NEGATIVE — MEDICAL — SOLVENCY 249

INFORMED CONSENT PROPOSALS WILL FAIL

EVEN LEGISLATIVE BACKUP FOR INFORMED CONSENT WILL NOT PROTECT PRIVACY

Robert Gellman, Privacy and Information Policy Consultant and Fellow of the Cyberspace Law Institute, "Personal, Legislative, and Technical Privacy Choices," VISIONS OF PRIVACY: Policy Choices for the Digital Age, 1999, EE2001 -JGM, p.1 34

Even if informed consent were supplemented with legislatively imposed protections, the routine signing of consent forms might still result in the waiver of those protections. For example, assume that legislation restricts non-consensual secondary uses by insurance companies. If a consent form provided by an insurance company waives this restriction, then the intended statutory protections will be unavailable. of course, legislation can limit the ability of an insurance company to obtain waivers of rights granted under a health records bill. But it may not be possible to foresee and close all loopholes. In any event, if legislation restricts the ability of a patient to vary the terms of a 'consensual' disclosure, the result may be much the same had a non-consensual disclosure policy been in effect. Regulating disclosure and use of health records is a challenging task, whether or not patient consent is routine.

INFORMED CONSENT FAILS BECAUSE IT ACTUALLY DECREASES PATIENT CONTROL

Robert Gellman, Privacy and Information Policy Consultant and Fellow of the Cyberspace Law Institute, "Personal, Legislative, and Technical Privacy Choices," VISIONS OF PRIVACY: Policy Choices for the Digital Age, 1999, EE2001 -JGM, p. 133-4

The paradox of informed consent is that giving the patient more of a say in the disclosure of health records for payment can result in the patient having less actual control. The current informed consent process protects the interests of everyone except the patient. Consent forms are often written by insurance companies and typically allow broad disclosure and unrestricted use by recipients. Some health or automobile insurance policies make consent to disclosure a condition of coverage. This type of consent is obtained without any effective notice to patients because the requirement appears in the unread fine print of an insurance policy. When consent is obtained concurrently with a visit to a health care provider, the provider who collects the signature also has an interest in broad use and disclosure. The provider wants to be sure that it can make disclosures necessary for payment and other purposes as well, including management, teaching, and research. No one looks out for the interest of patients, and patients cannot protect their own interests effectively.

INFORMED CONSENT DOCTRINE HAS TOO MANY EXCEPTIONS

Robert Gellman, Privacy and Information Policy Consultant and Fellow of the Cyberspace Law Institute, "Personal, Legislative, and Technical Privacy Choices, VISIONS OF PRIVACY: Policy Choices for the Digital Age, 1999, EE2001 -JGM, p.1 33

Another problem with the consent model is the need for many exceptions. Many who use health information obtain access without patient notice or consent. This includes a wide range of health care and other institutions not directly engaged in treatment, such as public health agencies, health researchers, accreditation authorities, auditors, licensing authorities, peer reviewers, cost containers, law enforcement agencies, and others. When a patient is asked to consent - principally for payment - there is little real choice. For many other uses, a patient has no say at all. Many non-consensual disclosures are mandated by law, regulation, or contract. For the most part, therefore, patient consent is little more than a convenient illusion.

EVEN IF HEALTH RECORDS AREN'T THE TYPICAL CASE, THEY CLEARLY SHOW THE FAILINGS OF RELYING ON INFORMED CONSENT

Robert Gellman, Privacy and Information Policy Consultant and Fellow of the Cyberspace Law Institute, "Personal, Legislative, and Technical Privacy Choices," VISIONS OF PRIVACY: Policy Choices for the Digital Age, 19 9 9, EE2001 -JGM, p. 130-1

In many respects, health records are not representative of all thirdparty records. Health information is generally acknowledged to be more sensitive than most other personal information maintained by thirdparty record keepers. The structure of the U.S. health care system differs significantly from other industrialized countries, with many separate institutions playing a major role in the United States. Legal protections for the confidentiality of health records in the United States are sporadic, incomplete, and out of date. 3 Federal laws only cover narrow categories of records (that is, alcohol and drug abuse records) or records maintained by or for federal agencies. For most health records, legal protections can only be found in state laws, and these laws vary considerably in scope, quality, and recency. Partly because of this sensitivity, administrative complexity, and legal uncertainty, informed consent has been generally accepted as a core principle for regulating the disclosure of health records. The medical establishment and others rely on the notion of informed consent, irrespective of the reality or practicality of the choice presented to the individual. Although health records may offer something of a 'worst case' example, they most clearly illustrate the limitations and consequences of informed consent.