Live From New Orleans: Physician, Regulate Thyself

What’s the best way to ensure medical privacy?

Let the healthcare business regulate itself.

That’s the word from the Direct Marketing Association’s Information Services Executive Council, which has addressed the issue in a paper called “Setting the Record Straight,” released on Sunday.

Under this plan, a governing body like the American Medical Association would have the power to “instantly revoke a physician’s license for violating any of the medical community’s rules,” the paper says. And who should set the rules? Groups that have already set some rules — like the DMA.

The paper’s author, Michael A. Turner, points out that Congress failed dismally to implement the Health Insurance Portability and Accountability Act in 1996. Instead, it had to turn to the Department of Health and Human Services (DHHS) to define the restrictions needed on medical data capture.

Since then the DHHS has been lobbied by privacy organizations to include strict limits — even for law enforcement agencies — on use of information on peoples’ health. Opponents would preclude the use of health identifiers to cross-reference files, and would require encryption when identifiable health data are transmitted.

Turner advocates the broad DMA position on medical privacy, under which DMA member companies are required to provide consumers with notice and choice before collecting and using health data divulged in surveys, or information inferred from responses to advertisements.

According to Turner, poorly conceived legislation will retard the collection of this information, and potentially inhibit hospitals’ abilities to contact former patients regarding new treatments or services or facilities. It will also harm hospital fundraising.

Turner also says that most medical privacy concerns are based on the potential for abuse, not actual incidents.