I got a blood test recently because I’m a hypochondriac and thought that I had a thyroid issue. As with everything I try to buy, I tried to (1) maintain my privacy and (2) not sign any bad contracts.

Good luck. The health care supply chain is foundationally hostile to both of these goals. Everybody in the institutional ecosystem gets to know your name, your contact info, and what you’re there for. We’re talking about:

  • 🏦 Insurers – even if you opt to pay up front and out of pocket, you’ll be asked to consent to a background check (yes) to confirm you’re uninsured. If you have insurance, some facilities won’t permit you to pay out of pocket unless you know exactly how to navigate the system
  • 🧫 The lab. The lab bills you separately because (I shit you not) ‘we may not know ahead of time how much the tests will cost’. They mail you a bill to your house.
  • 🥼 Everyone who works at the office you’re at. As well as, potentially, anyone who walks in. During my visit, a guy walked in off the street saying ‘hey I think you gave me someone else’s exam notes’. Yes, I witnessed a HIPAA violation in the 15 minutes I was in the waiting room
  • 📱 Your cell network. An automated text hit me after I left saying they were going to refer me to a doctor. I can’t imagine that the clinic doesn’t get paid for doing this (in some creepy, rebate-esque system that complies with the letter of the law) – they basically sent me an ad and in so doing informed my cell phone company that I’d been to the doctor. Cell providers i.e. the supercookie people
  • 💉 Pharmacies. And also, pharamcies make automatic queries to insurers that are hard to turn off
  • 📧 They tried to get my email afterwards, to which they would certainly have sent some information about my visit, i.e. sharing it with google.
  • 💳 My credit card provider gets to know I went to the doctor; this is not the clinic’s fault though
  1. How should this look
  2. Payments & fraud as an excuse for lack of privacy
  3. Records as an excuse for lack of privacy
  4. Lack of private communication channel
  5. So what

How should this look

“Hi I’m here for a blood test. Here’s cash in advance, you can call me John Smith.”

“Hi John! Nice to meet you. Here’s a QR code that you can use to access your health information.”

And that’s all. No names, no addresses, no agreements for my test results to be shared with anyone in a white coat.

Payments & fraud as an excuse for lack of privacy

When I tried to pay out of pocket, the clinic required me to certify that I don’t have insurance and to provide permission for them to verify this, i.e. to do a background check. The rationale is that maybe I’m going to pay out of pocket and then try to charge my insurer for the visit.

Why is it a bad thing for me to ask my insurer for the reimbursal rather than the clinic doing it? I think it’s because the clinic has a ‘special negotiated out of pocket rate’ and the insurer could lose money if they had to reimburse at that rate. I.e. I’m paying more for up front cash.

Used car salesmen are generally ranked as the lowest of the low (c.f. ‘The market for lemons’), but even they are willing to give a discount if you don’t need financing.

Also there’s no easy private way to pay – my credit card company gets to know about the visit (and can infer things by the size of the bill). Ideally I could pay in cash but the lack of a quote in advance makes it hard to swing this.

Quoting a price in advance is a basic ingredient of market-driven society that these people are somehow unable to do. I get that the doctor can’t quote a price to fix me, but surely quoting a price before each procedure isn’t impossible?

The law is changing here, but not fast enough.

Records as an excuse for lack of privacy

‘We can’t treat you without verifying your ID because then someone else could access your records’ is an argument that only makes sense because:

  1. The institution controls my medical records, not me
  2. They’re using a username (i.e. my name) as a password

Doctors should get temporary access to my records when they need it and I should get to consent every time. If a specialist is treating me, they can get longer term access.

Lack of private communication channel

The leakage via e-mail / SMS isn’t entirely the clinic’s fault. Yes, they should give me the option to roll back in the next day and not be contacted. Yes it’s my fault for using free email. But it sucks that there’s no digital communications method that’s consistently private.

I could host my own email, I guess. My read on that has always been that everyone I interact with is on gmail so there’s no point, but institutions are an interesting exception here: my credit card company, square, every online account that I open, and this walk-in clinic are giving G information that I want to keep to myself.

I would pay for an email-like thing for secure document drops.

Cell phones are somehow not as hated as facebook despite selling my geo data directly to slime. They’re convenient but hardly private. Responsible health providers should avoid them like the plague.

So what

So what if 20 health care pros saw my name and test results?

In new york state, there are privacy and anonymity protections for some STD tests because public health people understood that the chilling effects here are real – without privacy controls, people won’t get tested, and isolated cases will turn to epidemics.

Maybe health information shouldn’t be private. Certainly it would be easier to study treatment efficacy in the wild if all health treatment info were in an S3 bucket somewhere. (Fingers crossed it isn’t; 2019, like 2018, has been the year of the unsecured S3 bucket). Would I vote for that system? Maybe, but for now people want health privacy so let’s have it.