JOURNAL OF HEALTH, LAW, AND PUBLIC POLICY
                                     (Spring 1995)

REVIEW

Institute of Medicine. Health Data in the Information Age: Use, 
Disclosure, and Privacy. Washington, DC: National Academy Press 
1994. 272 pp. $39.95 cloth.
 
   Accompanying the current debate over health care reform is an 
equally important debate about the privacy of medical records. No 
information is more sensitive or potentially more stigmatizing 
than personal health records. At the same time, medical data have 
enormous value to researchers and health care providers, offering 
insight for the epidemiologist and quantitative assessment of 
health care effectiveness. Striking this balance is not an easy 
task. Understandably, the medical profession has followed closely 
the privacy discussion associated with proposed administrative 
reforms, but many of these issues are complex, and the policy 
proposals are often not clear.

   The Institute of Medicine (IOM) convened an expert panel to 
examine health data privacy issues and produced a first-rate 
report. Health Data in the Information Age is an important 
contribution to understanding the privacy concerns surrounding 
health care record-keeping. It joins the (too short) list of 
excellent government-sponsored publications on privacy.

   The IOM's central focus in this book is the Health Database 
Organization, the emerging entities that have access to person-
identifiable health data outside the health care setting and that 
release to the public such data and conduct studies about health 
providers and other health-related topics. The focus on these new 
entities reflects both rapid change in health care administration 
and the complexity of health care privacy. Gone are the days when 
a patient's records rested securely in the physician's filing 
cabinet. Now records move from provider to insurer through a 
myriad of claims systems, adjusters, and reviewers. The central 
message of the IOM report is that each of these organizations has 
a responsibility to ensure that information is accurate and 
complete, and that privacy safeguards are in place to limit access 
to personally identifiable information.

   The IOM report also endorses many of the mainstream proposals 
for privacy reform, including comprehensive federal legislation to 
replace the patchwork of laws that cover medical records, 
government review and a private right of action to enforce rights, 
the creation of a data protection board to ensure independent 
oversight of privacy policies, limitations on unnecessary 
disclosure, and restrictions on employer access. The IOM also 
tackled one of the more controversial privacy issues and 
concluded, as others have, that Social Security numbers should not 
be used to identify patient records.

   The report recognizes the need to ensure public access to data 
and generally to permit the release of aggregate information. But 
when the information is person-identified, the IOM recommends such 
disclosures only to other members of the Health Database 
Organization with comparable protection, to the individual record 
subject (typically the patient), to parents of a minor child, to 
guardians, to researchers, to practitioners once informed consent 
from the data subject is obtained, and to practitioners without 
informed consent in life-threatening situations.

   Will the exceptions swallow the rule? That is always a risk 
with privacy legislation. But the permissible disclosures outlined 
by the IOM appear to track closely the better privacy policies. 
Specific privacy problems, such as the possible misuse of health 
data by employers, are anticipated and addressed. Also, by 
emphasizing the value of making aggregate data available to 
researchers and others, the report makes clear that a good privacy 
policy and efforts to promote access to data for research can 
coexist as long as a clear line is drawn.

   Criticisms of the report are only minor. The legal analysis 
sometimes misses the mark. There is much discussion about the 
constitutional right of privacy. In practice, the Constitution has 
provided little support for medical record privacy claims in the 
United States. Privacy harms are usually redressed through private 
actions such as contract and tort, and sometimes by state 
agencies. Although the spirit of the Constitution may shape our 
beliefs about the right of privacy, common law and state statute 
provide most of the safeguards against the misuse of personal data 
today.

   The IOM report also places great emphasis on "preemptive" 
legislation, stressing the need for a new federal law to overwrite 
existing state laws. From an administrative viewpoint, a single 
national law would clearly be preferable. But from a privacy 
viewpoint, the desirability of that outcome is less clear. A weak 
national law that preempts a strong state statute will leave some 
persons with less protection than they previously enjoyed. A 
single federal law can also stifle innovative state initiatives.

   One solution to this problem adopted by Congress in areas as 
diverse as wiretap law and video rental record privacy is to pass 
a federal law that establishes a good privacy baseline and leaves 
the states the freedom to develop stronger safeguards if they 
choose. This approach also allows states to experiment with 
different strategies when new problems emerge. Such 
experimentation may later become the material of a better federal 
statute.

   Returning to the reason that privacy legislation is important, 
the report might also have considered the important instrumental 
dimension of medical privacy. Privacy may surely be viewed as a 
political claim or a human right, as many scholars have argued, 
but it is also a policy goal that enables us to exercise other 
rights and opportunities. Privacy protection offers an assurance 
to those who need medical care that they can be forthcoming about 
their needs and conditions. Will patients be as willing to seek 
medical care if their concerns will be made known to employers? An 
instrumental analysis suggests that privacy protection is a 
necessary precondition for good medical care.

   An even larger issue, not considered by the IOM group, is 
whether the interests of privacy would favor any of the current 
proposals for health care reform. For example, universal coverage 
might eliminate the concern that the disclosure of certain medical 
data would lead to disqualification for coverage. A single-payer 
program, with a centralized administrative system, would probably 
be easier to manage from a privacy perspective and could also 
remove the commercial incentives to disclose personal data. Even 
lifting restrictions on preexisting conditions removes the need 
for insurers to probe deeply into health care histories.

   Certainly these approaches introduce other costs, and privacy 
is not the only consideration for health care reform. But as more 
personal medical data are gathered, collated, and shared, privacy 
becomes an ever more important consideration for the design of a 
successful health care system. For this reason, those shaping 
policies for medical record systems should give the IOM privacy 
report close attention.

          Marc Rotenberg, Electronic Privacy Information Center

=============================================================