Help patients protect the privacy of health info

Or quality of care and research could suffer

Even with concerns about the privacy of on-line health information, health care Web sites continue to stress building a relationship between patients and their providers over the Internet.

As an example, Shared Medical Systems Corp. (SMS) in Malvern, PA, and drkoop.com in Austin, TX, recently created an on-line health care community. The alliance unites 1 million registered users of drkoop.com, more than 2,000 U.S. health care organizations, and more than 200,000 physicians affiliated with SMS.

Many in the health care industry see the advantages in having on-line health information. "The Internet gives the advantage of speed over size, and bureaucratic health care organizations could fail in this race among smaller, adaptive entrepreneurial ventures," says David Chin, MD, principal in charge at PricewaterhouseCoopers’ Boston Health and Welfare Practice. "We foresee new types of business models such as virtual medical records warehousing or insurance products through the Internet."

Others predict dire consequences. Some privacy experts see efforts by some health Web sites as a privacy disaster waiting to happen. "This is a critical situation. The information technologies have way outpaced our capacity to even understand how to keep anything private," says Peter Kane, MSW, LCSW, BCD, executive director of the National Coalition for Patient Rights in Lexington, MA.

The nature of health information on the Internet makes it more accessible to outside parties than information kept on paper but under lock and key. "We think consumers should be very careful," advises Kane.

Kane sees tensions in the thrust to improve quality of care by connecting providers and patients on-line and the limitations in the technology. On-line access could actually result in distortions of quality of care in the event of a widespread and publicized privacy violation of on-line health information, he says.

When consumers start to lose confidence in the privacy of the system, they will be more careful about what they say to their providers, Kane explains. They may hide part of their medical history or even distort it to keep that part from being placed in their on-line records. Patients may also try to segment their treatments so they will get treated somewhere else for a more sensitive condition.

"This is dangerous in terms of clinical care," Kane says. "Physicians need to know the whole clinical picture if they are going to make a good clinical judgment." Withholding information could also endanger the quality of research because the health information is distorted.

"A small percentage of distortions from people avoiding telling the truth is enough to ruin the quality of the work," he adds.

The Internet Health Coalition in Atlanta is in the process of releasing a set of regulations — that it wants to become industry standard — with regard to maintaining the privacy of health-related information on the Web, says Charles Stewart, communications officer for the California HealthCare Foundation in Oakland. Such a standard should encourage consumers concerned about privacy to use Internet health services.

The coalition, however, is working against the potentially profitable enterprise of gathering and selling information about consumers who use Internet services. "There is always the danger that some companies are going to go ahead and not be bound by any self-imposed regulations. Or that the regulations simply won’t be adopted on a large enough basis to be effective," he says. Then the alternative would federal regulation.

Before the government steps in, Stewart encourages health care providers and health information management professionals to adopt a uniform standard for privacy of health-related information on Web sites. The foundation recommends such a standard in its report on privacy policies and practices of health Web sites. (For more information, see story, p. 52.)

"Adhere to that standard, and make sure any of the sites [you deal with] adhere to it, too, including any third parties involved in those sites. It’s meaningless for a Web site to tell you that it will protect your privacy if it has banner ads on its site that make no such promise."

Patients are more likely to trust any Web site recommended by their health care providers, Stewart says. "Physicians and direct health care providers are most trusted brokers in this process."

Kane offers these recommendations for pro-viders and HIM personnel in the handling of information on health Web sites:

Inform patients about the risks of placing their health information on-line. "Patients are being told not to worry about the privacy of on-line information," Kane says. "They are going to feel very violated [if anything happens]."

Give patients the choice of whether to place the health information on-line. "If you set up systems where everyone has to be on the Internet, you’re going to violate rights all over the place," he says.

Be careful about what is included in on-line records, and tell patients what will be included and what won’t. "Obviously, you need an authentic, quality clinical record," Kane says. "But you also need to be circumspect about not putting anything down that might be sensitive information and that you don’t have to include. You have to restore privacy to the clinical encounter."

Set up audit trails. "Setting up mandatory audit trails is critical," he explains. "If you have to release some information, there ought to be systems that can give patients part of that audit trail. They can find out who accessed their [identified] information fairly specifically."

Taking the time to ensure privacy of any health information placed on Web sites can help keep the dignity of patients intact, Kane says. "You don’t want to go down this garden path and find out you’re in the weeds."