Susan, a 28-year-old account executive, breathes a sigh of relief as she reads the results of her HIV test on her computer screen. Negative. No sooner has she logged off the Internet than the phone rings. It's the recruiter she's been working with to land a new job. He says that unfortunately the available positions don't mesh with her background. Could there be a connection? While this is just a hypothetical situation, the 'Net does seem like the logical place for medical records. Could you look up someone's medical records like you can search for an e-mail address? How does privacy come into play? Medical Privacy in the Real World Legal Info Net stresses that although you generally have the right to access your own medical information and to control who else can access it, medical records can be released without your consent. This can mean anyone from physicians and health-care workers to technicians and researchers can have a look at your "confidential" records.There's a host of reasons to keep medical records under wraps. Dr. Andrew Weil says, "Both health- and life-insurance companies do try to avoid taking on patients they consider to be high-cost risks -- people with serious chronic disease, a genetic propensity for disease, AIDS, and so on." For example, an employer may illegally use genetic information to choose not to hire a person. Someone running for office may not want the public to know she is a cancer survivor. Insurance companies and medical institutions are not the only ones that may get access to your medical file. According to a September 1997 article in The New York Times, legislation soon may be proposed that would allow police officers to gain broad access to patients' medical records, with hardly any restrictions on use or redisclosure of the data. Law enforcement authorities frequently access patients' records when investigating health-care abuse and fraud. Medical records and information also may be subpoenaed for use in court cases. And if you work for the Pentagon, you'll have to hand over a sample of your DNA, something it now demands of all service personnel, in case it might ever need help in identifying remains. Files on the Internet Until the past few decades, medical records were kept in physical files or in databases, and only a few people were privy to them, sometimes not even the patient. Now, as more and more doctors and hospitals enter the information technology age, records will be computerized and reside in cyberspace. While this no doubt will speed up the medical process by cutting down the mountain of paperwork physicians wade through, one can't help but wonder how easily a record can be forwarded outside of the database or, God forbid, erased.In most cases these fears are outweighed by the ease of use. In an effort to empower patients, in January the University of California San Diego School of Medicine created the Patient Centered Access to Secure Systems Online, or PCASSO. It allows patients and health care providers to view records from any Internet connection. The intent of putting full medical records on the Internet is to make patients "providers of their own care."The system is said to be built with several rings of privacy protections comparable to those used with military and defense Internet systems. On the other hand, the newspapers publish stories about hackers whose sole goal seems to be to get to the other side. Will firewalls and passwords be enough? If you're curious if you have any medical records floating around, investigative services such as Internet Scouting will find confidential info about you on the Web for a fee. Know the Law While doctor-patient communications are regarded as strictly confidential, once the information is recorded in your medical records, it could be obtained by outside entities. In addition, employers with company doctors have access to the medical records, which they can examine if they have a valid business reason. Employers also may request general information on employee utilization of benefits, including insurance. However, the Americans With Disabilities Act (ADA) prohibits employers from using the information to discriminate against you. According to KnowledgePoint, employers who maintain medical examinations and records must develop appropriate procedures for maintaining the confidentiality of medical records. The ADA requires that medical records be kept separate from any other personnel information. If you are unclear on your state's privacy laws, check out the Electronic Privacy Information Center.You haven't heard the last of the private vs. public medical records controversy. In fact, under the 1996 Health Insurance Portability and Accountability Act, Congress is required to enact health data privacy legislation by August 1999. What can you do to keep your records confidential? Dr. Weil recommends that you talk your concerns over with your doctor before you discuss the medical details you don't want shared. "Often, they will agree not to note some subjects on your medical chart," Weil says. "Or they may keep a separate chart that doesn't go into the database. Most physicians have become more aware of this problem and are generally quite willing to help you protect your privacy." Weil has this advice: Be skeptical about signing disclosure forms. Try to narrow the scope of an insurance form, rather than endorse the transfer of your entire chart. And if necessary, pay cash for treatment or tests, and do not file an insurance claim.