The growth of huge databases of personal medical records and federal plans to assign patient identifiers to all citizens have created serious risks to privacy, according to a study released Wednesday by the prestigious National Research Council.
Without better controls and comprehensive policies protecting privacy, the report warned, using universal identifiers such as Social Security numbers to link all of a patient’s records could facilitate discrimination in insurance, employment and credit based on a person’s health.
“There should not be a universal identifier unless there are provisions made to ensure that privacy concerns are adequately addressed,” said Paul D. Clayton, director of clinical information at New York’s Columbia Presbyterian Medical Center and the chairman of the 15-member group that prepared the report.
In health care legislation last year, Congress ordered the Department of Health and Human Services to prepare plans by 1998 for mandating a “universal health identifier” - a unique patient code that would allow a patient’s records from different providers to be linked across time and geography. It could potentially improve care, assist in medical research and help in detecting patterns of insurance fraud.
But privacy advocates have argued that the nation’s privacy laws are already inadequate to protect increasingly sensitive medical data - such as genetic screening tests, showing an individual’s propensity for disease - from being misused by employers, managed care companies, lenders and insurers to cut their costs and reduce their risks.
Wednesday’s report from the research council, an arm of the National Academy of Sciences, called for industrywide technical standards to safeguard computerized records, a national debate on how to regulate “systemic” flows of data from providers to insurers, employers, drug marketers and others, and a clearing-house for consumer complaints.