(I promise! I will try to make my next post something more light-hearted! This is just an issue I've been paying a lot of attention to lately, so I keep learning new stuff I want to share...)

There's a long-standing belief that one of the guiding principles of medicine is that our medical records are confidential, and that our health matters are not disclosed to anyone other than ourselves, another physician who is consulting or taking over our care, a person we specifically give permission to see our record and - in the case of certain infectious diseases - the local health department, if it's mandated by law.

That list, it seems, may be about to get bigger - especially that last category - things reported to the health department. Currently, tests are being done on a system that would "streamline" and "automate" the reporting of our health records to governmental agencies. As noted by Sandy Swarcz [Emphasis mine]:

A report in the new issue of Morbidity and Mortality Weekly Report, a publication of the U.S. Centers for Disease Control and Prevention, gives us a picture of the future, as health insurers and governmental agencies perfect the surveillance capabilities of electronic medical records.

Harvard Pilgrim Health Care,** Atrius Health, the Massachusetts Department of Public Health, and the Department of Ambulatory Care and Prevention at Harvard Medical School collaborated, under the auspices of the CDC Center of Excellence in Public Health Informatics at Harvard Pilgrim Health Care and Children’s Hospital in Boston, to create a system called Electronic Support for Public Health (ESP). This system, designed to be compatible with most commercial electronic medical record systems, will automatically scan medical records, including patient demographics and vital signs, lab tests ordered, prescriptions, diagnostic tests and ICD-9 billing codes to identify illnesses and electronically report them to government health departments. It also includes healthcare provider details.

The MMWR paper, authored by J Dunn, MPH, at Harvard Medical School and Harvard Pilgrim Health Care, said that traditional reporting methods often lack sufficiently detailed information for public health purposes, such as targeted investigations and interventions, nor do they integrate different sources of information in a way to make case identifications.

In other words, where as our current system is supposed to ensure that, even when statistical information about reportable health conditions are send to the CDC, it is generally send without identifying information to help preserve our confidentiality, one of the functions of this new system will be to help make sure that they can identify each case.

This isn't entirely unprecedented - last year, plans were underway to require all states to start tracking all cases of HIV/AIDS by name. Until now, most states have used anonymous patient code identifiers, to help ensure the privacy of HIV/AIDS patients. Now, however, the Federal government is requiring that the records be kept using the patient's name. In addition to the general violation of privacy that creates, there are concerns that some people will not get themselves tested or treated until it's far too late out of concerns that a record identifying them as an HIV/AIDS patient will then be created, and, of course, there are also the security concerns that come with something like this. Keeping records in an electronic database that's set up for allowing information to be easily shared between various agencies, offices and companies means that there is a risk of someone breaching any security on that system and obtaining the information it contains. (And that's not just a concerns for HIV/AIDS patients, but for anyone who has a health record in this system.)

Sandy also points out [Emphasis Sandy's]:

An accompanying CDC editorial note regretted that electronic medical records don’t yet contain “certain pieces of key epidemiologic data in a coded form that can be identified readily by electronic algorithms. Examples include case contacts, risky behaviors, foreign travel, and relevant occupations (e.g., food handler or day care worker).” [emphasis added]

[Read this again. While communicable diseases might make these surveillance and involuntary reporting capabilities seem beneficial, think about the future implications and potentials for abuse (with no protections in place) -- of government and insurer surveillance of any lifestyle behaviors or 'disease' conditions they might consider as risky in the name of public health, the repercussions of the government reporting and sharing information about health conditions or “risk factors” with employers or other stakeholders, and that it even wants to be able to identify people you associate with and your movements. Think about the groundwork being laid. The CDC has already proposed policies for how the government can collect, use and sell our electronic medical records; and demonstrated it can enforce compliance by state health departments for tracking certain conditions by threatening to cut off their federal funding. The HHS has similarly shown it can make people comply with 'healthy' lifestyle and medical prescriptions by restricting healthcare benefits or government benefits; and affect doctors' compliance through pay-for-performance measures. The arguments** opposing legislation to protect the privacy and use of genetic information, used by the country's insurers, described how they envision using genetic information. The significance goes far beyond issues of security, identity theft and the confidentiality of private health information — in which we are regularly provided with examples of violations, such as the report this week of 61 patient medical records improperly accessed at UCLA, including those of California first lady Maria Shriver.]

Additionally, as a footnote, she adds [Emphasis mine]:

** Harvard Pilgrim Health Care, a New England healthplan with more than a million members, was last mentioned when its medical director of clinical policy spoke to the U.S. House, opposing the Genetic Information Nondiscrimination Act. [This legislation would prohibit health insurers from using genetic information to set eligibility, premium, and/or contribution standards; prohibit insurers from requesting or requiring genetic tests; prohibit employers from using genetic information in making employment decisions, such as hiring, firing, and promoting; and prohibit employers from requesting, requiring, or purchasing about an employee or an employee’s family member.] The law could get in the way of insurers who want the ability to mandate genetic tests to use in deciding what treatments they will cover or deny, and to identify people for compulsory disease management.

There's much more in Sandy's article, and I think its an issue that we should all give consideration to. Note that one of the conditions they want to be able to report on is "risky behaviours." That can be a pretty wide category. Certain sports are generally considered to be a "risky behaviour" - especially the newer "extreme" sports. Others might include eating habits, smoking, drug and/or alcohol use - and, of course, alcohol use and the use of medicines and/or other drugs by pregnant women could be examined to make sure she's not putting the fetus at risk - even your sexual orientation or various sexual practices could be included (especially if you develop an STI or have something else happen in which your sexual proclivities are relevant to your health treatment and are added to your record). Do any of us *really* want the government - and insurance companies, natch - to have that much information about us? I know I don't!