Paying cash to protect patient privacy – it’s not quite that simple

One of the very first questions I received from a reader of The Self-Pay Patient dealt with electronic medical records and patient privacy, which I addressed here: Electronic health records mandate and self-pay patients. The issue has cropped up again recent days, specifically around the issue of doctors supposedly being required to ask detailed questions about patients’ sex lives and that information potentially being available to others.

Former New York Lt. Governor Betsy McCaughey, who has become very involved in health care issues since leaving public office, has an op-ed in the New York Post today on the issue:

‘Are you sexually active? If so, with one partner, multiple partners or same-sex partners?’

Be ready to answer those questions and more the next time you go to the doctor, whether it’s the dermatologist or the cardiologist and no matter if the questions are unrelated to why you’re seeking medical help… 

Lack of confidentiality is what concerned the New York Civil Liberties Union in a 2012 report. Electronic medical records have enormous benefits, but with one click of a mouse, every piece of information in a patient’s record, including the social history, is transmitted, disclosing too much.

The social-history questions also include whether you’ve ever used drugs, including IV drugs. As the NYCLU cautioned, revealing a patient’s past drug problem, even if it was a decade ago, risks stigma.

What seems to be raising significant privacy concerns isn’t necessarily the fact that doctors might ask these sorts of sensitive questions, but that the information will be shared with government agencies. The Centers for Medicare &Medicaid Services recently requested bids for a contract that would recommend, among other things, “Possibilities for linking EHRs to public health departments, social service agencies, or other relevant non-healthcare organizations and case studies, if possible, of where this has been done and how issues of privacy have been addressed.”

I’m relatively agnostic on electronic health records, as I see both their benefits and their pitfalls, and I know many doctors who either swear they’re great tools for them, or impediments to care. But the privacy implications are fairly obvious, at least in my view – I can see exactly why many people are less than thrilled at the prospect of their local social worker being able to check up on their sexual or substance use histories any time they’re curious!

Ms. McCaughey does include in her opinion piece one bit of information that’s especially valuable for self-pay patients. According to her, “On Jan. 17, HHS announced patients who want to keep something out of their electronic record should pay cash.”

For self-pay patients, paying cash is already the norm. Unfortunately there’s more to it than that – it isn’t enough to simply pay cash for your health care, you have to specifically request that the services being provided not be included in your electronic health record. I found this synopsis online of what HHS (Department of Health & Human Services, for those of you who don’t speak DC Bureaucratese) actually said on January 17:

Cash is King, HIPAA’s 2013 Changes

Before you run out and pay cash to avoid insurance company knowledge of your health conditions, please read what you might or might NOT get for your money when the rules go into effect. My commentary is based on the reading of these new rules. Text is cited where appropriate.

There are four new rules, but here I address what I call the Cash is King Provision and what the new rules call, “Right to Request a Restriction of Uses and Disclosures.”

This right requires A) that a request be made AND B) that the protected health information pertains to a health care item or service for which the individual (or someone on behalf of the individual other than a health insurance plan) has paid in full…

The increased level of privacy must be REQUESTED by YOU before you receive services. You must be willing to pay cash (or someone else besides an insurance plan must agree to pay cash) for services in order to make the request. Simply paying cash will not get you more privacy without your request…

Request and Request Again: You must REQUEST the restriction of disclosure. If you get a referral to “downstream” providers, such as other physicians or entities like pharmacies, you must also inform them of your desire for restriction of disclosure…

HHS Giveth, HSS Taketh Away: Paying cash will not protect the disclosure of your health information in MANY circumstances:

First, you cannot pay for privacy of health information that is required to be disclosed under other laws. For instance, your request for restriction will not protect disclosure of your personal health information in the case of requirements proposed for expanding reporting and background checks for guns, subpoenas or other court proceedings, and cases where public health interests of government require reporting…

The focus in this article seems to be on keeping the information out of the hands of insurers, but I’d assume that the same applies for keeping it out of records kept by government agencies as well (I’d love any reader feedback on this, and will try to find additional information myself as well).

While paying cash would appear to have some advantages in terms of keeping medical records (electronic or otherwise) private and away from both insurers and government, it doesn’t seem to be the easiest option if this is a concern. As I wrote previously, the simplest way to keep medical records private is to see medical providers that are cash-only and don’t participate in any government programs or take insurance reimbursement. You can find these doctors on the web site of the Association of American Physicians and Surgeons.

Related articles
This entry was posted in Cash-Only Doctors, Patient Privacy, Technology and tagged , , , , . Bookmark the permalink.