Justice Department wants to release information from health investigations

Proposal could threaten confidentiality, create obligation to use data

What will they think of next? On top of all the other threats to the confidentiality of health care information posed by the sentinel event policy and fraud investigations, now the federal government is proposing a policy that would allow wide disclosure of many types of information uncovered during investigations of health care facilities.

If the U.S. Department of Justice gets its way, the Privacy Act of 1974 would be amended to allow the release of information obtained as a result of any civil or criminal case, fraud investigation, or any other matter that indicates patient harm, neglect, abuse, or poor or inadequate care at a health facility. That could include a great deal of confidential information that otherwise would be protected.

Risk managers are rolling their eyes at this one, calling it the latest threat to confidentiality and expressing fear that the proposed policy change could provide more ammunition to plaintiffs' attorneys and whistle-blowers, while creating a new obligation for using the data that previously did not exist.

"This could really be trouble," says Grena Porto, RN, ARM, DFASHRM, director of clinical risk management and loss prevention services at VHA Inc. in Berwyn, PA. She also serves as president-elect of the American Society for Healthcare Risk Manage ment. "The government seems really eager to score points with consumers, and if they do that at the expense of someone else, they don't seem too upset about it."

The Department of Justice published the proposed rule change in the Federal Register on Feb. 20, 1998, stating its intention to modify the regulations of the Privacy Act so information can be disclosed to any federal, state, local, tribal, foreign, joint, international, or private entity responsible for regulating, licensing, registering, or accrediting any health care provider or facility or enforcing any health care laws or regulations. In addition, infor mation related to an ongoing quality of care problem could be disclosed to a health plan, and information indicating harm, neglect, abuse, or substandard care could be disclosed to the affected patient or his or her representative or guardian.

Coming on the heels of the sentinel event debate, in which risk managers are unhappy about the Joint Commission on the Accredita -tion of Healthcare Organizations' failure to protect information that might be used by plaintiffs' attorneys, the proposal by the Department of Justice seems like one more hole punched in the barrier that keeps some health information off the street.

"The challenge for health care providers," Porto says, "is taking a reasonable, middle of the road approach between releasing information that the public needs to make informed health care decisions, and providing information that is so damaging to providers that it makes it difficult for them to function. This proposal might shift that balance way over to releasing information that is damaging to providers."

Guilt vs. throwing in the towel

Porto also is concerned that the information released could be misleading to consumers. When the federal government investigates a health care organization for fraud, for instance, the information ultimately included in the government's report may be more negative than it should be.

"When you get a bunch of FBI agents showing up in your office, some people have to just throw in the towel and go with whatever they say because you don't have the resources to fight," Porto says. "Even if you think they're wrong, you don't have the resources to fight this. So now, if you take all the information and release it to the public, it's pretty one-sided and damaging to the provider."

Another problem is that the same information can be used as the basis for a malpractice lawsuit. Most people would agree that too much health care litigation already occurs, and "now you're taking the resources of the FBI and other federal agencies to investigate situations and then turning the results over to a pretty hungry plaintiffs' bar."

System could threaten peer review process

Porto also expresses concern that widespread release of such information could threaten the peer review process because problems that normally are addressed by knowledgeable peers could be investigated, and then made public, by government agents. If an FBI agent decides a doctor prescribed the wrong antibiotic and releases that information, the system for dealing with clinical errors has changed completely.

"It's very scary from that point of view," Porto says. "I just don't see anybody wanting to work in a field where Big Brother is watching so much."

Fay Rozovsky, JD, MPH, DFASHRM, expresses similar concerns. A risk management consultant in Richmond, VA, she says the proposal "raises a very interesting specter for all of us in terms of how to make sure that information doesn't come back to haunt us at another time."

In addition to the risks posed by having information about your own facility out in the public domain, Rozovsky sees another problem from the other side. If all that information about other providers is out there for the taking, would you have an obligation to use it? Rozovsky thinks you would.

"Could a plaintiff not argue that had a health care system accessed this information, they would have or should have known that there was data readily available through this mechanism that should have been obtained?" she says. "We know that many federal regulators are smitten with tying false claims into quality of care issues. If these databases contained this information and you didn't access it, could that be a problem?"

Rozovsky also says the wide release of information could be used by whistle-blowers, particularly if the information shows you could have known of an employee's previous involvement in fraud and abuse by tapping the information newly released by the proposal. "People who may be disgruntled or see this as a moneymaking proposition can get access to this information. If they find out the facility has contracted with people it ought to have, that could be a violation of your corporate compliance program, and they could become a whistle-blower."

For now, the Department of Justice only has a proposal on the table. The comment period just closed, comments are being assessed, and changes might be made to the proposal. There is no timetable for when the proposal might be modified or moved forward.