The Erosion of Privacy

One of my favorite cartoons shows a confessional in a Catholic church, normal except for the four loudspeakers mounted on the top, facing outward to broadcast the confession to the rest of the church. I can pretty much guarantee that any such confessional would host very watered down divulgences, if any at all.

Privacy is also an essential part of healthcare services, and most especially mental health care services.

You may have seen a common pattern in the progression of a client’s disclosure: niceties, followed by minor “test” disclosures, followed by questions about privacy, followed by disclosure of the REAL issue (often accompanied by tears and downcast eyes). If, at any point in this progression, the therapist fails the privacy test, progress in treatment is delayed or thwarted.

It is an easy test to fail. Mention something about another client (even with names omitted), give advice before exploring details, or wear a facial expression of moral judgment and you get an “F.” Another way of failing is to answer this question incorrectly: “If I tell you something here, who else can find out what I say?”

Clients all need some assurance of privacy, but some are more particular than others. You may have had a client with insurance say that they would prefer to pay cash, so that the insurance company would never learn the diagnosis that you assign. It behooves us to be able to offer an honest assurance of complete privacy for those clients who value it.

We’ve seen the erosion of our privacy in general. Google and social media know more about me now than my grandmother ever learned. Facebook co-founder Mark Zuckerberg announced in 2010 that privacy was no longer the "social norm" with the implication that we should simply give up that concept.

I’m not ready to do so, at least not in the realm of mental healthcare. Perhaps I am like one of the soldiers at the Alamo in 1836, or one of the citizens affected by the blockade of Berlin in 1948. Perhaps I am now completely surrounded by privacy destroyers. But no white flag for me quite yet.

A Critique of Modern Systems: NC HealthConnex

I say all of this because there is an incursion into healthcare privacy underway here in North Carolina that may be “below the radar” for those of you living elsewhere. It is called “NC HealthConnex.” NC HealthConnex is an organization that mandates the collection and dissemination of healthcare records for certain patients, including mental healthcare records. A healthcare provider connected to this system can, on demand, retrieve any of these records on any patient. No reason for the inquiry must be given, and the safeguards for system access are about as robust as the cheap chain on a hotel room door.

In brief, to gain access to this information, a provider must sign a 42 page document saying that their office will not access this information without a good reason. How many providers do you guess read all 42 pages before signing, and think about all 42 pages each time they use the system? In contrast, how many unlicensed patient intake workers have, on their lunch break, typed “Brad Pitt” into the software to see if juicy details were available?

Are healthcare records sharing systems bad for privacy?

I agree that there are real benefits to such a system. There is value in a physician's ability to determine whether the patient in front of them has received a particular immunization, or has a history of COPD, or has asked three other physicians this week for pain medications. But psychotherapy records could safely be excluded from this interchange. In my humble opinion, little harm comes from such an exclusion. Once excluded, we could continue to honestly assure our clients that their privacy is protected.

I’ll keep the fight up here in North Carolina. If you feel as I do about this, watch out for the spread of such systems to your state.

‍