Sacred secrets? New Privacy Laws Could Amend the Hippocratic Oath


Texas Medicine Logo(1)


Cover Story -- February 2000  

By Monica Maldonado
Associate Editor

It's not as if the Hippocratic oath, which originally advised physicians against performing surgery or providing contraceptives, hasn't been reinterpreted before. But now lawmakers and organized medicine are poised to make significant changes to that aspect of the oath upon which the physician-patient relationship is based: trust. "The fact that patients come to us with some of their most personal information makes the physician-patient relationship unique," said Jim Rohack, MD, Texas Medical Association president-elect. "We have to limit access to this information."

As new pressures are placed on confidentiality, patients and physicians are starting to realize that their private information may not be so private after all.

The central question seems to be, Who has the right to know and under what circumstances? Usually this is a call made by the individuals involved, but increasingly, as litigation, managed care, new genetic frontiers, and cyberspace enter the discussion, physicians and their patients are looking for guidelines to support these decisions.

"I don't think anyone, other than the physician, is in the position to judge whether physician-patient confidentiality should be breached," said Deborah Peel, MD, an Austin psychiatrist. Yet so far, everyone from organized medicine to consumer groups to state and federal governments and the Clinton administration has offered a few suggestions. The effect, however, has been a patchwork of laws, and some managed care and pharmaceutical companies are taking advantage of the loopholes.

In one case, a pharmaceutical company wrongly enrolled a patient in a depression support program because the patient had been given a prescription for antidepressants. But the physician had not diagnosed the patient for depression; rather, she had given the patient the prescription to help her deal with sleeping problems brought on by symptoms associated with menopause. (See "Medical Privacy?" December 1998 Texas Medicine .) Dr Peel warns that physicians have to be wary of such practices "because diagnoses can be used by insurers in such a blatantly discriminatory fashion."

States can't agree  

Within this patchwork are not just holes, but also contradictions. According to a report issued by the Georgetown University Health Privacy Project, some states have fairly comprehensive laws, while others offer only minimal protection to the privacy of patients' medical records and then only to certain entities in certain circumstances. For example, the California Supreme Court ruled that a mental health professional has a duty to warn third parties of a patient's threats. In a recent Texas case ( Thapar v Zezulka) , however, the state Supreme Court ruled the opposite.

Three hundred bills were introduced in at least 35 states in 1999, proving that the patchwork of medical records privacy laws is a work in progress. That is why so many feel the federal government should establish legal privacy boundaries. In fact, in 1996, Congress passed a health insurance reform law that required it to adopt medical records privacy legislation by August 21, 1999. But Congress missed that deadline, so the US Department of Health and Human Services (HHS) was forced to propose its own federal privacy protections last September. Because of restrictions imposed by Congress, HHS can only protect medical information stored or transmitted in electronic form. Only Congress can enact laws protecting the large amount of medical records in paper form. Even HHS Secretary Donna Shalala, PhD, has said the best solution is for Congress to pass comprehensive legislation.

The HHS proposal received mixed reviews from the health care industry, though most agreed that it was an important first step. In general, the HHS proposal limits the release of patient information to health care professionals. But although it requires physicians, hospitals, and health plans to notify patients about how their medical information might be used, it does not require permission from patients to use the data. The information would be accessible by any one of these entities so long as the need for it deals with treatment, payment, or health care operations such as quality assessment, insurance rating, fraud and abuse detection, legal proceedings, and review of medical professionals' credentials.

According to Betty Jane Anderson, JD, special counsel to the American Medical Association, the HHS proposal has key flaws. "It's a lengthy proposal and difficult to interpret," Ms Anderson said, "and then Shalala has taken the subject [electronically transmitted individually identifiable health information] and attempted to indirectly bring in paper records." So while the regulation would technically apply only to physicians and those who transmit health information electronically, according to AMA, the indirect effect would suggest that all information -- paper or electronic -- would be subject to the standards unless the information always stays in paper form only. "If you have electronic claims processing, then the original paper claims are used to substantiate those, and those get included," Ms Anderson said.

The regulations also would allow patients to access, copy, and amend their own health information, a proposal "somewhat disturbing to the physician community," Ms Anderson said. "You're talking about the possibility of having to hire another body to authorize all those requests." Health plans would have to create a system for this proposal, too. While HHS predicted the financial impact of such a measure on health plans would be at least $3.8 billion over the next 5 years, some believe that number has been greatly underestimated. Blue Cross and Blue Shield of America says the estimate should be as high as $43 billion.

A federal "floor" or "ceiling"?  

Because so many consumer and physician groups have raised concerns over the proposal, HHS extended the deadline for comments until February 17. The Texas Medical Association has already begun preparing its submission. "We're concerned it's too liberal with patients' medical information," said Wes Cleveland, JD, TMA's assistant general counsel.

Another concern is the preemptive effect the regulation may have on state laws. "The state of Texas has a better record than most other states for keeping medical information in the hands of physicians," said Mr Cleveland, "so we want to clarify what effect, if at all, these regulations would have on some of our state laws."

The issue of whether federal law should trump state law is one of the biggest debates in medical records confidentiality initiatives. While the intent of the HHS regulations is not to preempt state laws, congressional action -- which could still happen -- could preempt the states, thereby creating a "ceiling" of privacy laws, which insurers would favor. Dean Rosen, general counsel and senior vice president for policy at the Health Insurance Association of America, told the Bureau of National Affairs' Health Law Reporter in November, "Even if numerous state laws are lenient, it's difficult from a compliance perspective. Our policy supports relatively broad preemption."

In response to the question of whether Texas should create stronger laws than those the federal government is proposing, State Sen Jane Nelson (R-Flower Mound), chair of the Senate Health Services Committee, said, "That remains to be seen because the federal debate is still going on. I will say that Texas has a history of going above and beyond federal law when it comes to protecting physicians and patients."

Texas' privacy battles  

As a result of the 1999 session of the legislature, Senator Nelson's committee was charged with reviewing the availability and use of patient-specific medical information, and exploring whether Texas' statutory and regulatory provisions are consistent and adequately enforced.

In working through these issues, Senator Nelson said, "I certainly will be sensitive to the fact that anything we do could affect the internal operations of some private companies, but I think we need to close the door completely on certain practices that are blatantly violating the intent of our medical privacy laws."

For example, Dr Peel says, when physicians sign with a health maintenance organization, it often implies a blanket release on information from the physicians' patients. "So the insurer can go on a fishing expedition and try to get information on patients that's not directly pertinent to payment. If the doctor questions it, the insurer can say, 'Fine, then we just won't pay you.'"

Dr Rohack says TMA definitely will follow the progress of the committee and both houses of the legislature during the next session. "Though you can't predict what's going to happen in the next session, TMA tries to interact with our legislative delegation through physicians in their districts to ensure that whatever regulations are imposed don't penalize Texas patients."

This past year, the state did see some significant new developments regarding patient privacy. One was passage of a bill requiring physicians to make every effort to obtain parental consent before performing an abortion on a minor. It isn't a privacy law directly, but the notification aspect falls under that category.

"I think mandatory reporting in this case is a disaster," Dr Peel said. "Girls who have early pregnancies are typically extremely troubled. The ones who aren't turning to their families are doing that for a very good reason."

Senator Nelson, however, frames the debate in terms of parental consent for major medical procedures. "We are talking about minor children, and there is no major medical procedure that a minor can undergo without parental consent, except for an abortion. Our new law simply extends parents' rights to cover this medical procedure."

In fact, the Texas Family Code allows a child to consent to any surgical treatment regarding her pregnancy except abortion. According to Mr Cleveland, the constitutionality of the parental notification act has yet to be challenged, but it may conflict with the rulings in cases such as Roe v Wade .

In another important privacy law, the Texas Supreme Court handed down a decision regarding the medical privacy of psychiatric patients, a ruling directly opposite of the California case Tarasoff v Regents of University of California (see " Tarasoff in Texas," March 1999 Texas Medicine ). In that case ( Thapar v Zezulka ), the Texas court held that a mental health professional does not have a duty to warn third parties of patients' threats.

"The difference between the Zezulka case and the Tarasoff case is that the Texas court recognized there was no confidentiality provision that would allow physicians to warn identifiable potential victims," said Donald P. Wilcox, JD, TMA general counsel. "In Tarasoff , the court felt the danger to the identifiable potential victim was sufficient to override physician-patient confidentiality."

According to Texas law, a "professional may disclose information only to medical and law enforcement personnel only if the professional determines that there is a probability of imminent physical injury by the patient to the patient or others or there is a probability of immediate mental or emotional injury to the patient." Unlike the law in California, Texas law does not allow the physician to warn the potential victim.

As a result, many feel the court's decision elevated the importance of health care confidentiality statutes in the state. "I think the profession struggled with California's Tarasoff ruling for a long time," Dr Peel said. She says she's not sure what effect the California case or the Texas case will have on the way most psychiatrists make decisions about a patient's privacy. "I think most physicians protect the patient absolutely as far as they can until they feel it is a risk to the public."

The opinion of the TMA Board of Councilors states that, in similar circumstances, the physician "should take reasonable precautions for the protection of the intended victim." Mr Wilcox said, "In light of the court's opinion, the board will be looking at this at the TMA Winter Conference in February."

Organized medicine speaks  

In December, the AMA House of Delegates responded to at least one question regarding disclosure of privileged information. The new policy places public safety over the confidentiality of patients by making it "desirable and ethical" for physicians to inform state departments of motor vehicles about patients whose impairments might adversely affect their driving ability and who have not restricted their driving.

"We're not telling the doctor to say, 'You can't drive.' We're saying it's desirable that you report and that it is ethically permissible to report," Herbert Rakatansky, MD, chair of the AMA Council on Ethical and Judicial Affairs (CEJA), told American Medical News in December.

CEJA's new policy outlines the responsibility of physicians to discuss with their patients the implications of driving in their conditions and to disclose to the patients the physicians' ethical and legal responsibilities of reporting such information to state authorities. Opponents of the policy change worry that it will inhibit patients from disclosing certain information to their doctors, especially those patients who may not be as compliant with physician recommendations to curb driving, such as those with addictive disorders. They also argued that, in the end, it would only make physicians more susceptible to legal action.

Most state laws already require doctors to report gunshot wounds, child abuse, and some communicable diseases. So, is the new policy out of bounds? Dr Rohack says the policy simply extends the physician's responsibility to public health. "Part of being a physician is having to balance our responsibility to our patients with our responsibility to the safety of society. This policy creates protections for the physician so he or she can protect the public good," he said.

"A permissive law, like the guidelines set up by the AMA, is more protective of physicians' decisions," said Dr Peel. "But a law that says a physician must disclose certain things doesn't leave any room for the physician's judgment."

Ultimately, Dr Rohack maintains, the decision of who gets access to the patient's medical records is the patient's decision. For example, last fall, Arizona Sen John McCain, a contender for the Republican presidential nomination, offered to make public his complete medical history. Various consumer privacy advocates worried that his action would set a bad precedent for patient privacy, and Dr Rohack says TMA also would be concerned. "But his announcement also shows another important element of the patient's right to privacy," he explained, "and that is that ultimately he -- the patient -- should have control of who gets to see his medical records."


Medical records guidelines

The Texas Medical Association Office of General Counsel offers guidelines regarding the law of medical records release based on the Medical Practice Act of Texas. For a copy of these guidelines, contact the TMA Knowledge Center at (800) 880-7955; (512) 370-1550; or email TMA Knowledge Center .

February 2000 Texas Medicine Contents
Texas Medicine Back Issues