Reasonable protection of patients' confidentiality has always been considered an important prerequisite for psychiatric treatment (1). The centrality of confidentiality for psychotherapy is obvious: how many patients would share their intimate thoughts and fantasies if reports of their revelations might be subject to the perusal of third parties? However, even nonpsychotherapeutic forms of treatment rely on the assurance that patients' privacy will be respected. Given the stigmatizing impact of psychiatric illness, many patients would probably avoid treatment rather than disclose to anyone their diagnoses, the medications they take, or even the fact that they are seeing a mental health professional.

Confidentiality has eroded somewhat over the years, as other societal interests have taken precedence. Thus clinicians are now required to report child abuse, to protect third parties endangered by their patients (which may involve warning victims or the police), and to offer testimony when the courts decide that an exception exists to the privacy afforded by a therapist-patient testimonial privilege (2). Although any of these breaches of confidentiality may be problematic, clinicians and patients have learned to live with them, even while struggling against further expansions in their scope. More recently, managed care companies have demanded broad access to patients' records for the ostensible purpose of managing utilization of care. Whether a reasonable compromise will be struck here remains to be seen.

More serious than any of these threats to the privacy of the consulting room, though, are proposals now circulating on Capitol Hill. Whatever breaches of confidentiality may currently be required, they at least are recognized as exceptions to the general rule that patients alone can determine when information from their treatment can be released and to whom. This rule is embedded in professional ethics, statutes, and case law, leaving clinicians who transgress its boundaries potentially subject to civil or criminal liability and to licensure or ethics proceedings. As a default rule, this traditional presumption has served us all well. Yet it is precisely this traditional approach to medical privacy that is under assault.

The lineage of this radical change in confidentiality policy is complex, dating back at least to President Clinton's national health care proposal, defeated during his first term in office. But its proximate legislative genealogy can be traced to the Health Insurance Portability and Accountability Act of 1996 (P.L. 104-191), the so-called Kennedy-Kassebaum bill. This statute was acclaimed by the health professions for its ban on "preexisting condition" exclusions in medical insurance and its requirement for partial parity in mental health coverage. However, the bill also contained a section on "administrative simplification," a phrase that has become a code word for reductions in the confidentiality of medical information.

Under the statute's terms, the Secretary of the Department of Health and Human Services (HHS), Donna Shalala, was required to submit to Congress within one year "detailed recommendations on standards with respect to the privacy of individually identifiable health information." In the process, she was ordered to consult with the National Committee on Vital and Health Statistics (NCVHS), an HHS advisory group dominated by persons involved in the health information industry. The NCVHS report to the Secretary was released in June 1997 (3). Less than three months later, the Secretary's report (4) was sent to Capitol Hill.

As an object lesson in Washington doublespeak, the 90-page report is well worth reading. One of the five principles on which the recommendations are based is "consumer control." It turns out, however, that "control" means something different inside the Washington Beltway than in the rest of the country.

Under this provision, the report explains, "Patients should be able to see what is in their records, get a copy, correct errors, and find out who else has seen them." Most privacy experts would describe these provisions as dealing with access, amendment, and monitoring of disclosures. Control traditionally has meant determining whether or not medical information will be released to third parties. Yet that is precisely the right that is taken away from patients in the Shalala proposal.

"We recommend that the traditional control on use and disclosure of information, the patient's written authorization, be replaced by comprehensive statutory controls on all who get health information for health care and payment purposes," says the report. Among the circumstances in which disclosure could occur without patients' consent are when information is being released to other caregivers and to obtain payment for treatment. Although the report suggests that patients should be given the opportunity to object to a disclosure, it does not require that they be informed in advance of a disclosure being made. Indeed, the thrust of the report is precisely the opposite: disclosures will be routine, unless patients have the foresight and gumption to object.

Routine disclosures to other caregivers are likely to be particularly disconcerting to psychiatric patients, many of whom do not want their general physicians to know that they are receiving mental health care. Patients often complain that their physical ailments are not taken seriously when general medical personnel know that they are "mental cases." But other classes of patients are likely to be affected as well. A survey of adolescents revealed that half would elect not to seek care from their regular physicians related to pregnancy, AIDS, or drug or alcohol problems (5). This is a high-risk population that is likely to be dissuaded from seeking any care at all if the confidentiality of their contacts is threatened.

Release of information to third-party payers is something that most Americans take for granted. But permitting such release without consent removes an important means of control over what is disclosed. Patients whose employers monitor utilization of self-insurance plans might rather pay out of pocket than have confidential medical information available to their bosses. Unless they act affirmatively and quickly to block release, however, such disclosure will be automatic. Nonconsensual release also means that patients will be unaware of exactly how much information is being turned over to managed care companies, many of whom are now demanding actual copies of patients' entire charts.

For what other purposes would release without consent be permitted? Among many such provisions, access would be available to public agencies concerned with health (even, the report suggests, the Nuclear Regulatory Commission), private standard-setting groups, researchers who claim that no other way exists of conducting their studies, next of kin, and even anonymous callers to hospitals' patient information directories. Physicians would be allowed to inspect any patient's record to learn more about treating a rare disease, and they could access the records of all persons in the same family or household "to assist in the diagnosis of conditions that may be contagious or that may arise from a common environmental factor."

Access of law enforcement officials to medical records received the most attention when Secretary Shalala's report went to Congress (6). Holders of records (including insurers) would be able to release data in a large number of circumstances, including "to determine whether a crime has been committed"; to assist in finding victims, witnesses, suspects, and fugitives; and whenever a law enforcement official or "an official of the U.S. Intelligence Community" states that the information is needed for a legitimate purpose. There are no limitations in most of these cases on how the information released might then be used, leaving open the possibility that it may be utilized for prosecution of the patient.

Why, in the words of a New York Times editorial, is Secretary Shalala "trifling with medical privacy" (7)? The Secretary's recommendations must be seen in the context of a broader plan for the creation of a "health information infrastructure" that grew out of the Clinton health reform initiative (8). Such a system would link regional databases containing information on every patient encounter into a national computer system. Advocates of such a system point to vast benefits in measuring quality of care, holding down costs, reducing paperwork burdens, and facilitating research. Whether any of these benefits would accrue is uncertain, but two prerequisites must exist before such a system can be constructed.

First, there must be a means of linking all the data about each person in a single file. To allow such linkage, each of us would have to have a unique identifier, similar to a Social Security number. Not many people noticed that the Kennedy-Kassebaum legislation charged the Secretary of HHS with developing "unique health identifiers," a task the NCVHS is working on at this writing.

Second, patients must be stripped of control over their medical information. Not only would getting patients' consent before entering information into a huge computer database be time consuming, but it seems likely that, given the choice, many (perhaps most) patients would decline to allow their private medical information to be used in this way. This, then, is the hidden agenda behind the current HHS proposals: abolish the presumption that patients must consent to release of information so that the requirement for consent does not stand in the way of constructing the data banks.

The power of the forces supporting the Shalala recommendations should not be underestimated. Computer hardware, software, and data management companies stand to garner billion-dollar contracts to create and manage the system. Insurers, managed care companies, and the marketing industry, among others, would love to have access to the data. But the risks are enormous. As one of the advocates of a health information infrastructure admitted, "The sheer number of authorized users, the potential for lawful access without explicit authorization, and the threat of fraudulent access render it virtually impossible to ensure significant levels of privacy for patients under the national information system contemplated."

If the rush to amass identifiable health information about all of us is to be slowed, the public at large will need to be alerted to these risks. Otherwise, Congress is likely to charge ahead into a brave new world largely bereft of medical privacy.

Dr. Appelbaum, editor of this column, is A. F. Zeleznik professor and chair of the department of psychiatry at the University of Massachusetts Medical School. Address correspondence to him at the Department of Psychiatry, University of Massachusetts Medical Center, 55 Lake Avenue North, Worcester, Massachusetts 01655.