. When patients realize they can’t control who sees their electronic health records, they will be far less likely to tell their doctors about drinking problems, feelings of depression, sexual problems, or exposure to sexually transmitted diseases. In 2005, a California Healthcare Foundation poll found that one in eight Americans avoided seeing a regular doctor, asked a doctor to alter a diagnosis, paid privately for a test, or avoided tests altogether due to privacy concerns. [...]
Electronic record systems that don’t put patients in control of data or have inadequate security create huge opportunities for the theft, misuse and sale of personal health information.
At the Atlanta Journal-Constitution, Bob Barr writes about the “prescription drug database battle.” Barr is a former congressman and presidential candidate (for the Libertarian Party), and currently heads consulting firm Liberty Strategies.
Federal and state drug agencies want Georgia to create a database of doctors who prescribe pain medications, pharmacists who fill prescriptions for pain medications, and patients who receive prescription pain medications. And law enforcement agencies are employing a full-court press in the General Assembly to get what they want. Whether they succeed against a coalition of state senators and representatives concerned about such a privacy-invasive database, remains very much up in the air as the General Assembly enters the home stretch of its 40-day session. Hanging in the balance is the question of whether law enforcement and regulatory agencies across the state and across the nation will have ready access to Georgia citizens’ private medication records — to be analyzed, cataloged and manipulated in ways they will never know.
It isn’t that law enforcement is interested in data basing every prescription a doctor writes and which a pharmacist fills; at least not yet. The immediate concern is with pain medication; especially those in the opiate family of drugs, such as oxycontin, included on the federal and state “controlled substances” lists. Also included in such a large dragnet, however, are many prescription medications other than pain pills; medications such as sleep aids, behavior drugs like Ritalin, and cold medications including pseudoephedrine. [...]
Leaving aside for the moment the fundamental principle that what a doctor prescribes for a patient should be the concern of the doctor and his patient, and not law enforcement or government regulators, the bill pending before the Georgia General Assembly (currently, SB 418) to create a mandatory electronic database to monitor prescription drugs, sweeps far too broadly and raises serious privacy and other constitutional concerns.
Possibly related posts: