A convicted child rapist lands a job at a Massachusetts hospital, gains access to hundreds of children's records, and calls the children. A Florida state public health worker sends the names of 4,000 HIV-positive patients to two Florida newspapers. An anti-gay fanatic releases a Topeka, Kan. councilwoman's blood bank records, which show her blood has hepatitis antibodies. Information about the suicide attempt of a candidate for Congress from New York is leaked to The New York Post on the eve of a primary election.These stories are emblematic of an invasion of medical privacy that began roughly two decades ago and is now reaching catastrophic proportions. Patient records are now routinely shipped out of clinics, hospitals and pharmacies to HMOs, drug companies, drug benefit management companies, self-insured employers, researchers and government agencies. These rivers of patient data are being pooled into enormous computerized reservoirs of information all over the country.Two developments made this attack on medical privacy possible: computers and the spread of "managed care." Before the advent of computers, patient records were kept on pieces of paper in doctors' offices. Even today, most patient records exist on paper, not in the memories of computers. But that is changing rapidly as more and more clinics and hospitals automate their record-keeping. There's no question that automation is helpful to both doctors and patients. Computerized records are more legible than handwritten notes; they're easier to retrieve, and they help doctors remember to carry out a variety of useful tasks, including warning patients about harmful drug interactions.But the advent of computers alone cannot explain why patient data are routinely being shipped out of clinics and hospitals to people over whom doctors and patients have no control. To paraphrase the National Rifle Association, computers don't invade privacy, people do. Somebody has to decide that my computerized record cannot just sit unmolested at my doctor's office as my paper file did in olden days, but must be zapped across cyberspace to be viewed by third parties. The people who want to do this are the same people who promoted "managed competition" to the Clinton administration, and, when the Clinton bill failed, pushed HMOs to the top of the health care food chain anyway. These people are a motley bunch. They are executives of big businesses, HMOs, insurance companies like Blue Cross Blue Shield that have adopted HMO tactics, and hospital chains currying favor with HMOs, as well as politicians, pundits, and "experts" associated with universities and think tanks who peddle "competition" between HMOs as the solution to the health care crisis.These people did not ask Americans if we approved of a health-care system dominated by HMOs. Nor did they ask us if we wanted our medical records routinely examined by strangers. Polls indicate that if we had been asked, we would have responded with a loud "no." Polls taken in the early 1990s revealed that Americans rejected the proposition that HMO rationing was essential to constraining health care inflation, and polls taken since the HMO coup in the mid-1990s indicate a sizable majority of Americans believe the new HMO-dominated system threatens quality of care. Experts agree. In 1996, the editors of the New England Journal of Medicine observed that "the quality of health care is now seriously threatened by our rapid shift to managed-care plans as the way to contain costs." The few polls that have sought to assess American attitudes about the invasion of our medical records indicate that large majorities oppose consentless invasion of medical records. A Time/CNN poll, for example, found that 87 percent of respondents believe that their permission should be sought by anyone seeking to look at their medical files.The assault on medical privacy coincides with the HMO assault on the U.S. health care system for two reasons: (1) HMOs destroyed small, independent doctors and hospitals and provoked the creation of huge "integrated health systems" (corporations that house hospitals, clinics, and other providers under one roof); (2) HMOs cannot reduce medical services without access to patient medical records.The spread of HMOs has provoked a rush to vastness within the entire health industry. Merger madness struck the insurance sector first, and then the health provider sector. HMOs got big in order to force doctors and hospitals to give them cut-rate prices and more cooperation in cutting services that smaller HMOs and traditional insurers could not get. Reduced fees and prices and fewer services in turn allowed big HMOs to keep their premiums lower than smaller insurers, which attracted more business, which begat more power to extract cut-rate deals from health care providers, etc. Doctors and hospital administrators reacted to the growth of big HMOs by organizing themselves into the equivalent of provider unions. Hospitals formed huge hospital chains, and doctors either formed their own multi-clinic empires or, more commonly, joined one of the hospital chains. This only provoked the HMOs to get bigger. And around the cycle went. The coagulation of the health system into huge HMOs and huge provider systems means computerized patient records are now loaded onto vast computer networks, not one- or two-computer systems housed in small offices.The HMO practice of routinely demanding patient medical records from doctors is also expanding the vast audience looking at patient records. HMO employees read patient records in order to perform "utilization review," which refers to the HMO practice of reviewing, and often vetoing or altering, decisions by doctors. As the name of this practice suggests, the purpose of utilization review is nearly always cost control, not quality control. With the exception of a half-dozen inexpensive preventive services, HMOs rarely perform what we might call "nonutilization review," that is, review of a doctor's refusal to perform a service.Believe it or not, Bill Clinton and leaders of both political parties propose to aggravate the conditions that have provoked the assault on patient privacyÑthe proliferation of huge computer systems loaded with patient data, and the HMO habit of reading patient files. Legislation proposed by both political parties in recent years would legalize the consentless review of patient files by a host of third parties, including HMOs and employers, and would make it easier for the burgeoning computer networks to talk to each other.Bill Clinton was the first to propose legislation establishing a national patient data base. His 1993 universal health insurance bill (the Health Security Act) would have set up a national patient information depot, and all providers would have been required to funnel patient records into it. The bill died in 1994, but the dream of a central information depot with cradle-to-grave medical records on all Americans lived on. A law enacted by Congress in 1996, the Health Insurance Portability and Accountability Act of 1996 (HIPAA), contains provisions which break down barriers between computer systems and which will, in effect, create a national database for patient records. HIPAA requires that Congress enact privacy protections by August 1999. If Congress fails to act by then, the recommendations of the Secretary of Health and Human Services regarding third-party access to patient records will become law.In September 1997, Donna Shalala, Clinton's Secretary of HHS, appeared before the Senate Committee on Labor and Human Resources to announce her recommendationsÑrecommendations that will become law if Congress does not act. Shalala proposed to allow consentless access to patient files by various parties who need the files "for health purposes." Shalala offered no definition of a "health purpose." She merely offered a few examples of what a "health purpose" is not (reading employee files in order to make "hiring and firing" decisions was one).Republicans have been equally cavalier. Bills introduced by Republicans this year would authorize invasion of patient records by health care "entities" carrying out "health care operations." S 881 and HR 448 define "health care operations" to include a smorgasbord of vaguely described activities, including "utilization review," "coordinating health care," and "conducting quality assessment and improvement activities." Similarly, S 578 says "health care operations" includes "utilization review," "management functions of a health care provider or health plan," and, for good measure, "services the Secretary [of HHS] determines appropriate."How do these anti-privacy politicians justify this assault on patient privacy, an assault that so clearly antagonizes the average citizen? It is difficult to say. Anti-privacy advocates typically offer only unsupported, abstractly phrased assertions that the invasion of privacy is necessary to achieve "cost containment," "quality assurance," "research," and "the common good." These claims are usually preceded by hosannas for the new HMO-dominated health care system. The following statement by Secretary Shalala in her September 1997 testimony is typical of the glib style of anti-privacy advocates: "Today, revolutions in our health care delivery system mean that instead of Marcus Welby we must place our trust in entire networks of insurers and health care professionals É We cannot turn back the hands of progress or turn our backs on public responsibilities like research. É We must look ahead and balance our age-old right to be left alone with our desire to fulfill the promises of a new age in health care. É Individuals' claims to privacy must be balanced by their public responsibility to contribute to the common good, through use of their information for important, socially useful purposes."Lying beneath this cant is a bogus, unarticulated assumption, namely, that the "common good" has been served by the HMOs and "entire networks" that engulfed Marcus Welby. There is, however, little evidence that HMOs have saved money, and considerable evidence that if they have cut costs it has been at the expense of patients. Those who assert that HMOs save money usually cite the reduction in health care inflation that occurred between 1993 and 1996. It is true that the United States enjoyed a four-year lull in its health care inflation rate following the outbreak of merger madness in 1993. But it is not clear whether this lull was the typical temporary lull that follows a merger spree in any industry (oligopolists often keep their prices artificially low during a shake-out in order to seize market share quickly), or if it reflects a long-term reduction in health care inflation caused by the rapid metastasizing of HMO cost-control practices throughout the system.A substantial body of evidence indicates that quality of care has declined since HMOs took over, which suggests that even if HMOs have cut health care inflation it was done on the backs of patients (for the evidence indicating HMOs are damaging quality of care for the elderly, see my article in the March issue of the Monthly). Even if you think the recent inflation lull was HMO-induced, and even if you think it was achieved without damage to quality, you must still explain why U.S. health care costs are double those of the rest of the industrialized world where insurance is universal and where HMOs do not dole out health care. Anti-privacy advocates rarely speak about other countries' health care systems.The argument that patient privacy has to die on the altar of "quality assurance" is especially ironic. In the days of Marcus Welby, no one argued that it was up to health insurance companies to improve medical care by subjecting doctors to "quality assurance" reviews. "Quality assurance," a phrase borrowed from the manufacturing industry, only came into vogue in medicine with the advent of HMOs. The reason is obvious: By placing constant pressure on doctors to deny services, HMOs threaten quality of care; ergo, "quality assurance" is a good thing.This reasoning was first promoted by Dr. Paul Ellwood, the man who invented the phrase "health maintenance organization" and who convinced Richard Nixon to support the HMO Act of 1973, the law that subsidized the formation of the U.S. HMO industry. Ellwood recognized that HMO financial incentives for doctors put patients at risk of receiving inferior care. In private meetings with Nixon officials in 1970, and in a seminal article for the journal Medical Care in 1971, Ellwood argued that "competition" between HMOs would protect patients from inferior care, but only if "consumers" were given "performance reports" on HMOs which permitted consumers to distinguish the good from the bad. Thus, if HMO A's performance report showed that more of its heart patients were dying than were patients of HMO B, A would lose market share, B would gain market share, and A would either clean up its act or go out of business.There are several reasons why Ellwood's hope that "market forces" could protect patients from HMO abuse was doomed. One of the most significant is that HMO performance reports, now called "report cards," will be ludicrously expensive to prepare and publish (despite three decades of talk about report cards, useful report cards still do not exist). The most significant expense will be incurred in the course of collecting patient medical records for all or a substantial portion of the services provided to all or a substantial portion of American patients. HMO report cards require access to patient records in order to ensure that HMO "grades" are comparable. A simple comparison, for example, of the mortality rate of HMO A's heart surgeons with those of HMO B is useless if the health status of the patients seen by the two HMOs is not equivalent. Who cares if HMO A has a higher mortality rate if all of its patients are 80-year old men with serious comorbidities (e.g., cancer and depression) while all of HMO B's patients are 60-year-old men with no comorbidities?Ellwood had an answer. In a 1988 article in the New England Journal of Medicine, Ellwood called for a "massive, computerized data base" containing data on "millions of patients" that would "routinely and systematically measure the functioning and well-being of patients." Ellwood claimed that pooling patient data "on a massive scale" would not only reduce the cost of constructing HMO report cards, but would advance medical science. The patient data that report-card publishers would need would be readily available, and researchers could dip into this database at will and find out which treatments were working best. Ellwood's argument that report cards, with or without a centralized database, can protect patients in a system dominated by HMOs is preposterous. It assumes that unnamed researchers can annually evaluate the quality of thousands of different health care services provided by a half million doctors and millions of other health care professionals working for 1,500 insurance companies, that literate consumers (never mind the illiterate) have the time to read and the capacity to evaluate all these data, and that society can afford the cost of the information systems and research necessary to assemble and publish HMO report cards.But Ellwood's vision of a national patient database did not provoke ridicule or outrage. Instead, it attracted powerful adherents in the world of politics and business. In 1992, a group of business executives, including vice-presidents of GE and Prudential, and conservative intellectuals assembled by Ellwood endorsed the call for a national patient database as a means to "hold HMOs accountable" for good health care. In 1993, Bill Clinton signed on as well.By 1995, when Republicans took control of Congress, it was apparent that Republican leaders had also subscribed to the Ellwood vision. William Thomas (R-Calif.), chairman of the House Ways and Means subcommittee on health, is an enthusiastic advocate of invading patient privacy to "assure" HMO quality. At a hearing in Minneapolis conducted in 1998 by the recently disbanded National Bipartisan Commission on the Future of Medicare, Thomas condemned Minnesota's new law (one of the few in the country) requiring patient consent before providers may release medical records to third parties. He claimed it made it difficult for HMOs to prepare "quality packages" that inform consumers about HMO quality.The argument that a centralized database, or even the large regional databases now being assembled by the health insurance industry, will enhance medical research has some merit, but not enough to warrant the destruction of patient privacy. For the last 50 years, medical research has been advanced primarily by scientific experiments financed by taxpayers and private investors (typically pharmaceutical manufacturers; according to one study, HMOs devote only 0.3 percent of their revenues to research). The most reliable of these experiments use what is called "prospective" methodology, which means scientists decide prior to the experiment how to control for variables that could confound the results. Studies that examine patient records after treatment has been given are called "retrospective" studies. The methodologies of retrospective studies are usually not as reliable because numerous variables that could have influenced the results are not controlled. Most importantly, from the patient's point of view, scientists conducting prospective experiments usually get patient consent. Anti-privacy advocates argue that getting patient consent would make using a national database more expensive. They are right.It is possible to roll back the assault on privacy, but it will require reforms that will outrage the HMOs. Restoring patient privacy will require eliminating the two conditions I spoke of at the outsetÑthe proliferation of huge provider networks that share patient files by computer, and the HMO habit of seizing patient files. To eliminate the enormous computer networks, we must return control of the health care system to the smaller-scale units that dominated prior to the ascendance of HMOs. We would, in other words, have to dissolve the hospital and clinic chains into smaller, independent units. Patient records would still be held on computers, but the computers would no longer need to be linked to hundreds of other computers owned by one corporation. We could stop HMOs from commandeering patient files simply by passing a law requiring patient consent for any third party to see a medical record.Alternatively, we could set up a single-payer system in which one payer (the government) reimburses doctors and hospitals. Because insurance companies, including HMOs, would be out of the picture, and because the single-payer agency would control costs by setting limits on the price at which health services are sold, not by quarreling with doctors, the current insurer practice of demanding patient files would disappear. Because patients could see any doctor they wished, patients would drift away from the sprawling provider networks evoked by the HMO juggernaut in favor of smaller clinics (research indicates that patients prefer smaller clinics).Either of these alternatives would go a long way toward creating the kind of health care system most Americans want: a system in which doctors and patients, not HMOs, make decisions about what services patients need, and in which patients can speak to doctors without fear of having their words plastered across cyberspace.REQUIRED TAG: This article originally appeared in The Washington Monthly.