Donate Today

It's amazing how fast Gov. Schwarzenegger reacts when it's his wife,
Maria Shriver, whose medical records are being snooped. "This kind of
practice has been happening all over the state, wherever there's
celebrities involved" including himself, Schwarzenegger said
at an unrelated news conference today. He reiterated that his
administration is "working with UCLA," where the leaks were uncovered
by an excellent LA Times investigation--and hadn't even been reported  to state regulators.

Of
course, UCLA never would have even checked access to its electronic
medical records if it was me in the bed, instead of Britney Spears,
Farrah Fawcett, Maria Shriver and 20-some other celebs being snooped.
According to today's LA Times report, UCLA knew about the records
breaches for nearly a year. Though it disciplined several employees in
the Spears case, it didn't bother to tell the patients or the state,
much less the district attorney:

Dr. David Feinberg, chief executive of the UCLA Hospital System ... acknowledged that UCLA had not notified the affected
patients, nor did it inform state health regulators or criminal
authorities about the problems. The privacy of medical records is
protected under state and federal laws, which carry such penalties as
prison terms, fines or both for inappropriately accessing or selling
such information. ...

Kathleen Billingsley, deputy director of the state Department of Public
Health's Center for Healthcare Quality, said the state learned about
the Spears breach from the newspaper, not from UCLA, and was notified
of the Fawcett incident only after a Times reporter asked questions of
the hospital.

To Schwarzenegger's credit, he told the Times after the Spears story that "a breach of any patient's
medical records is outrageous" and that he had called on his
administration to take action, "Patients' medical records should be private -- period,"
Schwarzenegger said. "No one should have to worry that an unauthorized
person is reviewing their private medical records." 

He
sent the problem to his administration's health chief, Kim Belshe.
Apparently deciding what if anything to do is a slow process.

Belshé said her agency was reviewing whether the state needed tougher
sanctions for violations of patient privacy or other tools to hold
hospitals accountable.

The
logical followup to that might be: Why is the repeated violation of a
patient protection law not enough of a tool to "hold hospitials
accountable." By not reporting the crimes, didn't the hospital abet
them?

Most of us have nothing to fear from the tabloids, but
plenty to fear from insurers, mortgage lenders, potential employers or
even an estranged spouse who'd love to have a back door to our medical
records. 

Such breaches didn't begin with electronic medical
records, but the online records allow more wholesale viewing by  anyone
with the right access codes. Despite UCLA's bland assurances, we may
never know if any hospital employee, in any of the UCLA breaches, was
paid to take a look.

There's little question that electronic
medical records can improve cost-efficiency and speed patient care in
emergencies. There's also a downside in tightening access too much,
since a hospital pharmacist needs access as much as your doctors and
nurses. But in the UCLA case, much of the violating was done by a
non-medical employee.

It's ridiculous that, for instance, a
hospital billing office clerk can see your medical records, but that's
one of the demands of our fragmented insurance system. Every insurer
wants a record of every aspirin, every shot, every  "procedure," or the
hospital won't get paid.

It would all matter a little less if
insurers couldn't deny individuals a policy on the basis of those
records. If we all had Medicare-style health care, we could at least
settle for worrying about the tabloids and the angry spouse.