Late last year, the Medcard came to town. About the size of an ATM card, Medcards carry health care information ranging from benefits coverage to blood type to specifics about chronic health conditions. The tiny computer chips embedded in these so-called "smart cards" also allow medical professionals to exchange medical information with electronic databases that contain public health research and treatment standards for a variety of medical conditions.But the Medcard also will link its users to a growing national controversy that stacks patient privacy against the immense research and public health value of electronic databases created from medical records. With this nation's multitude of for-profit health care systems and businesses with strong financial concerns tied to health care coverage for employees, many patient's rights groups, government watchdog organizations and even some within the medical community want to know who besides your doctor is looking at your records -- and why?Private records, public viewingThe questions hit home about two weeks ago when the University of Michigan Medical Center reported that it had accidentally downloaded the scheduling records of several thousand patients onto an unprotected Internet site. The records contained names, phone numbers, Social Security numbers, employers and doctors' names, and, in some cases, even medical conditions."The technology is speeding ahead without thought of the ethical implications," said Dr. Margo Goldman of the Lexington, Mass.-based National Coalition for Patient's Rights, a nonprofit health care advocacy organization. "Patients have virtually no control and there's lots of financial incentives for insurers and industry to look at this stuff."Database supporters point to the greater efficiency, accuracy and breadth of information these databases will create for patients and doctors alike. Medcard users, for example, need merely to present their cards to doctors, pharmacists, physical therapists and others linked to the network, and up-to-the-minute medical information will appear with a single swipe through a card reader. No longer will patients have to remember details of their medical history or repeat it over and over as they move through the health care system. And, if a patient should end up in an emergency room unable to communicate, the smart card would warn doctors about potential drug conflicts or existing medical conditions."This is just the beginning of the infrastructure," said Dr. James McGauley, president of Ann Arbor-based Medcard Inc. The card was provided last December as part of a pilot program to 1,200 southeast Michigan physicians who belong to a regional group practice plan. "This technology will allow us to organize medical information, to coordinate patient records, in an unprecedented fashion."What's there, who sees itA person's medical record can include information about family health history, past problems with drugs and alcohol, treatment for depression and sexually transmitted disease. What worries many patients and patients' rights groups is that, as this sensitive information moves through the electronic universe, it could end up in the hands of employers and health insurers that may then be reluctant to hire or provide coverage to someone with a history of or potential for debilitating -- and costly -- medical problems. These critics say that promises of confidentiality, passwords and encryption systems simply won't be enough to keep these powerful interests away from the information.The fear appears justified. In a 1996 survey of Fortune 500 companies by researchers at the University of Illinois, 35 percent said they had used individual medical information to make job-related decisions. Medical information is increasingly sold for commercial purposes as well. Americans diagnosed with sensitive conditions such as infertility, for example, increasingly receive junk mail about fertility treatments in the days after the diagnosis. The National Coalition of Patient's Rights web site (www.nationalcpr.org) lists horror story after horror story in a special section entitled "Confidence Betrayed.""What happens is that people stop trusting their doctor and stop telling them everything about their health," said Goldman. "And then what good are public repositories if the information isn't accurate?"The beginningThe move to create such medical databases got a push from the government in 1996 with the passage of federal laws designed to guarantee health care insurance portability when people change jobs. The law also mandated the creation of "universal health identifiers" and huge electronic repositories of information for public health research. Both have been opposed by strange-bedfellow coalitions of detractors, including libertarians who fear invasion of privacy by the state and patient advocacy organizations which fear discrimination.Yet organizations both public and private are busily laying the framework for such broad national databases. In southeast Michigan the Greater Detroit Area Health Council, a nonprofit coalition of regional health care provider organizations and businesses, is working on a project called the Michigan Health Management Information System. The network is an "extranet," a proprietary network of regional medical data designed to work as a clearinghouse for medical information to area health care providers. Several of the region's large employers, including the Big Three automakers, are closely following the pilot program, along with area health care providers, insurers and managed care companies. "Our plan is to have the infrastructure in place and eventually link up with national data systems," said Ron Bedford, vice president of information systems for the GDAHC.Though Bedford acknowledges the confidentiality issues, he also points out that many businesses spend a huge amount of money on health benefits for their employees. Access to medical records and benefit claims allows businesses to assess the cost and medical value of care their coverage provides. Access also improves worker safety, said Bedford, by helping to ensure that people with alcohol or drug problems, heart conditions or diabetes, for example, are not operating potentially dangerous equipment. "Health care benefits are among the biggest expenditures and most difficult things to administer well," said Bedford. Why should employers cover John Q. Public's health care without being able to track costs? Bedford asks.New methods, old fearsBedford said that much of the concern about privacy and electronic medical data is unfounded and driven by a poor understanding of the technology. He also says there is nothing in the electronic record that is not available in the paper record; as with the Pony Express and the telegraph, people just don't trust the new. But Cindy Wisner, legal council for the Detroit Medical Center, is less sure. The DMC is waiting for better regulation before it steps into the "infant world" of this component of e-medicine, she said."It's not about any change in content. It's about the ease and multiple points of access that digital information is subject to, as opposed to a paper file in a cabinet in a doctor's office," said Wisner. "I think there are many opportunities for the info to be abused."Wisner also questioned the accuracy of electronic data, the preparedness of many physicians to use it effectively and even the lack of a clear definition of what elements of a patient's interaction with the health care should be considered confidential to begin with. For example, if a woman makes an appointment for an abortion, will the fact that she made the appointment be part of her record even before she's seen the doctor or decides to cancel?Government helpWhat Wisner and many patients advocates want and say patients need is federal regulation that protects patient privacy. Currently little more than a patchwork of state and federal laws are in place to regulate electronic medical data. Often these laws only apply to specific illnesses such as AIDS or psychological disorders. Even Health and Human Services Director Donna Shalala has said that there is "more protection for the records of videos you rent than for your medical records."The 1996 portability legislation originally required Congress to sort out this complex issue and introduce nationwide regulation by August of last year. Government, however, became preoccupied with the impeachment trial and is now aiming for August of 1999. In his State of the Union address last month President Bill Clinton told Americans that he will "protect the privacy of medical records this year" if Congress does not.Supporters like McGauley remains enthusiastic about the potential of his Medcard and the growing world of e-medicine. He says only eight recipients of the letter have called to ask questions about the privacy of their Medcards. Most people, he says, understand "things like banking records are available to lots of people but rarely abused."Still, printed in bold typeface about halfway through the letter is the assurance that the medical information coded on the Medcards is "secure and confidential."SIDEBAR: Sensitive recordsThe following story was taken from the "Confidence Betrayed" section of National Coalition for Patients Rights Web site (www.nationalcpr.org).A 63-year-old artist living in the Southwest, was born with male and female sexual organs. After surgery as a child, he lived his life as a male, marrying and raising three children while keeping his condition private. But two years ago he sought DNA testing for an explanation. A lab worker shared the results with her child, who attended high school with the artist's youngest daughter. "It was all over the high school. She had to leave because she was too embarrassed," said the artist of his child, who moved out of town to live with her mother.This took place, it should be noted, in the world of nonelectronic, paper records. The rights coalition argues this kind of betrayal will become more likely under the medical databases infrastructure that the government envisions. Proponents argue that databases can offer adequate, if not better, controls. -- J.S.