Behavior OnLine LAW, ETHICS, AND PSYCHOTHERAPY FORUM ARCHIVE
     
    Return to the active forum

    Re:confidentiality/ privacy of records & the least amound of info recorded
    D B Sabo · 03/11/04 at 3:12 ET

    Actions to amend records as provided by HIPPA? Well, if you want to follow this from merely the clients perspective, my feelings are, looking at the �global� perspective, in this day and age, even though there are pretty strict HIPPA regulations, many of which specifically deal with network administrators managing databases of client mental health and other health records, we live in the electronic age, with Virtual Private Netowrks, Intranets, web access, etc. These private and public networks are now holding the vast majority of this information, unless you are seeing a shrink in private practice � and even in that case if insurance is involved, therapists still have to send this info to large corporations. Eventually your records will find their way into a huge database combined with millions of other confidential records on some Linux or MS or UNIX server array maybe 2000 miles away from where you live, spinning around on some SCSI drive at 10,000 RPM into perpetuity. Much of these records are web accessible. Granted there are pretty clear guidelines as far as the security of your records is concerned with entering in private client data into databases, guidelines as to how those databases are managed, encrypted, Secure Socket Layers, encrypted passwords and password supervision, etc. etc. However in order to manage, maintain and enter in these records in any kind of an agency other than a small private practice, someone has to have access to this information no matter how secure the networks are. And the people who manage these databases are not clinicians. They are not shrinks. They are computer scientists, programmers, database people, computer geeks. Electronic technicians. Administrative Assistants (secretaries). And corporate board rooms of the insurance companies and the mental health agencies and their assistants. These are the kinds of people who will have first hand (and most of the) access to all of your private mental health records. Very few mental health workers will have access to them.

    I basically think HIPPA regulations are useless as far as electronic information is concerned. Yes there are laws, but there is no agency on the federal level or the state levels, WITH the well trained cyber cops in any numbers, to go out and enforce them. Cyber cops are chasing after terrorists and pedophiles. Bank robbers. Spies. They are not going after people who breach hippa laws, HIPPA is their lowest priority and even if they wanted to chase HIPPA violators, they would have to hire thousands and thousands of people in order to oversee these corporations and network administrators who manage your mental health data. It would take the creation of an entirely new police agency on the federal level to do it and hundreds of millions of $ too. HIPPA was a nice altruistic idea but frankly I think it is a sick joke which only purpose was to give clients a false sense of security that their personal information is safe when in reality it is not � so you have these do nothing politicians write these laws so that their constituents think they are accomplishing something. But are unwilling to make available the money to enforce the laws they write, just so they can get reelected. HIPPA is basically useless without the cops to enforce it. Rape is illegal but if cops are not there to arrest rapists then rape would in reality be legal for all practical purposes.

    And even if you did have the cops to enforce confidentiality of private records, how would they track down the offenders? The cops would have to be computer scientists, hackers better than the hackers who want to misuse your private information. Or better than executives who want to use your info for whatever reasons. Even if they were highly trained computer scientists, it is so completely easy to shuffle around electronic information these days and cover your tracks from even the most skilled, (if you have the knowledge) it�s absurd. So these politicians write these HIPPA laws, which not only are not enforced, even if they were enforced, they are in reality un enforceable. It�s completely absurd. Like Alice in Wonderland. It�s like inventing a law which would magically make all spam email go away or make the sun rise in the west and set in the east.

    Electronic information is cheap to store, no file cabinets required and data storage gets cheaper and cheaper to store, so I don�t foresee these companies realizing a need to destroy records. I think they will end up keeping them for research. Forever. Why throw out something that costs nothing to keep and takes no space? Who knows, someone might want your mental health information for historical purposes 300 years from now. And corporations never forget (unless they go bankrupt).

    No network is truly secure. Hackers can break in for whatever motives, sometimes it�s just to see if they can do it, other times they try to glean financial information, other times they want to see how secure networks are and play with the operating system to find leaks for purposes of writing patches in OS code of open source software (called gray hacking). Maybe some of them are voyeuristic and want to read your private info? Much of this is done for purposes of identity theft. Are you aware that the vast majority of the operating system software on web servers, over 60 percent, is open source? Which means that the systems were not written by and created by big corporations, but by independent programmers all over the world who write Linux operating system variants and Apache web server software for free, as a hobby?

    Anyway back to the subject, if hackers can break into the pentagon�s and the CIA computers which they have done on a regular basis, they can certainly hack into mental health records at a CMH based organization.

    The simple fact is, even if your file is small and only consists of a paragraph or two, or even if all it says is that you saw such and such a therapist on one occasion, you really have absolutely no control over your records. Legally you do, but what is legal and what actually happens are two completely different things. Once a psychologist, social worker or psychiatrist has records on you and (if he or she works at an agency of some kinds which enters in your private info into their database for billing, record keeping etc), that�s it.

    Frankly from the client's perspective, the least thing clients will be worrying about in the coming years, is not if another therapist or a client or two sees private records. They will be worrying about which file servers their records are on, who has access to them, which is just about anyone who wants access to them and knows how to get to them. A new therapist seeing records is the least of the clients worries. They will be worried about which CEO's or hackers has access to them, which can be used for just about any purposes, such as health insurance rates, whether or not some company wants to hire you, if you can get into a school, or a license, etc.

    The only truly confidential, protected record, in the information age, is one which does not exist. In my opinion.

    Replies:
    • Re:confidentiality/ privacy of records & the least amound of info recorded, by no name, 03/11/04

    Reply Index Next Previous Help



    | Behavior OnLine Home Page | Disclaimer |

    Copyright © 1996-2004 Behavior OnLine, Inc. All rights reserved.