HCFA's Latest Assault on Patient Privacy

Report Health Care Reform

HCFA's Latest Assault on Patient Privacy

March 22, 1999 4 min read Download Report
Senior Fellow
Robert E. Moffit is a senior fellow in The Heritage Foundation's Center for Health Policy Studies.

The Health Care Financing Administration (HCFA), the powerful bureaucracy that runs the Medicare program, is out of control.

Under the pretext of regulating prices and assuring "quality" services, HCFA has proposed a rule that would force 9,000 home health care agencies (HHAs) to collect and report sensitive personal information on their patients. This information--to be collected without the patient's knowledge and transmitted to a federal database--would include such data as patient history and personal characteristics, including race and ethnicity, living arrangements, and financial, behavioral, and psychological profiles. The detailed record also would include whether the patient had expressed "depressive feelings," a "sense of failure," or "thoughts of suicide," or had used "excessive profanity" or made "sexual references."

This personal information eventually would be made available to state governments. Moreover, the collection of data would not be confined to Medicare patients. It would include patients who are not being treated under Medicare and for whom no Medicare payment is being made or sought. In other words, the Medicare bureaucracy would intrude into private transactions that take place outside a federal program.

Congress should realize that such abuse of the patient's right to privacy is rooted in the top-heavy structure of the Medicare program. For this reason, a strong majority on the National Bipartisan Commission on the Future of Medicare favors creating a new system based on patient choice, with less government bureaucracy and paperwork. The chief model for this reform is the Federal Employees Health Benefits Program (FEHBP), a patient-driven system of competing private health insurance plans that is enjoyed exclusively by Members of Congress and their staffs, federal workers, and federal retirees. Until Washington is ready to make serious Medicare reforms, Congress should put a stop to this latest bureaucratic invasion of patient privacy.

Invading Patient Privacy.
HCFA's evolving database, the Outcome and Assessment Information Set (OASIS), will include a data set covering each patient's Social Security number, demographic characteristics, living arrangements, and financial resources, as well as information on sensory, respiratory, and elimination status, mental state, behavioral characteristics, range of activities, medication, productivity, and "quality of life" characteristics.

Unquestionably, data on health status that are accurate, competently collected, and competently assessed would be useful to health care providers and the families of the elderly in the home health care system. But collecting this sort of information to build a government database is another matter. For example, Question 16 of the assessment asks whether a patient's life expectancy is more or less than six months, with the parenthetical qualification that "physician documentation is not required."

Not only would a patient's medical history and medical condition be included in this detailed record, but so too would psychological and financial status, family arrangements, and living conditions. For example, Question 49 focuses on the frequency of behavior problems, such as "wandering episodes, self abuse, verbal disruptions, physical aggression, etc." Question 5 asks whether the patient or the patient's family has the financial resources to meet "basic health needs." Questions 18 through 22 inquire into a person's living arrangements and the presence of residential barriers to mobility and safety and sanitation hazards. It cannot be doubted that most Americans would regard such questions as none of the government's business, yet HCFA sees its data set as a work in progress.

In a December 15, 1998, letter to HCFA Deputy Administrator Michael Hash, American Psychiatric Association (APA) counsel Jay Cutler notes, "There is no requirement that patients would be asked for their voluntary, informed consent before answering any questions or that they would be informed that this information, including their names, would be disclosed to the state and federal governments."

Moreover, there would be no informed, voluntary consent for non-Medicare patients who are being treated through Medicare-approved HHAs. According to HCFA officials, the Medicare bureaucracy needs to collect data on other Americans to make sure that Medicare patients receive the same quality of care as everyone else does, to facilitate HCFA's complex system of administrative pricing, and to prevent fraud and abuse. But as Janlori Goldman, Director of the Health Privacy Project at Georgetown University, noted in The Washington Post on March 11, "There has to be a way to check fraud and abuse without intruding on patient privacy.... There's a tremendous risk of abuse that the information will be used for other purposes."

Reading the Fine Print.
HCFA's proposed data collection is only the latest initiative in a disturbing pattern of government-designed intrusion into personal liberty and privacy. In the Health Insurance Portability and Accountability Act of 1996, Congress enacted the framework for a federal data collection system, including the storage and sharing of patient records. In Section 4507 of the Balanced Budget Act of 1997, Congress, under pressure from the Clinton Administration, imposed unprecedented restrictions on private agreements between doctors and Medicare patients even where no federal tax dollars are involved. In HCFA's recent regulations setting up the "Medicare+Choice" program, medical records of seniors can be disseminated without the voluntary and informed consent of those patients.

Congress and the Clinton Administration are supposed to provide protection for the confidentiality of medical records this year. Doctors and patients--taxpayers all--should ignore the political rhetoric on this issue and read the fine print very carefully. In the meantime, Congress should block intrusive regulations and work to protect the privacy of every American.

Robert E. Moffit, Ph.D., is Director of Domestic Policy Studies at The Heritage Foundation.


Robert Moffit

Senior Fellow