The Wall Street Journal recently reported that corporate giants Intel, Wal-Mart, British Petroleum and other companies are planning to digitize their workers’ health records and store them in a multimillion-dollar database. The Journal also reported that, according to the companies, the records will be the property of employees. But unless the federal medical-privacy law is revised or employer-employee contracts state clearly that employee-owned electronic medical records cannot be shared without patient consent, the promise of employee ownership will be no guarantee of privacy. Here is why:

The privacy rule actually permits over 600,000 doctors, insurers, and others to share individuals’ electronic medical records—without consent—for purposes related to treatment, payment, or health-care operations, a very broad category. About that rule, Journal reporter Theo Francis recently wrote in “Taking Control: Setting the Records Straight”:

• “Over the past three years, millions of Americans visiting doctors’ offices, pharmacies and hospitals have been handed forms and brochures discussing privacy rules under the Health Insurance Portability and Accountability Act, or HIPAA. Many assume signing somehow protects their privacy. It doesn't.
• “In fact, the disclosure notice essentially details the many ways a doctor can use and disclose medical information—often without a patient’s consent or knowledge. Medical providers have to ask for a signature. But signing isn't mandatory. And failing to sign usually doesn't change what a doctor can and can't do with a person's medical information….
• “Health plans and medical providers also must track some kinds of disclosures, and give patients a list if asked, including disclosures for public-health purposes, but not routine uses for treatment, payment or health-care operations.” [Emphasis added.]

Thus even though big companies promise employees they will own their electronic medical records, workers won’t control access to them unless (1) the privacy rule is changed or (2) company contracts guarantee control.

Americans would never accept the notion that although they own their homes, the government or their employers have the authority to determine access to them. They should reject the same notion with respect to employees’ health records.

Sources:

• “Big Employers Plan Electronic Health Records,” by Gary McWilliams, Wall Street Journal, November 29, 2006.
• “Taking Control: Setting the Records Straight,” by Theo Francis, Wall Street Journal, October 21, 2006.