Confidentiality of social work records in the computer age.
Gelman, Sheldon R. ; Pollack, Daniel ; Weiner, Adele 等
Privacy is a fundamental right guaranteed to all Americans under
the first, fourth, and 14th amendments of the Constitution. Individuals
have the right to be secure in their person and property. This provision
includes not only one's material possessions, but also personal
information about one's beliefs, relationships, finances, and
medical and psychiatric conditions. Although government and professional
organizations have gone to great lengths to protect the privacy of
individuals and to safeguard the personal information that has been
collected, this type of personal privacy today may be more myth than
reality. This article explores the threats to privacy and
confidentiality and the importance of information protection and makes
recommendations to help ensure client confidence in social workers in
the computer age.
Privacy, Confidentiality, and Privileged Communication
The concepts of confidentiality and privilege often are used
interchangeably. Confidentiality is a broader and more inclusive concept
that is designed to assure clients that what they tell a professional
will be used responsibly. Privilege, on the other hand, is a special
status granted by law to certain professional relationships (Perlman,
1988; Polowy & Gorenberg, 1997; Watkins, 1989). The concept of
confidentiality is a subcategory of privacy. Rooted in law, it ideally
serves as the basis of intimate or therapeutic relationships and
reflects the tension between the values of autonomy and well-meaning
paternalism (Lindenthal, Jordan, Lentz, & Claudewell, 1988).
Confidentiality is synonymous with the notion of trust and is an
integral tenet of professional codes of ethics that regulate the
disclosure of information obtained in the course of professional
interactions (Gostin et al., 1993; Gothard, 1995; Houston-Vega,
Nuehring, & Daguio, 1997; Kluge, 1994; Lawrence, 1994; Williams,
1995-96). The recently revised Code of Ethics (1996) of the National
Association of Social Workers (NASW) contains 19 items pertaining to
client privacy, confidentiality, consent, and information disclosure
under Standard 1.07 "Privacy and Confidentiality." These items
guide social workers' interactions with clients. Whatever
definition of confidentiality is used, "the principle of
confidentiality between . . . professionals and clients . . . is well
established. Ethical and functional guidelines dictating the application
of confidentiality and privileged communication are critical for the
relationship to be successful" (Pollack, 1997, p. 89). The
maintenance of confidentiality is designed to foster interaction and
protect clients from the accidental or intentional disclosure or misuse
of recorded information. Violations of confidentiality threaten
therapeutic relationships.
The clearest statement by the courts relating to therapeutic
privacy and privileged communication for social workers occurred in
1996. In the landmark case Jaffee v. Redmond (1996), the Supreme Court
determined that under the Federal Rules of Evidence, a licensed clinical
social worker's notes and records written in the course of
diagnosis or treatment are protected against involuntary disclosure by a
psychotherapist-client privilege. Like the spousal and attorney-client
privilege, the psychotherapist-client privilege is "rooted in the
imperative need for confidence and trust" (Trammel v. United
States, 1980, p. 51). The court determined that
social workers provide a significant amount of mental health
treatment. Their clients often include the poor and those of modest
means who could not afford the assistance of a psychiatrist or
psychologist, . . . but whose counseling sessions serve the same public
goals. Perhaps in recognition of those circumstances, the vast majority
of states explicitly extend a testimonial privilege to licensed social
workers. (Jaffee v. Redmond, 1996, p. 1926)
The Supreme Court agreed with the lower court that "drawing a
distinction between the counseling provided by costly psychotherapists
and the counseling provided by more readily accessible social workers
serves no discernible public purpose" (Jaffee v. Redmond, 1996, p.
1358, note 19; see also Alexander, 1997; Schwartz, 1989).
If a client agrees that confidential information may be shared, the
client's agreement must be obtained in the form of "informed
consent." This can be done explicitly or implicitly, in writing,
orally, or by conduct. Acquiring consent has its own set of
hypotheticals and uncertainties and becomes more complicated when
children, clients with severe emotional or psychiatric disorders,
elderly people, or clients adjudicated "incompetent" are
involved. Coercion, family or peer pressure, or perceived pressure by
the social worker may complicate and confuse the consent process further
and bring about another set of problems.
Levels of Confidentiality
Confidentiality exists in degrees: absolute and relative.
"Absolute confidentiality" requires that the treating
professional not divulge confidential material under any circumstance.
In theory, absolute confidentiality may exist; in practice it does not.
Although NASW, in its Code of Ethics (1996), addresses the issues of
privacy and the limits of confidentiality, it is not as explicit as the
American Psychological Association (APA). APA, in its guidelines for
record keeping, explicitly acknowledges that "no record is free
from disclosure all of the time, regardless of the wishes of the client
or the psychologist" (Canter, Bennett, Jones, & Nagyn, 1994, p.
207).
For information to be protected absolutely, it should never be
written into a record or case file, discussed orally or electronically
with another party, or entered into a computer database. APA has adopted
the principle that "if confidential information concerning
recipients of psychological services is to be entered into databases or
systems of records available to persons whose access has not been
consented to by the recipient, the psychologist should use coding or
other techniques to avoid the inclusion of personal identifiers"
(Canter et al., 1994, p. 194, [section] 5.07).
But even with such precautions, unless a statute granting privilege
to the relationship exists, an individual can be compelled to disclose
confidential information. Therefore, when reference is made to
confidentiality, it usually implies "relative
confidentiality," which can be breached under certain defined
circumstances (for example, child maltreatment, an imminent physical
threat to a third person, or a client who is suicidal). The level of
confidentiality of the professional relationship is determined by the
social worker's role in that relationship (Schultz, 1991). "It
is therefore important that social workers be clear as to what their
professional role is and be able to communicate that role to those with
whom they are working. Their role must be disclosed at the start of the
professional relationship to ensure that the level of confidentiality in
the relationship is understood" (Pollack, 1997, p. 200).
Pragmatically, confidentiality is not an absolute right but a
public policy goal that must be balanced against other social goals
(Brannigan, 1992).
Computerized Data
Although the discussion so far has focused on primary,
relationships, the requirements of confidentiality also apply to
information derived from a relationship and later recorded or entered
into a database. Therefore, the need to safeguard and protect
information extends to all forms of documentation. Violations of
confidentiality and invasions of personal privacy increase
exponentially, as do the number of individuals or organizations that
have potential access to recorded information (Bernstein, 1997; Grady,
1997; Hawkins, 1997; Pear, 1997c, 1997d, 1997e; Washburn, 1997). As
early as 1977 the Supreme Court was concerned about the inherent danger
associated with confidentiality and computerized information systems. In
his concurring opinion, Justice Brennan wrote prophetically: "The
central storage and easy accessibility of computerized data vastly
increase the potential for abuse of that information, and I am not
prepared to say that future developments will not demonstrate the
necessity of some curb on such technology" (Whalen v. Roe, 1977, p.
7).
Computerization of personal information potentially opens the door
to the demise of privacy and to erosion of the foundation of helping
relationships. The rapidly developing computerization of information,
including the gathering, manipulation, classification, storage and
retrieval, and sale of recorded knowledge, leaves all parties
vulnerable. The following recent examples are illustrative:
* The confidential medical records of more than 400 patients at a
county hospital were illegally made public by county officials in trying
to find a private operator for the hospital. The personal information
that was retrieved from computerized files was contained in seven
volumes distributed by the officials as part of a request for proposals
from prospective bidders. The information included the patients'
last name and first initial, the time of treatment, a code indicating
the type of treatment, and the cost. Whether or not the records
disclosed constitute health records will be determined in a court of law
(Morley, 1997).
* 2,000 patient records from a pharmacy in Arizona were still on a
computer purchased at an Internet auction. All the software the pharmacy
had used for record keeping was still on the computer's hard drive,
including patient names, addresses, social security numbers, and a
chronological list of all prescriptions filled at the pharmacy (Markoff,
1997).
* A Maryland banker who served on a state health commission
accessed a list of every cancer patient in his area and checked it
against the names of customers at his bank. He rescinded the mortgages
of his customers who had a cancer diagnosis (Breitenstein & Nagel,
1997).
* In April 1997 the Social Security Administration touched off a
firestorm when it introduced an Internet site through which individuals
could gain access to their earnings records. Critics contended that the
required identifiers could give ex-spouses, relatives, prying neighbors,
and others immediate and easy access to sensitive information (Lewis,
1997). Although the Social Security Administration will soon be back
online, a person's earnings history will not be available over the
World Wide Web, and a more elaborate authentication process will be used
(Pear, 1997a, 1997b).
* According to a special report in the September 15, 1997, edition
of the New York Times, "electronic dossiers have become the common
currency of computer-age sleuths, and a semi-underground information
market offers . . . private telephone records, credit card bills,
airline travel records, and even medical treatment histories"
(Bernstein, 1997, pp. A1, A20).
In short, when the number of people who have access to electronic
confidential medical or mental health information becomes so large, is
the information still confidential? What can be done to ensure privacy
once personal information enters a database?
Guidance in Protecting Privacy and Confidentiality
The Federal Privacy Act of 1974 is the model for protecting
individual privacy. It contains guidelines and procedures for
safeguarding information obtained and specifies consent and review
provisions before the release or sharing of recorded information for
federal agencies and agencies receiving federal funds. Various
professional organizations and accrediting bodies have incorporated
similar principles of privacy and confidentiality into their standards
and codes of ethics.
The new NASW Code of Ethics (1996) devotes considerable attention
to the issues of privacy and confidentiality. Unlike the previous code,
specific attention is given in Standard 1.07 to written and electronic
records:
(1) Social workers should protect the confidentiality of
clients' written and electronic records and other sensitive
information. Social workers should take reasonable steps to ensure that
clients' records are stored in a secure location and that
clients' records are not available to others who are not authorized
to have access.
(m) Social workers should take precautions to ensure and maintain
the confidentiality of information transmitted to other parties through
the use of computers, electronic mail, facsimile machines, telephones
and telephone answering machines, and other electronic or computer
technology. Disclosure of identifying information should be avoided
whenever possible.
(n) Social workers should transfer or dispose of clients'
records in a manner that protects clients' confidentiality and is
consistent with state statutes governing records and social work
licensure. (pp. 11-12)
Medical providers, like social workers and psychologists, have a
duty to promote, ensure, honor, and uphold confidentiality. The American
Medical Association's (AMA) Code of Medical Ethics (1994) states
that "information disclosed to a physician during the course of the
relationship between donor and patient is confidential to the greatest
possible degree" (p. 8). Similarly, the 1995 accreditation
standards of the Joint Commission on Accreditation of Health Care
Organizations (JCAHO) are clear on the need to protect patient privacy
(JCAHO, 1995). Records must be kept confidential, secure, and free from
unauthorized access. The Council on Accreditation of Services for
Families and Children (1997) devotes an entire standard (G7) to the
protection of confidential information regarding people served. Standard
G7.6.03 requires organizations seeking accreditation to have policies
protecting the security of all case records from unauthorized access.
Although these behavioral mandates provide guidance to professionals
employed in various organizational contexts along with those
organizations' own written enforcement procedures, compliance and
enforcement are not guaranteed. When breeches occur, courts are
available to resolve disputes, but only in the context of a lawsuit
brought by "adversaries." As electronic access increases there
is a need for more stringent guidelines, enforcement, and real
sanctions.
Recent Legislative Reform and Resultant Problems
The recently enacted Health Insurance Portability and
Accountability Act (1996) (P.L. 104-191), introduced by Senators Kennedy
and Kassebaum, calls for the standardization of all medical information
compiled by doctors, hospitals, health plans, and insurers about their
patients ("Privacy of Health Data Eyed," 1997). The
legislation also requires the use of "universal patient
identifiers," which create the potential for a nationwide linking
of all patient files. Although this legislation has a number of
administrative benefits, it also poses major threats to personal
privacy.
Unlike the current requirement for patient consent before release
of information, the proposed sharing of information does not require the
consent of the patient. According to Representative McDermott of
Washington State, "What this means is that whatever medical
information is collected on people can be used for or against them,
depending upon who asks for it" (Spragins & Hager, 1997, p.
84).
A panel of the National Research Council cited in a recent report
the lack of security of medical records and cautioned about the danger
of growing electronic fries containing personal information (Leary,
1997). The Clinton administration has until late 1999 to develop
"fair information practices" to ensure the confidentiality of
medical records (Breitenstein & Nagel, 1997). However, it appears
that the regulations will broaden law enforcement officials' access
to medical records without restrictions on use or redisclosure rather
than ensure confidentiality (Pear, 1997c). Under the proposed
provisions, law enforcement officials would not have to obtain a court
order to obtain access to medical information or notify a person that
they are seeking his or her medical information ("Trifling with
Medical Privacy," 1997). There would be no opportunity for
individuals to challenge the disclosure, even though the information
obtained may be inaccurate or could be used against the person in
investigations or prosecutions. The proposed regulations, however, would
require an audit log of disclosures. Individuals damaged by improper
disclosure may be able to file lawsuits in federal court to obtain
compensation (Pear, 1997c).
In a similar way, to facilitate the enforcement of child support
obligations, the federal government will launch a computerized directory
listing every newly hired person by every employer in the country. This
follows successful efforts by a number of states to track and collect
support payments from deadbeat parents. The Internal Revenue Service,
the Social Security Administration, and the Justice Department will have
access, along with state welfare and child support officials (Pear,
1997e).
Recent attempts to provide protection for health care consumers
have not been successful. However, there are several efforts under way
to resolve this problem. The Fair Health Information Practices Act
(1997), which was introduced by Representative Condit (D-CA), includes
provisions that would limit disclosures of medical records and would
require health care providers to create records of disclosures made
("Electronic Threats to Medical Privacy," 1997).
Representative Tauzin (R-LA), chair of the House Commerce
Committee's Telecommunications Subcommittee, has introduced a bill
that would bar companies from disclosing or using without consent
people's medical and financial records, as well as government
information such as social security numbers, that are available online
(Associated Press, 1997). Senator Bennett (R-UT) is planning to
reintroduce a Medical Information Confidentiality Act similar to his
1995 legislation (S. 1360) that would establish federal standards for
the confidentiality of health care records ("Confidentiality Threat
Prompts Call to Action," 1997).
Although access to health records is available to strangers, there
is currently no federal statute that provides an individual with the
right to gain access to or review his or her own health records.
Although 34 states have enacted laws covering the use and dissemination
of health information, only 28 explicitly protect and ensure the rights
of patients to review their own records and to correct any errors they
find (Leary, 1997).
As we await government action to ensure privacy, the range of
entities that possess information about individuals continues to
increase. Health information, like other information about individuals,
has become a desirable commodity that increasingly is being used to make
key decisions affecting all aspects of life. Quittner (1997), in a Time
magazine article entitled "Invasion of Privacy," indicated
that "at least a third of all Fortune 500 companies regularly
review health information before making hiring decisions" (pp.
31-32).
Companies . . . no longer hesitate to seek information on what was
once assumed to be the private side of workers' lives. More than
one third of the members of the American Management Association, the
nation's largest management development and training organization,
tape phone conversations, videotape employees, review voice mail, and
check computer files and E-mail. (Hawkins, 1997, p. 56)
In a special report on "Managed Care and Mental Health,"
Washburn (1997) noted that "managed-care companies that oversee
mental health benefits have a voracious appetite for all kinds of
information, and that can mean that confidentiality - the key ingredient
in any therapeutic relationship - is sometimes left on the shelf"
(p. A1). Panelists participating in the recent National Information
Systems Conference indicated that it will be difficult to come up with
standards for the security of health records, further jeopardizing
therapeutic relationships ("Privacy of Medical Records May Be
Elusive," 1997).
Confidentiality Breaches in Cyberspace
With increased interest, availability, and use of communication
technology come increased risks to personal privacy and to therapeutic
relationships. Electronic medical records are extensions of the
individual therapeutic relationship and must be afforded the same
respect and protection as that relationship. According to Kluge (1994),
electronic medical records should be treated ethically as
"patient-analogues in information space" (p. 24). A growing
threat involves the compilation of information about an individual via
the Internet. The amount of personal information potentially available
on the Internet complements the information held by credit bureaus,
health and managed care companies, automobile and life insurers,
marketing organizations, libraries, cable companies, utility providers,
and toll authorities using electronic collection systems. Whenever an
individual fills out any type of application, orders by mail, fills in a
manufacturer's warranty card, subscribes to a magazine, completes a
marketing or a user survey, or enters a sweepstakes, his or her wants,
needs, aspirations, and habits find their way into someone's
database. The majority of this information is provided by the user or
consumer. Although efforts are made to protect this information, as
evidenced by notifications accompanying various bills or statements,
these are essentially voluntary efforts. The sheer number of databases
and points of entry into entire data systems leaves everyone potentially
vulnerable. Any minimal number of identifiers (for example, name, date
of birth, social security number, or address) can be used by someone
with the interest, desire, and technology to become intimately
knowledgeable about a social worker or the clients a social worker
serves. Those who exchange information on the Internet should recognize
that all such communications are public (Butterfield & Schoech,
1997). As might be expected, this information is of value to the
Internet providers, marketers, and individuals or organizations who
specialize in information gathering. Such information may be sold, used
for advertising campaigns, or used for designing services, or it can be
used to exclude individuals from insurance coverage.
In a similar way, the increasing use of e-mail by social workers
and other professionals raises additional concerns about client privacy.
Materials sent through the U.S. mail may not be reviewed by anyone
except the intended recipient, but information sent by e-mail has less
protection. In 1986 Congress revamped the Electronic Communications
Privacy Act of 1986 (ECPA) (P.L. 99-508), legislation originally enacted
in 1968 to prevent telephone wiretapping. Although the ECPA was amended
to cover all forms of digital communications, this legislation does not
adequately protect the privacy of users of e-mail.
Many employees don't realize that the law recognizes little if
any privacy protection in electronic mail sent or received by an
employee on their work accounts - even if the mail is personal and not
work-related. While the "Omnibus Crime Control and Safe Streets Act
of 1968" prohibits employers from eavesdropping on the private
phone conversations of their employees at work, there is no similar
protection of electronic mail communications. (Beeson, 1996, online)
Thus, individuals who communicate with social work agency personnel
concerning day care arrangements, health care needs, arrangements for
substance abuse treatment, reports of domestic violence, and so forth
may find that their employer has obtained knowledge of this personal
information legally.
Online communications can be intercepted by hackers or others
illegally. Often such hackers are computer aficionados who simply want
to demonstrate their ability to break into systems and access
information, but the potential for destructive and harmful interception
of communications remains real. The rights of individual privacy online
must be clarified further and refined through the courts. But as it
stands now, individuals have very little guarantee of privacy in
electronic communication.
Many hospitals and social welfare agencies have developed internal
networks (intranets) to transmit information. Such intranets depend on
the same computer protocols as the Internet and are subject to the same
security risks. Without adequate security this information may be viewed
by unauthorized personnel. These threats to information need to be
addressed by system administrators who should ensure that the software
does not have security loopholes, that there are barriers between
computer systems with public access and those requiring user
verification, and that systems use encryption when sending information
over telephone lines.
Other security issues involve users themselves. Personnel need to
be trained adequately in procedures to maintain the integrity of the
system, including security of passwords and correct logoff procedures.
Service agencies also need to be concerned about transmitting sensitive
information among themselves. It is very easy to attach files that
contain case records, progress reports, financial information, and so
forth to e-mails. Thus, a hospital social worker easily might send
information to a nursing home social worker to facilitate a discharge
plan. Even though the client has provided a signed release for the
information, there is no guarantee that the information is secure while
it is being transmitted or waiting in the e-mail box of the recipient.
Because many small agencies do not maintain their own Internet servers,
they are dependent on the use of commercial Internet providers.
This use of commercial Internet service providers complicates the
situation. Most Internet provider systems are configured to store all
messages that pass through them. The operator has the ability to review
all communications passing through the system. ECPA provides civil
remedies for users whose privacy has been violated by their service
provider:
ECPA provides a complex set of rules for the proper disclosure of
information by the service provider to law enforcement. Service
providers may not provide basic information about users to law
enforcement without an administrative subpoena; that information
includes user name, billing address, how long the user has used the
service, and which features were used. Service providers are also
forbidden from disclosing the transactional records of a user to law
enforcement without a warrant, a court order, or the consent of the
user. (Beeson, 1996)
However, the ECPA explicitly allows service providers to disclose
the transactional records of users to "any person other than a
governmental entity" (Beeson, 1996). Many hot lines and resources
have been developed on the Internet to provide helpful information in an
anonymous manner, and individuals who access this information may
believe they are assured of privacy. However, individuals who access
information about sensitive subjects (for example, abortions, drug
treatment, gay or lesbian lifestyles, suicide, or domestic violence)
might find that their inquiry has been released to others without their
permission. There is a need to balance the importance of confidentiality
against the need for quick and easy access.
Several methods can be used to protect the privacy of electronic
records. Passwords can be used to prevent access to terminals or
databases. Identifying data for records can be coded and stored in a
nonelectronic format or in a separate database. When sending data over
the Internet, e-mail and case records can be coded and restricted to a
specific recipient. Internet browsers use certificates or digital
signatures to encrypt information and to verify the identity of the
certificate's owner. The Certificate Authority Services (1998) Web
page (https://certs.netscape.com/client.html) lists the organizations
that issue digital certificates. Digitally signed and encrypted e-mail
can ensure that confidential messages and attachments are protected from
tampering, impersonation, and eavesdropping.
Temporary Solution
While we await legislative regulation and the development of
additional technological safeguards to protect the collection, storage,
and transmittal of personal information, guidance is needed beyond that
provided in professional codes of ethics for those engaged in the
helping professions (Pollack, 1992). It needs to be understood that the
client record, although integral to therapeutic relationships, is a
means of communication between individuals and organizations that have a
legitimate need to know something about someone. To minimize the threat
to personal privacy, entries into client records, whether written or
electronic, must be guarded by common sense. Clients need to be informed
about the limits of confidentiality and their role in safeguarding
information about themselves. Precautions need to be taken to limit
access to recorded information to those who have a legitimate need to
know. In addition, social workers should be judicious in their recording
of client information and should adhere to the following principles:
* Know who the potential audience is and verify the audience's
identity and the purpose for the information that is being requested.
* Obtain informed consent and identify the limitations of
confidentiality.
* Understand the potential of information technology and ensure
that appropriate safeguards are in place.
* Recorded information should be factual, accurate, objective, and
necessary only for the purpose at hand.
* Recorded information should be clear, concise, and specific.
* The services provided should be clearly identified.
* The treatment being provided should be based on a professional
assessment that can be supported.
* Intuition, hypotheses, and hunches should be differentiated from
facts and excluded from the record.
* All information should be verified over time, with corrections
made in a timely fashion.
* Progress or the lack of progress should be documented.
* Unmet needs should be identified.
* Obstacles to meeting needs should be indicated.
Conclusion
The expedient flow of electronic information is attractive and
necessary. In addition to providing social workers with a wide range of
information resources, electronic media provide a unique forum for
assisting clients. But recent incidents have caused the profession to be
concerned. A robust desire to allow for maximum expression of ideas must
be tempered with an equally strong desire to protect the social work
profession, its clients, and social workers. It is clear that electronic
communication modalities have outpaced the courts and the social work
profession and that both must catch up.
References
Alexander, R. (1997). Social workers and privileged communication
in the federal legal system. Social Work, 42, 387-391.
American Medical Association. (1994). Code of medical ethics
(Report, Council on Ethical and Judicial Affairs). Chicago: Author.
Associated Press. (1997, July 30). Ensuring privacy on Internet.
Record, p. B2.
Beeson, A. (1996). Privacy in cyberspace: ls your email safe from
the boss, the SysOp, the hackers, and the cops? American Civil Liberties
Union Freedom Network: Cyber-Liberties [Online]. Available:
http://www.aclu.org/issues/cyber/priv/privpap.html
Bernstein, N. (1997, September 15). On line, high-tech sleuths find
private facts. New York Times, pp. A1, A20.
Brannigan, V. M. (1992). Protecting the privacy of patient
information in clinical networks: Regulatory effectiveness analysis.
Annals of the New York Academy of Sciences, 670, 190-201.
Breitenstein, A. G., & Nagel, D. M. (1997, September 1).
Medical "privacy" bill is misnomer. Record, p. A18.
Butterfield, W. H., & Schoech, D. (1997). The Internet:
Accessing the world of information. In R. L. Edwards (Ed.-in-Chief),
Encyclopedia of social work (19th ed., 1997 Supplement, pp. 151-168).
Washington, DC: NASW Press.
Canter, M., Bennett, B., Jones, S., & Nagyn, T. (1994). Ethics
for psychologists. Washington, DC: American Psychological Association.
Certificate Authority Services [Online]. (1998).
https://certs.netscape.com/client.html. Netscape Security.
Confidentiality threat prompts call to action: Bill targets drug,
alcohol care. (1997, July). NASW News, p. 1.
Council on Accreditation of Services for Families and Children.
(1997). Standards for agency management and service delivery: New York:
Author.
Electronic Communications Privacy Act (ECPA) (1986), P.L. 99-508,
100 Stat. 1848.
Electronic threats to medical privacy [Editorial]. (1997, March
11). New York Times, p. A22.
Federal Privacy Act of 1974, 5 U.S.C. [section]552.
Gostin, L. O., Turek-Brezina, J., Powers, M., Kozloff, R., Faden,
R., & Steinauer, D. D. (1993). Privacy and security of personal
information in a new health care system. JAMA, 270, 2487-2493.
Gothard, S. (1995). Legal issues: Confidentiality and privileged
communication. In R. L. Edwards (Ed.-in-Chief), Encyclopedia of social
work (19th ed., Vol. 2, pp. 1579-1584). Washington, DC: NASW Press.
Grady, D. (1997, March 12). Hospital files as open book. New York
Times, p. C8.
Hawkins, D. (1997, September 15). Who's watching now? U.S.
News and World Report, pp. 56, 58.
Health Insurance Portability and Accountability Act of 1996, P.L.
104-191, 110 Stat. 1936.
Houston-Vega, M. K., Nuehring, E., & Daguio, E. (1997). Prudent
practice. Washington, DC: NASW Press.
Jaffee v. Redmond, 116 S. Ct. 1923 (1996).
Joint Commission on Accreditation of Health Care Organizations.
(1995). Comprehensive accreditation manual for hospitals. Oakbrook
Terrace, IL: Author.
Kluge, E. H. (1994). Health information, privacy, confidentiality
and ethics. International Journal of Bio-medical Computing, 35(Suppl.
1), 23-27.
Lawrence, L. M. (1994). Safeguarding the confidentiality of
automated medical information. Journal of Quality Improvement, 20,
639-646.
Leary, W. E. (1997, March 6). Panel cites lack of security on
medical records. New York Times, pp. A1, B11.
Lewis, R. (1997, May). SSA mulls restoring net data. AARP Bulletin,
38(5), pp. 1, 13.
Lindenthal, J. J., Jordan, T. J., Lentz, J. D., & Claudewell,
S. T. (1988). Social workers' management of confidentiality. Social
Work, 33, 157-158.
Markoff, J. (1997, April 4). Patient files turn up in used
computer. New York Times, p. A14.
Morley, H. R. (1997, August 28). Pines patients' records made
public. Record, p. A1.
National Association of Social Workers. (1996). Code of ethics.
Washington, DC: NASW Press.
Pear, R. (1997a, April 10). Social Security closes online site,
citing risks to privacy. New York Times, p. A15.
Pear, R. (1997b, September 4). U.S. to go back on Internet with
social security benefits. New York Times, pp. A1, A22.
Pear, R. (1997c, September 10). Clinton would broaden access of the
police to medical records. New York Times, pp. A1, A15.
Pear, R. (1997d, September 12). Limited access to medical records
is urged. New York Times, p. A24.
Pear, R. (1997e, September 22). Vast worker database to track
deadbeat parents. New York Times, pp. A1, A16.
Perlman, G. L. (1988). Mastering the law of privileged
communication: A guide for social workers. Social Work, 33, 425-429.
Pollack, D. (1992). Record retention management: A key element in
minimizing agency and worker liability. Journal of Law and Social Work,
3(2), 89-95.
Pollack, D. (1997). Social work and the courts. New York: Garland.
Polowy, C. I., & Gorenberg, C. (1997). Legal issues: Recent
developments in confidentiality and privilege. In R. L. Edwards
(Ed.-in-Chief), Encyclopedia of social work (19th edition, 1997
Supplement, pp. 179-190). Washington, DC: NASW Press.
Privacy of health data eyed. (1997, March). NASW News, p. 1, 10.
Privacy of medical records may be elusive, panel says. (1997,
October 9). Record, p. A13.
Quittner, J. (1997, August 25). Invasion of privacy. Time, pp.
28-35.
Schultz, L. (1991). Social workers as expert witnesses in child
abuse cases: A format. Journal of Independent Social Work, 5(1), 69-87.
Schwartz, G. (1989). Confidentiality revisited. Social Work, 34,
223-226.
Spragins, E. E., & Hager, M. (1997, June 30). Naked before the
world. Newsweek, p. 84.
Trammel v. United States, 445 U.S. 40 (1980).
Trifling with medical privacy [Editorial]. (1997, September 11).
New York Times, p. A30.
Washburn, L. (1997, October 6). Confidential therapy files an open
book. Record, pp. A1, A7.
Watkins, S. A. (1989). Confidentiality and privileged
communications: Legal dilemma for family therapists. Social Work, 34,
133-136.
Whalen v. Roe, 429 U.S. 589 (1977).
Williams, R. C. (1995-96). Privacy and computerized medical
records. Alabama Medicine, 65(57), 29-37.
Sheldon R. Gelman, MSL, PhD, ACSW, is Schachne dean of the
Wurzweiler School of Social Work, Yeshiva University, 2495 Amsterdam
Avenue, New York, NY 10033; e-mail: srgelman@ymail.yu.edu. Daniel
Pollack, MSW, JD, is associate professor, and Adele Weiner, PhD, ACSW,
is associate dean of the Wurzweiler School of Social Work, Yeshiva
University, New York.
