When I go to the dentist, I sign in at the window, check off box that says I haven’t moved or changed insurance, and then have a seat in the waiting room with the other patients and a large tank of colorful fish. A secretary takes the sign-in sheet, in a HIPAA-compliant fashion, blacks out my name with a Sharpee. This is, I’m told, good. If you’re not another patient in the waiting room, a colorful fish, a dentist, hygenicist, or office staff at this large practice, and if you don’t happen to see my name posted on the schedule on the wall in the treatroom, then no one has to know that I get my teeth cleaned. I’m all for privacy in medical care.
The same issues come up in psychiatry, and all of medicine for that matter. The government mandates all types of procedures that protect patient privacy, and these procedures take time, effort, and money. Since I value privacy for medical treatment, I should be happy, but instead, I find many of the privacy regulations to be burdensome, and they create this odd state of perception of privacy when the reality remains that the privacy of medical treatment is compromised.
It’s regulated that sign-in sheets compromise privacy, but there remains the risk that patients might see each other in the waiting room. Perhaps every patient should have a mini-cubicle with black curtains to sit in? To protect privacy, when I sign in to my clinic’s electronic medical record and its e-prescribing program, both programs automatically sign me out every few minutes, a minor annoyance, but one of many.
The electronic medical record provides many conveniences, especially since psychiatric outpatient records have not yet been incorporated into them. I can access labs, read notes by other physicians, and I don’t have to spend time entering sensitive psychiatric information, except for medications. Given that psychiatric records have extra protections, can a patient elect to not to tell another physician that they see a psychiatrist? Well, not really, because the medications get entered into the record, it is recorded that the patient had an appointment with psychiatry, and patients often tell their primary care doctors that they are treated by a psychiatrist, so their diagnoses and medications are recorded by those doctors in their notes.
If patients are not comfortable telling their dermatologist that they have been treated for bipolar disorder, or had three abortions, they lose that option. Perhaps it’s not all bad – their lithium could be making their skin condition worse, and patients don’t always know which information it is important to share. But it may also be true that a physician may ascribe patients’ symptoms to their psychiatric condition and not evaluate them with the same diligence they would if a psychiatric condition were not revealed. (Does this still happen? That’s it’s own blog post, but see Discrimination Against Patients with a Psychiatric History for another medical blogger’s insights on this.)
So our illusion of privacy goes one step further with electronic records. In the institution where I work, I believe (and I could be wrong about the number) that approximately 9,000 people have access to the records. There are checks on the system to determine that those accessing have valid reason, but those checks are random, and the major impediment to obliging curiosity and looking at the records of a friend, neighbor, colleague, or ex-girlfriend, remains the fear of being discovered and the serious repercussions that would occur.
In Maryland, our state legislature has spent years debating whether the state’s Board of Physicians should be able to look at patient records if a third party lodges a complaint against a doctor and patients do not want their records released. Yet, hospital regulators regularly review psychiatric charts to determine if they are in compliance for accreditation purposes, without getting the patient’s authorization first. And insurance companies access patient records with patient authorization, then often use this information to deny coverage, but is it really “authorization” (a valid form of consent) if desperately ill patients are told they won’t be treated if they don’t sign?
So we shred. We pay for secure portals for email. We follow rules regarding secured, HIPAA-compliant fax locations. We sign in and out of the various computer screens every 7 minutes to make sure no unauthorized soul sneaks in and reads when we aren’t looking. Our government pays physicians to install EMRs with the promise that this will make medicine better. We refuse to speak with families and with physicians outside our system without signed releases, even if doing so delays care or creates inconvenience. All patients sign off that they were offered privacy notices.
Our patients see all this, and it leads them to believe that confidentiality laws make their treatment more private, that the system has many safeguards, and that only the fish know they are getting their teeth cleaned. I can’t help but think it would be so nice if there were a little less in the way of regulation and requirements and a little more attention to the best interest and privacy needs of the individual patient.