Is Patient Privacy Already Passé?

Related articles

Imagine you are unexpectedly admitted to the hospital for an urgent medical condition -not something for which there is an alternate option. Let’s assume you are conscious, anxious and in tremendous pain as you quickly complete the admitting paperwork to expedite the situation. Because your attention is focused on your own survival and preoccupied by the many what ifs, you might have missed that unless you expressly opt-out you have passively consented to permit your protected health information (PHI) to be used in wealth strategy programs by the health system’s fundraising apparatus.

The information revealed to this staff, includes:

“Permitted Fundraising PHI:

1. Patient demographics including name, address, contact information including phone number and email address, age, gender and date of birth;

2. Dates of service;

3. Department of service (meaning information about general department of treatment such as cardiology, oncology that do not indicate a more specific type of diagnosis, nature of services or treatment received by the patient);

4. Treating physician name;

5. Outcome information (such as death or other sub-optimal results and may only be used to screen or exclude patient families from receiving fundraising communications) ; and,

6. Health insurance status (not defined in the Privacy Rule, but interpreted to mean whether patient is insured and type of insurance).”

A 2013 federal law change enabled this ability to expand access to personal details on patients. A recent NY Times piece more extensively addresses its impact:

“Many hospitals conduct nightly wealth screenings — using software that culls public data such as property records, contributions to political campaigns and other charities — to gauge which patients are most likely to be the source of large donations.

Those who seem promising targets for fund-raising may receive a visit from a hospital executive in their rooms, as well as extra amenities like a bathrobe or a nicer waiting area for their families.

Some hospitals train doctors and nurses to identify patients who have expressed gratitude for their care, and then put the patients in touch with staff fund-raisers.”

Though there are supposed safeguards not to place an undue burden on patients to opt-out or decline participation, this active measure in itself appears to place an unnecessary burden on patients seeking medical care. The fact physicians are uneasy about such intrusions into the doctor-patient relationship is also no surprise given their role is to treat patients not influence donor pools. The conflicts abound.

Additionally, lack of overall patient awareness about such policies and lack of control over whether their donation would even go to the division or doctor requested only fosters greater distrust. Despite their problematic nature, these “grateful patient” programs and “wealth screenings” are only expanding in their use by health systems. And, despite the permitted PHI, it is enough information to work back to a diagnosis and reveal a hospital admission when an individual may otherwise wish to keep that private.

As it is, there are companies with established digital geofencing around hospital perimeters who can capture entry of a mobile phone onto the premises. In so doing, they initiate a cascade of events that allows marketing agencies hired by personal injury law firms, for example, to solicit patients directly with ads to their phone (while still in the ER). Though these ads can be cast while in a clinic or other medical locale, the system is sparked by arrival to the emergency room. To learn more about how the states are playing catch up and creatively using consumer protection laws, read here.

Healthcare delivery is unique. There is no other option for a patient than an emergency room (ER) when undergoing a medically urgent or life-threatening event. Since when did it become acceptable to chip away at the expectation of privacy during people’s most vulnerable of experiences? When they are most defenseless? Fundamental tenets of bioethics and the sanctity of the doctor-patient relationship are being further and further eroded. Compliance and seeking appropriate medical care are rooted in preservation of these principles.

The examples are everywhere. The promise of and society’s obsession with Big Data are transforming patient privacy, bioethical principles of personal autonomy and freedom from coercion into relics.