[This is an unedited transcript.]
Hubert H. Humphrey Building, Room 503A
200 Independence
Avenue, SW
Washington, D.C. 20201
PARTICIPANTS:
Robert Gellman
Don Detmer
James Scanlon
Simon Cohn
John Fanning
Richard Harding
Elizabeth Ward
Harvey Schwartz
Marjorie Greenberg
Robert Litt
Mike Barnes
Neil Gallagher
John Nielsen
Donald Palmisano
Steve Hoge
Denise Nagel
TABLE OF CONTENTS
Page
Call to Order 1
Welcome and Introductions
Review of Agenda
Law Enforcement Agencies 2
Health Care Providers
John Nielsen 120
Donald J. Palmisano 124
Steven Kenny Hogue 129
P R O C E E D I N G S [9:00 a.m.]
MR. GELLMAN: Good morning.
Agenda Item: Call to Order, Welcome and Introductions, Review of Agenda
MR. GELLMAN: This is the Subcommittee on Privacy and Confidentiality of the National Committee on Vital and Health Statistics.
This is the fifth of six days of hearing on health privacy issues.
I'm going to suspend all the explanations, which have been provided before, and just go to it.
The first thing we're going to do, however, is give everyone in the room a chance to identify themselves if they so choose, and we're going to begin with Dr. Detmer.
DR. DETMER: Don Detmer, University of Virginia. I chair the National Committee on Vital and Health Statistics.
MR. FANNING: Okay. I'm John Fanning. I work in the Office of the Assistant Secretary for Planning and Evaluation of HHS.
MR. GELLMAN: I'm Bob Gellman. I'm chairman of the subcommittee and otherwise a privacy and information policy consultant.
DR. HARDING: I'm Richard Harding. I'm a child psychiatrist from Columbia, South Carolina.
MS. WARD: I'm Elizabeth Ward. I'm an assistant administrator at the Washington State Department of Health.
DR. SCHWARTZ: I'm Harvey Schwartz from the Agency for Health Care Policy Research.
MS. GREENBERG: I'm Marjorie Greenberg from the National Center for Health Statistics and Acting Executive Secretary of the Committee.
MR. GELLMAN: We'll skip the witnesses for the moment. We'll come right back to you.
[Introductions of observers and guests.]
MR. GELLMAN: All right. Thank you.
This morning, the subject is law enforcement, and we have three witnesses here from various levels of law enforcement, and I'm going to let the witnesses introduce themselves when they speak, and if you'd like to begin, Mr. Gallagher.
Agenda Item: Law Enforcement Agencies
MR. GALLAGHER: Certainly.
Good morning.
I'm Neil Gallagher, Deputy Assistant Director, Criminal Investigative Division, Federal Bureau of Investigation.
I'd like to thank the committee for the opportunity to address the issue of health information privacy.
Health care fraud schemes take many forms and have been found in every part of the American health care industry.
They include physician fraud, durable medical equipment schemes, pharmacy billing fraud, drug diversion, laboratory scams, and many others.
The FBI's authorities in health care fraud extends beyond specific health programs. It includes all victims of the crime, whether Federal programs or private insurance companies, business entities, or individuals.
In order to identify the fraudulent activity, investigators have to, among other efforts, study the claims and benefits structure of the victimized program or plan to pick out the patterns of billing deceit. Accordingly, access to billing and related medical records becomes a crucial part of the investigation.
The Federal Bureau of Investigation has serious concern with the recent proposed revisions of certain bills such as Senate bill 1360 and its companion bill, the Health Information Protection Act, that would have created substantial impediments to law enforcement's obtaining and using health information necessary to conduct an investigation.
Any bill approved should include a provision exempting law enforcement from the restrictions on access to and use of health information.
I fully understand and I agree with the need for security of health care records. Certainly, the trend to computerize medical information, allowing potentially broad electronic access to these records, is a critical issue, as well as is the misuse of medical information.
However, to my knowledge, no such abuse by law enforcement has been cited by any of the proponents of medical privacy legislation.
Despite this, recent proposed legislation have included provisions that would have significantly altered current law and practice for the law enforcement community.
If implemented, they would have imposed substantial new burdens and costs on all Federal, state, and local law enforcement agencies who seek to obtain and use medical information, especially for use in non-health care fraud investigations.
Today, access to and use of medical records and other health information by law enforcement is subject to a number of safeguards which maintain the confidentiality of this sensitive material.
These include the rules governing grand jury secrecy, Federal and state privacy laws, and internal law enforcement agencies' procedures for handling evidence and for maintaining the confidentiality of criminal investigations.
Accordingly, exempting law enforcement from the regulatory scheme of any new medical privacy legislation would not expand law enforcement's access to or use of medical records but, rather, would merely maintain the status quo of confidentiality.
If the proposed restrictions were to be implemented, Federal, state, and local law enforcement agencies would be burdened with substantial additional procedural and substantive requirements.
These burdens would generate delay and impose substantial new cost, adversely affecting the criminal justice system.
In light of all of the above and in the absence of any documented history of abuse, any proposed medical privacy legislation should contain a provision which exempts law enforcement agencies from the restrictions imposed therein.
That concludes my prepared remarks. I would like to submit for the record those remarks, as well as a section-by-section analysis of certain provisions of the Health Information Protection Act.
Thank you.
MR. GELLMAN: Thank you very much.
Mr. Barnes?
MR. BARNES: Good morning.
I'm Mike Barnes, the prosecuting attorney of South Bend, Indiana, jurisdiction of about 250,000 people, including the University of Notre Dame.
I have served the people of my judicial district for almost 24 years and still actively try cases while supervising 16 assistant deputy prosecuting attorneys. My office prosecutes about 1,500 felony cases and about 8,000 misdemeanor cases each year.
On behalf of our country's prosecutors, I want to thank you for this opportunity to voice our concerns on the adverse impact that medical records privacy could have on local law enforcement organizations if, and I emphasize, if considerations are not given to the demands of our system of criminal law.
Perhaps as germane to today's hearing is the advice I provide to the 10 different police organizations within my judicial district, all levels of government, including State police, county police, city police, and town marshals.
This is important because these are the investigative agencies that I must advise on the impact of your work.
I've been a member of NDAA, our National District Attorneys Association, for 15 years, and I'm proud to be serving the prosecutors of America as the chairman of the board of that organization.
I'm here today to present you with the views of that 7,000-member organization.
In addition, I have been asked to represent the nation's attorneys general and their association today. Their views, I assure you, are the same as ours, and I would offer for the record a copy of their resolution on the Medical Records Privacy Act.
Let me emphasize that, both as public officials and as private citizens, we respect and prize the individual right to privacy. I want my medical records to receive protection just as much as the next law-abiding citizen.
But as a local prosecutor and as attorneys generals across the country, sworn to protect the citizens of our communities, we must most strenuously oppose any attempt to place undue and unneeded restrictions on any type of criminal investigation.
Before now, proposals concerning the confidentiality of medical records have been largely considered by those with interests centering on social and medical programs.
I would strongly urge that the view and perspective of those whom you charge with protecting the American public be heeded in this instance.
NDAA and NAG, the National Association of Attorneys Generals, have strongly and adamantly opposed restrictions being placed on law enforcement by proposals contained in legislation such as the Medical Records Confidentiality Act.
The obstacles that would be placed in the way of a prompt investigation and prosecution of criminal cases is not something that should be lightly ignored.
The privacy rules for medical records place limitations on timely access to medical information by police and other governmental investigative agencies and would most certainly work to the severe detriment of those who suffer the most from a crime, the victims.
Physical evidence of injuries and distinguishing body marks such as tatoos or scars are often the most readily available evidence that identifies the perpetrator of a crime.
A rapist who is injured while fleeing the site of an attack, the drug dealer wounded in a gang shootout, and the bank robber sprayed in the face with dyes often pre-positioned in bank funds are all examples of situations where physical evidence concerning the alleged criminal conduct is vital to the identification of a suspect and the successful investigation of the crime.
In a similar vein, scientific evidence provided by blood type or DNA may be a critical link in identifying a criminal and discoverable only from medical sources.
In each of these circumstances, the police may lack sufficient specificity to obtain a judicial warrant absent other evidence.
When I obtain a search warrant to search for bodily evidence, I must specify the location of the search -- that is, who will be searched, what I'm searching for, the injury or comparative medical information, and the basis for the search or nexus to the criminal conduct.
While the latter information would be reasonably available, the first two are much more problematic in the specificity required to obtain a warrant.
The consequences of placing ill-considered privacy restrictions on medical information are dire.
Criminal investigation requires law enforcement organizations to collect and analyze a multitude of individual pieces of evidence to provide sufficient facts upon which to charge and prosecute an individual.
Sometimes there are a number of available pieces of evidence, sometimes only a few. In either case, the evidence that can be provided by medical sources can be invaluable either to identify a suspect or to provide a crucial piece of incriminating information.
Any consideration that this type information be obtained only by judicial warrant is both impractical and unrealistic.
If no other evidence is available except that of a medical nature, an application for judicial review under current standards would be unsuccessful.
Moreover, even if a warrant is obtained, the ability to track down the recipient of medical care would frequently be untimely. Criminals seeking medical attention do not leave accurate identifying information, realizing that it could be used to trace them.
At trial, assuming that a defendant is identified at least partially based on medical evidence, the state's case would be subject to an additional challenge to show that medically-identifying information was properly obtained under these acts.
If it was not properly obtained by a warrant, the exclusionary rule would prohibit the use of that evidence at time of trial, as it would any other evidence subject to the rules pertaining to searches and seizures.
Even more egregious would be the situation where the medical information was critical in the initial identification of a rapist or killer and charges have to be dropped because of a breach of medical privacy.
Overly stringent protections would place law enforcement officials in the predicament of making a Hobbesian choice.
Do we chance violating medical privacy rights and identify a criminal, thereby preventing more victims, or do we walk away because all we have is a smear of blood or a semen sample?
I note that, during the 104th Congress, the issue of medical records confidentiality was considered by the administration.
The position taken then was to ensure that our citizens were afforded the protections they demand and deserve and continue to ensure that law enforcement had access to the information needed to provide the protection. I would urge that this commission heed the wisdom of that decision.
On behalf of all local prosecutors and attorneys general, I would like to thank you for the opportunity.
I understand the desire for privacy for medical information and I'm more than willing to continue to work with the commission so that the needs of law enforcement are met, while affording maximum protection to the American people.
Mr. Chairman, with your permission, I'd like to submit my remarks and the resolution from the National Association of Attorneys General.
Thank you.
MR. GELLMAN: Thank you very much.
Mr. Litt?
MR. LITT: Thank you.
My name is Robert Litt. I'm a Deputy Assistant Attorney General in the criminal division of the Department of Justice.
I want to begin by making the point that everybody who has thought about the issue understands and that is that protection of the privacy of patient medical information from unwarranted invasion is a very important goal for all of us.
As computers replace file cabinets and as databases increasingly become networked, this goal is going to become both more important to us all and more difficult to achieve.
The Department of Justice fully supports efforts to minimize the improper disclosure and misuse of patient medical information.
On the other hand, I think we also all recognize that patient privacy, like every other kind of privacy, is not absolute but must be balanced against other societal interests.
One such interest is our common goal in apprehending and punishing criminals, and I want to discuss today why we believe that a law enforcement exemption should be built into any Federal legislation on medical records privacy, that that's the appropriate place to strike the balance between privacy and the social interest in law enforcement.
As Mike Barnes said, that was the position that the administration arrived at last year, after lengthy inter-agency consideration of S. 1360, the Medical Records Privacy Act, that new restrictions on medical records privacy should not apply to legitimate law enforcement investigations.
To begin with, there is no demonstrated need for increased burdens on law enforcement in this area. Present law provides substantial protections for the privacy of medical records obtained in the course of criminal investigations.
On the Federal level, the Privacy Act, requirement of grand jury secrecy, and the Substance Abuse Patient Medical Record Privacy Act all serve to protect patient privacy, and many states have comparable measures which regulate law enforcement access to medical records without completing prohibiting it.
Both these legal requirements and, frankly, law enforcement's own interest in preserving the confidentiality of its investigations have generally served to maintain the privacy of patient information that is obtained during criminal investigations.
Indeed, the testimony on this topic to Congress over the last few years has been largely devoid of any reference to significant or systematic problems with law enforcement access.
I repeat, although law enforcement access to medical records today is not limited by any of the kinds of requirements that would be imposed by legislation such as S. 1360, there is no indication of widespread abuse by law enforcement nor, in our view, is any such abuse likely to occur in the future, even as we move towards great computerization of medical records.
Some people have fantasized the idea of the Federal health police sitting at computer terminals and scanning patient medical records to try to find out what kind of criminal activity might be revealed there. But law enforcement's resources are severely limited, particularly when measured against the scope of the crime problem we face, and I cannot imagine any agents adopting such an unproductive method of ferreting out crime. Rather, as is the case today, law enforcement is going to continue to seek medical records in cases where there is reason to believe that specific identifiable records are going to advance a criminal investigation in a specific way.
And there are unquestionably circumstances in which law enforcement needs patient medical information. This is most obvious in the case of health care fraud and I do not think I need to talk a great deal about that. I know Jack Hartwood was here a couple of weeks ago discussing that. But there are many other circumstances in which access to medical records can also be crucial to criminal investigations. Let me give you a couple of examples which are hypothetical but realistic.
While escaping from a bank robbery the suspect is wounded by police officers. The police want to check local hospitals to see whether anyone seeking(?) the suspect's description has been treated for such a wound.
An armed suspect is barricaded in a store holding employees hostage. His neighbor reports that he has a history of mental illness. Hostage negotiators want access to his medical records to help determine the best way to approach him and save the hostages' lives.
The police have identified a possible suspect in a rape investigation but they do not, they are not sure whether it is the right person. They fear that he may flee if he becomes aware that the police are interested in him and he is the right person. On the other hand, if he is the wrong person they do not want to arrest him. They have identified the actual rapist's blood from blood found at the scene of the crime and they want to check medical records to see if they have the right man.
In each of these cases, and many others, law enforcement must be able to have quick, confidential, unhindered access to patient medical records, although we will agree that there ought, that there should be, as there are now, reasonable restrictions on what law enforcement can do with these records when they get them.
And I want to emphasize one important point here. I am here representing the Federal Government. You have heard from Mike Barnes on behalf of state and local law enforcement which prosecutes over 95 percent of the crimes that are prosecuted in this country. We should not be imposing substantial burdens on state and local law enforcement -- which is already vastly over burdened -- burdens that might amount to an unfunded federal mandate in the absence of a concrete showing of need, which I do not think has been made out. And we should not underestimate the burdens that proposals like these would impose on law enforcement.
First, any limits placed by statute on law enforcement access, whether they are procedural or substantive, are going to create more litigation that will burden the courts and provide fertile opportunities for creative defense lawyers to litigate issues that are unrelated to guilt or innocence; motions to suppress, motions to dismiss and so on. Prosecutors are going to spend their time and energy litigating whether proper notice was given or whether law enforcement really needed the records rather than whether the defendant is guilty of the crime with which he is charged.
Second, requiring notice to patients is going to be a tremendous financial burden on law enforcement, particularly in the case of large health care(?) frauds that require analysis of thousands of patient records, even though our experience under the Substance Abuse Records Law suggests that few patients actually care when their records are obtained for law enforcement purposes.
On the other hand, requiring notice will often delay or frustrate criminal investigations while collateral issues are litigated before the courts. And requiring any threshold showing of probable cause or substantial basis or anything like that would be a dramatic change in the current law of Grand Jury investigations where the Supreme Court has repeatedly held that Grand Juries should be allowed full scope to explore all of the relevant facts.
As I said, we do not object in principle to reasonable restrictions on how law enforcement handles records that it obtains for the purposes of a criminal investigation, such as requiring records obtained by Grand Jury subpoena to be actually presented to the Grand Jury, limiting the means of storage of or access to medical records, and requiring the return or destruction of records at the close of the case. But there should not be any new rule that would prevent making full use of information that is discovered in plain view from medical records that are lawfully obtained.
To require law enforcement to ignore evidence of criminal activity that properly comes to its attention is perverse, to say the least. There is no indication that today people have been deterred in any way from seeking appropriate medical treatment because of the speculative possibility that law enforcement might obtain their medical records for other reasons and as a result of obtaining those records for other reasons uncover criminal activity that they may have revealed to their doctor.
To sum up, therefore, law enforcement has a legitimate and an important need for access to patient medical records in a wide range of circumstances, not limited to health care fraud. Present law appears adequate to protect against any widespread or systematic abuses of patient privacy by law enforcement and new restrictions would be costly and burdensome.
With the costs so high and the benefits so meager, law enforcement should be exempt from any new restrictions, procedural or substantive, on its ability to obtain patient medical records for legitimate law enforcement inquires. Thank you very much. I would be pleased to answer any questions that you have.
MR. GELLMAN: Okay, I would like to thank all of you for your statements. I think they are a good start and we have lots of questions to try and go over some of the details. And one of the purposes here, just so you will understand, is, this is what we have done with other witnesses, is I want to give you an opportunity to make your case. So, do not assume that we either know anything, but feel free to, I mean to explain what you do and how you do it and why you need records, et cetera. I mean, you have made a good start in the statements but I want to go over some of these things in more detail.
And let me also say that you have joined virtually every other witness before this committee that has come and said we think medical record confidentiality is very important and we want an exemption. So you get some idea of the difficulty of this issue.
I want to begin by talking about sort of ordinary crime, not the health care fraud kind of thing, we will come to that later. There is a lot of variation in the bills that have been proposed to date on law enforcement access and I want to talk about some of the specifics in this context.
Hospitals and other medical care facilities are places of business like any other and criminal activity takes place(?) there much like other places, and I would like to go over some of the details about how law enforcement officials need records, hospital records, what have you, to investigate and prosecute ordinary crimes that occur at a hospital or other kind of facility. Things like theft from a hospital office, crime by a hospital employee, crime by a patient. I want to get some sense of what is involved, how investigations proceed, how records are used, how information is obtained from the facilities.
MR. BARNES: Mr. Chairman, you are looking directly at me and I take that as a cue. Most of those crimes, as Mr. Litt has indicated, with some notable exceptions are prosecuted on a local level. We typically receive a complaint from the health care facility, whatever it may be, a police investigation is initiated and we get the bare bones outlines of what people may think is occurring. We make an analysis and a judgement and then must proceed with regard to the records themselves, whether those are medicines that are missing, whether those are personal property of patients, whether those are controlled substances that may be taken out of storage rooms, we have to have access to the records to know what allegedly started out with, what the complaint is about being missing and what is left, quite frankly.
So, in order to do that then we sit down with the hospital staffs, who are extremely skiddish about divulging almost anything with regard to their internal operation or, in fact, for instance if Mike Barnes was supposed to be getting some controlled substance on a regular dosage as a patient in that hospital then it appears as if he was not getting that or that somehow those regular dosages were intercepted before he got that medication. Then we would have to go to his specific records, which typically we would have to draw a search warrant, have to ask a judge to determine that there would be probable cause to examine the specific records or issue, in the alternative, issue a subpoena ducas tecum for hospital records. And it is so fact-sensitive that is about all I can say about that specific matter. I hope I have answered some of the things that you are inquiring about.
MR. FANNING: In the ordinary investigation of a crime like that would you get a search warrant or a subpoena?
MR. BARNES: Absolutely.
MR. FANNING: I see. The hospital personnel would not simply let the detectives go over the logs?
MR. BARNES: Not in St. Joseph County, Indiana, Mr. Fanning. That is the only, it is anecdotal but that is all that I can say to you. Quite frankly, I do not know how my colleagues here feel, but there is such, this word confidentiality, while respected, certainly, in our tradition and certainly as an attorney in charge of sensitive criminal investigations I have a great deal of respect for, but quite frankly it has been my personal experience, and I think the experience of law enforcement across the country, that we have been turned again and again to the courts so that people frankly are quote, covered, unquote for the revelation of anything regarding either their internal documents and certainly specifically with regard to individual patients.
MR. LITT: Let me just follow-up here in response to Mr. Fanning's question and just say that by and large in the federal system in a situation like this, evidence is almost invariably going to be obtained by subpoena. You would not get a search warrant for the hospital's records unless you had reason to believe that the people who were going to be complying with the search warrant were the people who you were actually, who you actually had under investigation. By and large you would use a Grand Jury subpoena for production of the records.
MR. BARNES: And I meant to say that. Sometimes we frankly have people who are in the institutions who are quote, suspects.
MR. GELLMAN: This is very interesting and somewhat revealing to me that you are used to using formal legal process to get records for basically ordinary, run of the mill, investigations.
MR. LITT: Absolutely, but understand that a Grand Jury subpoena, in the federal system at least, requires the prosecutor basically to go back, type up a subpoena which has the seal of the Clerk of the Court on it and then have the subpoena served. There is no threshold required that is either procedural or substantive other than the prosecutor's determination that this is relevant to the scope of the Grand Jury's investigation. So it is not formal legal process in the sense of going to the court in any way.
MR. GELLMAN: Do you use Grand Jury subpoenas in the same way or do --
MR. BARNES: We do not, sir, although we are empowered to do so by specific Indiana state statute. There is a device, again, particularly -- I do not know that it is unique but it is, in fact, in place in our state of Indiana -- in which a prosecutor has the power to issue a subpoena as a parallel to a Grand Jury subpoena. But even in those instances, our court, specifically if we are searching as to a specific person who may be a defendant, requires some threshold showing.
Like the federal system, if we are simply attempting to gather hospital records as to quantities or without narrowing in on specific people we have an analogous process, but the first instant that a specific person or persons are identified as suspects or potential suspects in any kind of criminal activity our courts require a hearing, a formal hearing with regard to a subpoena ducas tecum. There is such a thing as a prosecutor subpoena in Indiana which is analogous to that subpoena that Mr. Litt has referred to.
MR. GELLMAN: Okay, because, I mean, what I find interesting here is some of the bills that have been proposed in some ways actually would make it easier in some of these cases to get records because they provide for disclosures to law enforcement in some circumstances without the need for formal process. They do not compel disclosure which a subpoena would, but they allow for disclosure. So in some ways it sounds like these proposals provide, at least allow the potential for easier access rather than harder.
MR. BARNES: Again, I do not know what the experience of my colleagues has been, but I have never met the director of a hospital or a DON or chief of a hospital medical staff who has been calling the office to say, hey, Mike, we have these records we would be glad to share with you. It just does not happen.
MR. GELLMAN: Well, what happens when they find a crime in their facility and they call you to report it? Are they that uncooperative at that time, too?
MR. BARNES: I would not characterize it as being uncooperative. I would characterize it as being careful.
MR. LITT: I think from the federal point of view I have not seen anything in any legislation that would ease our burden. The legislation would only increase our burdens given the ease of obtaining Grand Jury subpoenas at this point. And, although in Mike's jurisdiction there are some procedural hoops they have to jump through to get Grand Jury subpoenas, that is not true in many other state jurisdictions, state and local jurisdictions as well.
So that I think that, by and large I think you find that most prosecutors and investigators would say that there is nothing in these bills that would make their life easier and only things that would make it harder. Quite to the contrary.
MR. GELLMAN: Okay, let's talk about crimes where victims have been admitted to hospitals and some kinds of information about the victims and about their injuries is needed for prosecution or for investigation of a suspected crime. Can you talk about the process in those circumstances, what kind of information you might use and how you would get it?
MR. BARNES: Again, because of our statutory scheme in Indiana, the easiest way to say it is, the more serious the injury, the higher the elevation of crime. So we have to make some medical proof with regard to, serious bodily injury, for instance, or permanent disability of some sort escalates the crime of a subject(?) so we have to have medical proof when and if that case goes to trial.
If we have a cooperative victim, as most times we do, we have to ask for a waiver. We do that routinely. In some instances where they do not favor us with their cooperation, for all kinds of reasons -- which is most frustrating, I might add -- we have to again go through that process in which we seek those records either by subpoena or by search warrant.
MR. GELLMAN: So if you want information about a victim who has been admitted to the hospital you will get a written waiver from the patient?
MR. BARNES: Have to.
MR. GELLMAN: Okay.
MR. FANNING: Can I just ask, in instances where the victim is not cooperative and you need compulsory process, does the victim get a chance to present his or her case about why the record should not be disclosed?
MR. BARNES: In those instances our experience has been is that that is why we have that hearing that I spoke about and it is cumbersome and Indiana may be unique. Mr. Litt is exactly correct that in some, if not most jurisdictions, there are devices which can access those records in a way that may or may not require the victim's cooperation. Most states, however, are requiring some sort of waiver, some kind of signed waiver.
MR. LITT: I think -- again as a matter of federal law, there is no requirement of a signed waiver -- I think as a matter of practice if you have a cooperative witness you will get that waiver. But there are circumstances, and we see them all the time in the District of Columbia, where you have the victim of an assault who does not want to cooperate for one reason or another and yet you want to be able to prosecute the gang member or whoever who committed the shooting and you need the patient's medical records. We would go by way of Grand Jury subpoena at that point, even if the patient did not consent.
MR. GELLMAN: Suppose that you have reason to believe that a suspect in a robbery, what have you, broke his leg escaping from the scene of a crime. Might it be common to call around to local hospitals to find out if anyone meeting the description has come by?
MR. BARNES: Exactly. Just as we have tried to give you those examples in both, in all of our testimony, it has been, to this point, our ability and our cooperation because of, frankly, the size of the community, a quarter of million people, the rapport that we have established with our local emergency rooms on child abuse matters, those kinds of things, where they are attuned more to law enforcement. We have had some success but it certainly is not a measure, a guaranteed measure of success depending upon who we get, what doctor happens to be on call, that sort of thing. We have tried to establish those outlines with our local hospital boards but it has not been always successful.
MR. GALLAGHER: Perhaps I could give you a real life example. A few weeks ago here in Washington, D.C., there was an explosive device that went off in downtown Washington, D.C. The initial report was that an individual was seen fleeing the scene of the explosive device with an injury to his hand. FBI agents were immediately dispatched to all the local emergency rooms to see if someone showed up with an injury to his hand. As it turned out, it was an employee at a local hotel that came across a device and for whatever reason decided to pick it up and pull the pin and it went off in his hand and he was running back to the hotel to report it.
But that is a very commonplace law enforcement approach when there is a crime of that nature, to be able to get into the emergency room and see if someone shows up with that type of injury.
MR. GELLMAN: How precisely would this kind of inquiry be made, that you would call or visit an emergency room and ask, say, we are looking for a suspect with these characteristics and this kind of physical injury. What kind of response do you get from that? Might you get a list from a hospital that they say we have someone meeting that characteristic in our emergency room or who just left, or how would that happen?
MR. GALLAGHER: Perhaps I could answer by saying what we are not asking for, we are not asking for all of the records of all the patients at that emergency room that day. We are coming with a specific request for a specific type of injury or someone that would meet those parameters and we are leaving it up to the emergency room to identify that type of individual that they may consider meets that description.
MR. GELLMAN: Would a cooperating emergency room provide you with the name of a patient?
MR. GALLAGHER: Yes.
MR. GELLMAN: Is that your experience, Mr. Barnes?
MR. BARNES: Yes, it is.
MR. GELLMAN: What do you do at that point? I mean, you are told there is a patient meeting your description in our emergency room. What happens then?
MR. BARNES: Law enforcement approaches that person with regard to the information that we are acting on at that time. In most instances, depending upon the injury, depending upon the type of crime, depending upon the exigency of the circumstances, the approaches vary, but certainly we then focus the term of the investigation on that person as a result of the information we have received.
I think I am answering your question.
MR. GELLMAN: You are, that is fine. Are there circumstances in which you would want at that stage to look at a medical record besides just identifying your suspect? Where you need specific information out of a medical record?
MR. BARNES: I can envision circumstances where that would occur. Certainly, depending upon the type of crime, the injury, the description, you might want to look at the body of the person as to some identifying marks or whatever that may be given for a suspect.
MR. GELLMAN: Would that be done with the consent of the person or could it be done otherwise?
MR. BARNES: Certainly I would think most people, most law enforcement agencies would seek the permission of the person. The crux or the creche(?) comes when that person would refuse or not be cooperative.
MR. GELLMAN: In which case you would have to proceed with some kind of legal process?
MR. BARNES: Depending upon the circumstances.
MR. GELLMAN: Can you explain when you would not have to?
MR. BARNES: Well, if that person were, in fact, somebody who was a suspect in a crime which created serious bodily injury, aggravated sexual assault, whatever, I think most law enforcement officers would proceed then to at least detain that person with regard to an initial investigation and, again, it is so fact-sensitive I am not sure that I can speak in broad generalities other than to say I do not think any law enforcement I have worked with over the past 25 years is going to let a would-be killer, rapist or whatever walk out of an emergency room because he or she says no thank you.
MR. GALLAGHER: But at the same time there are not, to my knowledge, examples where law enforcement would go into an emergency room and violate indiscriminately that person's individual freedom.
MR. BARNES: Correct.
MR. GALLAGHER: They do not go in and take off the person's shirt to look for a tattoo. They will ask. And it would have to be based upon additional facts and evidence that would cause the police officer or the FBI agent to detain the individual and may cause an additional course of action based upon that evidence. Again, it is so fact- specific that it is difficult hypothetically to discuss it.
MR. GELLMAN: But if I heard you right, what you were saying is that if you have enough evidence to indicate that the person in the emergency room is a likely suspect you could place them under arrest. That is what you are talking about by detaining somebody?
MR. BARNES: Well, that is the classical definition of an arrest, is that you are not free to go where you want to go.
[Laughter.]
And in those circumstances, depending upon what the evidence is and, you know, part of the problem is in order to fashion, collect and get the evidence that is necessary for an arrest there might have to be further inquiries made of that person or some inquiry into the facts of why that person is there in order to gather enough evidence to detain someone. And, you know, it is a very, very difficult call and I think that is why all of us are here. It simply is something that has to be done on a case-by-case basis and, you know, nobody that I know of had contact with, nor is it the thrust of any of the three of us, as I am able to ascertain it, that says that police officers ought to storm the emergency room or tear down the curtains and start pulling up the shirts of people.
On the other hand, it is true that in some circumstances we need to have the cooperation of the people with whom the potential suspect has had contact, perhaps even take a look at a record or some evidence. Has there been blood extracted from somebody, for instance? Has there been some treatment given to that person which would match the injuries that would be consistent with him or her being the suspect? And so that kind of balance always has to be struck.
MR. FANNING: Can I ask, does your state have a law requiring the reporting of wounds resulting from violence?
MR. BARNES: Yes, not all kinds of violence, domestic violence, child abuse, gunshot wounds, burns, if they fall into one of those categories, and, of course therein lies the rub sometimes.
DR. SCHWARTZ: Are there ever cases where you might receive information regarding the potential injury of a suspect but it is not in a very timely way, it might be months after the crime? And then in the event that you do receive that type of information and you try to access various records, do you ever go to other records, such as research or analysis files and that type of thing if you learn about researchers studying injuries in the area and that type of thing?
MR. BARNES: We have done that on occasion although very honestly the best source of that information is the hospital emergency room.
MR. LITT: By and large, since the researchers are doing derivative work off of the medical records, we will go back to the original source if we can go back to the hospital or whatever to get the original underlying records.
MR. SCHWARTZ: Each and every hospital might be necessary?
MR. LITT: Yes, I mean, I think the circumstances in which you would happen to know that there is a researcher who happens to be focusing in on the particular kind of thing you are looking at or law enforcement probably does not pay that much attention to medical research going on.
MR. FANNING: Okay, can I follow-up on this business of a crime committed long in the past? You have described a fairly fast-moving situation where the person has fled, you know, police officers or FBI agents will be sent to emergency rooms the same day. Now, how long does that go on? I mean, are you likely to hear of a crime where the injury and treatment might have been some weeks ago and go in the same fashion and look for records?
MR. GALLAGHER: I can see a situation where in the context of an investigation you develop information that something occurred that may have caused a stay in a hospital some period of time ago and, again, in that type of situation I think it would get back to the original example of soliciting the cooperation of hospitals and asking for information. We may go broad-based in a given city and just ask a number of hospitals if they have anybody on a given data that had this type of injury. If there are records to be obtained we may go back to either a subpoena or a Grand Jury subpoena depending upon the circumstances. But just the simple question of on October 20 did you have a white male come in with a severe arm injury to his right arm, because that is the way the evidence has pointed to that type of fact.
MR. LITT: If I can just add two things here. I think what Neil said about going to a Grand Jury subpoena is, particularly in the case of an historical situation as you are posing, the most common way to go, at least in the federal system. What you would have is you would have your FBI agents who would go out and they would go to the hospitals and ask the question that Neil said, did you have any white male about six foot tall come in with an injury to his arm on the afternoon of October 20? If you get a hospital that says yes you then go back out there with a Grand Jury subpoena and say, please produce all medical records for any white male who is about six feet who walked in with an arm injury on that date.
The second thing is, the extent to which you would use sort of informal means as opposed to formal process would depend in part on the extent to which there is any exigency in what you are doing. There could be circumstances even several weeks down the road where for some reason you have an exigency. You have identified a suspect, you think he may be about to leave the country, something else may be about to happen and you need to move quickly. You will be more likely to use more informal means under those circumstances than you would in a circumstance where you are just conducting an historical review and gathering your evidence.
MR. GELLMAN: What do you mean by informal means?
MR. LITT: I mean circulating around to hospitals individually and speaking to them individually as opposed to serving subpoenas.
MR. GALLAGHER: But what would not occur, I would not see a situation that we would go back, the FBI would go back to all the hospitals in a particular city and ask for all of the emergency room records for all of their patients for October 20. The purpose of the informal process would be to try to, first of all, make our life a lot simpler from a practical point of view and zero in right on the particular hospital or particular patient that we would be interested in for that type of information and then go with the appropriate process to obtain those records.
MR. FANNING: Okay, can I ask about another source of information above the immediate treatment level, such systems as pharmacy benefit systems that keep track or have contact with prescriptions that are filled, and there are relatively few of them in the United States and they cover many, many insurers, for example. Have there been instances where you have queried systems like that for people you might know to use an unusual medication, for example?
MR. BARNES: I have not had that experience. We have queried individual pharmacy chains for Mike Barnes for specific prescription in the instances where people go in and pass what we call false scrips or attempt to acquire a controlled substance in a, nobody could use that amount of, whatever, Delata(?) or whatever it may be in a certain circumstance but I have not had that specific experience you are inquiring about.
MR. GALLAGHER: I believe in the area where, again we are hypothetical, but given a dangerous fugitive that the FBI is pursuing, if we were to have specific information that that fugitive was using a particular drug, and I think the wisdom of pursuing this line of investigation it would have to be a very unique type of drug that, first of all, there would be a limited population that would be using that drug, that would be a realistic investigative technique to try to locate the individual. Say he was a kidnapper and the victim only knew that he used a particular type of drug, that would be a logical investigative step.
MR. LITT: Realistically speaking, though, I think this is a fairly narrow category of cases. The area where we do go to the pharmaceutical providers is in health care fraud but in terms of trying to identify or locate a particular subject you would have to have a pretty unique set of facts where you happened to know what drug he was taking but knew nothing else about him. That is a fairly unusual situation, I think.
MR. GELLMAN: What I hear, I think, is that in these cases -- we are talking about ordinary crime, not health care fraud -- that your interests here and information from medical sources is roughly limited to identification information. You are looking to find people, see if they match. I am not saying that there isn't some information beyond just the name --
MR. LITT: I do not think that is right. I mean, those are the questions we have been asked, about identifying people. There are other circumstances. I gave one hypothetical of the hostage taker where you are going to want to get medical records. There are all sorts of circumstances in which alibi defenses might be conceivably negated by medical records, in which people are raising defenses or could conceivably be raising defenses at trial and at the Grand Jury stage you want to gather the records to negate those kind of defenses. Identification is one very obvious way in which we need to be able to use medical records, but there are many others as well.
MR. GELLMAN: Let me ask you a sort of hypothetical question. We are clearly moving in the direction of having more and more computerized records and one can envision in some period of time that, in fact, we will have much more of a fully computerized medical record system with online, real time records maintained by facilities and shared among them. One can also envision that fraud investigators, law enforcement investigators doing health care fraud might well have access to this. That seems to be the case today, that there is direct access to some of the computerized systems. And I wonder if you could envision the circumstance in which law enforcement might, in fact, be able to plug into computers and just query all of the emergency rooms, saying did anyone come in today with a broken leg? Do you see that happening? Do you see that as a possibility? Do you see that as a matter of concern?
MR. BARNES: I sometimes feel like Bob Cratchit, you know, working for Scrooge with the eye shade and the quill pen still in use. It is probably something that we ought to discuss, talk about. The direct answer to your question is no. I do not see that as a possibility in the immediate or even in the relatively near future. We are just too busy. There is not anybody that I know of, now as the health care evolves back to the state level, as things become more and more local government-sensitive I understand all those things may be in the offing, but I just do not see that as a realistic probability though from a philosophic, practical and burden point of view.
MR. GALLAGHER: I do not see any realistic chance that law enforcement would ever be sitting at a computer terminal monitoring what has been identified as health care records for non law enforcement purposes. First of all, from a practical point of view we do not have the resources to do it and from a constitutional point of view, if there is a non law enforcement, if there is not a law enforcement need for that type of information we are just simply not going to be involved in that.
MR. GELLMAN: But I am assuming that there is a law enforcement need here. You have a legitimate request for a suspect and rather than going around to query all the hospitals in person or by phone, you simply plug into the computer system and say, tell me if anybody meets these characteristics. It would be cheaper and easier and faster than doing what you do today.
MR. LITT: Well, let me say that without meaning to denigrate the many fine police departments around this country, my experience in the Department of Justice has been that the extent of computerization of police functions is vastly misunderstood by people out there. The Criminal Division has been working with a number of local jurisdictions around here to try to get some computer mapping of some of the actual reported crimes to help police determine, you know, what the best place to do their patrols is. And it is amazing how difficult it is just for them to get their own data on computers in a usable form.
You may be right that if all the hardware and the software were set up that it might be cheaper and easier to make the kind of query that you are talking about via computer terminal rather than by legwork but the fact of the matter is the way police departments are budgeted and the way most government functions are budgeted, the initial capital expense of getting those computer terminals and getting that data hookup is going to prevent this from ever happening in the foreseeable future, even though in the long run the marginal cost may be cheaper. You are not going to get the St. Joseph's Police Department with their little computer hookup to the national health care fraud, to the national health care data network. It is just not going to happen. And that is why I think this is not a real, although I concur, that this is not something that is realistically likely in the near future.
MR. GELLMAN: Well, suppose someone proposed a rule that said, to prohibit this from happening? Would that upset you?
MR. BARNES: Prohibit what from happening?
MR. GELLMAN: Would prohibit the police from getting direct access to hospital records under any circumstances, computerized hospitals records, being able to plug into a system without having to go through an intermediary, without having to the record keeper first.
MR. BARNES: I do not know that it would necessarily upset us. You know, I do not want to never say never to anything and why should law enforcement, in my view at least, be handicapped or at least prohibited from making inquiries that Barnes Insurance Company can make or whoever it may be?
MR. GELLMAN: Whether anyone else can make these inquiries is very much an open question as well.
MR. BARNES: I understand.
MR. LITT: But if you are going to have the data system it is presumably because somebody is entitled to make the inquiries.
MR. GELLMAN: Yes, the medical, the people providing the medical care and paying for it. I am looking, I am fishing around here, obviously, where are there limits, where are there places where there might be some agreement that you need to draw a line and say you cannot cross this line in this way?
I mean, let me take this hypothetical another step which is, not only is there a lot of computerized information and not only might there be at some point in the future, not withstanding the limited resources today, computerized systems in the law enforcement end as well, we can envision software that can automatically and without human intervention sift through records looking for evidence of crimes and then when it finds it it flashes up on the screen, we've got one here, and you can go investigate it. That is obviously even more farfetched right now from the example that I gave you, but it is not totally far fetched and it is not beyond the realm of possibility. I can give you some hypotheticals which are quite realistic in which this kind of activity could go on for law enforcement purposes, and the question is, if we are trying to preserve some degree of confidentiality of medical records, what would it mean if we allowed law enforcement to do this kind of activity and have this kind of unfettered access directly to medical information?
MR. LITT: Depending upon the specifics of the proposal, I think that it could be reasonable to say that you do not want to have the police have the terminal right there. But when I say depending upon the specifics of the proposal, number 1, of course, we are talking about a system that does not exist yet so we do not know exactly what kind of information is going to be on here and how it is going to be accessed. But number 2, and here you are getting into an issue that I know has been a concern of yours, and that is where you draw the line between oversight and law enforcement? Because while everybody is somewhat uncomfortable, I think, with the hypothetical that you pose, which I think may be even more unrealistic than you imagine -- that you have some little software generator out there that says, okay, please search all medical records in the country for evidence that somebody has committed a murder -- I think that while people are uncomfortable with that, by the same token I think that there law enforcement needs to have access to these kinds of records for health care fraud investigations. There is no other way to do them. And you get into the blurry line between oversight and law enforcement when you look at somebody like the HHS Inspector General. Do they have direct access to this kind of data base or not?
So I guess what I am saying is, that while the specifics would need to be worked out, it strikes me as not necessarily being unreasonable in principle to say the concept that says that law enforcement should not be able to plug directly into any kind of national health care data bank if that ever existed.
MR. GELLMAN: Okay.
MR. GALLAGHER: My difficulty with that though is if you create a policy that restricts law enforcement's ability in an area that is not technically capable today, when you get into an interpretation of that type of policy what are the other implications of it? The example that you gave, even though it is hypothetical, was a very direct and simplistic policy. But I could foresee situations that someone would take a look at that and say, because of this policy now you, law enforcement, cannot get any access to any medical records. It can be taken to the extreme and would have to be based upon how the policy is actually written and how well it is defined.
MR. GELLMAN: That is certainly fair enough. We are a long way from having a specific proposal here and everyone gets to fight over the details if and when anyone does.
MR. BARNES: I would like to be on the purchase list for that software generator.
[Laughter.]
DR. DETMER: I have a question. One of the things that we have generally dealt with is a lot of variance related to state by state policies as relates to personal health data. How much variance is there across the states in the country relative to the law enforcement access to personal health data?
MR. BARNES: There is some. There is not a great deal in the sense that most of us approach the problem in the same way that I described to you with regard to the first question. State by state, statute by statute there is some variance, usually in escalating degrees of difficulty, if you will, for law enforcement. I am not familiar with all the laws in all 50 states. Clearly there are some general rules, there are some general guidelines. And then each states does have some specific exemptions or difficulties as it applies to law enforcement seeking medical records, whether that be sexually transmitted diseases, for instance, in the case of a sex offender, whatever it might be.
DR. DETMER: Let me follow up on that. There is the federal privacy act that applies to all government situations. How does it work? Would it, you know, some people would say, well, it would be good to have some standards that actually would be essentially that the whole country kind of understood and related to. I am just interested in terms of how does that federal policy, in fact, work and what is your sense of it relative to what might be a national norm or does that make any sense whatsoever? I am just asking?
MR. GALLAGHER: Establishing a national policy for access to --
DR. DETMER: Well, there is the federal privacy standard, for example, for the Veterans Administration, the Department of Defense and so forth, for personal health record data.
MR. GALLAGHER: It is my recollection of the Privacy Act that that contains an exemption for turning over records to law enforcement for law enforcement purposes. So if that is what we are talking about I am fine with it.
DR. DETMER: That is what I am saying. As it functions, it is functioning as far as you know today and that would be a reasonable norm?
MR. BARNES: Let me just cite you an example with regard to HHS and that is where people who are in, for instance, drug or alcohol treatment in these specific centers, some are day residential type things, they are out and they come back, they are treated, they do these sorts of things. We have had some difficulty in, for instance, again anecdotal -- I understand that and take it for what it is worth -- but we had a young man who committed a series of armed robberies, fled back to the treatment center and we could not determine if he was there or not.
Hello, Treatment Center? Is Mr. Barnes there? Well, can't tell you, Federal Privacy Act. He is receiving drug or alcohol treatment with regard to these sorts of things. Well, it is a bit frustrating to have in our midst a kind of sanctuary, if you will, as to those people who are alleged, at least, to have committed crimes.
So, an example to tell you that even with regard to some of the confidentiality provisions of federal law, while there is that exemption, those of you who are wondering whether or not those acts are being enforced out in the heartland, I can assure you that they are, number 1. Number 2 is that that is a circumstance and a situation that has caused law enforcement, at least our specific law enforcement, some concern.
MR. GELLMAN: Well, in that circumstance was there a legal procedure you were able to follow to get the information you wanted from the --
MR. BARNES: There is a legal procedure, as you know, outlined with regard to the regulations. The problem is if you do not know somebody is there it is very difficult to go to a court and say, we think Mike Barnes may be in this treatment center, your Honor, and if he is in this treatment center we may think that he is responsible for this string of armed robberies and if, in fact, he is in that treatment center and responsible for these armed robberies based on this evidence, we would certainly like for you to tell the treatment center to tell us whether or not Mike Barnes may be there. And that is pretty iffy stuff with regard to standing up in front of a neutral and detached magistrate and saying gee, we kind of think he may be there.
MR. GALLAGHER: And if you would consider the alternative course of action. If a local police agency dealt with that type of problem how else could they identify whether Mike Barnes was in that treatment facility? One logical approach may be to establish a surveillance outside the treatment facility to see if he comes and goes --
MR. BARNES: Which is what we did.
MR. GALLAGHER: And some may view that as more intrusive because now you have just identified everybody who comes and goes out of that treatment facility.
MR. BARNES: And they did.
MR. GELLMAN: Let me make a point about the Privacy Act since you asked, Don. Instead of making a question, I will just make a statement. You can tell me if you disagree with it.
Yes, the Privacy Act applies to federal law enforcement records just like it applies to other records. There are exceedingly broad exemptions in the Privacy Act for law enforcement records and I dare say that every exemption available for law enforcement records that is possible under the Privacy Act has, in fact, been invoked for law enforcement records and there is no distinction in the exemptions between medical records and any other records that happen to come in possession of law enforcement agencies. Most of those records are exempt from most of the provisions of the Privacy Act by regulatory actions taken by the law enforcement agencies.
MR. LITT: I agree with you that there is no difference between medical records and other records. I do not know that it is accurate to say that we have exempted ourselves in every possible way if only because not being an expert on the Privacy Act, I do know that in certain contexts in which I have dealt with the Privacy Act we have been very aware of the fact that the Privacy Act does impose limitations that we do have to follow.
I know the FBI is very concerned with this and the area in which I have had the most opportunity to focus on it has to do with domestic terrorism and what kind of records we can keep and maintain on people in the course of domestic terrorism investigations. So I do know that it does impose certain restrictions on how we maintain records. I would not quarrel with your general statement that there are broad law enforcement exemptions and that there is no distinction between medical records and other kind of records.
MR. GELLMAN: That is correct and I was not, I did not mean to suggest that you are not subject to the law at all but there are a series of very broad permissive exemptions under the Privacy Act and in my, I have not reviewed this lately, but every law enforcement agency I have ever seen has invoked every available exemption all the time, which is perfectly within their right under the law.
Let me talk about some of the provisions that are in some of the bills without, we are not getting into details here but just general concepts, one of the bills has a provision that says it is okay to disclose information to law enforcement if a crime has been committed at a health care facility or to help determine if a crime has been committed. Does that help, does that make it easier to deal with some of the concerns that you have?
MR. BARNES: Certainly in attempting to determine whether or not a crime has been committed it would be extremely helpful.
MR. LITT: Only at a health care facility? It was not clear to me when you read that, is it only in seeking to determine whether a crime has been committed at a health care facility?
MR. GELLMAN: No, the nature of a crime that has been committed, period.
MR. LITT: Actually, what is it, can you read the language there?
MR. FANNING: Well, one example is the one you took up earlier, in connection with criminal activity committed against the health care facility or on premises controlled, okay, that is the drug theft or whatever. But then the other one, if the information is needed to determine whether a crime has been committed and the nature of any crime that may have been committed other than a crime that may have been committed by the individual who is the subject of the information.
PARTICIPANT: Well, that is a significant exception.
MR. FANNING: Oh, yes, yes it is, although there are certainly other provisions --
MR. GALLAGHER: I think the difficulty with all the recent past legislation is not in what authorities it has given to law enforcement, the difficulty comes when it tries to draw exceptions and where law enforcement cannot get the information or places law enforcement in the position, is it a health care related or non health care related situation. From the perspective of the FBI, it would be very difficult inside the FBI to try to decide who are health care information trustees, who is involved in exclusively those type of investigations versus who are involved in violent crimes or domestic terrorism investigations that would have, other than health care fraud, needs for that type of information. So it becomes very cumbersome in law enforcement to try to cull out the exceptions within a law enforcement agency.
MR. LITT: And, in addition, going back to a point I made in my opening remarks, any time you have a provision like that you are going to induce litigation and I can just envision if you had an exception to find like that, and the FBI tried to evoke it, you would have litigation over whether the FBI was seeking to determine whether a crime was committed or were they seeking to determine who committed it? And there is a motion to suppress or a motion to dismiss.
You are going to have litigation over whether the FBI believed the crime was committed by the person who was the subject of the records or not or the FBI did not believe that. Any time you try to define lines like this you are going to have arguments over this and you are going to be breeding litigation on collateral matters.
MR. GELLMAN: All right, I mean, this is America. We have litigation on everything all the time here and what you are suggesting is that unless we lay down and say law enforcement can do anything it wants, that the minute we draw a line anywhere it is going to create litigation. Well, you know, my view is, if we can draw a clear line and try and minimize the concerns that is fine, but we need lines somewhere.
MR. LITT: You are absolutely right. Nobody could quarrel with that. My only point is that we should not be drawing the lines to create the litigation in the absence of a demonstrated showing of need and abuse or at least the substantial potential for abuse. And I do not believe there is such an indication in the case of law enforcement. I think what you have to do is balance out the costs of the litigation that you are sure to have and the costs of some people who are going to get set free on collateral issues versus what additional benefit to privacy are you going to get by these.
MR. GELLMAN: Well, I think that is a fair comment about balancing things out and I think that is, you know, essentially what is required in any piece of legislation. But the notion that restrictions on records can only be justified if we can show abuse, is something that I personally happen to reject. Records are supposed to be confidential. The fact that you can get records, whether they are for a good purpose or a bad purpose, whether they are abused or not, violates the privacy of the person who was the subject of the record.
Now we may say in a lot of circumstances that we can live with that, that in the balance, striking a balance between this and that we can say that the privacy interests have been overcome. But to say that the privacy interests do not exist in the absence of abuse is something that I do not agree with.
MR. LITT: No, I am not saying that the privacy interests do not exist. They obviously exist. But what I am saying is that when you weigh your balance here you need to take into account the costs of the restrictions that you are imposing. Obviously you can impose lots of, you could provide a tremendous protection for medical records privacy by saying law enforcement can never have access to medical records. That would significantly lower the litigation costs, but it would have other substantial costs. Anywhere in between you draw the lines you are going to increase the litigation costs and I simply want to make sure that the panel is aware of the costs that are going to be generated by drawing these lines so that you can take that into account as opposed to whatever additional protection there may be for privacy rights.
MR. GELLMAN: That is fair enough.
MR. GALLAGHER: And anywhere you draw the line you may impact on the ability of law enforcement to investigate crime.
MR. GELLMAN: Okay, that, too. One of the bills would allow disclosure under gunshot wound reporting laws and other state laws that require it. One of the bills would not. Is this something important to police?
MR. BARNES: It is. Most assuredly in those states where those kinds of laws are in effect they have provided infinite assistance to law enforcement and I think those exemptions ought to be, or those mandates ought to be in place. I know of no -- and one should never speak in, I suppose, the kind of absolute terms -- but certainly I am not aware of, I will say this, any gross abuses with regard to the mandate, with regard to reporting of gunshot wounds from hospital emergency rooms or other kinds of medical facilities or care provider.
MR. GELLMAN: Okay. One of the bills would allow record keepers, hospitals, whoever, to provide information to assist in locating a victim, fugitive or witness, and another bill does not have such a provision. Is this something that you feel is important?
MR. BARNES: Certainly I would, particularly with regard to fugitives. Certainly in today's society, today's mobile society we sometimes have a great deal of difficulty regarding witnesses, victims who move on who for whatever reason, decide that they do not care to participate, are intimidated from participating, have, in the cases of specific types of crimes, do not want to continue to participate, and it would be extremely helpful in my view.
MR. GELLMAN: Okay. One of the bills, I think actually this is probably in several of the bills, they use the concept of legitimate law enforcement inquiry as sort of the touchstone. And that basically means a lawful investigation into a violation of criminal or civil statute. As a threshold, limiting law enforcement access to legitimate law enforcement inquiries. Does that create any problems for anybody?
[Responses in the negative.]
MR. GELLMAN: Okay, that is fine.
MR. BARNES: It puts us in litigation as to what legitimate law enforcement inquiries are, but we are no farther behind the curve than we are right now.
MR. LITT: Yes, I do not think that is any different than the litigation we have now where somebody says well, a Grand Jury subpoena was not appropriate. We win all those pretty easily.
MR. GELLMAN: Okay, I am just, where there are lines that we can find that there is more agreement and --
MR. GALLAGHER: The only difficulty would become if the bill tried to define legitimate law enforcement activity and it was a unique definition that was different from how law enforcement may interpret it.
MR. GELLMAN: Well, no one is being asked here to sign on to anything. We are just having a nice discussion. Let's turn if no one wants to follow-up on this. Go ahead.
MS. WARD: This is probably for Mr. Barnes. Are you aware from the local or state areas where there are citizen groups concerned, where law enforcement has extended beyond what is reasonable for that community? We keep trying to find where there are cases of abuse. Are you aware of any of those kinds of --
MR. BARNES: I am not in my own jurisdiction, which again is anecdotal. The difficulty that we have is, with all due respect, everybody so concerned about breaches of confidentiality with regard to federal guidelines, mandates and, frankly, dollars that are involved in some of these programs which carry with them, as all of you know, with regard to any breaches the jerking of their funds or perhaps potential criminal actions that I personally believe an abundance of caution reigns.
MR. GALLAGHER: No such organization has come to the attention or concerns by an organization has come to the attention(?) of the FBI.
MR. LITT: Let me just add one qualification to that and that is that I do not doubt that people could come up with specific individual instances where there has been a problem and I think it is important to, you know there, in the search warrant field we occasionally get warrants suppressed because the judge should not have signed the warrant. That does not mean we throw out the warrant procedure because it is inadequate. I think you have to look, when you have as many people dealing with these things as you do, you are going to have once in a while a problem. There is just no question about it.
MS. WARD: So there are checks and balances already in the system that are there that can be used in your instance you gave?
MR. LITT: Well certainly in the federal system you have the Privacy Act which does, I do believe that there are opportunities for suits for violation. In fact, I think the FBI is probably being sued with some regularity on that now. And there are requirements of Grand Jury secrecy which are enforceable by contempt as well so yes, there are.
MR. GELLMAN: I will not pursue the Privacy Act point. Too many details. Let's turn to health care fraud which is clearly a major problem, a major concern and an area where there are very major dollars involved and I think that is really important.
Does anyone want to talk about the scope of the problem? Do you have dollar figures to cite? How much effort is put into this at the Justice Department, at the FBI, at the local level, just to give some flavor of the scope of the problem.
MR. GALLAGHER: I guess from a national perspective that we talk about the dollar amount -- and this is a very difficult area for us to come up with an accurate testament of dollar amount -- I have seen figures of anywhere from $52 million a year lost --
MR. GELLMAN: Billion?
MR. GALLAGHER: Billion rather, billion dollar loss.
PARTICIPANT: The Everett Dirksen rule.
[Laughter.]
MR. GALLAGHER: A $52 billion loss. In my opening comments I talked about the nature of health care fraud in the United States and it runs the full spectrum of the health care industry, every conceivable aspect of the health care industry. Unfortunately, there is a crook out there somewhere willing to take that as a potential source of revenue and criminal activity.
The FBI as an agency has approximately 300 agents currently working specifically in health care fraud investigations around the United States. Just the number of cases that we have, we have approximately 2,000 pending health care fraud investigations in the United States.
MR. GELLMAN: Anybody else? Is it a big problem at the state and local level as well?
MR. BARNES: Certainly it is a problem. Many of our larger metropolitan offices, I know, Mr. Garcia's office in Los Angeles and I know Mr. Devine's office in Chicago, I know Mr. Morganthau's office in Manhattan all have specific units regarding health care fraud in general. I think, and certainly the attorneys general across the country have taken a lead with regard to many of these issues, although it is a serious question in many states in which they have had an active and ongoing interest.
What concerns prosecutors across the country is that as welfare reform becomes a reality, as these block grants are given back to the states, as various states impose and enforce their own regulations with regard to a myriad of problems, not only specific health care providers but other kinds of spinoff issues, as we see more and more devolvement back to the states, that our burden will, in fact, become more and more. That we will be more responsible for these kinds of prosecutions that frankly have not historically for many of us been our forte or been something that we have been expected to do over the long haul with the exception of those offices that I have mentioned and some local prosecutors who have had an active interest. So, we think and believe and know that our responsibilities and area of inquiry will greatly expand as these things devolve back to home rule or local jurisdiction.
MR. GELLMAN: Do you have any comments?
MR. LITT: By and large I think this is an area of crime where the federal law enforcement rule has been paramount, in part because federal law enforcement tends to be better set up to handle large white collar investigations and in part because many of the investigations are interstate in nature. It is very difficult for Mike in South Bend, Indiana to investigate a nation-wide company. It is very hard for him to get, to subpoena records from another jurisdiction. It is very easy for us.
And so I think the Federal Government is going to continue to have a lead role. We work cooperatively with the states. We have a number of bodies set up to coordinate these things and many of our major health care fraud cases are worked conjunctively with state and local prosecutors.
MR. GELLMAN: Can one or more of you talk about, you know, what is involved in a typical, whatever that means, you know, health care fraud investigation from the perspective of individual records? I mean, how are records important to these investigations, how are they collected, how are they used, why do you need them?
MR. LITT: I can give you a couple of examples and Neil can probably give you others because I know this is something that Neil has spent a lot of time working on, but if you take sort of the prototypical case of a doctor or a laboratory that is billing for services that are not medically necessary, in order to prove that services are not medically necessary you have to go back and see what was billed for and what actually was wrong with the patient. Did they need this or not? You cannot do that without having not only medical records but identifiable medical records so that you can, you may have to go back and get, if it is a laboratory you may have to go back and get the same patient's records from the doctors.
I prosecuted cases like that when I was an assistant U.S. attorney. You cannot do that without having the individual medical records. And that is a very common kind of case. Neil, do you want to --
MR. GALLAGHER: I was assigned down with the FBI office in Louisiana, and two of the things that strike you when you first come into Louisiana; first of all, on the drive into New Orleans itself you get struck by the number of billboard signs advertising psychiatric hospitals. And you know you are going into somewhat of a crazy town but there are a lot of psychiatric hospitals in Louisiana. At the same time, there is a lot of examples where you see a lot of ambulances, mom and pop type ambulances going around. Using that type of example you start to get records and you get allegations that a particular ambulance provider is either double billing or inappropriately billing for transportation of patients. Again you get into reviewing the records of that particular provider.
In that instance you probably go with a Grand Jury subpoena for those records and then going out and perhaps interviewing the patients that have been identified to see if, in fact, they were transported. And that is a typical approach.
I think there are three levels of gaining information and it goes to the point, we may be able to get general allegation and general billing information that really does not make the case for us. But using that general billing information we may be able to zero in on particular health records that we need to locate and review to identify whether or not a patient received that type of treatment that, at least from the provider's billing records, indicate that the patient has received.
And thirdly, we may at some point need to go out and actually interview the patient. And we will go in stages. We may be able to, given an initial allegation we may be able to show that there is no basis for a criminal investigation just based upon the general review and we will stop there. It is only if there is continuing information that causes the investigators to continue to go further to actually review the medical records and then perhaps to identify some patients that common sense would indicate that perhaps we should physically go out and talk to that patient and ask them if, in fact, they received that type of treatment.
MR. LITT: I can give you another example from a case that I am very familiar with, that Neil knows also, where we received an allegation that in a particular surgery practice doctors were being billed for assisting at the surgery when they were not even present.
In order to evaluate that we not only had to get the bills, we had to go back and we had to look at the operating room records, and indeed we had to get operating room records from other procedures because we had information that these doctors were actually in a different operating room at the time they were being billed for being in that one operating room. You cannot do that without the medical records.
MR. BARNES: I suppose historically local law enforcement, and I am sure Mr. Gallagher is exactly correct, is that health care fraud as we know it has been primarily a federal bailiwick for all the reasons that Mr. Litt outlined. The one area in which states have had some success and have had some focus is where the fake accidents, where the people fall in front of a car and quote, are injured, unquote, and that is, in fact, obviously necessary not only to get their personal medical records but the medical records of the health care provider and then the process that these two gentlemen have described. So that(?) would be I suppose if not primary at least extensive state experience in this area.
MR. GELLMAN: Harvey?
MR. SCHWARTZ: Could any of you briefly describe the typical sources of information regarding these abuses or potential abuses? Who usually, I mean, I heard in the passive voice that you got this alert. Could you just --
MR. GALLAGHER: It can run the full spectrum. In one instance it can be an employee at the health care providing facility that becomes disturbed based upon what he or she may see and they come to us with evidence or a demonstrated concern for that criminal activity. In other instances we may get direct referrals from a patient who receives a Medicare bill and says, I did not get this. You know, too many people may turn around and because they are not paying for it not raise an issue, but then again there are a lot of the citizens in the United States that become insulted when they see that a particular federally funded health benefits program is being inappropriately charged for services that they do not get.
MR. LITT: We will also get referrals from insurance companies or fiscal intermediaries that run their own program that say, gee, every lab in this city has x percent of this kind of test but this lab has 6x percent of this kind of test. That warrants an inquiry. That is another way in which we get --
MR. GELLMAN: Is it possible to estimate in very broad terms, because I am sure that is the closest you can come, to the number of individual records that might be looked at in any given year for reports of health care fraud investigations. Are we talking millions of records routinely?
MR. GALLAGHER: In one individual case, again in Louisiana, I believe they obtained 2,000 records. But again, there are going to be levels of intrusion into those records to try to identify a trend and focus in and be able to bring to the prosecutors actual evidence. We may get 2,000 records, out of those 2,000 records we may pick the best 200 for more detailed review and of those 200 there may be a lesser percentage that we will go out and actually interview the patients. And I imagine once we present the evidence to the prosecutors that they will pick the best examples of that for actual trial.
MR. LITT: I do not think I could give you within two orders of magnitude what number of health care records are looked at --
MR. GELLMAN: Is it fair to say it is a lot of records in the course of all the health care fraud investigations that are going on nation-wide?
MR. LITT: Yes.
MR. GELLMAN: Some of the legislative proposals seem to require a subpoena, and we are talking about health care fraud, for law enforcement access in this area. What kind of problems would that present? How do you get records today? Do you use subpoenas? Do you use Grand Juries? Can you get them by request? What are the procedures that are followed and how difficult would a formal subpoena process be?
MR. LITT: By and large I think in the federal system we largely use subpoenas today.
MR. GELLMAN: Grand Jury subpoenas?
MR. LITT: Grand Jury or administrative subpoenas, depending upon what level it is at, and one thing that somebody passed me a note back here to remind me of, is that we have civil fraud investigations as well that also fall under the general rubric of law enforcement. Since you have two prosecutors and an FBI agent from the Criminal Investigation Division here there has been a focus on the criminal aspect but there is also a very active civil part of this as well.
By and large it will either be Grand Jury subpoenas or administrative subpoenas that we will use to get the records. I think that, I just do not know whether the practice is different in the states or not.
MR. BARNES: It is not substantially different at all. It will, of course, depend upon the strings attached to the subpoena process. As currently constituted that is how we operate too, with subpoenas.
MR. GELLMAN: Does everybody at the state and local level have subpoena power to get access to these kinds of records?
MR. BARNES: I would certainly believe that solicitors, states attorneys, district attorneys, prosecuting attorneys, whatever we are called -- and some nicer terms probably -- but all have general investigative subpoena power of some form or fashion.
MR. GELLMAN: So basically you are used to dealing with subpoenas to get records? I mean, are subpoenas required all the time? Will people give you records otherwise?
MR. GALLAGHER: I guess you are going to have to define what is a record. You know, if we go back, and again going back to the early examples of the emergency room, if that becomes the definition of what a record is, so if there is a bank robber and the subject is wounded and we send agents out to the local hospitals, to the emergency rooms, and they say, well, we will need a subpoena before we can talk to you because this is the policy that has been established, I think that goes to the extreme.
MR. GELLMAN: I am talking here about health care fraud. I mean, there is clearly a lot of cooperation within the system among all the players because a lot of people have an incentive to help the law enforcement find fraud.
MR. LITT: I think that there are circumstances today where we do get voluntary production and cooperation. On the other hand, I have to say that from the federal point of view, the requirement of a subpoena in that case would probably not be a tremendous burden for us. But I want to be very careful here because I do not know all the state and local systems.
I do know, for example, that in state criminal investigations, unlike federal criminal investigations, it is very, very common to have the criminal investigation conducted by the police without a lot of involvement by the prosecutor and hence no Grand Jury involvement. And generally speaking, any major white collar case in the federal system is going to be worked by a prosecutor, a team of a prosecutor and investigators jointly and so you will have access to Grand Jury subpoenas. In the states I do not think that is necessarily the case and a requirement of a subpoena may impose a much greater burden on states then it would on us.
MR. GELLMAN: Well, one of the bills would allow pretty broad disclosure to law enforcement for fraud investigations when you are going after a provider or an insurer or whoever, without any particular procedures, without requirement of notice to patients, without any specific standards, as long as you are focused on using the records in investigations of providers, in investigations of health care fraud.
So it is sort of a lower standard, but what I hear is that at least to some extent a subpoena requirement is not necessarily all that different, at least at the federal level, than what you do today.
MR. LITT: Again, at the federal level I think that is probably, Neil --
MR. GALLAGHER: Yes.
MR. LITT: As long as you have the option for an administrative subpoena as well as a Grand Jury subpoena and again in the civil situation I am not sure whether that might create some burdens. I do not have anybody from the civil division here with me and I would want to hear what they had to say on that. And again, the state and locals might have a different view on that.
MR. GALLAGHER: The difficulty with the way that provision was written is that it created a very clear distinction between investigations of health care fraud versus other investigations, and that somewhat becomes the problem. I would be a lot more comfortable if you established a law enforcement policy if it were to be, and it would have to be consistent with the state and local authorities, if we were to talk subpoena that it would be subpoena for all access to health care records rather than try to divide within law enforcement agencies what is a health care fraud investigation or the product of that investigation. Because there are going to be situations where you are involved in a health care fraud investigation and you are going to see a clear indication of other criminal activity.
MR. GELLMAN: Okay, well, we will come back to that issue in a minute.
MR. LITT: But let me just say again, with regard to what Neil said, in the New York Times a week or two ago there was an article about how organized crime is moving into white collar areas including health care businesses. Now if you are looking at the Genovese(?) family sort of taking over HMOs in the New York area are you conducting a health care fraud investigation or are you conducting an organized crime investigation? I do not know.
MR. GELLMAN: Okay. One of the distinctions and, Mr. Litt, you have referred to this a couple of times, that is made in some of the bills, and this is a troubled area, one of the problems with all this legislation is drawing lines between different functions. We talked here about the difficulty of making distinctions between some management functions and research, between research and public health. Part of the distinctions proposed in the legislation is the distinction between oversight activities and law enforcement activities. I think the goal of the legislation is to recognize that oversight, and sort of in this health care fraud context as well as some others, is clearly very important, has clearly got a large dollar value attached to it and I think there have really been large efforts, major efforts made at the administrative level and by the Congress to recognize the problem and to address it. And one of the distinctions here is to try and say, well, these oversight activities should have fewer barriers to access and where you get into more traditional, more formal law enforcement activities that there we have to be a little more careful.
And the lines are not clear. You made that point, Mr. Litt, and I think that is a fair point. The question is, is there something here that can be preserved? Is there some way to make a distinction? Is there some way on this continuum to draw a line and say, at this point we are going to have more formal procedures but up to that point we are going to give you more flexibility in getting access.
MR. GALLAGHER: There are a couple of problems that I see with that. One is the very obvious definitional one that you are all very familiar with, is, you know, which side of the line does the HHS Inspector General fall on? The definitions of oversight that I have seen would include any criminal investigation. And so does that mean that when the FBI is conducting or the, you know, the South Bend Police Department is conducting a criminal investigation that they are engaging in oversight? And so that is one issue, and again going back to what you have commented to before, that if you are going to draw lines it is essential that the lines be clear.
The other point, and I know that you probably intend to get to this later, but the point that is very, very critical from our point of view is one that Neil mentioned a few minutes ago and that is that we not draw an artificial line between the oversight and the law enforcement so that to limit the oversight people's ability to provide evidence of crimes to the law enforcement people.
MR. GELLMAN: Okay, we will come back to that because that is a whole separate area of questions. We do have some experience, I am not sure how wonderful it is, under the Privacy Act which has two different classes of exemptions. There are the J-2 exemptions which cover essentially agencies which perform as its principal function any activity relating to the enforcement of criminal laws, and then we have the K-2 exemptions which deal with investigatory material compiled for law enforcement purposes other than stuff that falls under J-2.
So, I mean, I do not know if there is anything in that experience that helps. There really has not been much exploration of this distinction under the Privacy Act. It has come up from time to time and even there it is not clear that the lines are all that clear but there is already sort of a statutory attempt at drawing a distinction between sort of heavy duty law enforcement activities and lesser --
MR. LITT: I hesitate to rely on the Privacy Act as a model for anything.
MR. GELLMAN: Well, to a certain extent I agree with that. On the other hand, all the component elements of the Privacy Act are exactly the component elements of any other privacy statute. It is the same implementation of a code affair information practices but the details in a lot of respects are difficult.
Let me ask one other question before we take a break and that is, to what extent are the needs in fraud investigations always for identifiable records? I mean, there is clearly a drift in some bills toward making records available but only in a coded form or anonymized form. And I recognize that when you get down to presenting evidence at trial and in some circumstances the need to be able to have specifically identifiable records or to link records from various providers is important. You have already made that case.
Are there some circumstances, are there some ways in which it is possible to say that you can carry on these functions or you should carry on these functions with non identifiable records, with identifiers removed?
MR. GALLAGHER: There are some examples where that type of information would suffice. Let me give you, again, a hypothetical example that we identify a physician that is billing for patient treatment and we are able to show that that physician is out of the country for a period of six months and could not feasibly be providing that. In that instance we may be able to just use the billing information to make a case.
But I would think that in more examples than not as we get involved in investigations there again will be stages of information that we will need. The more detailed we get involved in the investigation the more focused we will get with our need and the more information we will have to identify. It will not suffice just to have the billing information. We will have to go and actually obtain the medical records.
As Bob mentioned, the example of a surgery group that is involved in surgeries and there may be some billing fraud or alleged billing fraud, we have to get the actual medical records to see, or the operating room records to see what physicians, what staff were actually in the operating room at a particular time. That is the only way we can make the case.
MR. LITT: I think that in many investigations there will be a portion of the investigation where you will not need the identifiable medical records. In particular, you know, when you are doing an investigation of the kind I was talking about before where you have, you know, you are looking for patterns of abuse, that can probably be done without access to individualized records.
But when the time comes to actually putting a case together I cannot, as a prosecutor I cannot conceive of doing that without the individualized records, particularly when you consider that if the provider is your target the provider is going to have access to all those individualized medical records without any control and any kind of responsible prosecutor is going to want to know what is in there, what he may be hit with at trial if the provider comes in with access to all those records. So, I, it would be very, very hard to draw any kind of line about when you could, when you could do without the individual identifiers and when you could not.
MR. GELLMAN: Suppose we drew a line, a very loose one and basically left it up to you to decide and said, I am just making this really off the top of my head, said, you can have identifiable records is a supervisor in the prosecutor's office or in the police department says you have made a case. That is the line. You are the test, but there is a policy that says you have to jump through a limited hoop before you can get the identifiable records. MR. LITT: That might not be such a bad burden from our side, particularly if you wrote it in such as way that nobody could litigate anything about that.
[Laughter.]
But you start to put a burden on the providers at that point. By and large they keep their records with identifiable information and for us to go to a laboratory company and say, we want records of 20,000 laboratory tests but we want you to go through and mask out all patient identifying information is going to be a tremendous burden on them. And that is, I suppose that is going to blow back on us because the time it is going to take them to mask out all those names is going to delay our investigation.
MR. GELLMAN: I think that is a fair point and I suspect that as we get into having more and more records computerized the ability to produce records without an identifier will lessen that burden. So, maybe there is something in here to be explored.
MR. LITT: But they are never going to computerize the operating room record, the nurses' operating room sheets. Somebody is always going to be taking that down by hand.
[Comments.]
You disagree with me on that? All right, I will defer to you but it strikes me as extraordinary that you are going to have that on computers and the nurse writing everything down. I will defer to you on that.
MR. BARNES: The problem from a state point of view, too, is that, how would all these things be uniformly done? How would we unlock the coding, the redaction(?), however we would want to say that on the one side, so it would be a huge task.
MR. GELLMAN: Okay, why don't we take a ten minute break here and reconvene at five minutes to eleven.
[Brief recess.]
MR. GELLMAN: I would like to talk some about the issue of reuse of information that has been obtained by law enforcement agencies for one purpose or another. In a lot of ways I think this is sort of a big law enforcement issue in the legislation. Some of the proposals are pretty generous, at least in my opinion, you may have others, in terms of allowing fairly broad law enforcement access when records are to be used in an investigation of a provider or an insurer, when the patient is not the focus of the investigation. The basic idea here is to allow fraud investigations to continue with few procedural barriers and it is a way of striking a balance here because that is clearly an area of importance.
And in most of the proposals there is a very significant limitation that comes with this access and the bills generally say that you cannot use information obtained in these flow investigations against the patient unless the patient happens to be engaged in the health care fraud you are investigating. So it is a limitation on how much you can do with the information against the patient once you have obtained it. Does that give you problems?
MR. LITT: Yes.
MR. GELLMAN: Tell me why.
MR. LITT: Again, it comes down to a balancing of the benefits as opposed to the costs of it. We live in a regime today where there is no limitation on reuse. That is to say that if in the course of a health care fraud investigation of a provider we come across evidence of a crime committed by a patient there is nothing to stop us at this point from using this in any way we see fit. I am not personally aware of any examples. I have no doubt that this has happened some time in the past.
I do not believe that this is a major deterrent to people to obtaining health care, is a major incremental invasion of their privacy. This is merely an application of sort of a general legal principle that says that as long as we lawfully have access to something, as long as we have a lawful basis for getting access we can use it and we are not artificially constrained.
If the FBI gets a search warrant to search somebody's house and in the course, and that search warrant is lawfully obtained, and in the course of that search obtains evidence of another additional crime committed by a different person, they are entitled to use that. Basically the focus of the law has been on the justification for the initial intrusion and if the initial intrusion is justified, then we are allowed to make whatever use we can.
I think if there were a substantial likelihood or showing of sort of the textual use of this information, the sort of thing that you were speculating about before if you had this kind of software that allowed you to randomly search on the word murder and pull any medical record that referenced a murder, and you had indications that law enforcement was using health care fraud investigations as a pretext for finding out what crimes patients had been committing, then there might be a case to be made for this kind of use, of limitation on use. But I do not think there is a case for that.
MR. GELLMAN: Well, it seems to me, I mean, let me, sort of a general hypothetical here just for purposes of discussion, that I go to my doctor to be treated for some ailment that reveals some kind of criminal activity. It could be drug use. It could be under age drinking or smoking. It could be some kind of sexual activity. It could be anything at all that I reveal to my doctor or psychiatrist or whatever. You guys are coming along in an investigation of health care fraud. It is clearly a major problem. It is clearly something that has to be addressed. And you get access to thousands or millions, I have no idea, but a large number of records routinely.
You do not have any evidence against me. You are looking at the doctor, you are looking at the provider. You may not even be looking at the doctor, it may just be in the course of doing comparisons and you get all of these records. And it seems to me that if we are going to preserve any kind of privacy rights here, the fact that you get so many records routinely for health care and fraud investigations, if there is no protection against secondary use of that information against a patient then there is really no protection of privacy at all.
I mean, records that you obtain simply become part of whatever law enforcement, I mean, basically under those circumstances every patient would be directly advised not to reveal any activity that could be used by prosecutors to go after them because in some random investigation of some other activity, some other function, some other person, law enforcement people could get these records and use it against you.
MR. LITT: You see, it is that last point where I disagree most strongly with you, and that is this is the way the regime is today and nobody is advising patients not to disclose this material now. There is a very strong desire for people to get medical care and to make the disclosures that are necessary to get appropriate medical care. Today if we got, if we get the medical records of the doctor in the situation you are talking about, we could use them, but there is no indication that people are not getting medical care as a result of that.
MR. GELLMAN: Well, we will discuss that point with the providers this afternoon. Let me ask about Kennedy/Kassebaum. There is a provision in Kennedy/Kassebaum that says that, well, first of all there is a provision in Kennedy/Kassebaum that gives the Attorney General administrative subpoena power for all health care records. So the Attorney General has the administrative authority to get any health care record in the country. And we had testimony here from the HHSIG that he already has, that he has the same authority. So, the ability of law enforcement to get access to medical records is essentially unlimited, all records fall within the scope of existing authority. There is a provision in here --
MR. LITT: I do not think that overrides, for example, the substance abuse privacy law requirements.
MR. GELLMAN: That is a good question. I do not know but we can leave that aside for the moment. That is not important, or actually is important but not --
MR. LITT: I would assume that we are interpreting that not to override that.
MR. GELLMAN: That would be my guess, too. Kennedy/Kassebaum says that if you want to use a record obtained through a health care fraud subpoena against a patient in another proceeding you have to get a court order. That is already law. Do you have a problem with that?
MR. LITT: These are records we obtain through an administrative subpoena, you mean.
MR. GELLMAN: Right.
MR. LITT: Okay, yes, I think that, as I said that is not the way that we would prefer this proposal to be. It is not the way we think we need it to be.
MR. GALLAGHER: I guess I have one growing problem, not with what you are saying but taking it from a different perspective. What we are, in essence, saying is it is all right to give up patient identification material when it is to the best interests of the health care industry because we are pursuing fraud, but when it is other criminal activity now we are going to protect their identities.
I do not know if we are taking the interests of the patients in mind or we are willing to give up their individual freedoms in pursuit of fraud to the benefit of the health care industry. It is turning it around a little bit but if you look at it from that perspective, it almost argues against giving up any records but at the same time you are not drawing a difference between health care fraud investigations and other criminal investigations.
I think the real test is the, is it a legitimate law enforcement investigation, and the process by which the law enforcement agency goes in and gets access to the records and how they use the records.
MR. GELLMAN: But I mean that is, in fact, the point we are discussing, is, you know --
MR. GALLAGHER: But when you put this artificial barrier between health care fraud investigations and other criminal investigations and you change the current law as it suggests, as search warrants are handled in the plain view document, and now you are interpreting it differently in health care fraud records, in health records, rather, it has a rather significant impact upon law enforcement and the American, the United States legal system.
MR. GELLMAN: Well, I mean, I think that is a fair comment but another way to look at this, and it depends where you sit, is that these are the most sensitive of third party records that are maintained and that there is a need for confidentiality, there is an important interest here and that it is rather extraordinary in some ways of looking at it that law enforcement is given such an extremely broad right to get access to every medical record in the country because we think health care fraud is an important issue and we need to use whatever tools we can.
And a way of balancing that broad grant of access and that ease of access to medical records is to say we need to provide some protection for the patients because the principal concern here, the principal reason we are giving you this access, and the reason that you have the records is because you are interested in health care fraud. If there were no health care fraud you would not be getting these records in the first place.
And so, you know, it is a question of balancing, obviously, the different interests that are concerned here and if law enforcement health care fraud investigators are going to be given all of these rights then there needs to be something on the patient's side. I mean, I think the possibility of computerized records at all levels and computerized searching through records is clearly beyond the scope of the current system but I do not think it is all that far-fetched. There is an incredible amount of work going on everywhere to computerize medical records and there are already a lot of records, billing records particularly, that are computerized and it is only a matter of time, and the law enforcement people are going to keep pace with all the computers, especially in the fraud and abuse area because they are going to have to. It is the only way they are going to be able to get access to the records that exist.
And I think the notion or the possibility of some general search of records under this kind of authority, especially administrative subpoena authority, means that there is no protection at all for patients. You cannot tell your doctor anything without the fear that it is going to end up in the hands of the police and be used against you. I mean, is your doctor going to have to give you a Miranda warning when you go in, say, anything you say that I write down in the record could be obtained by the police in a completely irrelevant investigation and used against you?
MR. LITT: You know, the authority to obtain these records is, as you pointed out, nothing new. We have always had the same authority by Grand Jury subpoena and the HHS Inspector General has had the same authority. This was, as I understood it, a new authority given to the Department of Justice to obtain records by administrative subpoena and the tradeoff for that new authority was you do not use them in other proceedings. But we can still get the same records and make any use we want to them through an HHS Inspector General or through a Grand Jury subpoena.
MR. GELLMAN: At the moment. Well, let's --
PARTICIPANT: -- the work of the committee is not done.
MR. GELLMAN: And we are not the decision maker anyway, as you well know. Let's talk about the Kennedy/Kassebaum procedures. The standard for getting access, for using the record for another purpose is good cause and the statute says that the court has to weigh the public interest, the need for the information against the injury to the patient, the injury to the physician/patient relationship and to the treatment services. Do you have a problem with that in terms of interests to be balanced here? Are those legitimate concerns that have been identified by the Congress?
MR. LITT: Are the concerns legitimate? Sure, the concerns are legitimate. I have a problem with embodying this in a judicial standard that some judge is going to have to deal with in this case. I mean, our experience under the substance abuse records is that judges look at this and they say, what am I doing with this? What is this here? They sit on the applications for months. We have had cases where judges have not even ruled on them. And to require us to set forth this in a court proceeding, as I said, this, to me, is a prime example of where we are going to be buying two rounds of litigation, one where we have to go into court to get the record and two, when we get the motion to suppress or the motion to dismiss in the criminal proceeding that falls out of it.
But, in terms of what the interests to be balanced are those strike me as being the appropriate interests. It is a question of who makes the decisions.
MR. GELLMAN: Okay, that is fair enough. When this provision went through the Congress, the Kennedy/Kassebaum provision, did you guys lobby against it? Did you testify against it? Did you work against it?
MR. LITT: My recollection is that this provision came in fairly late in the game. We certainly submitted, the official administration position was embodied in a letter to the Congress on S1360 that there should be a medical records, that there should be a law enforcement exemption on the medical records' privacy issue, but how, and I do not know that there was an opportunity to testify on this particular provision that you are talking about here.
MR. GELLMAN: That could well be. I do not know the history of this particular provision. But I think that, at least I see it as Congress considered your comments on S1360 and decided not to accept them, at least in this context although, you know, how things flow through the legislative process is always a mystery and drawing that kind of conclusion firmly is always a dangerous thing.
MR. LITT: I think one could equally look at the process and say Congress considered our views on S1360 and determined that they were not going to do anything to affect our present ability to get medical records under existing authority.
MR. GELLMAN: That is another point of view.
MR. LITT: You could go back and forth on it. You know, is the glass half full or half empty?
MR. GELLMAN: Under current law, law enforcement cannot obtain a video rental record without providing notice to the subject of the record. Why should medical records have less protection then video rental records?
MR. LITT: Because nobody sought to obtain Judge Bork's medical records.
MR. GELLMAN: Well, that is a flippant(?) answer but --
MR. LITT: A lot of legislation is done on --
[Laughter.]
-- a lot of legislation is done on a very ad hoc basis in response to specific problems. One should not seek logical consistency in all of statutes enacted by Congress is, I guess, the point I am going to make.
MR. GELLMAN: I would not struggle very hard with that one, but the Video Privacy Act is not necessarily a unique statute. We have limitations on the ability of law enforcement to obtain cable TV records. We have limitations on the ability of law enforcement to obtain bank records. We have limitations on the ability of law enforcement to obtain communications records. So there is a pattern here. And granted, the process, the legislative process that has produced legislation is, shall we say, haphazard and not comprehensive, the goal of all of this legislation is actually fairly similar and that is to provide some degree of protection for records deemed to be confidential and I do not know anyone who would not think that medical records are at least as confidential as any of the records already protected.
MR. LITT: You make a good point. I do not have a detailed familiarity with the video rental law. I do have a substantial familiarity with the Right to Financial Privacy Act which covers bank records, and two points of significance on that are, first that it has absolutely no application to state and local law enforcement whatsoever. It is strictly a limitation on federal law enforcement, and number 2, that it contains a complete exemption for Grand Jury subpoenas so that as long as we serve a Grand Jury subpoena, the only limitation I think is we actually have to present the records to the Grand Jury. But that there are no restrictions on our ability to obtain financial records for use in a criminal investigation by way of Grand Jury subpoena.
MR. GELLMAN: Well, I would agree with you that there are lots of exemptions in the Right to Financial Privacy Act. I do not find it a particularly useful statute in a lot of ways from a privacy perspective because of all the exceptions and there were, I think there were stronger Grand Jury restrictions as originally passed. I think there were some amendments made that weakened those.
MR. LITT: But I think that that reflects practice and what law enforcement's needs are in this area.
MR. GELLMAN: I think that is a fair comment.
MR. LITT: And again, my comment about Judge Bork was not entirely flip because I am quite confident that but for that specific instance there would not be such a law today.
MR. GELLMAN: Well, I am sure that is the case and I said at the time that I wished the reporter had gotten his medical records because then we would have a medical records statute instead of what we have, and we would all be better off for it.
Let me try some other issues here. One of the, assuming that a bill passes -- and to a certain extent you have already reflected this in your testimony -- but assuming that a federal bill passes and the scope of the law enforcement provisions are obviously still up in the air, it is clear that one of the consequences of a comprehensive federal medical privacy bill passing is that everyone is going to be a lot more sensitive about making disclosures. And some disclosures that you get today routinely or with cooperation of various people, all of a sudden people are going to say, wait a minute, I do not know if I can do this, I do not know if I want to do it, I need my lawyer, I need a subpoena, I need a court order, I need anything.
I know that happened, for example, when the Privacy Act originally passed, that we had people and agencies who were routinely making disclosures that were clearly authorized under the Act immediately said, I am not doing anything unless my lawyer signs off on it. And it took a couple of years to work through that.
And, so to a certain extent providing specific procedures in a bill to deal with law enforcement access in some ways provides a degree of assurance, something to point to to say, here is a procedure that says you can disclose records to us. And I want to talk about one of these.
One of the bills has a provision that says if a law enforcement official is seeking records from a hospital, and under some of the provisions of the bill it would allow them, you know, we talked about some of these things in terms of, in terms of, you know, looking for fugitives or collecting information about crimes that have been committed, that establishes a procedure for this. And the procedure is that you have to come in with a written certification from a supervisory authority. Not from a court, not from another agency, but basically a supervisor. The idea of the procedure is sort of twofold, or threefold, perhaps. One is it prevents any cop from walking in off the beat and saying, hi, I am here looking for this record. Two is it provides a written record of what was sought and why so that there is a record of that. And three, it provides an assurance to the record keeper that it is okay to disclose the record.
And the procedures are just very simple, just what I described; a written request signed by a supervisor in a police or law enforcement office and states that the records are needed for a lawful purpose. Does that sound like a terrible thing? Does that sound like a major barrier? Does that sound even useful in some respects?
MR. GALLAGHER: From an FBI perspective it would not present all that many, much degree of difficulty. However I can project this into local law enforcement and all of the early examples that we talked about. If you are going to require that degree of authority before you go into an emergency room to obtain records, that will become somewhat problematic.
MR. LITT: You can clean up on this one, Mike, because this is the most important issue for you, but I would concur in what Neil says from a federal law enforcement point of view. I think that you would need to have some sort of exception for exigent circumstances there. If there really is a sort of demand for immediate action, hot pursuit sort of thing and you just do not have the ability to wake your supervisor up in the middle of the night and run out to his house to get something in writing. But with sort of an appropriately narrow exigent circumstances, I do not think that would impose a great burden on federal law enforcement. But I think the key issue there is whether that would pose problems for state and local and whether you want to impose that kind of procedural requirement on them.
MR. BARNES: I think it would impose significant impediments with regard to local law enforcement and I think it is important to understand, and have the committee recognize, that when we talk about local law enforcement we are talking about a lot of two and three-person police departments, town marshals, people who are in the process of attempting to provide public safety for jurisdictions that, many times some of my colleagues say, well, listen, fax, modem, computer, that sort of thing, and while that is true in many of our major jurisdictions, you know, for instance the average prosecutor's office in the United States has eight people in it. There are, well over 50 percent of the people who are district attorneys or prosecuting attorneys are part-time people.
That kind of, I think, focuses in on the impediments and the obstacles that this sort of thing would bring, specifically to local law enforcement who have perhaps some prior working agreement or understanding with a local hospital as to the parameters of what they can inquire about, the availability of general information and then absent those exigent circumstances that Mr. Litt spoke about, to follow a more, a warrant or a subpoena request procedure. But the burdens that are imposed are ones which we have to be always cognizant of in the real world, in the place where people are attempting to promote the public safety within their community.
And, you know, as to the one comment that I would have with regard to the video and the other bank records, those sorts of things, there is not the time, the push necessarily or the urgency attached to some of these requests in those areas that there are with some forms of medical records, particularly where you are seeking someone, particularly where you are seeking someone with a specific type of injury. You simply cannot get the specificity together regarding the person other than a general injury, a general question or query that you could make with an emergency room physician or personnel.
MR. GALLAGHER: One thing that would be very difficult is the complexity of getting a common approach to this throughout the United States. When you start to, we are creating something different. Are we going to create a nationwide form that a supervisor is going to sign off? What defines a supervisor? Applying this to all of the police departments in the United States, whether they be a three-man department or a 40,000-person police agency, is going to be very difficult and it may become more confusing.
I would be a lot more comfortable if, earlier on we talked about the administrative subpoena, if a police officer shows up with an administrative subpoena is that police officer sitting in his patrol car outside just typing up his administrative subpoena that he is going to run in or she is going to run in by themselves or is there a process within the law enforcement agency that would result in that?
MR. GELLMAN: Well, is there?
MR. GALLAGHER: Within the FBI there is.
MR. GELLMAN: I mean, do cops on the beat just write out subpoenas in their car and turn them into hospitals?
MR. BARNES: Not as a regular course of action. Most of the subpoenas that are issued are issued with regard after consultation with and collaboration with the various district attorneys' offices. Although in some instances police do, in fact, prepare and support by probable cause in some instances subpoenas. There is no question that that is done in some jurisdictions.
MR. LITT: And certainly with respect to search warrants. In a lot of jurisdictions police will get search warrants without going through the prosecutor's office. They will prepare the affidavit, bring it down to the judge, get it signed on their own.
MR. GELLMAN: But they have an independent party signing it.
MR. LITT: Yes.
MR. GELLMAN: I want to step on this for a minute. There are three sort of elements of this supervisory thing. One is that their request be in writing. Does that give you a problem? Does that create, is that some kind of major barrier, coming in to get records under what may be an exception in the law that says you can get records if you meet this test that you have to request it in writing?
MR. LITT: Again, subject to the exigency, all of this is sort of qualified by the exigent circumstances. It does not cause us great aggravation to have our requirement in writing.
MR. GELLMAN: Mr. Barnes?
MR. BARNES: You know, the easy answer would be to say, hey, no, that is no problem but the point is, how is that framed? What is the inquiry about? Is it artfully drawn? Is it artfully drafted? Can it withstand a subsequent attack as to specific particularity or specificity if, in fact, it results in evidence which leads to the arrest of a person? And there are plenty of police agencies, police men and women who are perfectly capable of doing this.
I think, however, that once we make that requirement that we simply are, in fact, asking for and undoubtedly will draw kinds of attacks that Mr. Litt outlined as to the litigation. I understand the Chairman's position about litigation but I think that it is simply an invite to do that.
MR. GELLMAN: Well, I do not dismiss your concern over litigation. If you can, to the extent that one can write a clearer statute, and in some cases I think some of the [noise interference] in certain circumstances that decisions cannot be further litigated. That is something that has been done and if a case can be made for that it may make some sense.
It is a question of where you are going to draw those particular lines. I mean, what I am getting at here though is, if you do not set up a procedure, one of the problems with building a bill of this sort is that it is comprehensive. It is hard to do this in a way that isn't. And you have to anticipate all the circumstances that come up. And if you do not provide a simplified method for people, a clear method, a clear process under which people who have the records know they can give them up the answer is going to be go away and get a subpoena.
I mean, a subpoena seems to me to always be a more difficult thing to produce than a written statement from a supervisor that says here is the information we want. Is that a fair comment?
[Responses in the negative.]
Tell me why not.
MR. LITT: When I was an assistant United State's attorney I would sit down with my agents, we would figure out where we would want to subpoena, I would type out the subpoena and give it to them and they would serve it. I did not have to get any kind of supervisory approval for it.
I am not by that comment suggesting that I necessarily think that your suggested mechanism is unduly burdensome, but at least in the case of federal law enforcement it does impose some additional requirements that the mere service of a subpoena does not have.
MR. GALLAGHER: I would add that a subpoena has an established procedure and it is a known document. If you are going to create this authority of a supervisor, I am having a difficult time appreciating how that would be applied throughout the United States and what that, in fact, would be. Is it a situation that they just show up with a form letter that there is a series of initials on it and that he says or she says, that is my supervisor, they have approved it. You know, how is the hospital going to treat that -- this is the first time they see this particular document -- versus a subpoena which I think most hospitals, their legal staffs would be able to understand right away. We are creating something different.
I agree with the intent, but the procedure to get there, I think you are going to make things far more complicated then you can appreciate because there could be literally 10,000 now different types of authorities from supervisors that will be created throughout the United States and I think you are going to open yourself potentially to greater problems with violations of it.
MR. LITT: The other thing that is likely to happen, of course, is that most of the bills, that I have seen at least, draw distinction between what a health care provider may do and what a health care provider must do. And that if your written certification requirement is only in the may do category, you are going to find, by and large, that law enforcement is going to use the subpoena which they must comply with rather than to take the, unless you know the hospital and you know they are always going to routinely comply with this.
You are not going to say, okay, we are going to schlep out there with the written request. They are going to say, wait a minute while we call our lawyers. They are going to talk to their lawyers. Two days later they are going to say no thank you. Then you will run back there with a subpoena. You will just skip the intermediate steps and go out there with a subpoena.
MR. GELLMAN: I can see that but it sounds to me like that, you know, from the perspective of -- Mr. Barnes, I know you have to leave.
MR. BARNES: Thank you very much, Mr. Chairman.
MR. GELLMAN: I appreciate your being here.
PARTICIPANT: One plane a day to South Bend.
MR. BARNES: One plane a day to South Bend. Orville and Wilbur are flying in so I must go. Thank you very much.
MR. GELLMAN: Thank you. The privacy community would probably feel better saying, okay, you want records you have to have a subpoena all the time.
MR. LITT: And as I said, from the federal point of view, Mike is headed out the door here, but from the federal point of view, that is not a tremendous burden on us to require the subpoena. I think that it would be a much greater problem on the state and local side.
MR. GELLMAN: Now one of the provisions in most of the bills is a requirement that when you are getting a subpoena you have to notify the patient if the patient is a target of the investigation. Now some of the bills say that if you are using a subpoena to get access to records because you are investigating health care fraud by a provider, and the patient is not a target, you do not need to notify the patient because clearly those notices, given the volume of records obtained, would be clearly significant. I assume that you do not like the idea of notifying patients under any circumstances.
MR. LITT: From a law enforcement perspective it is a little bit perverse to say you do not tell the patient when you are getting his record because you are investigating someone else but you do tell him when you are investigating him because he is the target. That is generally precisely the case where law enforcement, for law enforcement reasons, does not want to tell the person, is when they are the target of the investigation. We are not accustomed to saying, to telling the target of the investigation, okay, here is what we are doing now.
MR. GELLMAN: Well, I think that is a fair point. I understand why you say that but, you know, that sort of forces me back to say, okay, we will require notice all the time, which is not what you want.
MR. LITT: No, and for, I think, good reasons that you have articulated before. The burden of that is substantial.
MR. GELLMAN: There is, I mean we talked about some of these laws before, there is a precedent for these kinds of requirements for bank records and telephone records and video rental records and maybe some others.
MR. LITT: Well again, in the bank record context not in the Grand Jury subpoena. We do not have to give notice in the Grand Jury subpoena context. I am not familiar with the video rental. I do not know what their provision is for Grand Jury.
MR. GELLMAN: It has probably never been used because nobody cares about it.
MR. LITT: Yes, who cares and wants the damn video records anyway?
MR. GELLMAN: Right, but it is there. There is a distinction made here and there about whether or not a patient is a target of an investigation. I am talking here about a health care fraud investigation. The policy, at least reflected in some of the bills, is that you get greater leeway and broader rights of access when you are investigating providers or insurers or whoever than when you are investigating patients.
To what extent are patients really involved in health care fraud? I mean, do you have any sense of what percentage of time the patients are in cahoots with the doctors who are committing fraud or whoever else happens to be doing it? Is this a major area of crime? Is this a minor area? Do you have any idea about that?
MR. GALLAGHER: It would be very difficult to quantify it but suffice it to say there are a significant number of times where the patient is involved.
MR. LITT: Yes, I guess the best answer to give you would be to say it is not an insignificant issue. I would guess it is probably not the majority of cases that we investigate but it is, there are a number of cases where you do have some patient collusion involved.
MR. GELLMAN: Do you have any experience in recovering money against patients in civil litigation for health care fraud or patients going to jail because of this?
MR. LITT: In terms of recovering money, by and large the patient is not the deep pocket. I mean, I guess Mike made reference to the fake accident cases and I do not know whether putative victims have actually gone to jail or been recovered against but that is clearly an instance where there was collusion involving the patients.
MR. GELLMAN: Yes, but you do not --
MR. LITT: I do not, I just do not know. I know in Los Angeles they investigated a bunch of those and I have no idea whether they went after the people who staged the accidents or not.
MR. GELLMAN: One of the, a number of the bills include standards for subpoenas. Two of the main bills would require a showing of probable cause that the information being sought is relevant to a legitimate law enforcement investigation. Is that too tough?
MR. LITT: By yards. It is a vast shift. It is a totally new standard in this area and it is just far beyond where we ought to be in this area.
MR. GELLMAN: Let's look at the two elements here. I mean the first element is probable cause showing which is clearly a high standard and a familiar one so that you sort of got, the first part of the test is a very tough test. The second part of the test is mere relevance.
MR. LITT: The general law in the Grand Jury context is that a Grand Jury subpoena does not, you cannot even be required to show that the Grand Jury subpoena is relevant to the investigation. There are numerous cases out there where people have come in and challenged Grand Jury subpoenas on the grounds that this is not relevant to the investigation and courts routinely throw them out.
The Grand Jury has the widest possible scope of inquiry. There is always, most courts reserve as a theoretical matter the possibility that somebody could come in and show that a Grand Jury, that a subpoena has no conceivable relevance to any topic that could conceivably be the subject of the Grand Jury's inquiry but that is only a theoretical example. I am not personally aware, at least none come to mind immediately, of any case where they have actually thrown out a Grand Jury subpoena on that basis. So yes, that is a restriction.
MR. GELLMAN: I grant you it is a restriction but is it a, is showing of relevance that tough of a thing to do?
MR. LITT: You put us at that point in the position of making statements and representations about what the nature of our evidence is at a given time. As a Grand Jury proceeding goes on these things will change. You will get statements that you will have made because this was the way you viewed the facts at one time, and the case could turn out three or four months later you are adopting a different theory but you are now bound by those statements or you get those statements thrown back at you. It is not something that we would be at all comfortable doing.
MR. GELLMAN: I am going to put words in your mouth, which I am sure you are going to struggle with, so you want to get records whether they are relevant or not?
MR. LITT: No, we have no desire to get records that are not relevant. We do not want to have to convince somebody else that the records are relevant.
MR. GELLMAN: So you just want to make the decision all on your own?
MR. LITT: Which is the way we do it now.
MR. GELLMAN: Let's talk about Grand Jury subpoenas for a minute. A lot of the original proposals for restricting in some way Grand Jury subpoenas date back to the 1977 report of the Privacy Protection Study Commission. And the Commission basically wrote that Grand Jury subpoenas are sort of a device used to circumvent any restrictions that are needed for a search warrant or other kinds of process and that documents are routinely subpoenaed without the knowledge or approval of a Grand Jury. And that conclusion formed the basis for their recommendations that there be some restrictions on Grand Jury subpoenas. Do you have any thoughts on that? I am going to get at some of the specifics in a minute.
MR. LITT: Generally speaking when we subpoena records we are supposed to present them to the Grand Jury. Does every prosecutor do that every -- and I am speaking of the federal system again, I do not speak for the state -- does every prosecutor check that little box every time? Probably not. But by and large we are supposed to bring the records before the Grand Jury and present them to the Grand Jury. And I can remember schlepping box after box over to the Grand Jury and saying, here are the records we subpoenaed from the Chemical Bank; here is the subpoena, here are the records we got in response.
MR. GELLMAN: And one of the bills has a Grand Jury provision and that is one of the requirements. So that one does not bother you?
MR. LITT: No.
MR. GELLMAN: A second requirement is that the records only be used for Grand Jury purposes? Does that bother you?
MR. LITT: It depends upon how you define, for Grand Jury purposes. If we are allowed to give them to our agents -- Neil, you probably want to talk about this as well -- but once we obtain the records we need to be able to use them in the full scope of the criminal investigation.
If the intent to that is to say we should not get the records and then publish them on the front page of the New York Times the next day, I would agree with that. But if it is an attempt to limit how we use them within the scope of the criminal investigation, I then have a problem.
MR. GALLAGHER: Again, if a Grand Jury has been impaneled and is investigating health care fraud, and what you are saying is that any of the records that would be obtained would be limited to use in a health care fraud investigation and not any other criminal activity that may be identified, I would have a problem with that.
MR. GELLMAN: Well, we already have a law on the books, at least in some respects, that says that. Whether that will get expanded in other ways is an open question.
MR. LITT: Not on the Grand Jury subpoenas.
MR. GELLMAN: I understand that.
MR. LITT: Okay.
MR. GELLMAN: I understand that. Another requirement from one of the bills is that records be destroyed or returned, if they are not being used for a proper purpose by the Grand Jury. Your statements about purpose, you know, carry over here. What about the notion of destroying or returning records?
MR. LITT: Again, if we are able to keep them through to the end of the case that does not, I think that basically accords with the practice that we follow today. By and large we do not keep thousands and thousands of medical records, if only because of a storage space problem. We generally send them back when we are done with them.
MR. GALLAGHER: There is a policy within the FBI that after an investigation has been completed and adjudicated that we will destroy those records. But, I do not know, and would not want to speak for all state and local agencies also.
MR. GELLMAN: I understand that and actually the last of the requirements is that the records cannot be maintained anywhere, other than the sealed Grand Jury records, unless used for prosecution.
MR. GALLAGHER: Say that again.
MR. GELLMAN: The records cannot be maintained anywhere, other than sealed Grand Jury records, unless they are used for a prosecution.
MR. LITT: I am not sure I understand what you mean there. If we are only able to keep them for the duration of the investigation and prosecution, which is something that I think from a federal point of view we are comfortable with, are they saying that the prosecutor cannot make copies of the records to keep in his office for review. I do not understand what the purpose of that provision is.
MR. GELLMAN: I am not sure I can tell you exactly. I think the idea is, the notion in general terms is that there need to be limits on how the information obtained for a Grand Jury subpoena [unintelligible] elsewhere. Whether any specific use, I mean the one you just described of course seems to make sense to me, that the investigator needs to be able to use the records in the course of the investigation. That is why the Grand Jury got them.
MR. LITT: In principle I do not have a problem with saying that if you obtain patient medical records for use in a criminal investigation that there use should be limited in some sense. You need to, I think, work out the details on it but in principle that seems like a reasonable restriction.
MR. GELLMAN: It sounds to me like there is some basis here to discuss these things and there may be some of these restrictions that do not create problems and others need to be crafted in other ways or may ultimately be objectionable depending, but I think that is useful.
I just want to read another quote on this Grand Jury thing. This is from a decision, the unrestricted use of Grand Jury subpoenas to obtain medical records is a serious threat to privacy. There is almost no limit on what can be obtained without the knowledge or approval of any court, any Grand Jury, any supervisor in a prosecutor's office or the person affected.
This comes actually from a case that was decided by the Texas Court of Appeals a couple of years ago and not exactly a hotbed of radical thought. And the court basically said I think almost directly, there ought to be a limit on this, there ought to be a statute that says, I mean, and they were giving examples of prosecutors, hypothetical, I believe, the prosecutor can just write a subpoena for the medical records of his opponent in the next election or whatever and that there is just absolutely no limit on the process whatsoever.
MR. LITT: That, I think would be a problem.
MR. GELLMAN: Hopefully.
MR. LITT: Whether it is medical records or not medical record you have a sort of serious misuse of office issue there.
MR. GELLMAN: And I think that is clear but it, the hypothetical was just, there are really no procedures or restrictions.
We did mention a little bit the alcohol and drug abuse statutes and we clearly have, compared to the legislative proposals the alcohol and drug abuse statutes with respect to the law enforcement, with respect to some aspects of medical privacy, the alcohol and drug abuse ones are not as strong as some of the proposals that have been made, but with respect to law enforcement they are probably stronger.
And I wonder if you could talk about the kinds of problems that are created with alcohol and drug abuse records. We had one example that Mr. Barnes gave of, you know, trying to find somebody who was there, but what other kinds of problems may come up with respect to other kinds of investigations, health care fraud or what have you?
MR. GALLAGHER: I do not know that there are problems that we would be concerned with. It will vary from state to state and from the federal perspective we will adhere to the existing regulations and abide by them.
MR. LITT: We have had some practical problems with this. I mentioned before that we have judges who do not know what to do when they are presented with this kind of an application. We actually, when we were talking about this in the context of S1360, we actually put together some specific examples. A case where a judge did not sign a disclosure order for nine months. A case where a judge looked at this and said this is complete nonsense, I am not going to sign this, get out of my court. You know, you are telling me this is a law, this is ridiculous. A judge who never ruled on an application and it just sat there forever. Many situations where we devoted a great deal of effort to notifying patients only to find that a quarter or a half of them come back without any kind of, the patient had moved, and we almost never get any objection from a patient.
And another practical problem that arises is that sometimes the kinds of records that are subject to this law are intermingled with other records that are not subject and they just sort of show up and then we have a procedural conundrum, what do we do with them?
MR. GELLMAN: What do you do?
MR. LITT: I am not sure what we do with them so, I did not want to ask that question.
MR. GELLMAN: The problem of commingled records is a generic one in this area because we have alcohol and drug abuse laws and at the state level we have AIDS laws, we have genetic information laws and the problem of different rules for different kinds of records is, outside the law enforcement context is a significant administrative problem, either in fact or potentially and one of the benefits of some degree of uniformity is being able to deal with everything in the same fashion. Dr. Harding?
DR. HARDING: The Chairman has asked all my questions. He has done a good job of pursuing those things. Have you ever in your experience ever had an incident of redisclosure request? That is, that you have had information and some other agency or some other group has asked you to disclose that which you have gathered, the redisclosure of the medical data?
MR. GALLAGHER: A law enforcement agency?
DR. HARDING: Yes or any other --
MR. GALLAGHER: Well, I think we would have to differentiate it. If the FBI has received information and we have obtained that information through a legitimate investigation and say the state police of that particular state were to come to us, and were working with us on another investigation, and ask for that information, could we share that information with another law enforcement agency?
DR. HARDING: That identifiable information.
MR. LITT: By and large, to the extent that we are getting this material through Grand Jury subpoena, which is where the bulk of it has come, we are not allowed to disclose that to anybody other than a federal law enforcement officer working with us on this matter. We are not allowed to disclose that without going to court and getting an order for disclosure. I do not think that this is really a very common occurrence for people to request this material from law enforcement except for other law enforcement purposes and I am reasonably confident that if a non law enforcement agency requested it from us we would tell them to get stuffed.
DR. HARDING: Okay. When the Health and Human Services IG was here they mentioned that they would sometimes go out looking for patterns of practices among providers, say, and that they would look in the Medicare population and see if they were being treated differently than other populations.
So that in order to check to see if this, say, physician was treating Medicare patients with excessive tests, they would have to look at other charts within the physician's office to see if the patterns of practices were different between the two. We kind of tried to figure out how big a net that was cast to try to compare the things. Do you all feel comfortable, just kind of a personal question, do you feel comfortable that if someone wanted to come in to, say, look at the FBI population because there was some over utilization of some medical thing and wanted to look through the medical charts of those FBI agents and so forth, that that would be safe, that it would be properly handled and you would not worry about redisclosure of any other kind of information, feel safe within your agency?
MR. GALLAGHER: Whether we had federally used this information?
DR. HARDING: Would you feel safe with your own personal identifiable charts that would be looked at by an Inspector General, say? Would that give you heartburn or --
MR. GALLAGHER: I guess I am a little bit perplexed when you say FBI identifiable records. You are not talking about FBI medical records. I assume you are talking about --
DR. HARDING: I am saying that there is, the IG has determined that the FBI agents are over utilizing certain things so we are going to go in and take a look at that with their medical records. And we want to also look at the ones who are not identifiable as a control group, and so I want to look at probably a couple thousand of your FBI agents' medical records and see if there is any pattern there.
MR. GALLAGHER: Well, there are other related issues for the safety and security of FBI agents because you are first going to have to begin with, give me a list of the names of the FBI agents and that may present an identification security issue in a particular location. But let me make a bold statement and say if it is good enough for the citizen on the street, it is good enough for the FBI agent.
DR. HARDING: Okay, that is basically, I am not trying to pick on the FBI but what I would like to feel is that you are comfortable that those people doing investigations keep privacy perfectly clear and that that information will not be redisclosed to anybody unless that has been approved and so forth.
MR. GALLAGHER: One thing I am very comfortable with and I thought was the initial focus of the investigation, if someone were to come into the FBI and see how we have handled our use of medical records that we have obtained, I would be very comfortable that we have handled it appropriately with due respect for the security of those records.
DR. HARDING: Good, glad to hear that.
MR. GELLMAN: Anybody else? All right, well, I think we will stop at this point. I want to thank both of you and Mr. Barnes who has left, for your cooperation. It has been very helpful. In point of fact I think that the law enforcement issues are likely to be among the more contentious issues in what is going to be a generally contentious area. And I think that you both have been very helpful and very open and honest in terms of discussing some of these things and I think that will be of use to the committee and perhaps beyond. So I am grateful for your appearance and for your openness. Thank you.
MR. LITT: Thank you very much.
MR. GELLMAN: We will reconvene at 1:00 p.m.
[Whereupon the meeting was recessed for lunch at 11:55 a.m. to reconvene at 1:00 p.m. that same day, February 18, 1997.]
A F T E R N O O N S E S S I O N (1:05 p.m.)
MR. GELLMAN: This is our second session today. The subject for the afternoon is providers and we have three different providers represented here. Let me say just as a matter of process that there is an opportunity this afternoon when we are finished with the witnesses, probably some time after 4:00 p.m. for public comment. If you wish to make a public comment you need to sign up. There is a list in the back of the room and we will call on those people who have signed up at that point.
I think that what we will go is begin with the statements from our witnesses and I will ask Mr. Nielsen if he will go first.
Agenda Item: Health Care Providers
John Nielsen
DR. NIELSEN: Thank you, Mr. Chairman, members of the committee. It is indeed a pleasure for us to be here today and in particular I am grateful to be asked to render a few remarks on behalf of the American Hospital Association and my employer, Intermountain Health Care. My name is John T. Nielsen. I am Senior Counsel and director of Government Relations for Intermountain Health Care which is a large integrated health care facility system operating in the Intermountain west, principally in Salt Lake City, Utah, the state of Utah, Idaho and Wyoming. We have 23 hospitals, 33 clinics, 300 employed physicians and a large health plans component representing about 350,000 covered lives.
I want to emphasize before I begin this afternoon with the substance of my remarks that I am here representing not only my own employer but the nation's hospitals, the American Hospital Association. We are the deliverers of health care in the most critical sense. We have the responsibility of dealing directly with patients. We do it all day long. We do it seven days a week, 365 days a year. For that reason it is important that we emphasize because of our mission the need for the interchange of health care information so that health care delivery can be at its optimum delivery.
We believe there is a need to promote a health information infrastructure to yield more efficient and appropriate utilization of the nation's precious health care resources. This is especially true as the country and the nation's hospitals, many of them, move toward a more integrated philosophy and a regionalization.
To better coordinate that care the information, medical information, patient information must be able to flow smoothly across the continuum of health care delivery, between and through the system in which it is generated. We believe that by increasing the accessibility of that information to the health care provider it will improve quality, increase efficiency and control our costs.
We also recognize the reality that increasing accessibility means that that information is more vulnerable to unauthorized disclosure. Therefore we have the unique challenge of being able to balance the need for greater access but at the same time protecting the right to privacy of our patients. We recognize that the public is very concerned about this. It is a major issue. It is one that we must deal with directly and sensitively.
Another significant issue in this debate, and a potential roadblock to the delivery of this information as I have described, are inconsistent and archaic state laws and regulations that govern the exchange of patient information. Many of these laws we believe impede the legitimate sharing of information and also many of the nation's health care providers operate in more than one state making this a very real problem.
Such state laws also do not address key issues that I think are before this committee constantly, that is the issue of patient rights, protection of privacy and confidentiality. We therefore believe, and it is AHA's position, that we need a uniform federal law. That is an important step in encouraging the development of modern health care delivery and we support complete federal preemption of laws dealing with these issues of confidentiality and privacy.
Let me direct the balance of my remarks to Intermountain Health Care's system of delivery. Our mission at Intermountain Health Care is to deliver the highest quality of health care at the lowest possible cost to anyone irrespective of their ability to pay. We are in our system developing a state of the art electronic medical record system which utilizes a common database to more efficiently and effectively deliver health care.
The concept we call longitudinal data record system which allows all authorized providers across the system to access all pertinent patient information for point of care delivery of health care. This system we believe has already and will optimize clinical decision making, minimize delays in patient care and minimize and perhaps eliminate fragmentary, inaccurate and untimely information flowing to health care providers.
We are also developing a full range of systems and protocols using patient-specific information to create care process models, practice guidelines and quality assurance procedures, some of which I am certain you will be interested in hearing about as the testimony proceeds.
Now concurrent with all of this we have also developed methods and systems to ensure as best we can the confidentiality and security of patient information. We at the American Hospital Association and Intermountain Health Care are acutely aware of our responsibility to protect health care information and to safeguard its use.
Having said that I want to emphasize that we believe that legislative solutions must not impede the progress we have made and are making in allowing health care information to move appropriately between the providers to dramatically enhance the delivery of health care, mindful always, however, of our duty to safeguard the privacy of this information.
I appreciate very much the opportunity of appearing here today and would be happy to share our experiences and answer any questions the committee may have. Thank you.
MR. GELLMAN: Thank you very much. Dr. Palmisano?
Agenda Item: Donald J. Palmisano, M.D.
DR. PALMISANO: Thank you, Mr. Chairman. I am here representing the American Medical Association and its 300,000 physician and medical student members. I also bring to the discussion my 26 years of private practice in surgery in New Orleans.
We appreciate the time and energy this subcommittee is devoting to such an in-depth review of this subject. Let me begin with medicine's underlying premise in all of these discussions of patient confidentiality.
The patient/physician relationship is based first on trust. Confidentiality of communications within this relationship is the cornerstone of good medical practice. We cannot overstate the necessity for patients to feel safe in disclosing to their physicians personal, sometimes embarrassing facts and information that they do not want others to know.
We, as physicians, need this information to provide the best and most appropriate medical care. Without such assurances patients may not provide the information necessary for proper diagnosis and treatment. The cost of medical care increases when physicians do not have such information.
Our professional and ethical responsibility to keep our patient's confidences is no different because their medical records are stored electronically rather than on paper. But the evolution of electronic medical data has intensified our existing concerns about access to and now even commerce in patient's confidential medical information. We refer particularly to the transmission and aggregation of electronic data and linkages to other information databases.
The growing number of third parties demanding information has eroded patient's security that the information shared with their doctor is going to help in their individual case. Any number of outside parties will present arguments for a vast array of compelling health and safety, public safety reasons as to why the need to know such private information. But, and I emphasize, a need is not a right. AMA policy clearly states that conflicts between a patient's right to privacy and a third party's need to know should be resolved in favor of the patient, except where that would result in serious health hazard or harm to the patient or others.
We believe that patients have a right, a basic right to privacy of their medical information and records. We believe that patients' privacy should be honored unless the patient waives it in a meaningful way or in rare instances of strongly countervailing public interest. And by meaningful we mean informed and not coerced.
We believe that information disclosed should be limited to that information, portion of the medical record or abstract necessary to fulfil the immediate and specific purpose. That is, no fishing expeditions.
While you have our written statement which goes into more detail, I would like to highlight a few points. First, the primary purpose of the medical record is to provide a reliable tool to provide clinical diagnosis and treatment of patients. Patient should generally have access to the information from the medical record. There are a few exceptions to protect the mental or physical safety of the patient.
But the physical record is the property of the patient, I am sorry, of the physician and the provider and that is where the disclosure should emanate. The patient certainly has a right to that information except in the instances that I mentioned.
Second, on the issue of consent, a patient's first consent, generally for treatment or payment, should not automatically apply to all subsequent disclosures unless the patient specifically and freely waives defined rights. Insurers, of course, need basic information to pay claims. They also have legitimate needs for information to conduct utilization review and quality assurance and to monitor for fraud and abuse. The AMA cautions against categorizing these activities as payment or treatment purposes when they do not go directly to paying for specific individual's treatment.
Patients generally believe that their signature releases personal information for their direct and specific benefit. Overly broad legislative definitions should not exploit the patient's lack of knowledge regarding complex information systems.
For consent to be truly voluntary it must be knowledgeable and that includes a patient knowing to what purpose their records are being sought. Patients should not be coerced into divulging any or all, any and all medical records, either their own or their families by way of a non specific consent signed upon enrolling in a plan as a condition of insurance payment. Nor should physicians have to sign agreements with insurers to produce a patient's records without the patient's consent.
Thirdly, exceptions to the requirement for patient consent to disclosure should be minimal and narrowly draw. Lastly, whenever possible, medical information used for research purposes should have all identifying information removed unless the patient specifically consents to the use of his or her personally identifiable information.
In conclusion, the fact that we have vastly improved technology to collect, sort and analyze patients' medical data does not diminish our ethnical obligation to protect our patients' privacy. We all hear seemingly compelling arguments for efficiency and technological potential, but we cannot allow the rigorous standards of confidentiality required by the medical profession's ethical code to be subverted once the record gets into other hands.
Thank you for inviting the AMA to testify. I will be happy to discuss our testimony in greater detail. Thank you very much.
MR. GELLMAN: Thank you. Dr. Hoge?
Agenda Item: Steven Kenny Hoge, M.D.
DR. HOGE: Mr. Chairman, I am Dr. Ken Hoge. I am here on behalf of the American Psychiatric Association, a medical special society that represents 40,000 psychiatric physicians nationwide. We are pleased to have the opportunity to discuss with you privacy protections for medical records today.
Patients come to physicians and entrust them with sensitive, private, personal and sometimes embarrassing information because they believe it will be used to help them. Physicians acting in the interests of their patients have controlled access to this information.
As the guardian of confidential medical record information physicians have protected patient privacy. When third parties inappropriately demand access to medical records, physicians refuse. When the third party's right to access is uncertain, physicians have acted as sentinels, alerting patients that others are trying to seek their records. Physicians make take steps to protect records, even in the face of legal and law enforcement pressures. Physicians have acted to guide patients so that even voluntary disclosures are limited in such a way as to minimize privacy intrusions. The physician's role as guardian of the medical record has been recognized in professional standards, impressed upon physicians in their training and acknowledged as legitimate by the courts.
Recently the traditional role of the physician as a guardian of patient privacy has come under serious attack. Medical information has increasingly been put to uses that are not intended to serve patient interest in any way. Third party demands for access have increased with attendant risks to invasions of privacy. Electronic storage of medical information raises serious privacy concerns since these systems by design facilitate access transmission and duplication of medical records.
In our written statement we have submitted several principles that are important to maintaining the privacy of medical records which overlap to a large extent with the ones articulated by Dr. Palmisano. I just want to emphasize a few of them in my oral statement.
Medical data is generated for the care and treatment of patients and it should be used to serve their interests period. This can only be done if physicians continue to play an active role as guardians of the medical record. New information technologies should not be employed to stretch limits of appropriate access that have been established by professional custom and by law.
Legal and ethical sanctions for violations of patient privacy should keep pace with the developments in technology. Existing legal sanctions such as breach of fiduciary duties, malpractice, breach of implied contract, help protect confidentiality and provider/patient relationships. These protections have been established in professional standards statutes and case law and should not be undermined by any other laws. Appropriate legal sanctions need to be developed to cover insurers, managed care entities and medical record data banks that handle and store sensitive medical information.
Throughout your deliberations please remember that patient privacy is fragile. Once it is lost it can never be regained and its loss can never truly be compensated.
I will end my statement and I will be very happy to answer any questions. Thank you.
MR. GELLMAN: Thank you very much. Congress has obviously decided that some kind of comprehensive medical privacy legislation is needed. That is what Kennedy/Kassebaum says. Does anyone want to take issue with their proposition, the Congressional judgement that medical records need broad federal legal protection? Mr. Nielsen?
MR. NIELSEN: I would not take issue with that. In fact, I think I would support it. I mentioned in my opening statement, and I think what you are getting at is this notion of federal preemption. I think that is important. The American Hospital Association is strongly in favor of that sort of thing.
We just went through an exercise in the state of Utah with regard to two bills that were presented in the state legislature dealing with the access to medical records and the rights of patients vis a vis the kinds of things the two physicians have already talked about. We operate in three different jurisdictions. Some have some limited laws. Others of these jurisdictions have no laws. We are trying to develop a system in our institution, for instance, that would allow us to share this information across the system. We would like, therefore, to be able to rely upon some federal statement, some overarching rule or regulation with respect to how this information is collected, how it is disseminated and how it is kept secure and how patients' rights are treated at all levels.
For those reasons it would not be my position to take issue with that at all, but to suggest that federal legislation, coupled with appropriate rule making procedures to flesh out the intricacies is very important.
MR. GELLMAN: Dr. Palmisano, do we need federal legislation?
DR. PALMISANO: Well, sir, we have no objection to federal legislation that truly protects the patient's interests. We look upon federal legislation as a floor rather than a ceiling and that preemption would not supersede those states that have greater protection for a patient.
We believe that the medical care is a personal medical care and there is no need to introduce ways that people can get at that information. There is nothing wrong with computers, and we are all for disseminating the information to those that have a right to know, such as the doctors in a clinic, all the physicians treating that patient, but when it gets out of that scenario it is very easy to capture that data as opposed to the current method in many places right now.
And we also believe that just because it is easy to get the data that we work on the premise that from an ethical standpoint we have decided in America that the patient has a right to a decision about his or her body. In other words, from an ethical standpoint you can get a different conclusion based on the ethical model that you use.
If you take a deontological model which means that the patient is first and primary and the patient has the right to refuse some necessary medical treatment, as opposed to a teleological model where you as the physician do what is in the patient's best interest -- if I have a patient with gangrene of the leg and I know that it is necessary and it is in the patient's best interest to do an amputation and vascular reconstruction is too late at this point, there is nothing more that can be done other than amputation to prevent sepsis, we recognize, as long as the patient is competent, that the patient has the right to refuse amputation and do what the patient wants to do and make that decision, the patient does that -- as opposed to the third model which is the social utility, the greatest good for the greatest number.
So I believe that we are still working in that first framework of a deontological where the patient takes supreme. So I think anything that is done at a federal level, anything that is done at any level must take into consideration the rights of the patient, the privacy rights and the liberty rights of that patient. And we hold that to be the essence of the doctor/patient relationship, the patient/physician relationship and what is essential for good medical care.
MR. GELLMAN: Dr. Hoge?
DR. HOGE: I agree again with much of what Dr. Palmisano has articulated. Let me just try to again answer directly the question here. Certainly we do not think that Congress, who has expressed an interest in overturning existing state laws that are in place, that, in fact, I believe there is a provision, preliminary provision in the Kennedy/Kassebaum bill that, as Dr. Palmisano mentioned, sets standards as a floor. I do feel that, as I said in my opening statement, that we have a great need to regulate, and probably on the federal level, a great need to regulate new entities that are now holding, increasingly holding important sensitive medical information. Most of the laws in this country have grown up as provider patient laws, most of the laws regarding confidentiality. And they are very well developed. They are essentially national standards now because we have national malpractice standards. And there are some differences from state to state that are probably important in certain respects, in certain pockets of patient access or individual access but I do not think that we need to look there for what is important for federal legislation. I think it is the new entities.
Now, the other question you asked is what did the Kennedy/Kassebaum bill require? And as I read it it requires that there be a report made from the Secretary and indeed, the fall back position as I read it is that in the event that there is no legislation passed by Congress that there be a limited set of confidentiality provisions regarding the electronic transmission of approximately seven or eight billing and related information data points. So I do not think that this represents a Congressional intent to legislate broadly in this area at all.
MR. GELLMAN: Well, that actually gets to my next question. The alternatives set out in Kennedy/Kassebaum are legislation in three years or Dr. Hoge set out the regulatory alternative pretty well. Would you prefer to see legislation or regulation? Mr. Nielsen?
MR. NIELSEN: There is no question in my mind. I would rather see legislation. I think this issue is perfectly designed for a legislative solution. By a legislative solution I do not mean to suggest that the Congress can anticipate, nor should they, in a legislative scheme, all of the intricacies of this very difficult problem. That is the reason we have the rule-making process for the agencies. But nevertheless, the federal legislation sets the tone, sets the general tenor, it sets the broad, overarching framework through which the regulatory scheme then builds upon.
I think it is, this issue is perfectly designed again for a legislative solution and if you couple that with appropriate regulations I think the government can have a scheme that will not only cover the wide variety of issues that we deal with in this area -- after all, medical records privacy ought not to be any different in Utah than it is in the District, the issues are the same, the need of patients to be secure in their privacy interests are the same, the needs of medical providers to have access to this information are the same. It ought to be a uniform law. The federal scheme ought to then guide the states in the way they then administer these types of issues.
MR. GELLMAN: Dr. Palmisano, legislation or regulation?
DR. PALMISANO: Well, as I stated earlier, sir, that we are in favor of legislation that would be a floor. What we do not want is the micromanagement in the doctor/patient relationship but some safeguards to make sure that people who should not or entities that should not get the personal data do not get the data.
MR. GELLMAN: Dr. Hoge?
DR. HOGE: Well, I think my sentiments are probably obvious. I think if we did have a federal law that served as a floor and did not in any way undermine existing privacy protections then there is no harm. If you were to go further and to regulate some of these other entities in a way that is reasonable, then, again, I think that we could support that.
I think if there is any problem in either one of those two areas, if we feel that patient privacy would be harmed in any way by a federal bill we would obviously prefer the regulation because the regulation is going to be a very narrow set of regulations that are going to come out. Because the Department is authorized to issue regulations on, you know, against seven or eight very, very small pieces of electronically transmitted information. So we would prefer regulation in that scenario.
MR. GELLMAN: Do you think it is possible to write regulations to cover electronically transmitted information alone and not protect other information such as information that is printed out on paper?
DR. HOGE: I think it is, yes. But that would be your job.
MR. GELLMAN: Do you think it would accomplish anything? You have an electronic transmission, it is regulated, it is received somewhere, printed out on paper and now it is not regulated because it is not electronic anymore. Do you think that would accomplish anything?
DR. HOGE: Well, I think it would continue to be regulated by the jurisdiction which has now received it. And I think again, Dr. Palmisano referred to micromanagement, I think some of the bills that we have seen over the last few years have attempted to micromanage the doctor/patient relationship so I think that is extremely problematic. But I think if we can steer clear of those very serious problems then, you know, obviously legislation would be acceptable.
But I think, you know, again, as I read this, and I am not the person who is going to have to carry this out obviously, but as I read this I think that standards for privacy and the transmission of eight data elements would not be a huge task for someone to take on.
MR. GELLMAN: Simon?
DR. COHN: I just have a comment and then I have a question. First of all, just to clarify, these are not data elements as I understand it. These are a number of different transactions that include many different data elements. One of them includes claims attachment which can include any and all things related to patient care. So I think that those of the panel should consider this, this is actually a lot of potential clinical information that we are talking about. And this is just all of our reading of the legislation.
Now, I am actually very curious because I think everyone in the room, and certainly the panelists and others are all concerned about the issues of confidentiality and security, but I see that there is a major difference in the panel between the concept of a single standard that applies and is adequate for the entire country versus a standard which is a floor from which other states can then create a higher standard and I want to find out a little more about that.
I can think, for example, of certain cities that literally on one side of the street you are in one state and on the other side of the street you are in another state and this certainly creates some problems with health care service delivery or regulation related to that. And I just want to find out a little more about all of your views related to that.
DR. PALMISANO: My comments went to a floor, a national standard, but we believe that the states can do a quicker job in enhancing privacy. I give the example of Louisiana. It is rare that a year goes by when individuals are not at the Legislature trying to change the rules by which you can get medical records. And in 1992 the Legislature changed the law and stated that in order to get a medical record from a physician on a patient who is involved in some controversy or whatever that you have to not only send a subpoena but you have to send an affidavit stating that you have notified the other side, if there is an attorney, or the patient fifteen days prior to the doctor receiving the subpoena. And if the doctor does not have proof of that then there is no need to give up the record.
As you heard earlier today from the law enforcement people, subpoenas do not necessarily go through judges and so on. Someone goes up there to the clerk and says I have this subpoena. An attorney goes up and says, I have this subpoena and they go ahead and issue this thing and somebody runs out and serves a subpoena and we have a subpoena ducas tecum to whatever to get this medical record. They changed the law in 1995 or perhaps 1996 -- I have it here -- which said that now there is seven days notice. So they are just arguing about the days notice.
But the point is that patients, you just cannot get the records. And we can change it pretty quickly in Louisiana. So we think that the patient's rights are being protected, that doctors do not have to give up records without all sides knowing about it and their attorneys can go to court and argue about the release of that information, how much information should be released.
MR. NIELSEN: Let me just respond to that from a legal standpoint for a moment. Traditional preemption legal theory is, as has been alluded to here, typically if you have the notion of federal preemption there is at least a concept that you must be at least as stringent but you can be more stringent at the local level. That, I think, is what the physicians on the panel are arguing.
That is a very rational concept. What we are suggesting, though, as providers who have to look at this as a process of uniformity, to bring some standardization to all of these myriad of laws, and again there are no laws in some states, we suggest that it makes more sense in this particular area, because it is of such great national concern, that there be some federal standard.
Now one thing that is possible, and I have not discussed this with my colleagues at AHA so this is my own thought, is with respect to the federal environmental laws the states have the authority to replicate those laws in state law and they are enforced at the local level. One thing that strikes me in the enforcement of a federal law is you would obviously have to go through the federal court system, the U.S. attorney's office, criminal penalties. That may be more onerous than necessary, and perhaps some scheme that would allow the states to replicate the federal scheme and then be enforced at the local level makes sense.
DR. HOGE: Well, again, I guess my perspective or our perspective comes from the fact that we have decades, generations in experience, case law, established modes of practice in place in the individual states. There are some variations. One variation that comes immediately to mind involves the rules that boards of medicine apply when they are investigating doctors who have allegations of being incompetent or whatever.
There are all sorts of rules regarding the confidentiality of medical records when they are transferred between a board of medicine and other investigatory bodies and they vary enormously from state to state. This is something I stumbled across just by accident not long ago. So I think that that is one problem.
I think probably you have already seen on this committee how difficult it is to try to write a wall-to- wall, comprehensive statute. You have heard enormous disagreement, even this morning as I sat in. I think that the challenges that you face are far more, are far greater in trying to do that then to write, again what I could envision as being a very limited law or set of regulations governing these eight data points.
Again, I understand there is a job here and there are more than, there are data elements for each of those categories but there are eight categories here of information that one could say, well, you just cannot transmit very much information electronically. Here is a way to do it for these eight data elements and get out.
Now the other thing I guess I want to take on, if I could, is I have heard now for three years on this topic various people say that we need a single national standard. And no one is yet to tell me why. And I do not understand what is it we need a single national standard for? It is certainly not to protect privacy. We do not need it to protect privacy. Otherwise the floor would be an acceptable solution.
So the fact that we need a single, uniform national standard, someone has to tell me why and maybe if we started with that, maybe if Dr. Nielsen could tell us why we need a single standard, maybe there could be some spot legislation that could be more narrowly focused then again to write, to take on this gargantuan task of rewriting generations of case law, statutes, professional standards in a committee. So, I guess those are my additional thoughts.
MR. GELLMAN: Well, let me try and take up your challenge. The problem, everyone who has studied the issue of privacy has found at best a patchwork quilt of regulation at the state level. That there are massive compilations of patient records in various places that are completely unregulated at the state level so that is a problem to begin with.
The second problem in coming up with regulation, and this is a not insignificant administrative one, is that if you look at the laws that exist, you can find separate laws in various places for mental health records, for AIDS records, for alcohol and drug abuse records and for a variety of other records.
So if you have a situation in which you have 50 different states with 50 different substantive laws and then perhaps anywhere from half a dozen to a dozen other laws the number of combinations that you are dealing with in a business that is totally interstate these days -- all of the records flow back and forth across state borders all of the time; you do not even know what state they are going to when they are being sent electronically; you do not know where they are going to be stored; you cannot predict any of this stuff -- and the problem is how can anyone administer a law like this?
DR. HOGE: Do you want an answer to that?
MR. GELLMAN: Yes.
DR. HOGE: Okay. All right, well, first let me take on the patchwork nature. I think that the patchwork, you did not really emphasize this, Mr. Gellman, but let me take it on anyway, the patchwork characterization of privacy protections I think is overdone. There is, as you know, a single, generally regarded as a single national standard of malpractice in this country and I think, and I am sure Dr. Palmisano would back me up on this, that if you breach confidentiality that is malpractice.
So the idea that we have some states that do not protect confidentiality very much because there is not very much in statute, well, it is there in case law, it is there in tort law, it is there in professional standards.
MR. GELLMAN: Can I issue you a challenge?
DR. HOGE: You sure can.
MR. GELLMAN: The last review of this that I saw was done by the Privacy Protection Study Commission and their conclusion was that if patients sue their doctor for breaches of confidentiality they will lose. Can you find me some case law -- there are 50 states -- if you could find me a couple of cases in all the states where someone has successfully sued under, for a breach of confidentiality, a patient has sued a physician, I would like to see that.
DR. HOGE: Well, I will give you some of your point, just to show I am being fair here, and that is to say this. As I said in my statement, one problem with confidentiality is that once it is breached, the lawsuit does not help you out very much. That is the problem. That is why a., you do not see many doctors who are sued for that. You do see doctors who are disciplined for that, and you do see some suits in the most egregious cases.
But if your privacy has been breached, can you imagine something more self defeating than to take yourself through a public trial regarding the breach of confidentiality? So that is a problem.
As you know, the APA has never uttered one word about the monetary penalties, which in some of the bills are very stiff. We would be happy to see monetary penalties. If you want to piggyback monetary penalties on top of existing state laws, you know, we would support you in that because we think there needs to be more enforcement of privacy protections. But I can look for some cases for you. There are not a lot.
I do want to address your other points. I do not know whether it --
MR. GELLMAN: Go ahead.
DR. HOGE: Shall I do that?
MR. GELLMAN: Yes.
DR. HOGE: The massive compilations in states, you know again, certainly no one is going to tell me, or I am not going to believe them if they do, that there are, we are talking about hospitals or physicians' offices. That is not the massive compilations we are talking about. We are seeing now compilations of data by insurance companies, by managed care companies, by other entities. And I have already said that we would welcome regulation of those entities. It does not require undermining the doctor/patient laws that already exist in 50 states.
The interstate argument, I have heard this argument. Again, I, frankly I just do not understand it. If you are telling me that we need a single form so people can transfer information from Iowa to Kentucky, well that is a very small piece of federal legislation. I do not understand what is so difficult for a multistate business that has to deal with different safety laws in every state, different employee benefit laws, health laws, laws regarding access to all sorts of things. There are lots of business laws that vary enormously from state to state. Why is it so difficult to deal with somewhat different laws on confidentiality?
MR. GELLMAN: Mr. Nielsen?
MR. NIELSEN: Let me take a crack at some of that at least. My major concern is not so much with states that have had the wherewithal to recognize the interests of patients' privacy as it is with the myriad of states who have no inclination to address it at all. That is one reason we need some sort of federal guide as to how to do it.
My company has invested millions of dollars in a comprehensive, record system to be able to capture patient identifiable information, at least in the initial stages, and have that available across the board, across our entire system which includes two other states. We are literally at a standstill right now in terms of further development of that because we are not sure what standards we are going to be required to implement to make that effective. Again, we have been hampered by being able to do this effectively because of the potential that other states may enact legislation that may be contrary to what we are trying to do in the home-base of our operation.
With a comprehensive, common federal standard, at least in the case of what we are trying to do, and I think the nation's largest health care provider, Columbia HCA, is likely doing very much the same sort of thing -- they have hospitals in every state of the union -- those kinds of operations that operate in multiple jurisdictions would welcome some uniformity.
It is quite a different thing, I think, when you are talking about being able to construct a medical records data system that allows physicians, irrespective of the point of delivery of the service, to access this health care in order to deliver that in a much better fashion. That is quite a different proposition than having to comply with various state's issues on some of the other kinds of things that have been suggested here.
I think they are different propositions. I think the notion of some federal standard is essential in order to do what I think is in the best interests of the patients of this country. I do not think it in any way should be a threat to abrogating the traditional patient/physician protections that are already well established. Those are going to be incorporated in the notions of any federal privacy legislation I believe.
DR. PALMISANO: Well, again, the position of the American Medical Association is that the best interests of the patient has to be paramount in this whole discussion and privacy and confidentiality of the patients' records are paramount. Regardless of how big the system is, what the need is for the information, how much easier it would be to disseminate the information, so we say we can support a floor but let the states have a higher standard if necessary. We would look at the preemption issue again if the Federal Government came up with one that was acceptable to all and protected the patients. And so we would certainly look at that again.
But what I am impressed with as a physician I know that if I have my medical records in my records, computerized or have them on paper, it is going to be very difficult for somebody to get that information unless they break into my office. It is only when I start sending that information somewhere else, and then the question comes up, how do you protect it as it goes to the different way stations along the way?
And they talk, people talk of encryption and so on, I would like to use the example of the Central Intelligence Agency where I picked up one of the newspapers and it said, CIA Site Trashed, and someone, some hacker got in and trashed the, they called it -- I forget exactly -- but something like the central stupidity agency and they wrote graffiti all over that site.
So, I am satisfied as a citizen that they did not have secrets vital to our national interest sitting there but the very fact that some hacker or hackers, probably some whiz kid, who got in and did that just teaches me and tells me that it would be much easier if the most secret agency in our government, probably the most secret agency in our government cannot have a good enough fire wall to keep out some hacker then what protection are we going to have when there is confidential information about psychiatric illness, when someone comes to me and they have some problem that is very embarrassing to them and they are running for public office and I have to remove the patient's rectum and treat this cancer. That is that person's business and the moment it gets disseminated to some other database I am very much concerned that I do not have control over it and people who look at that data will not treat it with the same respect that I have been trained to treat it with.
MR. GELLMAN: Well, let me just make a couple of points and then move on because I think we -- well, first of all, I mean, I appreciate the comment you made about hackers. It always gets the attention. Most of the abuse of records, any kind of record, personal record, comes from insiders. It does not come from outsiders. I am not saying it is not an issue but it is really the insiders who misuse the records. So you have to really focus on what the problem is.
And just generally on this issue of uniformity, I think this is an important threshold question and, I mean, I at least feel a glimmer of potential agreement. You are saying if there is a federal bill that is good enough that the AMA might be willing to see that as a uniform standard so that maybe there is the possibility of some agreement. If there is not going to be agreement among the major players on this basic issue no bill is ever going to get anywhere.
And I also think, and this is just a general comment that not everyone will agree with, in general most of the bills that have been proposed at the federal level are stronger than anything that exists at the state level today period. There are virtually no state laws that offer stronger, more complete protection than the bills that have been proposed. So I think the proposals, at least, are a long way toward meeting your standards. What will come out of the other end of the pipeline is an open question.
DR. HOGE: Let me just say one thing quickly, Mr. Gellman. I think that that is incorrect. I think that the bills that we have seen, particularly when they have gone into the provider/patient realm have not been more protective than what exists in the states currently. I think that is just wrong.
MR. GELLMAN: Okay, you are entitled to your opinion.
DR. HOGE: And to compare it to a state statute I think is unfair. I think you have to go out and compare it to standards of practice that physicians will be held to.
MR. GELLMAN: Okay. I want to turn to a specific provision --
DR. PALMISANO: Could I comment, just one comment, Mr. Gellman.
MR. GELLMAN: Yes, sure.
DR. PALMISANO: On the issue of confidentiality, when you issued the challenge to find cases in the case law, I can tell you that professional liability companies -- and I have had some experience with those, a lot of physician-owned companies that came about as a result of the malpractice crisis in the ?70's -- if there is an obvious breach of confidentiality those cases are settled so they never get in the case books. You will never find them by doing a West law or Lexis(?) search because they do not reach the appellate level. They are just settled and it is just a matter of quantum.
There is no question about the damage, there has been a wrong, the standard has been breached. Harm has resulted in some cases, in some cases not, but the fact is that it is just an argument over the quantum. But most of the time it gets settled before it goes on so I think there are cases out there that we just do not, we cannot read about them unless you are involved in that insurance firm.
MR. GELLMAN: I appreciate that, but that is true of all litigation and there is litigation and, of course, there are many players in the health business beyond the doctors and patients. And if your records are misused by insurance companies or by other players you may not have any right of action against those people period. Under state law you may have no relationship with them.
So there are a lot of places here and so that finding some cases that hold doctors liable for confidentiality breaches, and in some states you will not find any because there is no common law right of privacy in some states and if you do not have a statute, you do not have any rights period. There may or may not be other circumstances in which physicians can be held liable, but as for breach of privacy, that may or may not be available.
In any event there may be, I do not know what is out there either but my suspicion is that there is not much, and for the reasons Dr. Hoge mentioned case law isn't necessarily very protective of patients' interests, nor does it provide much guidance to physicians as to what they are supposed to do when the Inspector General knocks on your door with a subpoena and trying to figure out whether you are supposed to comply with the subpoena or notify your patients or do anything else. You are not going to find any of those answers in any case law no matter how hard you look.
DR. HOGE: Let me just make one point, which is that I do not think that the, I mean certainly looking at, even if we can find a number of cases that are in the appellate courts regarding privacy, those are not going to help you when you come to regulate managed care companies, insurance companies and so on. I agree with you completely. I think we need to establish -- that was part, again, part of my opening statement -- we need to establish rights of action against those entities that currently do not exist. And the reasons that it is not going to help you is that those entities are not in the same relationship as doctors are with patients. You are going to have to create something, if that is what you are up to here, you are going to have to create something that holds these entities liable.
They are businesses and businesses are not doctors. Businesses are not charged and do not have the ethical responsibilities to act in patients' best interests or to be their fiduciary. And I think that that means that you are going to have to begin from scratch. You just cannot lump them in the same basket. You cannot put doctors in the same basket with insurance companies.
MR. GELLMAN: I am not sure I disagree with that.
DR. HOGE: Okay, good.
MR. GELLMAN: Let me go on to another area. I want to look at a small part of the proposed legislation that deals with disclosures to next of kin. This is a pretty narrow area but I think it is an important one and I think you are the right people to talk to about it.
The structure of all the bills is that there is a comprehensive set of rules about how records can be used and when they can be disclosed and so disclosures to next of kin are part of medical practice and the legislation has to establish some kind of standard in this area in order to allow disclosure. This is a common part of medical practice. Are there standards, ethical rules, industry practices with respect to disclosures of(?) next of kin that are universally recognized today?
DR. PALMISANO: Yes, the tradition in medicine is that the patient has to give permission before something is disclosed to anyone else. But sometimes the patient, for instance, if I am examining a woman with a breast lump and make a recommendation of the need for a biopsy, most of the time the patient says, would you mind if my husband came in? So I have the nurse bring the husband in and we will go through what the situation is.
So there it is obvious that she wants her husband to know about this and after the biopsy is done, if it happens to require an anesthetic where the patient is asleep, then it is understood that I can talk to the husband and explain how the patient is doing and when the results will be ready and so on.
I have had some patients tell me clearly up front that whatever you find here today is only for me and no one else and I respect that. The problem comes in when someone calls in and says, gee, you just operated on my mom. I have been living in California and I haven't been in New Orleans in 15 years and I want to know what you found on mom.
Well, I do not give that information over the phone. I do not know that this is really the daughter. It might be a reporter, it might be someone in another business venture. It could be anyone. And so I will get permission from the person authorized to give me that permission, be it the patient or if there is a durable power of attorney, if the patient is unconscious, then I will get that permission. But the standard is that the patient has the right to that information and only when the patient gives you permission, and sometimes it is implied by the way they bring the family members in.
We also have laws in the states. For instance, in Louisiana if I were to collapse in New Orleans tonight when I get back and I am unconscious and I am brought to the hospital and they conclude that I have had a massive cerebral bleed and that I am in the process of dying and nothing more can be done, then the law specifically states that the next family member in this situation would be the spouse, if not judicially separated. And if there is no spouse, or if the individual is separated from the spouse, then it would go to the children. But there is a hierarchy that tells you who can make decisions, who can give consent for procedures and so on. So that is the way it is addressed currently.
MR. GELLMAN: One of the bills permits next of kin disclosures only if the subject has been expressly notified of the possibility and has not objected. And, by the way, no one, I mean, all proposals are quite clear that when the patient's expressed a point of view against disclosure that disclosures are improper. I mean that is, no one disputes that at all. The question is, what do you do in the absence of an expressed view from the patient?
One proposal is that you have to notify the patient of the possibility and if the patient has not objected then you can make the disclosure. Another point of view is simply to give physicians more discretion in terms of when they make these disclosures.
The difference here is sort of one of formalism in a way, that if you are required to give a disclosure then you are going to need a piece of paper to be signed that says, yes, the patient has gotten a disclosure. Because otherwise you cannot prove that you have notified the patient of something. And so the question here, this is the tension over this issue, is how formal do you have to be in this process?
DR. PALMISANO: Well, I do not think, certainly you do not want it to be so formal that it impedes the delivery of medical care to the patient. I would use the example of informed consent in Louisiana, the state I am most familiar with. Under the law which was passed in 1975 you can get informed consent two ways. You can get it by an oral discussion with the patient and the patient can say, yes, doctor and that is it.
Now, it is in everyone's best interest if that is put into writing because memories fade, people die, witnesses lie. All these things happen as you look into informed consent issues. But another law was passed in 1989 because of a landmark Supreme Court case, Handrulas(?) vs. Schumacher(?), where they turned the law upside down in the view, in my view, anyway -- I testified on the law in 1975 for the medical society -- and in this law they said, okay, we are going to help solve the problem when they passed this law in 1989. They said, we will go ahead, we will go ahead and allow it to be in writing and we will have an expert panel decide what risk should be disclosed for any given procedure.
And I happened, I chaired that panel with three plaintiff attorneys, six medical doctors, one oral surgeon and one defense attorney, and I have been the chair of that since it started. It is working fairly well and people get along well and they work in the patient's best interest.
But the point is in order for that to work it has to be in writing. So if it is not in writing that law does not work and you fall back on the law of 1975 as interpreted by the 1989 decision in Handrulas. So most physicians have decided that there is so much risk in the Supreme Court's interpretation of the 1989 decision they will go through the formal requirement of the written consent.
And, of course, that is good risk management advice, always to get it in writing, but for every day actions and a patient coming in to say, well, whether or not you can talk to the spouse or whatever, to put it in writing, I think would not be a necessary thing. It would work okay orally and only if someone was concerned or had a heightened fear of litigation would they say, look, I have an abundance of caution and I would like this in writing. It should be an option available but not mandatory to get every permission in writing. You could do it orally.
MR. GELLMAN: Dr. Hoge, do you have some thoughts?
DR. HOGE: Yes, again I think this is probably an area where you do not want to micromanage. That you want to leave the discretion to the physician to make a decision. I have cases certainly in psychiatry, it is not uncommon for patients to be incompetent so that you might not know. They may tell you, well, do not tell my mother and the patient lives with the mother and they have always ultimately involved the mother and this the way things should be.
And there are other cases, obviously when you have notice from, you may not know the family or you may know that the patient does not want the family to be involved and they have not historically on other issues and you probably do not want to involve them on this particular issue. I think again, that this is just an area you should best leave to malpractice law.
MR. GELLMAN: Well, I just want to give sort of the clearest example of this. One of my concerns is, and this has happened from time to time in the past with privacy laws, that they are written without a real clear eye on the real world and the way things happen. And the clearest example here is one I have used before. I go to see a doctor. He phones in a prescription to a pharmacist who is a health care provider. My wife goes to the pharmacist to pick up the prescription and the pharmacist says, not only can I not give you the prescription, I cannot even tell you I have a prescription because I do not have a signed, written notice from the patient. And, of course, I may be sick in bed and unable to come to the phone or whatever.
So all of a sudden the way the world works, it may not even be a spouse, it could be a neighbor, it could be a friend, it could be anybody, you know, and that kind of circumstance, yes, there are risks involved and the reason I am asking the question is not to try and resolve this today. I think it is a very important issue in any privacy bill and I think a lot of attention needs to be paid to this and I think that this is something, it is not the only issue by any means, that providers have a unique interest in but I generally agree with Dr. Hoge that you have to give a considerable amount of discretion in this process to the providers to make some decisions and I think it is something that as this bill moves through the process that you ought to be paying close attention to because I think it, depending on how it comes out, could make a big difference to how, the relationship between the physician and the person and family being treated comes out.
DR. HOGE: Can I ask a question? In your statement just now you mentioned a bill. Have you already decided that you are going to recommend a bill?
MR. GELLMAN: We have not made any decisions here at all. I would be --
DR. HOGE: Did I misunderstand you?
MR. GELLMAN: Perhaps. We have not made any decision about what we are recommending. I rather doubt that we are going to be that specific, you know, in terms of endorsing a particular bill or not.
DR. HOGE: You said, as this bill works its way through the process.
MR. GELLMAN: Well, I mean, generically, this issue, okay?
Let's talk about non -- actually let me carry that same point on a little further, another, slightly different. I happened to be in a hospital about ten days ago visiting somebody and I went to the person's room and on the floor where this person was, and I assume this is true on all the floors in that hospital and possibly all the floors in all the hospitals, I do not know, was a large chalkboard behind the nurse's station and on it was a list of each patient by name, by room, by service, by physician, lots of information.
Under any of the proposals that have been made the posting of this information in what is effectively a public place would be improper, yet it seems to be a common practice, tell me if I am wrong. How do we reconcile this? I mean, would this legislation, is this, how essential is this to the treatment of patients on floors in hospitals? Is this one of these practical things that is important in the actual carrying out of health care in a setting that just does not comport with the theoretical limitations of a piece of legislation?
MR. NIELSEN: Probably so. I am going to defer most to the doctors because you guys know what this is about, but I, I mean this is just a common cultural phenomenon in any hospital to have the board with everybody's name on it. I suspect that it could still be done for purposes of just keeping track of who is in each room without disclosing the kind of information that would be considered private or confidential. To the extent that that could be done, it probably ought to continue.
But I also, I know in our system the need to post any type of detailed clinical information on that board is non existent. That can be easily accessed in the free standing hospitals in our system through the computer systems that currently exist. So there would not be any need to do that or for that matter to have the charting information that is typically at the end of the bed. Those things are now pretty much computerized and available to only people who have access to them.
MR. GELLMAN: Dr. Harding?
DR. HARDING: It is an interesting point and certainly the hospital that I worked in in South Carolina had those same boards up and you could see them from where visitors came in. Probably in 1984 a Joint Commission on Accreditation of Hospitals, what is now health organizations told us that if we wanted to pass the joint commission that we had to move those things. And so now those same blackboards are in the nurses' station where they cannot be seen. They are still up but they are in the back of the nurses' station where they cannot be seen from patient care areas and where there are visitors. So they are still being used but they have been turned around in effect which seems reasonable.
DR. HOGE: I am not familiar, I have never seen such boards. I think the only place that I have encountered them would be in an operating room where there would only be operating room personnel around and obviously there is a need for nursing staff and so on to know where people are. But I think it obviously does not comport with what we would expect privacy expectations for patients. I think that is obviously correct.
DR. PALMISANO: Well, I think where you are most likely to see such a board would be in an intensive care unit or coronary care unit, some intensive type unit, or in the operating room you would see something like that but only the hospital personnel would see it, see what was going in what room and so on. But from a physician's standpoint there is no need for such a board. Physicians know where their patients are and if they do not, they ask the nurse. And if they get a consult and they say, gee, I thought the patient was in room number 1 in ICU and there is no one in room 1, what does this mean? And they will say, no, the patient has been moved to room 3. So that is not a problem.
But I suspect one thing you might look at is if you just call any hospital right now, if you get to a hospital here in the District of Columbia today I suspect I could call up and say, I am really interested in how Mr. Gellman is doing. Could you please tell me what room he is in so I could send him some flowers and some candy? And I suspect that they will tell me that you are in the hospital. So, I suspect that, what you are talking about on the ward is not much different than what you can get when you call on the phone to any hospital.
MR. GELLMAN: Simon?
DR. COHN: I am actually just going to chime in based on my own specialty which is emergency medicine. I would describe your observation as probably being more true of what exists currently than places where I have seen confidentiality being preserved. I certainly would concur with the others that this is something that should be confidential and isn't.
But of some interest is in places where we have tried to computerize this is actually an interesting area where everybody recognizes that in the world of computerization it is typically an issue. And as Mr. Nielsen commented, when you actually do computerize these processes suddenly you put screws in a place where they cannot be seen whereas before you would always leave them out for everyone to see. So, that is just an area where potentially computerization actually increases confidentiality.
MR. GELLMAN: I noticed that in a previous episode of the television show, ER, they had a little dispute about whether names should be on the board and they were taken down and it created a lot of administrative headaches and so they were put back up. It was just a small scene in the show but one that I paid attention to.
[Laughter.]
DR. HARDING: One thing about the computer, when you have lists on computers with access throughout a hospital, you, of course, have the ability for many people to see who is in what room and who is getting what tests and what CBCs and so forth have been done. In my hospital, it is a 600 bed hospital, we have had four employees fired this year for accessing information that was none of their business. But they wanted to see how their cousin was doing in Room 466 or something like that and they were dismissed for that breach of confidentiality within the computer system of the hospital.
MR. GELLMAN: Okay. Let's move on to another area, one of the harder areas of the bill -- I am not sure there are any easier areas to the bill; it is just a question of which, some are harder than others -- but non consensual disclosures to patient information. We have already seen from the testimony that we have had here, and we all know this, that there are enormous demands for patient information from other players, government, private organizations, what have you within the health care community. And I want to talk about some of these uses and see what everybody has to say about them.
The first one is researchers. Now everybody seems to agree at a minimum that before researchers can get records that there has to be, you have to go through an IRB, and institutional review board, and they have to get approval there. Is that enough? I am not trying to write a provision here with all the little details but basically as a process is it enough to get your research project approved by an IRB to be able to get non consensual access or do we need to do more?
DR. PALMISANO: Well, I think the institutional research board is a good model to look at. I think most people engaged in research and the patients involved in those research projects are generally satisfied with the safeguards there. There may be some fine tuning that is needed but certainly that would be a model to look at and to start with as opposed to a model that would give greater access and is better able to identify patients.
MR. GELLMAN: Dr. Hoge?
DR. HOGE: I think, I do not know that I have anything to add to that. I think the IRBs, at least in my experience, have done a fine job and certainly it is, I guess it is like anything else, there are better ones and worse ones, but probably trying to tweak that system would be the most I would recommend.
MR. GELLMAN: So, do you, some people have proposed that patients should have a right of control over whether their records can be disclosed to researchers. How do you feel about that?
DR. HOGE: Records from?
MR. GELLMAN: Well, that patients would, in order for a researcher to get access to my medical record, the researcher would need my express consent.
DR. HOGE: Well, I have tried to read some of the testimony, Mr. Gellman, and I guess what has always confused me is that it is difficult to talk about the different people who are holding records. My experience and the experience of my colleagues in traditional medical settings, academic universities, physician-controlled entities is that the IRBs do a wonderful job at protecting patients.
Now I understand some of the patient, and I know the patient advocates, I have read their statements, I understand their concerns. I think in part it depends on who is holding that information. Right now I think anyone who has done research understands that there is a tension in that setting between the clinicians who have, who are acting in a sense as surrogates for the patients and are concerned about protecting the privacy or acting as clinicians are meant to do in the interests of their patients, the researchers who are interested in the rest of us, all of society and wanting access to the information and the IRBs who are kind of mediating there.
Now, when we talk about research that is done in other settings --
MR. GELLMAN: Could you give me an example?
DR. HOGE: Okay, sure, I guess I am going to have to start alienating someone.
MR. GELLMAN: That is what we are here for.
DR. HOGE: That is what we are here for. Well, let's say we are talking about a managed care company, not to pick on anyone, where there we do not have, again, the traditional, at least in many managed care companies -- now I know that this is not true, I read some testimony from a physician, Dr. Hyatt(?), who works with the managed care company on the West Coast, its name is escaping me at the moment -- Kaiser, thank you -- and, you know, I think that there are, you know, there are different cats out there that we have to talk about -- but certainly there are some entities out there, some managed care entities that do not have this same devotion to patients that Kaiser has.
And I do not know that I would be as trusting of those entities to provide the necessary tension with the researcher. And I think that that is a problem, I think that that is a problem, and I think, you know, there the IRB protections would be even greater.
In the traditional hospital, even in academic university where I feel that I am completely powerless, physicians have a remarkable amount of control and I think that that is not true in many managed care organizations now. Physicians are employees and we do not have anything that resembles the staff models that we have in hospitals, in university hospitals. So, I think we need to insert some more protections for the patient records into those settings.
MR. GELLMAN: Okay. Mr. Nielsen?
MR. NIELSEN: I do not know, I do not have many comments beyond that. Our experience with IRBs has been very successful. To my knowledge we have never had a complaint from a patient with respect to any of these issues. I do think, however, and this will, this may segue into a segment of this in the future, but we would hope that at least when consent forms and authorizations are initiated that they would be broad enough to hopefully cover the notion of research. I suspect, however, that there may be some instances with respect to certain kinds of research, and I cannot tell you what it would be, where explicit patient consent should be obtained and is necessary.
Additionally, I would think also that any IRB policy should make it clear that once the specific, patient-specific information has been utilized for whatever purpose that it be destroyed or it be returned to the institution, that it not be retained in a form that could be specifically identified once it is aggregated and once it is used for its research purpose. But I think that the notion of patient consent in certain circumstances is one that we ought to think about.
DR. HOGE: Let me just interject one point, that there are, I believe there are federal regulations that require researchers to keep records for, I believe it is five years after the end of the study. So part of your suggestion I do not think could be carried out.
The other thing to keep in mind is that, I mean, there are exceptions to this but generally IRBs require that data as it is collected is coded and identifying information is removed. Now, of course there are some long-term studies where you want to link data over time, but the vast majority of studies are done and at the completion of the study, whether it is six months, twelve months, eighteen months, and there is no reason to link a patient record with a research record, there is no capacity to do it. In fact, I have done studies where as soon as we have a complete data set, a complete protocol, you know, we destroy, I mean, it does not matter whether the police, the CIA, it does not matter who comes in, my mother, you are not going to be able to get me to connect the records because I cannot do it.
MR. GELLMAN: That is fair enough. Most of the proposals do require that. You cannot get identifiers unless you really need them and then you have to remove them as quickly as possible. Simon?
DR. COHN: Yes, I was actually just going to second it. It obviously depends on the research study on whether or not you need identifiers, though whether they are meaningless identifiers, but allowing you to link sequentially patients obviously varies from study to study. I was just going to comment, I work for Kaiser Permanente. And I am a clinical information system coordinator for them. I just wanted to reemphasize that Kaiser Permanente uses the IRB model which once again I think is a strong statement that it actually does work very well in most settings.
MR. GELLMAN: Let's move on to another area, public health. There are lots of public health uses of information, non consensual, many are required by law. I do not want to go over the specific details. Is anyone troubled by the sort of general practice of disclosures to public health departments in the way that has been done in the past and that is required many places?
DR. PALMISANO: Well, just to comment. I think there are two potential models. One model that I pulled out from Louisiana would be the reporting of venereal disease. The physician is obligated under the law to report that a patient has venereal disease and that the patient is undergoing treatment and a number or a letter code is given to that patient. The identification of that patient is only given to the health agency if the patient refuses to be treated or before treatment is completed is going in a, acting in a manner that would contaminate other individuals. And so then the physician is obligated to give the name and so on so they can stop this individual. Or someone, you know, there are other entities, there have been laws for tuberculosis and so on. So we would always work toward the model that would allow the public health identification to be done but minimal information about the individual to preserve privacy.
MR. NIELSEN: This is one of these areas, again, where I think you have to carefully balance the equities. Certainly there are many instances where the public need and the public good is served by disclosure and it strikes me that in weighing those equities and in balancing those interests if, in fact, the public good subserves that of the privacy interest that it ought to probably prevail. So I am personally not troubled with the notion that in the appropriate kinds of settings this data be released.
DR. HOGE: Let me just bring up an example you probably are aware of and have heard from other people about and that is the unfortunate incident in Florida where the public health, I do not know whether it was a worker or a bureaucrat, someone working within the Florida public health system downloaded, I believe it was 4,000 names of individuals who tested HIV positive and then copied that on a disk and mailed it to all the major newspapers in Florida. I mean, clearly public health is an example similar to the research example where we have made in the past various judgements, a judgement regarding the aggregate good to society versus individual risk. If there is any area that we want to put off limits to computerized record keeping it would seem to me that it would be this area because we have already balanced away some of the patients interests and to take any additional risks on top of that seems to me to be in general, unless we are talking about the most trivial kind of information, in general though it seems to me that it is just above and beyond what can be justified, even for the public good.
DR. SCHWARTZ: Hypothetical question. Let's say it is Intermountain or some other large organization that might have a research arm and the researchers developed some type of profile analysis. And low and behold the researchers realize that there are a number of children, let's say in a large city -- whether it is Salt Lake City, whether it is Detroit or somewhere -- that are continually showing up at emergency rooms with contusions and all sorts of problems where any one of the providers that might see them might think that perhaps it was an accident, they fell down.
But the researchers might say, well, look at all these, look how often they are showing up at all these different providers. And we have this information, perhaps there is some type of abuse going on. In that type of situation, what should the researchers do, who should they disclose the information to, how would you proceed?
DR. HOGE: I am glad you asked an easy question. You know, there is, this is an area that there is really little agreement about. I mean, take away the computer aspect of this for the moment. There is really no consensus, the researchers do not have the same, keep in mind researchers do not have the same responsibility that clinicians have. To the best of my knowledge I know of no state that requires a researcher to report suspected child abuse. I may be wrong about that.
In psychiatry it has often come up as a discussion of whether or not a researcher conducting a study comes across a threat to a third party, whether they have the same responsibilities, erosoph(?)-like responsibilities as a clinician. The best analysis of that, I think there is some agreement on, suggests no, that there is not. And indeed, as probably most researchers would tell you, most research is conducted under the provision of a right of complete confidentiality of the information. So that, even if you obtain information that is beneficial to the patient without -- or the subject --
DR. SCHWARTZ: Or to the society.
DR. HOGE: -- or to society, you cannot give that information to anyone without consent.
There are, in fact, in order to do certain kinds of research it is possible to get a federal certificate of confidentiality. So if you want to do research, for example, on violent behavior or I guess sociologists and criminologists might do research on truck hijackers. Well, obviously if you are going to talk to a truck hijacker and you want to learn something about how truck hijacking takes place, you are going to have to give them pretty strong assurances of confidentiality.
DR. SCHWARTZ: Sure. Let's say your finding is sort of an aside. This wasn't your intent necessarily and in the course of the investigation you find this out. Then what kind of responsibilities do you think -- Mr. Nielsen?
MR. NIELSEN: I think the doctor has already indicated that in most, probably all of the states, there are mandatory reporting requirements for child abuse. I was a prosecutor for a number of years. In the near enough time that I remember when this issue became a prominent issue in the country there were many times when those reports were received by law enforcement, and subsequently by me as a prosecutor, that proved to be unfounded. Some were not, some were. Nevertheless, again we get back to this balancing issue. The reporting laws are there to ferret it out when it exists and if we are wrong, we are going to be wrong but that is one of the side effects of the reporting requirements.
I think the doctor is absolutely right, I do not know of any law that requires researchers to disclose that. But in the scenario you have described there probably ought to be a law because that strikes me as a clear example, probably maybe even more directly attributable to abuse than maybe a physician's observations. So, again, I would not be personally troubled assuming everything is equal that that sort of thing be disclosed to the appropriate authorities or at least perhaps to a personal physician of the individual who is the subject.
MR. GELLMAN: Simon, did you have a question?
DR. HOGE: Could I just interject one more thing? I guess I am troubled by this and obviously this is a tough spot to be in. I do not want to, I am certainly not in favor of child abuse. But, I mean this I think again goes to the question of how computer technology might be used as a surveillance technique. And if now we are saying that someone holding records can do this sort of compilation then why can't they look for other things? And if they are now looking for other things, again we have changed the traditional understanding of the rules.
I mean child abuse and neglect reporting requirements changed the rules pretty dramatically when they were adopted and have taken a while, I think, really to be assimilated by physicians and society and probably fully have not reached that point now. But if we start surveiling for those things, where does it end?
MR. NIELSEN: I do not think there was any suggestion there was a purposeful surveiling, but your scenario, I think, is something that ought to be thought about.
MR. FANNING: Harvey, I think in your case, in this incidental finding the researcher should write an article and suggest that more funding be obtained --
[Laughter.]
-- for more comprehensive study of this which would then develop specific standards for hospitals to actually use in practice. But the individual cases should not be revealed from the research situation because after that people will not cooperate with researchers and you will not have the long range result of improving the system.
MR. GELLMAN: Simon, did you have --
DR. COHN: Well, actually I was going to go back to a previous comment that was made. Is there anything that --
[Background conversation.]
Okay, actually it was just a question I think to all of you. Dr. Hoge you have brought up or began to discuss this issue of some data potentially needing more privacy and confidentiality than others. And I guess I would ask the various panelists that given a future scenario where there is a, what we think is a very good level of privacy and confidentiality to all health care data, are there other bits of data that need extra special levels of privacy and confidentiality, and if so, sort of what are they and how is one to determine that, especially prospectively?
DR. PALMISANO: Well, I think you can make a number of arguments for different types of information to be given different levels of protection but it is our view that all of the information ought to be given the highest level. The first situation that people bring up when I talk about this with them is genetic testing where it is not what you have now, you have the propensity and a high probability that you may get some disease process within ten years or fifteen years that would make you uninsurable and so on. And I think another person might come up and say, well HIV infection is another one we should give special protection to because of the social implications in the society. As you keep going down the list you suddenly realize that everybody is making their case and then you say, well, why not give the highest level of protection and privacy to all the data and that would be opposition, that it ought to have the highest level of privacy and only with the patient's permission, except for those extraordinary circumstances that we mentioned in the testimony, both written and oral whereby if you knew that someone was deliberately, a psychiatrist knew that someone was going to leave the office, had a loaded 38 and was going to walk over and shoot someone in the head, then that psychiatrist has a duty then to save the life of the individual that is about to be shot and breach the confidentiality of that particular patient. I use that as an extraordinary example but that would be one that would breach confidentiality.
DR. HOGE: Okay, I guess I got us into this. Again, I think you have to go back to the premise I began with which is that the information that we are generating should be used for the patient's benefit. That is why they came to the doctor, that is why they gave up the information, with the expectation that we were going to help them. So we need to keep that in mind. So regarding levels of protection I think we first need to go to the patients. I agree, you know, I agree with my colleague here that certainly we want to have very high levels of protection but if there are categories of extra special protection, maybe, as I suggested to Mr. Gellman that we not computerize HIV records for public health purposes, that we have the patient define that.
In my experience, we talk about psychiatry, and I am happy about that, but in my experience as a physician in general patients have particular, very personal concerns about different kinds of data. Dr. Palmisano brought up one case. You know, it depends on who you are, your circumstances, what you are concerned about. Privacy is a very personal thing. What one person regards as something they will talk freely about at a cocktail party another person would never tell their spouse. And I think it is not the right approach for, to do this from the top down, for a group of experts to define what is particularly private. I think we need to have the patients tell us in many cases.
Now there may be circumstances, such as the one I suggested, I mean, I guess I am talking from both ends here and I recognize that. But I think that we need to begin, our underlying premise has to always be we are worried about the patient, we are worried about how the information is going to be used. And I think the cases that you are bringing up, the concern about kind of extra special protection really goes to the question of who has the information, what can they use it for. They should be using it to help the patient. If they are not using it to help the patient then they should not have it in the vast majority of cases. And we do not have to worry about special protection.
MR. NIELSEN: I would add, however, that that is an issue that is sort of a raging debate in our system right now. There are those physicians and others who argue that there are certain kinds of diagnoses that require special protection. Psychiatric issues, drug dependency, HIV, and a host of others where, at least in the context of what we are trying to do with this broader notion of computerization and data records and so on that there is some of that information that ought not to be accessed by everybody. And that only those who have an absolute need to know for clinical treatment at a particular point of time should have access to it. But it is a difficult issue and because even a psychiatric diagnosis is problematic in the diagnosis of other kinds of illnesses and physicians argue they ought to have the full range of available information. It is a tough issue and I do not have a distinct answer for you other than to suggest that it is controversial.
DR. HOGE: We tell our members, I can tell you what we are telling the APA members now, which is, you know, there are two diametrical approaches, you can do it patient by patient, you can say there is a high threshold -- I guess there are three approaches -- or you can try to carve out particular areas and physicians, we are telling them they have to look at their own systems and say, well, what is the best deal you can get, the best privacy deal you can get for your patients? And make every argument, even if they are internally inconsistent, to get the best privacy deal that you can for your patients.
MR. GELLMAN: Well, I always illustrate this point that I think confidentiality is in the eye of the beholder with the observation that I know lots of people who see psychiatrists because they tell me about them. And they do not, these people, these individuals do not think that is particularly sensitive -- I am sure others do and do not mention it -- but I do not know anyone who has ever seen a proctologist, nobody ever talks about that.
[Laughter.]
And I think on that note we will take a ten minute break.
[Brief recess.]
MR. GELLMAN: We are going to begin with Dr. Harding.
DR. HARDING: This morning, I think two of you were here this morning. Mr. Nielsen, you came in, I know, at noon, but we had some law enforcement officers here or officers of the FBI and Justice Department and so forth, and they made a statement that I know Mr. Gellman said maybe we could come back to, but they made some kind of a statement that went something like this, that law enforcement access to medical records does not affect the doctor/patient relationship, said that in so many words. Is that fair? Would you all comment on that? Do you feel that that could be a real hindrance or a boon, for that matter, to doctor/patient relationships?
DR. PALMISANO: Yes, I see a problem with the police or anyone else coming in without high standards to get to the medical records because it goes back to the original problem of trust with the patient in the patient/physician relationship. And if the patient knows that this standard is very lax, I mean when the individuals spoke today they said, well, we do these things now, we go to the Grand Jury, we go get this, we get that, I am not aware that the patients are fully informed about all these different things. The more patients become aware, the more patients become educated, and I think through the different ways of communication, like the Internet, for instance, where people suddenly getting this, the greatest library in the world, some junk material but a lot of good material is available, I think patients are going to come to their doctors more and more and say now, wait a minute, what I am telling you, this is really serious to me, it means a lot to me and I expect this to be held in complete confidence and then they will start asking more sophisticated questions and there will be physicians who will have to get educated and say, well, gee, I had no idea that someone could just walk in and take this information. And that has been the concern, for instance, in Louisiana where you have to notify the other side and so on.
So the answer is yes, I think it would affect the doctor/patient relationship and again, you have to balance interests and certainly the privacy interest should take precedent unless there is some really overriding probable cause type standard where there is a need to know that specific information to save the nation or to save someone's life.
DR. HARDING: Do you ever get asked by a patient that I am going to tell you something that I do not want put in my medical record?
DR. PALMISANO: Oh, I, yes, I have heard that before, sure.
DR. HARDING: Do you go along with that?
DR. PALMISANO: Well, I will tell the patient that what I will put in the medical record, I will say, I will put in the record here that you have some things that are concerning you, that are affecting you of a very personal nature and that we are just going to discuss this verbally and let it go like that. I make that note to myself so I will know about that.
But I have patients who come in sometimes who are obviously under stress of some type and I can offer a surgical correction for the problem that they have but that is not going to solve the underlying problem. And many times if we can get to the underlying problem I do not have to do an operation. We can get the patient into the proper therapy to relieve the stress and that problem goes away.
I mean, I have had to do emergency gastrectomy on a six-year-old boy one time who was bleeding to death who was in a horrible, horrible family situation. I mean that child came into late for us to do anything other than to save his life by removing half of his stomach and cutting his vagus nerves, so yes, if patients know that that information can be disseminated then there is a problem. And believe me, I have the highest regard for the police and for the work and the courageous acts that they do. My father was a policeman for 29 years and a very courageous man who, you know, took on hostages, put his gun down, rescued all hostages and did very brave things and I grew up around policemen so I have the greatest respect for them. On the other hand, I think it is very important that we maintain the privacy because we live in America, the land of liberty, and it is a land that says there shall be no coercion, we do not have people knocking down your door at night to go in and look in your home. They do that in other states, in totalitarian regimes, but we do not do that in America.
And we have to balance all these things. And certainly if someone can present a compelling reason to invade privacy then we as a nation say under those circumstances we invade the privacy.
DR. HOGE: Yes, I agree with Dr. Palmisano. You know, again, I think it is probably impossible to dispute the fact that if we allow law enforcement agents to go through medical records willy nilly that probably they could find some things that would be useful. If they could go door to door and go through all of our houses without getting a court order I guess they could probably eliminate a lot of the drug and violence problems in Washington, D.C. in a short order but that is not the country that we live in and those are not the rights that we expect. And I think there is probably a necessary tie between individual privacy and democracy. I think without privacy we probably cannot have the kind of democracy that we have.
So, again, some of these points were made earlier but I think it is important to keep in mind that while there may be an optimal level of justice that we can have by giving broad discretion to the federal law enforcement agents to go in, that we accept some loss of efficiency in our law enforcement to protect patient privacy. And I think it is perfectly analogous to the technological advances that we have had in medicine. I think we have technology to save a lot of people a lot of grief and suffering if we could force it on them, if we could go into people's homes and take away their fatty foods, if we could run people through the streets and make them exercise, if we could stop them from smoking, you know, we could do a lot of things. In psychiatry if we could make every patient take medication, we could save a lot of people. Certainly we could make some people live longer if we kept them on respirators and gave them chemotherapy even when there are only marginal benefits. But I think we accept in this country that people have individual rights and privacy interests that forbade us from doing that.
You asked specifically about the doctor/patient relationship. I think that there are two ways you would have to look at this. I think one way we have talked a lot and I heard a lot, I guess I heard the gauntlet being thrown down this morning that we have to demonstrate, somebody has to come up with evidence to convince law enforcement that there is a problem.
` I think that there is a problem. There is no good study on this. I do not know that we have the burden of proof, if I can use that analogy in this setting, but clearly, psychiatrists every day have people come into their offices and say, whatever you do, do not bill my insurance company for this. I do not want it going into the insurance data banks.
I know that they keep data banks on this. I know my employer probably could get access to those data banks. Or even if the employer does not immediately get access to the data banks, I do not want it going on record because once it goes into the computer who knows who can get it? And we have lots of patients who can afford care who are telling us they do not want to use their own insurance. They would rather pay out of pocket than take that risk. All patients cannot do that.
I am sure we have more patients who would love to be able to use that option but simply cannot afford it and it is not clear to me why we should have different levels of privacy in this country based on the size of our wallets. I think that is a big concern to me.
I think we also need to keep in mind that aside from the consequences of changes in the rules we need to, you know, the demonstrable consequences on treatment, that we are talking about how much privacy do we have in this country? Medical information has undoubtedly, I do not think that anyone would dispute that medical information includes the most personal, private information that people have. I think the Supreme Court has recognized that in the occasions that they have looked at this. It is simply not the same as other kinds of information.
To the extent that we allow invasions of that privacy we are just, we are sacrificing privacy and I think we have to again keep in mind that privacy is a good in and of itself, even if it does not have all of the demonstrable effects we might like to be able to show to others regarding changes in the law. That was not very well said but I think you get the point.
That is the patient side of this. Now the doctor side of this, I think we are seeing more and more doctors, Dr. Harding, you probably know that the old, before we had computerization or had thought about it very much, we had guidelines in psychiatry that instructed psychiatrists to make differentiation among the setting in which the record was going to go. We had different guidelines for hospital psychiatrists, different guidelines for multi specialty clinic psychiatrists and private practitioners. And we are now hearing, I am certainly hearing, that not only psychiatrists but other physicians are saying, we are not going to put this into the record anymore because we know it is going to be computerized. And we have people saying, and I heard today about a case of a doctor saying, I keep more and more information in my head because I do not trust it when I write it down, and I know I forget things.
And so one of the consequences that we are going to see is that while we might have greater access, you know, if we centralized everything, if we had a huge national data bank and everyone had a medical dossier the information in there is going to be less accurate, less complete and less useful than the records we actually have today. So I think it is going to have a huge effect if we do not move quickly to protect privacy in these other settings, insurance companies and so on.
DR. HARDING: Mr. Nielsen?
MR. NIELSEN: Having not been there I am not sure the exact context in which the statement was made but let me, if I can, explain. I have been a, as I mentioned, a prosecutor. I have also been a police officer. So I think I understand the viscidities of this issue. If what they are saying is that police investigations would not impede the privilege that exists between the patient/doctor relationship, that is probably true. That privilege will remain inviolate unless it is waived by some statutory waiver in those interests where the privilege ought to be waived. That is very rare but it sometimes occurs.
On the other hand, let me give you my experience. Nothing infuriated me more as circumstances when I would send my detectives out to the emergency room or a doctor's office to look at medical records pursuant to a criminal investigation only to be rebuffed by the physician. None of your business, you know, you bring me a subpoena or a court order and you can look. And I have been on the verge at times of saying go back and arrest him for obstruction of justice.
Since I wear a different hat now --
[Laughter.]
-- I can see the folly of my previous conduct. Nobody, no police officer, no detective, no FBI agent gets to look at patient records without a court order. And there are circumstances, at least in our jurisdiction, it is a large city but it is not anything like the large, huge cities of America, we are small enough that if we have a particular circumstance where the disclosure of that information would be questionable or harmful in some way or would perhaps disclosure information that would go beyond the circumstances incident to the criminal investigation, we will frequently sit down with the police or the detectives and say, what is it you want, how can we help you? Is there some way that we can limit the information that you want to assist in the scope of the investigation?
There are times, they are very rare, where we will sometimes even move to quash a subpoena for issues related to privacy and confidentiality. But I think in the main, no matter what our profession or what our occupation or what our position, we have an obligation to yield to the processes of the law in an orderly fashion. That is the reason in criminal cases the issue of subpoenas and the issue of other types of exploratory orders are not like the civil process. You have to go to a judge, there has to be a certain amount of evidence presented before those subpoenas are issued so that there is an independent determination as to the need. I think in many respects that insulates and cures some of the problems.
But in short, I think we should be fully cooperative with law enforcement. There are some circumstances, however, when discretion needs to be used in the amount of information that is released to them. And certainly without patient consent, unless they have court process, they do not get it.
MR. GELLMAN: Let me pick up on this law enforcement issue. We have had testimony before this committee, some this morning and some earlier, that the Inspector General at HHS has legal authority to get access to any medical record in the country, that with a Grand Jury subpoena any federal prosecutor can get access to any medical record in the country and with, under the Kennedy/Kassebaum provision the Attorney General can issue an administrative subpoena for any medical record in the country period. No judicial process, no independent review and no notice to patients. That is today, that is the existing law today. Can anyone sit there and say in light of these circumstances that there is any confidentiality?
Let me add another step, that except for the Kennedy/Kassebaum procedure, not only can the cops get access to any record, but any information they find about patients they can use against the patients. That is the law today. Now can anyone say there is any confidentiality in the health care system right now?
DR. PALMISANO: I think that is part of your challenge to fix that. I mean just because they stumbled in some aspects of that bill maybe we can prevent them from a fall down the road. And so we look to your guidance to make sure that that gets fixed. You have heard testimony of the problems involved with the ability to get records without probable cause.
DR. HOGE: I would agree with that. Clearly we need to do something to reform this. I think if your committee took that on and did write a bill that that would be maybe the most important element.
I think, and I was, I do not know what the right word is, I was outraged at some of the testimony I heard today. We heard about law enforcement agents trying to use personal relationships to get physicians to ignore their ethical responsibilities and their legal responsibilities and give the police information when they should not be giving the police information. I guess, you know, again I do have respect for the law enforcement and I understand they are trying to enforce the laws, but on the other hand, in a civilized society we need to have restraints on that.
I do not know if I agree with the characterization of the Inspector General having such broad access. I mean there are cases, you know, Mr. Gellman, I am sure the Arioshe(?) case in which access to records was greatly circumscribed with respect to what was originally sought by the Inspector General. The federal Grand Jury process I do not know about. I have heard a lot of complaints about the federal Grand Jury process, a lot of people think that it is a process that is prone to prosecutorial abuse and based on what I heard today I think that they are obviously right. And if you can do something about that, that would be great.
I think you heard probably a more reasonable and a common description from the gentleman, I think, Mr. Barnes from Indiana, and I think he told you quite quickly that they get court orders and doctors do not give up records without court orders and I think that is the status quo in this country, that is the status quo in this country.
MR. GELLMAN: It was not clear to me whether he was talking, when he was talking about subpoenas whether he was talking about court orders.
DR. HOGE: Well, maybe I misheard.
MR. GELLMAN: I just do not know. It just was not clear to me.
DR. HOGE: I believe he talked about having to go through judicial process. He complained to some degree about doctors resisting but, and I think that is what, he talked about doctors increasingly requiring that because, he described it as a kind of cover yourself situation. I do not think that is the motivation. But I think he is right that physicians are sensitive to this and they are increasingly being educated about the problems of just coughing up records without -- you know, keep in mind, you know, I guess with a few exceptions most doctors did not go to law school and no one, I can tell you one of the big parts of the, one of the recurring problems for the Committee on Confidentiality at the APA is to educate our members. We have a standing committee to educate our members regarding confidentiality. The police walk in with a piece of paper that says a subpoena, most people do not know the difference between a subpoena and a court order. Subpoenas look very fancy in many places. They look very official. And so you know, it is not uncommon to have to go to a medical records department or the physicians one by one and tell them, look, a subpoena is just a piece of paper. It does not mean anything, at least in the terminology in most states. You need a court order before you have to comply and when you get a subpoena you call up the patient and you tell them somebody is trying to get your records and then you tear up the subpoena.
DR. PALMISANO: Well, just to make the comment for the record, this is a troubling problem in many places, and I give the example of Louisiana where they constantly battle, as I said earlier. And when we get a subpoena there must be that affidavit that the other side has been notified. And I think the medical society and the physician captive insurance company, they do a good job with the newsletters alerting physicians every time the law changes. And the physicians kind of expect it, like what is going to happen this year, what do we do now? And they will put the attorney for the medical society or the insurance company will write a brief on this and circulate and say, here is the new law. It has changed. It is now seven days notice as opposed to fifteen. So they do know that they do not give up the record unless they see that and if they have any problem at all and anybody tries to intimidate them they are instructed to immediately call the medical society or the insurance company and they are assigned a lawyer immediately and it kind of takes the heat off the physician.
MR. GELLMAN: Does that law apply to civil litigation? Does that apply to criminal subpoenas or Grand Jury subpoenas or --
DR. PALMISANO: This is in civil litigation, yes, sir.
MR. GELLMAN: Yes, I mean most of this access, I mean, and there are provisions in some of the federal bills that are very similar to what you have described in terms of requiring notice to everybody before a subpoena can be served in that way, but none of this reaches the law enforcement subpoenas which are basically unrestricted, or mostly unrestricted. I take your point, Dr. Hoge, there are some cases here and there but unless you assert yourself you do not get any of those -- let me sort of ask a follow-up question for all of you. If you get a subpoena from a law enforcement official for a medical record, will you, on your own motion, notify your patient all the time? Dr. Hoge?
DR. HOGE: Yes.
MR. GELLMAN: What is the patient's reaction?
DR. HOGE: Well, in some cases the patient knows already about it and it is not uncommon, particularly in the civil actions that they know that that is coming and there is an attorney that they can access. And then there is generally a motion to quash. Now there are some cases, and, you know, again, I do not know how much we want to go into this, I mean obviously there are some areas of the law where there is just really no, you know, particularly in civil actions once a patient has put certain issues in play there is no right to keep that information.
MR. GELLMAN: I am not talking about civil litigation. I am talking about a law enforcement subpoena, Grand Jury subpoena, investigative demand from a government agency.
DR. HOGE: Well, again, you know, in my experience without, we do take the trouble to notify the patients. We suggest that they do something to fight it. Without a court order the facilities I work in we do not give up medical information.
MR. GELLMAN: Will you fight them on behalf of your patients?
DR. HOGE: If necessary, yes, absolutely. And we have had, members of the APA have gone to jail on, based on that principle and we are prepared to do it again if we get a bad bill.
MR. GELLMAN: Is that a universal practice in terms of fighting subpoenas on behalf of patients?
DR. HOGE: I think going to jail is certainly above and beyond the call of duty for most -- yes, I think again, you know, particularly keep in mind that it is not uncommon for patients, hospitalized psychiatric patients, to be incompetent, not to be able to exercise their rights, and who may not have an attorney to act on their behalf. So, yes, in some cases, I think again, it may be context dependent. There may be facilities and psychiatrists who do not do as good a job as I would like or our Committee on Confidentiality would like, but certainly I would say that the standard, routine response to those sort of subpoenas is to decline to comply.
DR. PALMISANO: Our general advice to physicians is that when anybody presents, if you have a subpoena, a criminal subpoena is to immediately call the attorney, your attorney, call, if you do not have one, you call the medical society, you call the captive insurance company. And they are all tuned into this and they are ready to be advocates for the patient and come forward.
We tell the physicians, you know, just do not make this judgement on your own, get somebody who understands this. In other words, if you are a family practitioner, don't do neurosurgery here.
[Laughter.]
And I had the privilege to, you know, to go to law school and graduate as an attorney and get licensed as an attorney but the thing I remember very well was a gentlemen who came in, he used to work for the IRS as a special agent. He was now working in private practice now, and the thing that stands out in my mind, he said when a special agent comes to your door and says, hi, I am here, I want to talk with you. You say, I am sorry, I am very busy right now and call your lawyer and do not say anything further. And I have just carried that advice over to subpoenas and so on, that you really need to make sure that you have the proper protection for your patients' records and you call the attorney and get that advice. And that is message that we disseminate. I mean, no one wants to break the law. On the other hand, people do not understand the law and you should call in people who are experts in the law to help out.
MR. GELLMAN: Well, I appreciate that but under the terms of Grand Jury subpoenas or the new authority of the Attorney General, they have authority to issue these subpoenas. I mean, if you want to go to court it is a major league effort to try to undermine or narrow or fight this. I did not get the impression from talking to HHS people or to the people this morning that non compliance with subpoenas or doctors driving these investigators into court all the time is a big problem. I got the impression, and I did not ask the question so maybe I missed it, that this does not happen.
DR. PALMISANO: Well, I personally, again, I have never had the privilege to receive a subpoena like that, a federal subpoena in all the years of practice.
MR. GELLMAN: Maybe we can arrange it for you.
DR. PALMISANO: Even though I heard the comment made about New Orleans, my beloved home, I do not want to get into that --
[Laughter.]
-- but I would say despite having our recent Mardi Gras that everybody appeared to be sane the next morning.
MR. GELLMAN: Can you talk about this from the hospital's perspective?
MR. NIELSEN: Yes, let me talk about it from the general perspective first. You know, I do not want to give the, leave the impression, I think it is wrong if it is being left, that we are always adversarially at odds with the law enforcement authority. That is not the case. In 99 times in these kinds of cases we ought to be fully cooperative. We ought to supply the information that is requested.
From a hospital standpoint my impression is that we comply with lawful court orders to turn over information. Those are almost always in the context of a criminal investigation into homicide, assault, rape and child abuse, those four areas. We are, in a sense, cooperating with the law enforcement authorities to create an environment where there can be a successful prosecution. We are not giving information that is going to be adverse to the patient in 99 percent of the cases.
So to suggest that there is always this heightened tension as we relate to law enforcement authorities I just think is not correct. There will be some times, as I think I alluded to earlier, and we do what I think someone suggested here, if there is any question our policies always require that contact immediately be made with the general counsel's office in the hospitals so that they can get appropriate legal advice as to how to respond. There will be some times when we will do what I have suggested earlier and that is make inquiries as to the scope and the breadth of the request and try to work with the police in fulfilling those court orders.
DR. HOGE: Let me just say, add one thing. Again I think it is important for us to keep in mind that from a physician's perspective the records are there to be used in the best interests of the patients. And certainly if there is a legitimate court order, there has been judicial process, there is nothing more for the physician to say about that.
But in a case where there is an option to resist, where there is a subpoena that does not have the force of court order, and where there is an opportunity for the patient to fight it, which we believe should be the case in all of these instances, we think that physicians have the responsibility to act on behalf of their patients and resists. That is the essence of confidentiality.
The other thing I guess I wanted to, I guess there are two other things I wanted to say, I guess I have a different interpretation of the discussion I heard this morning which was I believe that in the states, in the vast majority of cases which I believe probably does not involve the Federal Government, that law enforcement people are by and large getting courts orders, not subpoenas, they are getting court orders. At the margins they are trying to get information informally, I believe it was phrased -- and they are probably successful in some cases -- I would like to know those cases so that we could educate those physicians so there would be less routine informal compliance.
The other thing I would like to point out is that we were talking, at least if I understood the discussion this morning from the law enforcement agents, we are talking about access to thousands of records in some cases, thousands of records, many of which did not have any useful information at all. So we are talking about relatively broad breaches of confidentiality in order for them to shift through and find, you know, a relative handful of cases. I mean, think about all of the privacy intrusion that has taken place for them to find whatever it is they find.
I think, the other thing I want to say, actually I believe it was the federal witness who talked about mental health records in, I think, a particularly egregious way, there is often a fantasy, the law enforcement people seem to have rabid fantasies -- they should see a psychiatrist -- about what is in the medical record. I mean, I do not do and I do not know any physician who does an investigation of their patient when they come in or a cross examination. So what we see in psychiatry over and over and over and over again, this is criminal and civil, is that the police or the other party in the civil action think that we have all the juicy stuff in there, that they are going to get information in there that is going to solve the crime, we are going to find out who killed, you know, Mr. Jones, and we are going to find out all this, we are going to find out whether Mrs. Smith is a fit mother and that is just not what is in the medical records. We do not ask people, oh, by the way, I understand you came in here with a pain in your chest. Did you happen to kill anyone today? That information is not there.
So that we have a lot of people's privacy, medical privacy being trampled, trampled for what? So these people can see if there is maybe something that someone has put down in a note. I mean, I know of very few, I am a forensic psychiatrist, I know of, I cannot think of a case in which a significant law enforcement investigation has been furthered by access to a psychiatric record. I do not know of a case. I will give you a challenge, if you can find a case, bring me a case. Show me the money on this one.
MR. GELLMAN: Well, I am not trying to struggle too hard with what any of you are saying, but the reality is that all of, and I mean when we are talking about this in the criminal context, murders and rapes and whatever, that is the small end of this thing. The thousands and millions of records that are being gotten are all in health care fraud, that is where the big numbers are, there are enormous disclosures there and if physicians were notifying patients of requests that they got from law enforcement agencies, there would be hundreds of thousands and millions of notices to patients every year. And I really doubt that that is going on, I would be delighted to know otherwise, and, I mean, this is what is happening today. This is all existing practice, existing policy, existing law, a lot of this has been authorized by state legislatures and by the Congress in an attempt to deal with what is clearly viewed as a major problem, namely health care fraud, and so this cannot just be dismissed as a minor concern or something that we can just easily roll over and recommend and the Congress will just float away and say, oh, we will take down all these access provisions.
DR. HOGE: I thought we were following the same format from this morning. I am glad you are getting into the health care fraud. I think that is a different scenario, I agree, a different scenario.
MR. GELLMAN: Oh, okay, do you want to tell me why or how or what difference? Does it make a difference if you get a health care fraud subpoena whether you would notify a patient?
DR. HOGE: Well, I think, again in our written statement what we suggested is that certainly if the, in the one instance that we would require full judicial process, that would be our recommendation. In other words there would have to be the opportunity for the patient to show that the records should not be accessed. And I think that that would be, in many respects, desirable for health care fraud but I think obviously that would put the target physician or physicians on notice and I think obviously that would probably undermine an investigation.
So what we have recommended is that there be something like, there be a judicial process, there would be a judicial oversight because I think we do need to restrain law enforcement. I think it is, I would love to ferret out every health care fraud in this country, nothing would please me more. There is a lot of money, psychiatrists could use that money, there are a lot of money who are not treated, not psychiatrists, our patients could use that money. A lot of psychiatric patients are not receiving treatment. If we could save enough money to provide parity for mental health patients I think that would be fantastic. And obviously every dollar that goes into some fraudulent pocket is a dollar that cannot be spent on appropriate patients, whether they are psychiatric or not psychiatric. So we would love to do that, we would love to do that, but there needs to be some way of restraining law enforcement so they are not sifting through records. I do not particularly have anything to hide, Mr. Gellman, but I do not think I would be very happy with the law enforcement people having my medical records. And I suspect if you went out on the streets and talked to individuals on the streets there are lots of people who do not want law enforcement agents to have access to the records whether or not they can ultimately use it to prosecute them or not. So I think we need to restrain them, I think there needs to be judicial process and I think we need to reel some of this in.
DR. PALMISANO: I would just like to add this to the discussion for reflection. The reason we have this big push to get into the medical records because of this statement that there is this great amount of fraud -- everybody gives different numbers out there and so on -- the American Medical Association has come up with a plan, we believe, to solve many of the problems of Medicare going bankrupt and many of the other problems with the program. And better than hiring more law enforcement agencies and allowing them to get into the records quicker would be to allow each patient to be more and more responsible for his or her health. So we have things like medical savings accounts, we have things like the government has to set a budget so therefore the government does a defined contribution, give the individuals more choice in buying private plans, HMOs, whatever they want to buy in the free marketplace out there. Then when you have someone who is responsible for the first dollar coverage, it might be $50, $100, $500, whatever it would be under that particular plan, that individual is the best auditor because that individual had the health care delivered to him or her. And so if there is an EKG or there is a piece of durable medical equipment that they did not get they would say, hey, I do not want to pay this. This is coming out of my first dollar coverage. I do not want that durable medical equipment. The individual who says, well, gee, the durable medical equipment people told me that I need this to go pick up my mail at the mailbox, you know, 50 feet away, and the doctor is saying you really do not need that, I want you to walk, if the patient had to pay a contribution toward that and if the money wasn't spent it went to a medical savings account tax free, then we would have the patient saying, I do not want that, I want to do what the doctor said, I want to walk. So that is just another thought in the big equation here. That maybe we need to back up a little bit and say, let's look at the big picture, why do we have to hire more lifeguards to solve all these people that are allegedly drowning? Why don't we go back and put a little fence up here and the fence would be more patient responsibility.
MR. GELLMAN: Well, I mean, I agree with a lot of what you said but reforming the health care system is beyond our charter.
DR. PALMISANO: I just wanted to reflect on that so that, you meet with important people and you might want to drop that as a part one day.
MR. GELLMAN: Would you like to talk about --
MR. NIELSEN: Well, just very briefly. It is a significant public policy issue and I guess it depends on what strikes the fancy of Congress at a particular time as to what they want to emphasize. If, in fact, we become sensitive now to privacy and confidentiality it is likely some of these things that people believe are overreaching will be shored up. I suspect, given my experience as a defense lawyer for a number of years also, that there is some overreaching going on and that some of the federal laws give far too broad of an authority to get into areas where probably they shouldn't. And it is very difficult to control. I hope that you will come up with the appropriate balance, again, of where we go with these issues. But in my view, it is a public policy issue, pure and simple.
DR. COHN: Actually, I have a question primarily for Mr. Nielsen though I, it is very hard for me not to engage in the discussions around fraud and abuse. I feel I should comment that capitation is another good way to reduce fraud and abuse in certain circumstances.
Mr. Nielsen, I actually am very impressed with your credentials, both being an attorney now for a health care entity but also having been, as I understand it, a district attorney and a policeman. Now, going back a little bit to where we were talking about actual criminal involvement, criminal cases, obviously a privacy and confidentiality bill regarding health care information is going to have to deal in some way with this issue, either to give a complete occlusion to criminal, to policemen and others to deal with information or otherwise restrict them. What advice, having been on both sides of this, would you give a committee looking at this issue or for that matter, Congress or others seeking to put laws in place that would balance things in this area?
MR. NIELSEN: I do not know that I can say much more than I just said. I think there has to be an exception of some sort for the administrative and criminal processes of legally constituted authorities that oversee a variety of areas, including criminal law. I do think, however, in view of what Mr. Gellman has talked about, that with regard to administrative subpoenas for the enforcement of some of the health laws that may have criminal implications, that there ought to be some kind of intermediate fact finder to weigh the equities as to what is being sought versus the nature of the offense in terms of whether there is sufficient probable cause or gravity of the issue to allow process for these records to occur. And perhaps even by that, that could either be a court of general jurisdiction or an administrative law judge in some context, but maybe an examination and language in the subpoena or court order as to the breadth and the scope of the information sought so that we do not have a general fishing expedition that I think both doctors are concerned about. So perhaps the insertion of that neutral component to make the finding, absent those who are going to be doing the enforcing would be helpful in that regard.
MS. WARD: This is actually a question that came early on our conversations. Dr. Hoge, you mentioned early on, a comment about you wanted regulatory activity or legislation to focus on new entities and then you commented later about health plans and employers. Were those the entities you were speaking of about new entities you thought that there needed to be greater legislative authority over?
DR. HOGE: Those are not all of them I do not think. I may not be able to give you a complete list off the top of my head, but again, keep in mind, I mean, I think what is helpful is a conceptual tool to try to sort new entities from old entities. The new entities used to try to help patients. All right? That was our sole function. Doctors try to help patients. Hospitals try to help patients.
Now when you get into functions where you are now talking about denying patients care or denying them payment for care or you are deciding who is going to get insurance in the future or you are deciding who is going to get life insurance based on their medical records in the future, and you start compiling dossiers to answer those sorts of questions, now you are starting, you have transformed the information in my mind, you have transformed the information from information the patient willingly, sometimes gratefully came to a doctor to tell them about into information that is going to be used against them. And I think any entity today that uses information against the interests of the person who gave it up needs to be regulated in some way. And I do not have, unfortunately, I do not have all the answers. I wish I did. I have thought about this some but I do not know enough about the health insurance industry and some of these other industries but I think we need to go in and say to these industries, what can you use this information for? We know we have had, I mean most people do not know about this. I mean, think about all the things you know about now as a, from the virtue of being on this panel. You ask your friends who are not in this field, do they know that all of their health insurance is shared in a data bank and kept forever? Very few people know that. Do they know that that information can be used to deny them health care in the future? People do not know that. Do you know that sometimes insurance companies use that to deny life insurance and other, people do not even know this. So I think we need to get in and say, what can these people do, what can these entities do with the information, how can they use it, how long can they keep it? I think we need patient consent in many of these cases. I think we need to limit the duration that some of these people can hold, some of these entities hold the information. So, yes, we are talking about all of those entities, anyone else who might serve as a clearing house. We know we are going to have, if we progress in the trajectory that we have been talking about we know we are going to have the Equafaxes(?) of the world, the large data banks who are going to be selling, you know, ratings of patients just the way they sell credit ratings now. Is that something we want? Does that promote insurance distribution? I think we need to get insurance industry people in and talk about that. But I think we have a lot of concerns, I mean I have a lot of concerns about that fundamental transformation of information from useful, helpful, beneficial information to harmful, possibly harmful information used in allocation and economic decisions.
DR. PALMISANO: I would just like to add one other comment regarding these databases out there in the sky that your information gets transmitted to. I think it would be nice if there was a way that a patient whose information got into that database could, number 1, supposedly you can write and get the information they have and then say, I remove any right that you have to have this information. I would like it removed. What gives you the right to have my private information? I did not give it to you. Some one else gave it to me(?). I did not fully understand when I signed that little fine print at the bottom of the document. I think patients are intimidated and they sign this fearing that they are going to lose their insurance with their company and this information gets disseminated over there. Personally I recently had, not recently but a couple of years ago, had a coronary angiogram that turned out to be normal and then I found out, perhaps through my own negligence when I did not read the fine print really well that it was going to this database and I challenged why my rates were 50 percent higher for this life insurance policy when my cardiologist said my heart was normal, I had a normal coronaries. And it took several letters until I demanded that the physician, the cardiologist that said that I had an abnormal heart write me a letter and I had my cardiologist give the data to him and they backed off and they gave me a normal rating. But now I understand it is still on that database. And I would like to see a way that we could remove our names from the database if they have no right to have that information.
MR. GELLMAN: Well, let me pursue the informed consent issue a little bit. There is a lot of rhetoric in this area about the importance of informed consent and the need to have informed consent. And you just made the point yourself that you, you know, signed the form without paying attention to it. And the general question is, do patients understand consent forms that they are offered to sign? Are patients capable of negotiating changes in consent forms and is the consent process strong enough to support all of the weight that everybody wants to put on it as a way of controlling all of this?
DR. PALMISANO: Well, I think the informed consent process is well developed for medical treatment, extremely well developed for medical treatment.
MR. GELLMAN: That is a completely separate issue.
DR. PALMISANO: A completely separate issue, but I think that if we applied those rules and said, you cannot harm this patient who demands that full information be given and if the patient elects not to participate in this data bank you cannot deny insurance to this patient, that would be a step in the right direction. I mean, why should it be as a condition of insurance when the patient really does not have a lot of choice unless we change the whole health care system, and that is part of the AMA proposal, give people more choices so that those, if the employer says this is what you get, you don't want it? Well, I do not know what you are going to do. I guess you do not have insurance, but this is the plan we went with because the dollar coverage was better. But I have to give up my doctor I have been to 20 years. Well, that is the economics, you know,. Health care costs are out of sight and this is what we have to do. The patient feels very intimidated, I can tell you that. I have lost patients who have come to me for many years and they say, doc, I do not know what to do. And I say, just keep coming back and I will treat you for free. And the patient just felt embarrassed and did not come back.
MR. GELLMAN: Dr. Hoge, would you like to talk about this informed consent issue?
DR. HOGE: Sure. I agree with everything my colleague said. Let me just say a couple of other things. I think that the informed consent issue comes up for a couple of reasons. I think that we all know that patients come in every stripe and that relatively speaking not many patients are extremely well informed. I mean, patients are sick when they come to doctors and they are under a lot of stress and it is not the best time to be educating patients. I mean, it is a process to educate patients.
Nonetheless, there are some people who are educated. They know what they want. They know about the databases. They know what their alternatives are. I think that there will be many cases in which patients would be able to act on their own behalf. I think and I think the AMA and the APA's positions are very similar on this point, that we have to have the doctors, we have to maintain the role of the doctors as the fiduciaries, as the protectors of patients. And I think what we are seeing now, at least my interpretation of what we are seeing, is that with so many changes in the health care system, with all these, again, all these new entities kind of coming in and making inroads into the health care system, that patients are starting to learn that doctors cannot always protect them. And now we have, you know, we have had bills over the last three years with all sorts of notions about who can have the record and who is going to be able to transmit information and the doctor is not particularly important in some of those schemes. And if I were a consumer and an educated consumer, I guess if I were a consumer I hope I would be an educated consumer, that I would want to say, I want control. I want control of everything. So I am very sympathetic with the fears of the consumer groups.
On the other hand, I think the best solution is to shore up and do whatever we can do to ensure that the doctors are the important gatekeepers in this system and that these other entities cannot misuse the data.
DR. DETMER: Yes. This has been a very useful day. A very different question, one of the other issues that the Kassebaum/Kennedy legislation gives to the committee to recommend to the Secretary is the issue of unique identifiers and the issue of unique patient identifiers. And I am just curious what are your thoughts or positions of the organizations are, what thoughts you have on that for the committee.
DR. PALMISANO: Well, the American Medical Association is against unique patient identifiers. They can too easily be linked to other things. They are certainly against the social security number being a unique identifier, and they are against unique identifiers in general. We see no reason for it and we always go back to the issue of if it is in the patient's best interest. How is the patient going to be benefited from this? Or we see other people linking in and I know that you have given the example, Mr. Gellman gave the example that most of the time it is internal abuse of confidentiality as opposed to hackers breaking in but I would be willing to wager that when there is this giant database containing everybody's information out there there is going to be a big incentive for hackers to get into that information. And I think they will get into that information. And so the less we put all of this information about our psychiatric care, about our personal, private illnesses in other areas also in this database, the better chance we have that we can protect our privacy. So our position is we are against the unique patient identifier.
MR. NIELSEN: I think the unique patient identifier is fundamental to the kind of system that we are attempting to develop. We certainly do not agree, as Intermountain health care, and I know it is AHA's position, that the social security number ought to be that identifier. It is not secure. It ought not to be what is used. Rather than that we have developed what is called an enterprise master member index number which is the very unique number and identifier that is assigned to each patient. That is the access code, if you will, by which patient information is identified.
MR. GELLMAN: Excuse me. Do you also maintain a social security number in the system?
MR. NIELSEN: That I do not know, that I do not know. I will find out for the committee if you are interested in that. I am not certain. I do not think so but I will find out and let you know.
At any rate, without that concept being incorporated into what we are trying to do, we are not going to be able to have our longitudinal data record mean anything. So we are in favor of some sort of unique identifier for patients for the purpose I have described. We are certainly not in favor of using the social security number.
MR. FANNING: Can I just follow-up, other systems, do you envision them developing their own unique identifiers and will the information about your patients be sharable with other systems?
MR. NIELSEN: Other systems outside the Intermountain Health Care System? No, they will not.
MR. FANNING: Oh.
MR. NIELSEN: These are intended to be system-specific within the Intermountain Health Care System.
MR. FANNING: Does that often happen that you have patients who have received care on occasion from outside or that you provide care to people from other systems?
MR. NIELSEN: Yes, surely.
MR. FANNING: And that, the necessary information is transferred with names and so on to assure that it is going for the correct record?
MR. NIELSEN: Yes. Intermountain Health Care is an integrated system. I mean, those unique identifiers will be used across the system, both in the clinics, the doctor's offices, the hospitals in the system, likely with out affiliated physicians who are non employees and I cannot answer the question, I wish Mr. Larson were here to answer it, whether or not that identifier would be shared with non IHC insurance companies. I do not think it will. It is intended to be used only within our system so that we can have complete access within that system at any point of delivery with respect to patient information.
DR. PALMISANO: May I ask a point of clarification? Mr. Nielsen's comment, are you asking the question about a unique patient identifier nationwide, as opposed to inside their particular clinic because right now many clinics --
MR. FANNING: -- recommend to the Secretary what our recommendation --
DR. PALMISANO: So I think you are talking about a national one so I would like to hear his answer in regard to, I mean, the [unintelligible] Clinic, the Leiye(?), the Mayo, they have their own unique patient identifiers which no one is against, that is their business. They are not going to be sharing it with the world nor will people be able to access, unless they break into their computers. But we are talking about a national unique identifier.
MR. NIELSEN: I have given this a bit of thought. Many of you, I am sure, were as curious as I was to listen to the, Mr. Clinton's State of the Union address when he talked about putting health care information on the Internet and having it readily available. I suspect there are many in this room who cringed, doctor --
DR. HOGE: I am just wondering if he is going to put his data on.
MR. NIELSEN: I do not know how, I do not think I feel very good about something like that. While I am certainly an advocate on behalf of our system of the kinds of things we are doing systematically, because I think we can control it, to talk about some sort of national personal identifier that tags an individual with the thought of eventually having this information electronically transferred on the Internet, frankly scares me to death.
Have we said something that is agreeable for once?
[Laughter.]
High 5's all around.
MR. GELLMAN: Dr. Harding?
DR. HARDING: Mr. Nielsen, your organization that you work for, not who you are representing here, has 350,000 people I think you said.
MR. NIELSEN: Covered lives.
DR. HARDING: That is, of course, pulled together in a database for use, internal use. And that is certainly a very valuable database to some people. You said that you have not given or reused that database and sent it out to any other group. But have other groups approached you for access to that database?
MR. NIELSEN: I think they have. And, in fact, I think there would be many health care systems who would like to have access to our data, to our data banks and the kinds of things that we have developed for disease control, clinical management. There has even been talk of legislating, that that be shared with other entities. We would resist that for not only the fact that it is proprietary but certainly because we think it begins to impede upon the very issues that we are here to discuss. It is a proliferation of patient information over which we begin to lose control.
DR. HARDING: We had several people from pharmacies testify last time and they said that they would give, for instance, a company who makes a special kind of insulin, would give them an amount of money so that the pharmacy would then write to every patient who has diabetes and recommend this type of, or give informational material about that type of insulin. Have you done any of that or have there been any of that kind of use of the database?
MR. NIELSEN: I know that there has been some activity with the pharmaceutical companies, to what degree I am not certain. I will find out and let the committee know.
DR. HARDING: I am not saying that is wrong, and then that it can be educational purely. I guess though that it is a fine line sometimes.
MR. NIELSEN: It is and my sense would be that we would be very reticent to give out patient identifiable information. Rather it would be either encrypted or aggregated kinds of information. We do not do a lot of work with encryption at IHC. It is either identifiable or blinded in some way.
MR. GELLMAN: Simon?
DR. COHN: Actually, I have two questions. One is just a clarification from Mr. Nielsen and then another question for the panel. I just wanted to clarify regarding your comments regarding the universal patient identifier, whether that was your personal or Intermountain Health Care's position or since I know you are here for the American Hospital Association, whether that was their official position.
MR. NIELSEN: I am speaking for Intermountain Health Care. If there is a mode available I will be happy to speak for AHA at the same time but that was directed to our system specifically.
DR. COHN: A general question for the panel. There are a number of other identifiers that the committee is going to be having to make some comment on. Certainly the universal patient identifier is one but there is also a universal provider identifier which will be being discussed at our next full meeting, and the patient identifier, [unintelligible] peer(?) identifier. So provider identifier and peer identifier. Do you have any concerns about any of those?
DR. PALMISANO: The American Medical Association does have concerns. They are willing to consider the provider identifier under certain circumscribed set of circumstances. Certainly not to be shared, but, you know, they are willing to talk about that. But not disseminate it. We have specific conditions where we want that limited for very specific use.
DR. HOGE: We have not really discussed that issue in the APA. I think, you know, again, on the face of it unless there are going to be uses of it that I do not understand, having an identifier for providers I do not think raises the same kinds of concerns that are raised by having a single identifier for patients and then used to link all their records. But obviously I would like to hear more about what is going to be done with that and it might be necessary to discuss that in our organization.
MR. NIELSEN: I have no comment.
MR. GELLMAN: Mr. Nielsen described his company's database. You both talk about, talked about a patient having the right to have their record removed from a database. Is that the kind of database you are talking about?
DR. PALMISANO: No, sir. He is talking about, I assume -- correct me if I am in error -- but his medical treatment database, his group of physicians in his hospital, in his clinic, in his entity, in his managed care entity, whatever we are describing there, whatever he means by that. But that is the way I interpreted it, just like it would be a hospital database or a physician clinic like the Mayo Clinic or the Auschland(?) Clinic and so on. No, I do think the patient, I think that is the physician's record of the patient's activity and the patient should have a right to that.
I am talking about linking this to some other giant database that all the insurance companies send their information to so that they can query this database later on. I do not see any way that this helps the patient. It only works to the detriment of the patient and often has erroneous information.
MR. GELLMAN: Well, is there such a database?
DR. PALMISANO: I think there is.
MR. GELLMAN: What are we talking about?
MR. NIELSEN: It is a, what do they call it?
MR. GELLMAN: Are you talking about MIB?
[Affirmative responses.]
MR. GELLMAN: Well, MIB is a database of information. The only information that is there goes with the consent of the patient, consent of the individual. When you apply for life insurance you sign a form that says, I consent for my information to go to MIB. They do not collect information otherwise.
MR. NIELSEN: I do not think they do either. I think it is probably only coded information anyway rather than patient-specific.
MR. GELLMAN: Well, it still can be used against the patient in a very detrimental way whatever it is.
DR. PALMISANO: I guess my question is, what advantage is that to the patient? Is that truly an informed decision making process by the patient? And I would go back to your original question. I do not think it is informed decision making by the patient. And why should they have the right to continue that?
In other words, we ought to be able to withdraw consent. If I give my consent to have an operation and the morning of the operation before I am sedated I say, wait a minute, I have changed my mind. I have had a patient do that. I said, okay, if you changed your mind that is fine. And I had to stop and not do the operation.
So, the same thing. Why should they have that database? It is not as though they treated me and they need that for their protection in the event I allege they did something that they clearly did not do. They are not my treater.
DR. HOGE: Yes, I guess I agree and want to amplify a little bit. Most of these consents, what you are calling a consent, are, you know, simply you are conditioning the benefits on signing the consent.
MR. GELLMAN: It is a condition of applying for life insurance.
DR. HOGE: That is right. It is a contractive adhesion in a certain sense.
MR. GELLMAN: Isn't that true of the consent forms I sign when I go to my doctor's office? I have to sign a form that says I authorize disclosure of any or all my information to an insurance company.
DR. HOGE: That is your insurance company. That is not the doctors, I mean, that is not us.
MR. GELLMAN: I understand. But you are the ones presenting the form.
DR. HOGE: Well generally you sign that, at least in my experience -- I do not hand out these forms -- but my experience is that you sign that waiver when you sign up for insurance and you have no choice.
MR. GELLMAN: Right, that is my point.
DR. HOGE: That is a problem.
DR. PALMISANO: But I say you do have a choice. In other words, if you come to me and you say, I do not want that, I say, fine, just scratch it out. We won't send it to anybody. I will just send it to you.
MR. GELLMAN: Well, but we had the insurers here the other day and we asked them about this and they said, we never get the consent forms that physicians get signed from patients. We never see them. They are never transmitted upstream so we just assume that there is a consent on file and we just process the information. So whatever a patient happens to sign on one of those forms and says it is only good for six months or do not disclose it to X, everyone else in the food chain does not see that signature, does not see that limitation. And so it has no effect.
DR. PALMISANO: Yes, but I am not sure that the fact that somebody does not see it, in other words, if you come to me and you tell me, don't send this to the insurance company, I am going to flag that and say, don't send this to the insurance company. And if it is sent to the insurance company then we made an error but we are not going to do that deliberately.
And we are going to say, look, your insurance company, by the way, they are not going to know you got treated so they are not going to be sending you any money so how do you want to handle this? What did you have in mind? And then they will have to make that decision. And if they say, well, treat me free or they say, I will pay you on my own or whatever, then we will work something out.
DR. HOGE: But obviously ideally that situation would be not to have insurance benefits conditioned on this sort of consent.
MR. GELLMAN: You mean so the insurance companies are supposed to pay claims without being able to verify them?
DR. HOGE: Well, but the information, again the problems, I do not think, relate to minimal billing information. It is when the insurance company or the managed care company demands broad access to records. Those are the problems. So, I mean, I guess the discussion, which I suggested earlier, should be about what can insurance companies, managed care companies ask for? What is legitimate for them to ask for? How can they use it and how long can they keep it? Obviously the insurance company has an interest in making sure they are getting what they paid for and they are not being defrauded, you are just not sending in bills. But I do not think that they need, I mean, we are talking about in some facilities, I do not know, I do not believe that this takes place at Kaiser or some of the other places, but it does take place in some companies where the managed care company has the capacity to come in and either do it on computer or come in and do it in person. They take the entire medical record. And I think that that is inappropriate. And I think it is unjustified and I think it is particularly unjustified then to maintain those records, which they often do.
And let me make one more point and then I will let you go. Going back to, I guess Dr. Palmisano made the point earlier, you asked about data banks and I agreed with most of what we said by my AMA colleague, but I think fundamentally you have to look back at the functions which I described earlier to you, and it is not, I mean, there are lots of data banks out there where the information is being used for purposes other than helping the patient. Managed care companies, not all the managed care companies have the fire walls that are in place at Kaiser. There are many that are not. And there are many places that, at least if one can believe the newspapers, and maybe one cannot, but if one can believe the newspapers and other reports for the consumer groups we have instances of people being denied future benefits, life insurance, on the basis of information they have never consented to be sent. There is no firewall. The information goes, flows readily from the clinical functions into the other insurance functions and then on into non medical insurance functions and that is a problem.
MR. GELLMAN: Well, I agree with that. I am not sure in a life insurance area that that is my understanding of what happens, but I am not in the business here of defending how MIB operates. It is not a health insurance system. It is outside the scope of all the health insurance systems. It is a different kind of an --
DR. HOGE: Aside from MIB though. I do not know a lot about MIB.
MR. GELLMAN: Neither do I. But aside from MIB, I mean, some of these other things you talk about benefiting the patient. Do patients benefit from cost containment activities? Do they benefit from utilization review? Do they benefit from peer review? Do these fall in or outside the border of benefiting the patient?
DR. HOGE: I think most of the things you listed clearly do not benefit the patient, and I do not think anyone would suggest that they do.
MR. GELLMAN: Many of them are authorized by law. Does that help?
DR. HOGE: Well, we can change the law, Mr. Gellman, I thought that was what we were here for.
MR. GELLMAN: Perhaps but a, I am not sure that is within our scope and b, Congress just went through, every Congress, every session of Congress they pass new laws in this area. If you think they are going to turn around and march the other way, I hope you are right but I doubt it.
DR. HOGE: Well, if we are concerned about privacy we need to march the other way in some of these areas.
MR. GELLMAN: Well, I actually agree with you but I am also more of a realist perhaps and if you want to get something done you are going to pay the price, and some of these things are prices that have to be paid. It is the same thing we talked about the law enforcement stuff. There is a price to be paid. And you cannot get what you want, you can only get part of what you want because everybody else has to get part of what they want as well. Anyway, we are not that -- I have some other questions --
MR. NIELSEN: I would certainly disagree with the notion that quality assurance, utilization review, those kinds of processes do not benefit the patient ultimately. They do. They benefit the patient not only in better quality of care but also in cost control.
DR. HOGE: Well, I would agree with you just -- I am sorry --
MR. NIELSEN: And they ought, insurance companies who engage in that type of appropriate conduct ought to have available to them the necessary information in order to conduct those processes. That is very important in the current environment in which we are existing these days.
DR. HOGE: I did not mean to interrupt. I think I would agree with you in general, I mean, I think you have to think about those functions, at least some of those functions as analogous to research and public health. They help in the aggregate, society or the covered lives that you are reasonable for. They do not help individual people one by one. If you deny me health care I fail to see how that helps me. Now maybe if you allocate the money that you save by denying me health care to better uses of that money, then I think in the aggregate you can make the argument that you have benefited society and your covered people. So I think that is the distinction I am making. You are not helping me individually.
DR. PALMISANO: Just to go back to the point, Mr. Gellman, about that the physicians are filling out these forms and sending them in. I am old enough to remember when I first went into practice what we did. We filled out the forms, we would help the patient, we would fill out a standard form and give it to the patient. The patient would send it in so the patient could see what we did and the patient could read any fine print at their leisure with their other family members, with their lawyer, whatever. Send it in, they would get paid the money and then we trusted the patient to pay us the money.
I still think that is the best system because it makes the patient responsible. They can say, oh, look, the doctor put something on here that I did not get. So now we have somebody preventing a possible error that could be looked at as fraud. So that prevents that.
We have all these inspectors, namely the patients, and I realize your time is almost up here and there are people standing at the mike, but I would just, wanted to offer two last things if I could.
One is on the research issue, I really did not delve into that. It is more in my written statement, but just to emphasize that we really need to clarify what we mean by research. The institutional reviews boards we look as a good model. But economic research done by entities that really do not benefit the patient, it is for their own economic good, I think that they ought to be looked at very carefully and there ought to be stringent rules about them getting the information for their own purposes and not for the patient's benefit.
And the last thing that I wanted to offer is that as you look at each issue that you have discussed with us and with others in the past and tomorrow and so on, that if we keep the standard that, is this in the patient's best interest? And if we hold that up as a standard, that really, does this protect the patient's privacy, is this going to help the patient, that that ought to be our standard, to do what is in the patient's best interest, to do no harm.
MR. GELLMAN: I want to cover one more area before we adjourn here. I want to talk about patient access to records. All the bills, all the proposals, I mean, it is a common provision in all proposals to give patient the right of access to their records and the right to seek correction. And first I want to just deal with this at the broadest level. Does anyone disagree with the basic proposition that a patient should have access to his or her records? We will deal with exceptions in a minute, but just the basic proposition?
MR. NIELSEN: Not the basic proposition.
DR. PALMISANO: No.
MR. GELLMAN: Dr. Hoge?
DR. HOGE: No.
MR. GELLMAN: There are a variety, you look at the proposals and there are a variety of things that are exempted in different ways. I just want to go over some of these because I think they are worth talking about. Should there be an exception, we are talking about first party access here, access to your own records, should there be an access exception when there is information in the record that pertains to another person? Speak up, Dr. Hoge. They cannot hear you when you shake your head.
DR. HOGE: Yes.
MR. GELLMAN: Dr. Palmisano?
DR. PALMISANO: Well, I think it would be, it would depend on the circumstance. For instance, if there is information in there that was, that they already knew, I mean, I am trying to think of a scenario where in that patient's information -- it might be more sensitive in the psychiatric area -- but the material that would be in my surgical notes at the office and in my surgical dictation I am trying to think of a scenario where there would be a problem with a patient seeing that. I would not have confidential information about some other patient in that patient's medical record.
MR. GELLMAN: Well, arguably you might have confidential information that was supplied to you by a third party about the patient. I come to you and say, you told my father not to drink milk but he drinks milk all the time and I want you to know that. Don't tell him I told you that.
DR. HOGE: Or alcohol probably would be a better example.
[Laughter.]
MR. GELLMAN: Perhaps.
DR. PALMISANO: I probably would not phrase it that way in the record.
MR. GELLMAN: Okay.
DR. HOGE: Yes, and maybe this is more of a problem in psychiatric records and I should explain a little bit more. It is not uncommon for psychiatrists to get information from third parties, from spouses and other people. There are some occasions, you might think of group psychotherapy where you would be taking notes as well about possibly an interaction between two patients. And, you know, again, it is not uncommon, at least among a certain, you know, a certain segment of our population, of our treatment population for there to be instances in which spouses are asking us not to convey information to the patient and so on. So sometimes that information could be very, very detrimental to disclose. Not to suggest this is common, but, you know, in some cases it may threaten the relationships involved, maybe even the welfare of the confidant.
MR. GELLMAN: Well, let me just sort of, the point is that this is something that needs to be discussed without getting into the specifics here.
There is an older traditional which I think is passing from the scene that would allow physicians to withhold information from patients where they determine it would harm the patient. It is more of a paternalistic standard, if you will. And it seems that over the last generation or so that the movement has gone the other way toward basically allowing patients direct access without this kind of a standard basis for withholding records. I wonder if you have views on that?
DR. PALMISANO: Well, yes, we do. This is akin to the therapeutic privilege where it would be, we are going to withhold the information from the patient because it is in the patient's best interest not to know that. It is difficult to find that in the law where it is upheld. They usually say yes, we recognize that but it does not apply in this case. So, physicians are very reluctant to apply that.
But there are circumstances where if someone is depressed and you do not want to give them the information right at that time because you believe that this may force them, that they may actually leap out the window before you can get a psychiatric consultation for the patient, I think that is the appropriate thing to do. And it is our view that you have to do what is in the patient's best interest in that situation where it is going to cause harm to the patient to know that information.
Our basic view is that the patient should know all information about their medical condition unless it is going to cause a threat to their life or harm to someone else in their immediate situation.
MR. GELLMAN: Well, the harm to someone else I see as a separate issue --
DR. PALMISANO: Right.
MR. GELLMAN: -- and one that is actually provided for in some of the exceptions. Dr. Hoge?
DR. HOGE: Well, again, obviously I would extend the exception a little bit further than you suggested. I do not know that it is a trend that has left the scene. I think it is probably the most common practice in the country for at least there to be some consideration, certainly in psychiatric settings, some consideration for what is in a record before it is disclosed. And obviously, you might have to, we have already talked about one set of circumstances where you might have to redact the information.
And you are going to take out harm to others. Harm to self, you know, of course, you know there may be situations in which certain information would lead patients to be suicidal or might damage them in other ways. So I think there needs to be that exception.
I will have to say in my experience, and I have had some experience in this area -- I am consulted when this happens -- it is not a very frequent occurrence. This is a very, very low frequency exception we are talking about.
MR. GELLMAN: Well, one of the problems here, I think this is an area in which some of the people in the patient advocacy community feel strongly that if you have a general standard that is too loose, it just creates, it just makes it too easy for physicians to say, well, I just do not want to give the record. We do have experience, for example, under the federal Privacy Act where patients have an absolute right of access to their record. There is no exception in the medical area and we asked some of the people we had testify here from the VA and DOD, said does this create any problems and the answer was none. So I do not think we are going to resolve this but it is an area at a minimum, if there is going to be advocacy on behalf of some kind of exception it ought to have a pretty high standard at a minimum, if it can be justified at all.
DR. HOGE: There was a, I believe it was in Washington, I think it was in the District here that a patient got access to information they should not have had and killed, I believe killed his psychiatrist. So there are occasional problems.
MR. GELLMAN: Well, whatever you do there are going to be occasional problems. And, as I said, the exception for harm to a third person is different than harm to yourself. So, do you have any comments on this?
MR. NIELSEN: I agree with what has been said. I just listened to a three hour debate on this issue and I think the consensus among our physicians and hospital personnel was that the physicians, no matter how archaic some people argue it may be, still ought to retain the professional responsibility of making those kinds of determinations when people ask for access. It ought not to be unrestricted, in other words.
MR. GELLMAN: Dr. Hoge, does the psychiatric profession want to withhold treatment notes from patients?
DR. HOGE: Again, my experience is that when patients ask for them, which is not extraordinarily common, that psychiatrists are willing to share notes. Often there is a reason, I mean, there is some exploration that often needs to go on, why do you want to see the records, are you concerned about something. And that kind of discussion may or may not be appropriate depending on the patient.
And the other problem, I guess the other concern that psychiatrists typically voice, and I do not know whether this generalizes to surgery and other fields or not, is that often it is very difficult to understand notes in medical records. Psychiatric records are often written in the jargon that we go to medical school and do residencies to learn and patients do not know, necessarily know what a diagnoses is. They probably know what a gall bladder removal is but they do not necessarily know what schizophrenia means or other disorders.
So, depending on the situation, I mean, there may be situations in which psychiatrists want to sit down and go through the record with the patient. That is not an uncommon practice. Obviously it is time consuming and so on but that is done and I do not think we have any per se distinctions other than the one we have talked about, that we would want to have some discretion to withhold certain information from a small handful of patients.
MR. GELLMAN: Let me bring up two smaller points here. If a patient sues for malpractice they are going to be able to get access to all the records without exception. And maybe some other kinds of law suits would generate the same thing. So that creating exceptions is a barrier, is not a barrier to a determined patient.
DR. HOGE: Right.
MR. GELLMAN: And I recognize that in a lot of cases the patient who maybe should not see a record either will not ask or could be talked out of it, and that is why the problems with, you know, drawing lines that we do not have to give this to you and the patient, okay, I will go sue you in which case I will get the record. You know, I will get this record if it is the last thing I do, and that is not all patients by any means but it is enough. So I think that is a sort of generalized concern here that, you know, sometimes you may get what you ask for if you do that.
The other side of this has to do with sort of the informed consent process. If there are records being withheld from the patient how can a patient give informed consent to their disclosure to somebody else?
DR. HOGE: I am sorry, go ahead.
DR. PALMISANO: I am not sure I understand the question. What would be withheld from the patient?
MR. GELLMAN: If there are records being withheld from the patient on the grounds that they are harmful to him, how can that patient give informed consent to disclosure of that same information to an insurance company or some other third party? This has to do with the nature of the informed consent process.
DR. PALMISANO: Yes, I guess, I was thinking in terms of that situation where there would be some mental condition that if the patient knew about this new condition right at the moment, before we got psychiatric consultation for the patient, that the patient might do something harmful to him or herself. But certainly we give the information. I cannot think, in 25 years of private practice I have never refused to give a patient their record. I mean, if they come in and say they want the record I will offer to, would you like a summary in addition or just a summary? What is your purpose? Whatever you want we will give it to you because as he pointed out, Dr. Hoge pointed out, sometimes it is not clear when someone just looks at the progress notes that there has been no operation with a formal dictation exactly all the nuances of the diagnosis. And we are happy to translate that and dictate it for the patient. So I have never refused in all these years a patient getting full access to their record.
Certainly if someone files a medical malpractice suit, I mean, that is routine. They get that in discovery. Subpoena comes and they have the record and they have a right to that record.
MR. GELLMAN: It just seems to me that in fashioning, in fashioning a rule here that these are all considerations to, you know, I mean if your experience is that you have never withheld a record from a patient and, you know, the circumstances in which records, in fact, need to be withheld are extremely narrow it may just be simpler to have a blanket rule. And, you know, the opportunity to explain procedures under which access can be delayed while records are being compiled can all be used in a way to deal with some of the concerns, but the basic principle that people should have the right of access to their own record, I mean, I am not saying that there aren't circumstances in which that is not the case, but I think there is a heavy burden and given some of the other constraints of the system maybe something needs to be looked at. Dr. Hoge?
DR. HOGE: Keep in mind when there are releases of information, the question you initially asked, rarely is the entire record transferred. The only cases in my mind where we send an entire record would be to another treating physician who would then have the same responsibilities that I would have, as the person who sent it.
MR. GELLMAN: What about when you send them to an insurance company?
DR. HOGE: Well, but that is, again, that is a problem. We try to limit that information. I think we need to limit it. That is a problem that I am hoping you will take on. If we do have releases that are authorized or brought to us by patients, one of our jobs is to try to help the patient limit the disclosure in a way that does not intrude any more than necessary into their privacy. And I will typically show the patient what I send. And it is not uncommon for a psychiatric patient to say, well, my employer says, I bring in a release of information and say, my employer wants all the records of my hospitalization before I can go back to work. And they have written out in their employer's office a blanket release of everything. And that would be crazy to comply with that kind of consent because you know it is not going to help them. So typically in those situations you would write a more limited letter. That Mr. Jones came and had such and such condition and now they are treated and they do not need, they will need ongoing psychiatric care but they are ready to return to work. You do not need to give the records about how Mr. Jones was manic and naked and running in the streets and doing all sorts of things that is only going to embarrass him to his employer. So I am not sure there is really an informed consent question posed by your question.
MR. GELLMAN: Well, I think that we are sort of dancing around some of the same problems that come up in different ways. I mean, I am clearly very sympathetic to the problem that you just identified with disclosures to employers or whatever, or to insurers, and it is a very difficult area.
Writing standards in this area is something that has eluded everybody beyond the general proposition that all disclosures should be limited to the minimum amount of information necessary to accomplish the purpose. But that is not much of a standard. And if someone has a better idea we would love to hear it.
DR. PALMISANO: Well, you might want to look at the model of the worker's comp where there is a form frequently worked out with the physicians and the companies in the area and say, what is it you really need. We say light duty. The man at the plant says there is no such thing as light duty here, doc, you know, wise up. So everybody gets together and they try to put in medical terms what it is that will satisfy what the company needs to know. And it is just limited to that.
So under the worker's comp laws they have the right to get information about the injury that they are paying for and the patient give that right for them to get the information but they do not get the past medical records, such as the manic and running through the streets. When I get a request for a patient's entire medical record, I mean, we immediately flag that request and I call the patient up and I say, Miss So and So or Mrs. So and So, I have a request from your insurance company for your entire medical record. Now let me remind you what is in the medical record here briefly. It depends on whether they have been treated for just a short period of time or a long period of time. Do you want me to send the entire medical record? I will do whatever you want. I will give it to you and you can send it. You can look at it and then you can send it.
On the other hand, if they say, no, I do not want all that information to go, what happened six years ago, and I say, well, I will just go ahead and send them this limited amount despite that thing that you signed. I will say patient requested that we send information regarding present treatment. And rarely does anybody complain. I am not sure, I think maybe a blanket statement they send out for that, but I do not have anybody running in and saying now we want a subpoena on that or whatever. That has not been a problem. But I always call the patient first and let the patient tell me again. And they say, oh, no, I did not mean for all that information to go.
MR. GELLMAN: All right. I want to thank you all for coming today. It has been a long afternoon and I think it has been very helpful and that your statements were very good and I think the discussion was very useful.
We did not have anyone who signed up to speak --
DR. NAGEL: I did sign up. Thank you for this opportunity to make a short comment. I will be testifying tomorrow so I will not take up your time making a longer comment, but I did want to just ask a point of clarification from two of the panelists here today if that would be okay.
I am Denise Nagel. I am a physician, a psychiatrist and the executive director of the National Coalition for Patient Rights. And I wanted to first say that as a physician, a psychiatrist and a patient, it was really very heartening to have Dr. Palmisano and Dr. Hoge representing our interests. I think they really spoke eloquently and strongly for the need for patient rights and I thank you on everyone's behalf.
I wanted just one point of clarification because at first it seemed very clear and then it seemed a little more ambiguous and it had to do with entering information into computerized data banks. And I know the American Psychiatric Association has a recent policy guideline on this issue saying that patients in consultation with their physicians should be able to leave information out of a computerized medical record if the patient believes that it is too sensitive and it would interfere with their care. And I had the sense from many of Dr. Palmisano's comments that he shared the view that if a patient would feel that having information disseminated within a computerized network would interfere with their care, that they ought to have the opportunity of being able to say that they would wish to have that information not entered into a computerized network. Am I correct on that?
DR. PALMISANO: That is correct.
DR. NAGEL: Thank you.
MR. GELLMAN: We are adjourned until 9:00 tomorrow morning.
[Whereupon the meeting adjourned at 4:25 p.m.]