A computer privacy researcher at Carnegie Mellon University in Pittsburgh recently punched in the birth date and ZIP code of the Massachusetts governor and retrieved his health records. But even ordinary citizens are vulnerable to computer snoops. The researcher, Latanya Sweeney, showed the author of a Consumer Reports article in the August issue how easy it is to retrieve the medical records for 69 percent of the 54,805 people on the voting rolls of Cambridge, Mass.

The ease with which Sweeney broke into the supposedly anonymous and secure database of state employees’ health-insurance claims underscores the need for stronger privacy protections for medical records, especially those that can be accessed on the Internet.

Efforts by government agencies to keep patients’ medical records anonymous by stripping out names, Social Security numbers, and addresses in public health databases do not guarantee privacy. State researchers have been able to locate the same individuals in various other "supposedly anonymous" databases by matching age, gender, race, diagnosis, and ZIP code, according to the article.

Patients may not be aware that every time they are immunized or diagnosed with a communicable disease, the information is collected by state agencies and entered into online registries. About 37 states also maintain hospital discharge databases, and 39 states also have registries for every newly diagnosed case of cancer, according to Sweeney. Perhaps the largest patient database belongs to the federal government, which stores millions of Medicare claims online.

The private sector, which includes health insurance plans, billing companies, hospitals, doctors’ offices, and pharmacies, also maintains electronic patient records. Because these records contain patient names and addresses, it is technologically possible to obtain a complete medical history on a particular individual.

Patient information is a gold mine for health-care marketing firms and other companies, and they are willing to pay for it. Pharmaceutical companies have obtained patient data from physicians and pharmacists by providing them with free software and equipment, according to a February report by the Health Privacy Project at Georgetown University.

Hospital emergency room employees in large city hospitals have reportedly sold the names of accident victims to personal-injury lawyers, states the privacy report.

As banks, insurance companies, and securities firms merge, as allowed under the 1999 Gramm-Leach-Bliley Act, the sharing of electronic financial and health information will grow. Without stronger privacy protections, a patient’s health information may be transferred to financial institutions and their affiliates without patients’ knowledge or consent. Privacy advocates fear that the financial incentive to cross-reference health and financial data for marketing purposes will be great.

"Technology has clearly outpaced public policy in the medical privacy arena," said Zoe Hudson, senior policy analyst of the Health Privacy Project. "We don’t even have basic protections for paper medical records, let alone protections for medical records that exist online in different forms."

The 1974 federal Privacy Act outlaws disclosure of personally identifiable health information collected by the U.S. government, such as Medicare records. But the law is silent on private medical records. Only 35 states protect the private medical records they keep, according to a 1999 survey by the Health Privacy Project. Fewer than half of the states have laws requiring that private medical records maintained by doctors, pharmacies, and health insurance plans are kept completely confidential, according to Consumer Reports.

The Clinton administration proposed rules regarding medical-record privacy this year in accordance with requirements of the 1996 Health Insurance Portability and Accountability Act. However, physician, patient, and privacy advocacy groups—including APA—voiced numerous concerns about those rules.

APA objected to the lack of a requirement for patient consent for treatment and payment purposes, the rules’ applicability to records that exist only online, and other limitations. The final rules are expected to be issued this fall.

Meanwhile, both houses of Congress have hotly debated privacy bills several times this session, but had not agreed on any as of press time.

Without comprehensive medical privacy laws, physicians are understandably reluctant to put patients’ medical records online. Currently, about 90 percent of medical records exist in paper form, but large health care systems are working to put these online, according to Consumer Reports.

Hudson recognizes the benefits of computer technology to the health care field. "An emergency room doctor can quickly access a patient’s medical records, and researchers can track and analyze public health trends. But we need to balance these legitimate uses with protecting a person’s medical record against damaging or inappropriate uses."

A1999 survey conducted for the California HealthCare Foundation shows that one in five Americans believes that a health care provider, insurance plan, government agency, or employer has improperly disclosed medical information. About half of these respondents said the disclosure resulted in personal embarrassment or harm, according to a report by the Health Privacy Project.

One in six Americans has taken unusual measures to maintain the confidentiality of personal medical information. He or she may see multiple providers to avoid a consolidated record, pay out of pocket for services, ask a doctor to write down a less-serious or less-embarrassing condition, lie to their physician, or avoid care altogether, according to the report.

Seven percent of consumers chose not to seek care because they didn’t want to harm their job prospects or other "life opportunities," according to the report.

"We certainly don’t want people to avoid seeking health care," said Hudson. "But until there are comprehensive medical privacy laws or regulations, patients need to protect their medical records."

These are some of the measures that Hudson recommends consumers take to protect their privacy:

• Request a copy of the medical record to review for accuracy and completeness. Twenty-eight states allow individuals to inspect and copy their records. If a particular state doesn’t have such a law, request to inspect and copy the record anyway.

• Talk about confidentiality concerns with a physician. A physician can also explain the type of information he or she must provide for insurance or public health purposes. Some providers keep process notes separate from the general medical chart to ensure confidentiality of sensitive information.

• Read patient authorization forms before signing them. Patients may be able to restrict secondary disclosures of information by revising the authorization form. Initial and date revisions.

• Ask how personal medical information will be used and who will have access to it before responding to health surveys, health screenings, and health-related Web sites.