"What's happening with my son?" a woman on the other end of the phone asked me. I wasn't sure what to say. I was training to be a psychiatrist and was treating him -- a young man in his early 20s. I had never met her, and sensed they had a strained relationship. But didn't she, as his mother, have a right to some information? This was a few years before the Health Insurance Portability and Accountability Act took effect in 2003.
"I would be happy to meet with you in person to talk about him," I somehow managed to stumble out. "But I don't feel comfortable saying anything over the phone." I figured that delaying her in this way would buy me time to speak to her son and senior doctors about what to do.
In some ways, it is hard now, when all of us routinely sign privacy forms when visiting the doctor, to imagine that time. It seems another era.
Occasionally, fellow physicians also used to mention celebrity patients they or others had treated. I confess I found myself interested to hear about movie stars who had psychiatric problems. I heard how one famous TV star would hide under his hospital bed. I was shocked. But these divulgences also made me a bit uncomfortable, like I was looking at someone's dirty laundry. I was.
Luckily, things have changed in many ways.
But the tragic death earlier this month of Jacintha Saldanha, the British nurse who believed that two journalists calling about Kate Middleton, the Duchess of Cambridge, were Queen Elizabeth and Prince Charles, and who then committed suicide, reminded me of these issues.
Reportedly, she had taken the call and passed it onto another nurse, who provided information.
We in the U.S. might dismiss the incident as something that happened in another country, and thus doesn't concern us. We are fortunate here to have HIPAA.
But I think some problems remain.
The call for medical confidentiality dates back to at least Hippocrates, who wrote, "What I may see or hear in the course of the treatment or even outside of the treatment in regard to the life of men, which on no account one must spread abroad, I will keep to myself."
Yet medical staff have continued to speak about patients when they shouldn't. In a 1995 study, researchers took 259 one-way hospital elevator rides and overheard 39 inappropriate comments on 36 rides (13.9 percent). Half the comments -- by doctors and nurses -- violated patients' confidentiality. The other half included staff complaining about their jobs, other employees, and patients. ln an emergency room, a 1997 study reported that breaches of confidentiality occurred for more than 53 percent of patients. "Mr. 'Y' is a pain in the ass," one health care provider was overheard saying.
Hopefully, HIPAA has reduced these violations.
But in 2008, UCLA found that dozens of hospital staff had peeked into the medical records of celebrity patients, including Maria Shriver, Farah Fawcett, and Britney Spears, when these employees were not involved in these patients' care. Such violations have occurred at other institutions as well.
The rise of electronic medical records and transmission of information through email and the Internet makes it easier in some ways to access information about patients.
Several major institutions have thus wisely set up "firewalls" when VIPs are admitted -- choosing "code names" for them that only staff immediately involved in the patient's care are told. Staff who type a VIP's real name into the hospital's computer system, seeking information when they are not involved in the patient's treatment, have been reprimanded or suspended.
These breaches are part of a larger problem -- VIP syndrome -- a major ailment in hospitals. Celebrities may get worse care because staff bend over backward to provide extra attention and lose objectivity, and the media seek and publicize information.
The spread of genetic information further raises these concerns. Increasingly, patients' full DNA is being sequenced, revealing mutations for a wide variety of diseases. Subtle health discrimination persists. At times, people have told me that they have revealed genetic and other health information -- to "work friends," co-workers, bosses, and others -- and that they were later "passed over" for promotion (not fired, but not advanced). Companies selling life, disability, and long-term care insurance can also legally seek this information and use it to determine eligibility for coverage. Though some laws exist, more protection is needed.
Facebook users -- especially young ones -- routinely post potentially-compromising photos and information about themselves that employers and others at times seek. I have at times Googled people I have thought of hiring. These users often haven't thought about the future harms that might ensue.
Mrs. Saldanha's death makes me think about things I have seen and done.
With the rise of electronic medical records, threats to privacy may be mounting. These days, health information, once divulged, cannot be undisclosed and takes on a life of its own. Tabloid journalists seek it, and health care employees may share it when they shouldn't.
Patients and health care providers may send health information via email, which can be hacked. (Cyber vandals have, after all, entered even corporate and government websites.)
Most importantly, as health care providers, patients and family members, I think of what we can each do -- how tempting it is to hear about and spread information, and how much we need to resist that.
We are not all royalty, but we do deserve medical privacy. I have seen both sides and continue to be amazed how much more careful we need to be.
Note: This piece appeared in a slightly different form in the Hasting Center's Bioethics Forum.
For more by Robert Klitzman, M.D., click here.
For more health news, click here.