Fundraisers use patient data

Fundraising to benefit medical institutions is allowed under federal law.

San Francisco Chronicle

SAN FRANCISCO — Joan Broner, like many people, never reads the fine print at her medical appointments.

As a consequence, the 58-year-old San Francisco resident, who has arthritis, regularly receives solicitation letters at home from several local hospitals. The letters infuriate her.

“It feels like an invasion of privacy,” she said. “If I’m sick and I go to a doctor, I don’t want them telling anybody about it. My disease is not for sale.”

When patients check into hospitals or doctor offices, they presume their information will be kept in strictest confidence, but often, amid the pile of papers, they overlook fine print describing how their personal information can be farmed out for fundraising.

Hospitals and other health care organizations widely use patient information, without patients’ explicit permission, to raise funds. To the dismay of privacy-rights advocates and some in the medical field, fundraising to benefit medical institutions is allowed under federal law.

Patients can opt out — after the fact.

Critics say the practice of soliciting donations from current and former patients symbolizes the erosion of personal privacy in contemporary life.

To privacy advocate Dennis Melamed, the federal law has an egregious loophole.

“It’s a big surprise to patients just how far and wide their data is going,” said Melamed, editor of the Health Information Privacy/Security Alert, a trade newsletter.

With a third of the nation’s hospitals operating in the red and another third struggling to break even, fundraising has become an increasingly critical endeavor.

In 2006, $8 billion was raised through philanthropy by U.S. hospitals, medical centers, hospices and long-term-care facilities, an 11 percent increase over the previous year, says the Association for Healthcare Philanthropy, a not-for-profit organization that works with health care fundraisers.

Many hospitals rely on fundraising — what some development experts call “high touch direct mail” — to finance costly new equipment.

“It is part of our culture in America,” said Bill McGinly, president and chief executive of the philanthropy association. “Universities and colleges have access to student records. Grateful patients are our alumni.”

Implemented in 2003, federal patient privacy provisions have made fundraising more restrictive, McGinly said.

“Before, our members had access to patient records,” he said. The law set limitations. If a medical center wants to do targeted mailings to cardiac patients, for example, to help fund a new heart center, the patients’ direct authorization would be needed.

Research Professor Joy Pritts of the Center for Medical Record Rights and Privacy at Georgetown University’s Health Policy Institute said the limitations are not enough. A more “respectful” approach would require a patient’s explicit consent before the patient’s data can be used for fundraising, she said.

Pritts said patient privacy “is about more than improper disclosures; it is also about patient control over how their information is to be used.”

Patient privacy consciousness has heightened in recent years, say experts, in part because of the electronic explosion of information sharing.

Joanne McNabb, chief of the California Office of Privacy Protection, said that, as a basic principle, “information collected for one purpose shouldn’t be used for another without specific consent. If you are going to use it for a secondary purpose, you should disclose it.”