How Do You Keep Private Private?
If the law is upheld only by government officials, then all law is at an end.
-- Herbert Hoover
In a four-part series beginning this month and running over the next several months, writer Robert Vázquez-Pacheco explores the many issues surrounding the confidentiality of medical records for people with HIV and AIDS. This month's article discusses the laws governing the confidentiality of medical information--what they are, who is allowed access to the information and for what, and attempts to limit or circumvent PWAs' privacy rights. Future installments will deal with the special privacy issues of special populations with HIV--prisoners, children and adolescents, and the homeless, for example; with medical records confidentiality in the context of the workplace and insurance; and with PWAs' legal and other recourses and patients' rights in general.
Keeping things private is never easy. Just think of trying to keep something from someone else, whether it's Christmas presents or pornography or medication. In these dot-com days, privacy is becoming an increasingly rare and increasingly valued commodity. Keeping personal information truly personal is no longer a simple task. Too many groups, like government and law enforcement agencies, advocacy groups, and various corporate entities (financial institutions, insurance companies, marketing firms, etc.) are interested in learning as much about you as they possibly can. And each of these groups, for all their talk about making your life easier, safer, or more productive, really has its own interests at heart. Whether it's controlling your access to medical treatments (insurance companies) or recording your online shopping (Internet marketing firms), it is important for these groups to know about you, your interests, and your history--credit, medical, shopping, criminal, marital, and the rest.
For anyone whose life intersects with any of the above (and that's most of us), maintaining privacy ain't easy. Anyone who has tried to keep off a mailing list knows exactly how hard this is, and there we're just talking about name and address. The stakes get higher depending on the type of information you are trying to keep confidential. By higher, I mean that the consequences of disclosure can be more serious. Not all information is for public consumption, and the disclosure of certain personal information can actually be harmful to an individual. Things like medical records, financial information, or incarceration records, for instance, are not things we want bandied about on the street. That's why there are laws that dictate what kind of information can be shared, who can get it, and what it can be used for.
HIV Confidentiality and the Law
One of those areas of protected information is HIV serostatus. Despite all the medical advances we have seen regarding HIV/AIDS, the broader society hasn't yet advanced to the level of "live and let live" in regard to this virus. Things are better, but disclosure of HIV-related information can still result in negative consequences--things like being shunned by co-workers, or being denied insurance coverage, or being dumped by a partner, or not being hired for a job, or even getting kicked out of your home. Yes, there are legal protections for HIV-positive people and people living with AIDS that are designed to mitigate the consequences of disclosure. But then, racial discrimination is against the law too.
There is no existing federal legislation about confidential HIV-related information, but there is a bill out there called the Health Insurance Portability and Privacy Act that would specify who is allowed access to personal health information. New York State, however, was one of the first states with legislation protecting confidential HIV-related information. Under New York State Confidentiality Law (Article 27-F, Public Health Law [§§2780-2787] and Title III of Article 21, Public Health Law [§§ 2130-2139]), your confidential HIV-related information can be shared only with persons whom you allow to receive that information. In other words, according to New York State law, a person may not disclose any HIV-related information about any protected individual, and that person who can't disclose is anyone who receives HIV-related information about the protected individual. This includes agencies and their staff, whether paid or volunteer, as well as individuals. A protected individual is "a person who is the subject of an HIV-related test or who has been diagnosed as having HIV infection, AIDS or HIV-related illness" (Section 6 of §2780, Definitions). (Thanks to Felix Lopez of the Legal Action Center, who took the time--cutting his lunch hour short on a beautiful spring day--to explain all this to me.)
So the law is fairly clear: Ain't nobody gonna know nothin' about your HIV diagnosis or medical records except the folks you want to disclose to. It is admirable legislation, whose laudable intent was to establish clear rules that would strictly protect the confidentiality of HIV-related information. It was hoped that the protection the legislation offered would encourage individuals voluntarily to learn their status, get appropriate medical care and treatment, and/or modify their behavior to lessen their risk of contracting or spreading HIV. It also wanted to lessen the risk of discrimination, stigmatization, and other harms caused by the unauthorized and unnecessary disclosure of this information. All very admirable, and in an ideal world this might be enough to maintain confidentiality. But that's not the case. As we all know, breaches of confidentiality happen. I will talk about these later.
Of course, the law has exceptions. The first is that disclosure is allowed if written consent has been obtained from the protected individual. That consent is a proper written consent form, or release. The law, being the law, is naturally very specific about what information that form contains. It must specifically authorize disclosure of HIV information. It must carry the name of the protected individual, the name of the information provider, the name of the recipient, the reason or purpose for the disclosure, the date, the time period covered by the consent, and finally, it must be signed. In New York State, most folks use New York State Department of Health's AIDS Institute form DOH-2557, called "Authorization for Release of Confidential HIV-Related Information."
The other exceptions fit into six specific categories and one broader one and constitute conditions or situations where disclosure is permitted.
The last and much broader category includes a bunch of exceptions not covered by the other six categories. These include reviewing and monitoring, where disclosure is allowed to certain oversight organizations or government agencies for the purposes of evaluation, monitoring, supervision, or the administration of health or social service programs; third-party payers, to the extent that the knowledge is necessary in order to reimburse healthcare providers for their services; foster care and adoption services; the physicians and mothers of newborns, who are automatically tested in New York State; authorized individuals with various criminal justice agencies that deal with parole, probation, and correctional alternatives and corrections; and sex offenders, if the victim requests the information.
HIV Confidentiality and the Law
As you can see, all of these exceptions are very specific. The legislation goes into great detail with each exception, sincerely trying to define and limit the loophole. As was said earlier, in an ideal world, this legislation might be enough. Of course, in an ideal world, HIV wouldn't be the problem it is. How safe this information is with the various entities allowed access is a different story and depends very much on the particular individuals and agencies involved.
On the nonofficial individual level, I would venture to guess that informal individual breaches of confidentiality happen in private all the time. Many people not functioning in official capacities as agents of the state or of a particular facility--friends, lovers, tricks, etc.--disclose serostatus information about friends, lovers, tricks, etc. regularly to people they feel comfortable with. This disclosure is not necessarily malicious, but I think it is situational. So-and-so's name comes up in conversation and, before you know it, oops! it's out. Depending on the communities you're part of and the behaviors within those communities, these kinds of disclosures might be considered normal. In certain communities, given the reality of the epidemic, being negative is the greater surprise. It all depends on your perspective.
For example, within a circle of friends, or even within a group of AIDS professionals (the ones who get along), an individual might learn the serostatus of various people one has never met--clients or other workers at the agency, for example, or friends of friends. Are these breaches of confidentiality? Yes. I think there may be an implicit assumption of confidentiality in these situations, but let me stress that this is conjecture on my part.
This scenario is probably shocking to some folks and perfectly commonplace to others. Disclosure is always serious and people should never disclose another's serostatus without permission. But these informal disclosures happen, and I think fairly often. Short of officially reporting each and every one, there's not much you can do to prevent them from continuing to happen. Such is the nature of human interaction--people talk. If you do want to report a breach of confidentiality, call the New York State HIV Confidentiality Hotline, (800) 962-5065. Assistance is also available from the Legal Action Center, 153 Waverly Place, New York, New York 10014, (212) 243-1313.
Confidentiality Danger Spots
To my knowledge, there have been no breaches of the confidentiality of HIV-related information in the federal government or in the New York State Department of Health. Now, in New York City, that depends on whether you consider the name of DASIS, the Division of AIDS Services and Income Supplementation, by itself a breach of confidentiality. After all, you are outed as soon as you walk through their doors. Recently DASIS had a major breach of confidentiality when the agency's Waverly Office dumped all these confidential files (containing HIV-positive clients' names and contact information) into bins that were left on the street. That's right. You heard correctly. The files were supposed to be destroyed, but in fact DASIS left them where anybody on the street could just pick up a file and read it. Scary, isn't it? Of course, this is a city agency and will suffer no greater punishment than the embarrassment it may have experienced at getting snagged. Talk about being off the hook!
The Special Investigation Unit of the New York State Department of Health says that the largest numbers of complaints about confidentiality breaches it receives occur in three areas of services: corrections, hospitals, and physicians in private practice. Marilynne Geiffert, the unit's director, remarks that there has been an increase in breaches due to carelessness and oversights. Geiffert doesn't believe these breaches are malicious. "They are slips that people make," she says. Institutions or agencies don't keep staff as briefed on confidentiality policies as they should. Confidentiality policies and procedures aren't well known. Employees forget to follow the protocol. In speaking about advocates and confidentiality, she notes, "We've eased up our diligence."
Corrections sees the largest number of complaints, which makes sense given the situation. Privacy is one of the first things you lose when you go into the prison system. All the advocates I spoke with had several anecdotes to illustrate the problem. For example, inmates are sent to particular parts of the prison during the day. They are let out of their cells and go into a bullpen. From there they are sent to the hospital (if they have to get their medications) or to a workshop, etc. An HIV-positive inmate on protease may be sent to the hospital daily to get his or her medications. He or she may have to receive and then carry all the medications around all day long. Sometimes the guard will issue a very public reminder to take the meds, thus destroying any hope for privacy. Jail is worse than a small town or a gay bar that way. Everybody notices everything. It's only a matter of time before folks figure out why John or Jane is going to the infirmary every day.
In hospitals, think about how many hands and departments a chart might pass through. From the clerks who pull the charts and move them around the hospital, to all the physicians who see the patient, to the nurses on every shift, to the various technicians and lab personnel (X-ray technicians, phlebotomists, etc.), to the billing department, to the social worker or case manager, to whatever specialist you might be seeing, to the clerks scheduling your appointments, to the administrators pulling your chart on a spot inspection/evaluation . . . . Then there's human error: Despite the strictest protocols, people put charts down while they get coffee or go to the bathroom, or they leave them open, or they misplace charts. You name it, it happens. After all, people are only human. That doesn't make it right, but it does make it understandable--not excusable, but understandable.
A doctor's office is one of those places where trust and confidentiality combine implicitly, a place where people assume they will be safe. But it is in these small offices where the policies and procedures may not be regularly enforced. You know the old, "After all, we all work here. We're all friends." Breaches happen based in expediency. Co-workers share information quickly, rather than going through the long involved process. One example: I have an HIV-positive friend who went to a dentist. To make a long story short, one of the dental assistants accidentally stabbed himself with an instrument covered in my friend's blood, and pandemonium hit the office. When my friend walked into the waiting room, all the people sitting there knew his name, knew he was positive, and knew what had happened. Now that is an uncommonly nightmarish situation, but it shows the potential for confidentiality drama in a private doctor's office.
It is almost universally believed that the level of civilization of a particular society is shown by how that society protects its less powerful members--the poor, children, the infirm, and the elderly. The HIV Confidentiality Law is one of those attempts to achieve a just and civilized society through legislation. Like all legislation, it is sometimes effective and sometimes it fails. It makes the noble attempt to mitigate some of the social harms produced directly and indirectly by the HIV epidemic. But the law cannot be more or less effective than those who use it. The welfare of the individuals it was designed to protect depends upon whether individuals and institutions use it wisely, enforce it fairly, or break it casually.
Back to the May 2000 Issue of Body Positive Magazine.
This article was provided by Body Positive. It is a part of the publication Body Positive.