Protecting Your Medical Privacy

By Sue A. Blevins
Summer 1998

At a recent workshop for think-tank leaders, I asked a group of free-market advocates, "How many of you would want to be cloned?" Only one out of some seventy-five answered in the affirmative. When asked, "How many of you would support a ban on cloning?" only three individuals raised their hands. This informal poll posed an interesting dilemma: How does one prevent being cloned if there is no ban on cloning or prohibition on the collection of genetic information?

Part of the answer lies in medical privacy. One way to ensure that genetic information is not used without permission is to allow individuals to keep their medical records, including genetic information, private. That means Americans should not be forced to use a "unique health identifier." The Health Insurance Portability and Accountability Act of 1996 allows the federal government to create a new electronic database and to record in it a unique number for each American. The identifier would permit the federal government to tag, track, and monitor individuals' medical records. Supporters tout it as an efficient way to bill for health care services, standardize medical information, and give doctors greater access to patient records in emergencies.

But the road to abuses of genetic material runs through this bureaucratic mandate. The database makes all individual medical information available to the government. That could include patient tissue sample data. The assumption is that only essential data will be collected. But would it truly stay limited?

Consider an analogy. In order to apportion electoral votes among the states, the Constitution authorizes the federal government to conduct a census. All Washington needs to know for that purpose is an individual's name and place of residence. But census forms not only ask gender, age, and ethnic group, they seek information about how many bedrooms you have, how much you spend to heat your house, and other questions that have no relevance to the allotment of congressmen. The government and special interest groups comb through the information looking for excuses to create new programs, and businesses want the data for marketing purposes.

It can be expected that medical data will increasingly be used for those purposes as well. And useful medical research often requires access to the entire medical history of many individuals. ("What percentage of individuals over fifty years old had both ailment X and Y?")

As Dr. Bernadine Healy, former director of the National Institute of Health (NIH) recently pointed out, the patient identifier violates the fundamental ethical principle of research involving human subjects: informed consent. "Patients used in research must be informed, must understand any potential risks and benefits, and must voluntarily agree to participate," Dr. Healy says. "Patients may not be coerced into participating in research, and may not be deprived of care if they refuse. But with the federal database, patients do not have the choice of participating or not participating in research; all medical treatment becomes research data."

Further, as the NIH budget grows, its appetite for medical data will grow with it-meaning the new database will get heavy use. Congress plans to increase the agency's FY 1999 budget by $1.24 billion to a total of $14.8 billion-a 9.1 percent increase and $99 million more than President Clinton requested.

Congress might also undercut medical privacy through the Republican's so-called "Patient Protection Act." It would preempt thirty-five state laws protecting the confidentiality of medical information. While in some cases individuals might be better protected, in others, a diluted federal law will replace strong state laws. That is no way to protect patients.

Forcing Americans to share their personal medical information strips them of their right to privacy. As the ACLU's legislative Counsel Solange Bitol says, "Our laws are more protective of video rentals and the books we check out from the library than they are of our medical records."

Instead of regulating the "protection" of medical information, Congress should stop government information collection. Individuals could then protect themselves with private contracts that would state clearly whether patients permit the sharing of information for biomedical research. There need be no conflict between patient privacy and medical advancement. The key is the constitutional protection of medical privacy.

This article was originally published in the Cato Institute's journal Regulation, Volume 21, Number 3, Summer 1998.