Privacy and Unique Health Identifiers
- :: 6 Works Cited
- Length: 1324 words (3.8 double-spaced pages)
- Rating: Excellent
privacy and confidentiality.ABSTRACT: Privacy protections for medical records present a regulatory nightmare. Quick retrieval of medical information is critical to quality care since it gives a doctor a patient's history in a short amount of time, but quick retrieval can also degrade privacy. In order to balance the two, the 104th Congress mandated that the Department of Health and Human Services develop and promulgate a standard for Unique Health Identifiers (UHIs). In this paper I examine the costs and benefits of unique health identifiers and conclude that forcing the adoption of such a standard at this time would have a negative impact on patient
Privacy protections for medical records present a regulatory nightmare. Medical records are critical to quality care since they give a doctor a patient's history; they are key to preventing dangerous drug interactions, complications from allergies, and harmful drug side effects. Medical records also play a key role in medical and health system research. The information in a patient's medical records, however, can be used for much more insidious purposes; denial of medical care, denial of employment, character assassination, and extortion are all consequences of medical information falling into the wrong hands. The difficulty of balancing these needs has resulted in a thin patchwork of regulatory protection of medical information; as one commentator has noted, federal law protects video rental records more thoroughly and completely than medical records. 
Some legislators and administrators have advocated the use of "unique health identifiers" (UHIs) in order to allow doctors and researchers to properly access medical records while preventing some forms of misuse. When Congress passed the Health Insurance Portability and Accountability Act in 1996, they specifically included a requirement for the Department of Health and Human Services to develop standards for UHIs by 1998.1  The Clinton Administration, however, indefinitely postponed creating this standard, saying that further legislation protecting medical record privacy needed to be enacted before they would promote a UHI standard.  In this age of ubiquitous networks and nearly free-flowing information, UHIs tip the balance between privacy and accessibility too far to one side; unique health identifiers pose a unique threat to privacy.
Undeniably, UHIs offer several benefits to the medical community, particularly in the areas of patient care and research. Proponents of unique identification claim such a system would improve the quality of medical care by allowing doctors and other medical agencies to obtain a complete medical history quickly.
 Information technologies would allow quick retrieval of information from several different sources, avoiding the potential confusion caused by people who have similar names or duplicate social security numbers. As health databases become more and more integrated, a unique identifier for medical information will become more and more crucial to porting medical data between doctors and managed care organizations.
UHIs also present several benefits for medical research. As the GAO stated in a 1999 report to Congress,
Medical information is used for a number of research purposes...while such research is sometimes conducted without information tied to identifiable patient records, other research relies on personal identifiers to track treatment of an individual over time, link multiple sources of patient information, or verify such information. 
Unique Health Identifiers would provide a simple means of linking various sources of patient information without giving up the patient's name or other personal information, thereby protecting a patient's identity during a medical study. Also, by linking patient information, Unique Health Identifiers provide researchers with the means to track an individual in perpetuity without any information that truly identifies the individual.  Also, through compilation of anonymous patient data, researchers can better understand the spread of disease throughout the population-a great aid to epidemiological research.
There is also an argument as to how UHIs could better protect privacy in the system through preventing accidental disclosures of information and unauthorized access. Use of a coded identifier would prevent both authorized and unauthorized users from accessing information out of curiosity or spite unless they had the patient ID or access to the algorithm for generating identifiers. Such an identification number would serve a purpose similar to a bank account or credit card number, giving the lab technician or researcher the minimum amount of necessary information. 
Unfortunately, the implementation of such a system would have significant dangers. The sensitivity of medical data warrants special protection that would be degraded by unique patient identification. Simson Garfinkel notes, "Today, medical records have an expanded role-a role that doesn't involve primary healthcare. They are used by employers and insurance companies to decide who should be hired and insured...even marketers are buying up medical records in search of sales leads."  Because medical records are often used for such purposes, linking them to a unique patient poses a threatening "brave new world," where complete profiles of individuals are maintained on large corporate mainframes. 
Lack of confidentiality of medical information can also degrade healthcare and health research. Since medical records are often involved in employment or insurance decisions, doctors often report alternate diagnoses for potentially stigmatizing diseases  or simply refuse to report their diagnosis . Without accurate and complete information, medical information is rendered useless. UHIs would merely exacerbate this problem. A stigmatizing disease or condition is easily known to anyone who has access to the patient's records; linking a complete history under a single unique identifier would allow employers, insurers, and snoopers to obtain information easily and quickly.
Even with further privacy protections, recording a patient's entire history and linking it to a sensitive piece of identifying information could prove damaging to privacy. If, for example, a young man had been treated for a form of venereal disease, such information would be inextricably linked into his medical records. While he might wish that this information be kept private, it would be accessible to every doctor, nurse, and hospital attendant who had cause to view his medical records. Linking patient information to a unique identifier would further remove a patient's medical records from his control, further degrading medical privacy.
While Unique Health Identifiers offer some potential benefits to the healthcare industry and medical researchers, the threat posed by linking a patient's entire medical history underneath a single string of characters poses too great a threat to ignore. Further legislative or regulatory protections of medical information could protect against some of these threats, but would also give rise to new questions about how to balance the need for access with the level of protection afforded to this extremely sensitive information. Even with further legislative protections, UHIs would further degrade an individual's control over his medical information. Implementing Unique Health Identifiers at this point in time would only tip the legislative balance further towards accessibility, attacking the concept of privacy that lies in the foundations of our culture, rights, and laws.
 Wymore, Eric. "Current public law & policy issue: it's 1998, do you know where your medical records are? Medical record privacy after the implementation of the Health Insurance Portability and Accountability Act of 1996." 19 Hamline J. Pub. L. & Pol'y 553
 "Public Law 104-191: HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996." (110 Stat. 1936; Date: 8-21-96; enacted H.R. 3103). Text from: United States Public Laws. Available from: Congressional Universe (Online Service). Bethesda, MD: Congressional Information Service.
 "Privacy Concerns Delay Medical Ids." Times [New York] 1 Aug. 1998, Late Ed.: p. A10
 Protecting Electronic Health Information, Committee on Maintaining Privacy and Security in Health Care Applications of the National information Infrastructure, National Research Council (Washington D.C., 1997)
 United States General Accounting Office, MEDICAL RECORDS PRIVACY: Access Needed for Health Research but Oversight of Privacy Protections Is Limited. Washington, GPO, 1999
 Garfinkel, Simson. Database Nation: The Death of Privacy in the 21st Century. Boulder, CO: NetLibrary, 2000
 Branscomb, Anne Wells. Who Owns Information: From Privacy to Public Access. New York: Basic Books, 1994
1 See §1173 of