john herr psychologist los gatos saratoga california

On Sabbatical


February 20, 1998
California Assembly Committee on Consumer Protection
The Honorable Susan Davis, Chair
Testimony of Ruth Clifford, Ph.D.
President, California Coalition for Ethical Mental Health Care

Thank you for inviting me to speak here today. Since I only have a short time, I am providing the Committee with fuller testimony in writing.

I have here a drawing of a person in one of those infamous hospital gowns, open at the back. I think it depicts the essence of being a health care consumer. When we talk about access to medical records, we need to keep in mind that this is the psychological condition of every one of us when we are the recipients of health care. We are exposed, uneasy, and vulnerable. What is learned about us when we are in this condition (literally or metaphorically), and what is done with that information, is fundamental to our sense of personhood and dignity.

The way our personal medical information is handled affects our willingness to cooperate with our caregivers, who require complete information in order to diagnose and treat us. Fear of exposure may prevent us from seeking care until we are desperate and in need of more expensive services and perhaps have a poorer prognosis. Avoidance of care in one area can have deleterious effects on our health in other areas as well. These are some of the important costs that must be taken into account if we are going to consider the potential benefits of broader access to personally-identifiable health care data.

Managed care is not the only cause of medical privacy concerns, but it tends to aggravate existing problems and creates a few new ones. Enormous quantities of personal details are being routinely collected so that "medical necessity" of a particular test or treatment can be determined by a reviewer. Since I am a mental health professional, I can best give examples from my own field. Therapists are typically asked to send in written reports on all patients, listing information such as the severity of each of a list of symptoms, the person's potential for violence, all past and current use of alcohol and drugs, and even HIV risk factors.

The number of personnel within one managed care company who have access to all identifiable clinical information can be huge; in one behavioral health company that I know about, over 500 people. Since the patient has signed a general release form for the managed care company, the company can claim that "confidentiality" exists, but a patient who learns that so many people have access to his or her information is not much comforted!

As the information must be handled by multiple personnel in the managed care bureaucracy, there are many opportunities for documents to be lost. In a survey of psychologists, 59% of the respondents had sent patient records or reports to a managed care company and been told to send them again because they were lost. Faxed reports with patients' names, social security numbers, and sensitive information are frequently sent to the wrong number (often, with just one incorrect digit, they are sent somewhere within the patient's local area).

In addition to clinical data, managed care companies may ask for other kinds of information. One company has a policy that the provider contact a case manager within 24 hours if any information with legal implications comes up. For example, the patient may report knowledge of a crime, or request a copy of his or her records. Patients have signed a general release with the company for the purpose of "case management," so the company considers requiring this information to be legitimate.

Another function managed care attempts to perform is quality assurance. Good record-keeping is considered synonymous with good care. Good records are judged by standards crafted by the National Committee for Quality Assurance (NCQA), which performs accreditation of managed care organizations on a voluntary basis. The NCQA is a private, unregulated body consisting mainly of representatives of the managed care industry. Its standards do not reflect the ethical or administrative standards set by the health professions, nor are they open to consumer input.

So-called quality assurance is conducted through audits of patient records, usually in two ways (some companies use both). First, auditors may make an appointment to view selected patient charts, and if they wish, photocopy them. Second, providers may be sent letters requesting that full patient charts be copied and mailed to company headquarters for review. Treatment of these patients may be ongoing, or it may have long since ended. In either case, patients have no chance to withhold any portion of their information, or to disguise their identity. The usual standards require that the patient's name appear on every page. What do the companies say about this practice? They say they own the records, so this is their right. Meanwhile, they give virtually no information to the provider or consumer about how they will store, process, protect, or dispose of these charts.

It should be noted that along with information about the individual patient, medical charts often contain personal information about others, including spouses, members of the family of origin, bosses, co-workers, neighbors, and caregivers. None of these people are told that information about them is being disclosed.

Patient charts may also be mixed up by harried clerical staff. I know a woman whose 61-year-old depressed husband committed suicide and who ordered a copy of his psychiatric records from their HMO. She was given the full chart of a 28-year-old woman with infertility problems, with a completely different name! Such errors by individuals can occur in any system, but I believe managed care aggravates them by pushing for efficiencies without regard for accuracy or normal workload capacities, and by making the relationship of the system to each patient more and more impersonal.

A third managed care function is outcome research. Companies that claim to do outcome research can market themselves more effectively. But managed care outcome research may involve pressuring patients to participate in highly intrusive data-collection procedures. One large company is now asking that mental health patients fill out a revealing questionnaire with 45 items such as "There is something wrong with my mind," and give it to the therapist, who is to fax it to the company. It has the patient's name at the top. Patients are not told that their participation is optional (although in fact it is), or that its purpose is primarily to serve the managed care company.

Conducting patient satisfaction surveys has been done in a way that frightens or outrages patients. Without any forewarning, an employee of the managed care company may call the patient and ask questions over the phone about the person's satisfaction with their treatment. This kind of procedure might be appropriate if the caller was a person known to the consumer, or if some less personal type of service was involved. But how much do you imagine consumers are likely to divulge about their satisfaction or dissatisfaction in this scenario?

A 1997 survey of psychologists in Santa Clara County asked how patients were affected by these kinds of practices. Not surprisingly, many people were leaving therapy to avoid such personal exposure. Over a third of the respondents had at least one patient do so, and the average number of such patients per psychologist was 6.8. I have no doubt that patients with other types of health problems are similarly avoiding getting the care they need.

To the problems mentioned thus far, let us add computerization of medical records. Computers increase the amount of information that can be processed and stored and the number of people, authorized or not, who can access the data. A vast centralized store of medical information is a magnet for those who can use it to turn a profit if they can get to it. I expect we will see more cases such as the one in Maryland, in which HMO salespeople succeeded in bribing dozens of state employees for information in the state's health care database.

There can be no computerization without data entry, a tedious task usually performed by low-paid workers. Incarcerated felons have even been used to computerize consumer information, including illnesses, prescriptions and over-the-counter medications, along with the consumer's name, age, marital status, address, and social security number. At least one woman has been harassed by such a prisoner, who, as a data entry worker, reportedly obtained 900 pieces of information about her. Whoever performs this job, errors in copying or codifying information are common. Consumers who wish to check the accuracy of their files must take the initiative. Most don't know they can, or don't go to the trouble.

We have more laws protecting information about our video rental selections than about our medical information. Yet use of medical information obtained without the patient's permission, to that person's detriment, is becoming increasingly common. Individuals applying for health, disability, or life insurance are being turned down based on information reported to medical databanks without their knowledge or consent. Sometimes they are defined as poor risks based on inaccurate, indirect, or far-reaching inferences from the available information. Having a diagnostic test, whatever the result; living at the same address as a person who is HIV-positive; having consulted a mental health professional even for just one visit; and genetic indicators of risk for later illness have all been used to deny insurance coverage. Knowledgeable consumers may well forego tests that would benefit their health in order to preserve their insurability.

Employers frequently obtain supposedly confidential health information and may use it against their employees. In a University of Illinois study, half of the Fortune 500 companies admitted they use confidential medical records to make employment decisions. Companies obtain the information in various ways. Sometimes they purchase it from private medical databases, such as the Medical Information Bureau. If employers administer payment of health claims themselves, they have direct access to the information. If they contract with a managed care company for that purpose, some are known to communicate quite freely with that managed care company about specific employees. Even though there are some laws against these practices, enforcement mechanisms are either weak or nonexistent. If the Department of Corporations takes any action against an HMO, it is generally done in secret. Suing a managed care company oneself usually means having to marshall huge financial resources and finding a way to circumvent the federal ERISA law that shields these companies from most legal penalties. The chances of winning a large judgment are dubious because injuries to a person's privacy are usually more emotional than economic, so finding attorneys to take such cases is almost impossible.

Any interested party may be able to gain access to computerized health information and use it for purposes harmful or offensive to the consumer. An east coast banker found out the names of persons in his local area who had a diagnosis of cancer and matched the list with customers who had mortgages at his bank. He then called in those mortgages. In Florida, a health worker was fired when it was found he was accessing confidential AIDS patient records and using them to screen dates for himself and his friends.

Managed care companies, health organizations, the federal government, states and counties, marketers, and even credit reporting companies are pouring billions of tax and health care dollars into new computerized data systems for tracking personally-identifiable health care data. All this is occurring in the virtual absence of laws to protect consumer confidentiality. Data security in computer systems has so far proven to be full of holes, yet the public is asked to simply trust in wondrous new technologies. We are reminded of a major lesson from the sinking of the Titanic, of how human beings can so easily glorify technology and trust it to be perfectly reliable. But if we steam ahead at full throttle into an iceberg field, we are inviting disaster.

If we are to protect the health care consumer from exploitation, discrimination, embarrassment and abuse, what policies should be established? There are many possibilities; I will just mention a few here.

1. Consumers must be informed, before they enroll in a managed care or health insurance plan, of what information will be required, for what purpose, and how it will be handled. The legal standards for written consent forms for health care professionals (Civil Code Section 56.11) could be applied to release forms used by these companies.

2. Consumers' personally-identified medical information should only be entered into a computerized databank with the express permission of the consumer. Provision of care must not be contingent upon such permission. If permission is given, the consumer should automatically be offered a chance to review the file for accuracy before inaccurate information is transmitted further.

3. Any secondary sharing of personally-identifiable medical information should also require the express written consent of the consumer, except in immediately life-threatening situations.

4. Limits should be placed on the amount and types of personally-identified medical information managed care companies can gather about enrollees, restricted to what is appropriate for the specific purpose. Consumers should be able to consent to some purposes and not others, and to guard certain information from being shared.

5. The number of personnel in a managed care company who can access personally-identified medical information should be limited to those who have a direct need to know, relevant to the purpose for which the information was gathered. Utilization reviewers do not need to know the name of the patient whose care they are authorizing.

6. Written or electronic medical information sent to a managed care company should not have the patient's name or social security number on it. When records are lost or a leak occurs, the consumer should be so informed. Companies who lose records often should be publicly identified and penalized.

7. Consumers need to have a say in deciding what the standards for confidentiality, and the method of determining medical necessity, should be.

8. Enforcement mechanisms must be strengthened to invoke meaningful penalties and economic redress for abused consumers.

Managed care companies will object to such protections because they add some cost (though they don't seem to be hesitating over the expense of setting up the new data systems). Our society has historically affirmed many important rights considered worth the cost. Some expenditures will be necessary in order to restore consumer trust in the health care system, which, after all, is supposed to exist for the primary purpose of serving the consumer. 

To Home Page of John J. Herr, Ph.D.

Changes last made on: SAT MAR 14 15:14:08 1998

On Sabbatical!

When my office lease expired at the end of 2004, I decided to turn it into a "sabbatical" from my private practice. Many years ago, in my grandfather's 89th year of life, he told me, "John, it is important to smell the roses while you can still smell them." His life gave living a very good reputation. It is also true that the pursuit of that philosophy required my grandfather to to re-open his assay office/ore market in Wickenburg, Arizona as a 75-year-old because he had run a little short of retirement money. Thus, if blessed with his luck and health, I'll be back.. --jjh

Copyright 1998-2007  John J. Herr, Ph.D.                                   Please send comments to