Dec 26, 2006 By Theo Francis, WSJ.com
After her fiancé died suddenly, Patricia Galvin left New York for San Francisco in 1996 and took a job as a tax lawyer for a large law firm. A few years later, she began confiding to a psychologist at Stanford Hospital & Clinics about her relationships with family, friends and co-workers.
Then, in 2001, she was rear-ended at a red light. When she later sought disability benefits for chronic back pain, her insurer turned her down, citing information contained in her psychologist’s notes. The notes, her insurer maintained, showed she wasn’t too injured to work.
Ms. Galvin, 51 years old, was appalled. It wasn’t just that she believed her insurer misinterpreted the notes. Her therapist, she says, had assured her the records from her sessions would remain confidential.
As the health-care industry embraces electronic record-keeping, millions of pages of old documents are being scanned into computers across the country. The goal is to make patient records more complete and readily available for diagnosis, treatment and claims-payment purposes. But the move has kindled patient concern about who might gain access to sensitive medical files — data that now can be transmitted with the click of a computer mouse.
The U.S. Department of Health and Human Services implemented standards in 2003 for guarding patient privacy, supplementing a patchwork of state laws. The federal standards, which grew out of the 1996 Health Insurance Portability and Accountability Act, single out psychotherapy notes for extra protection.
Critics claim that loopholes in the rules have left patient privacy under threat. Ms. Galvin, for example, discovered that when psychotherapy notes are mixed in with general medical records, the federal rules afford them no special protection. That is precisely what happened with her records at Stanford, she says.