MEDICAL RECORD |                   SURGICAL PATHOLOGY
                                                  PATHOLOGY REPORT
Laboratory: BALTIMORE VAMHCS                Accession No. BSP 99 8888
Submitted by: J SURGEON MD          Date obtained: Jan 14, 1999
Specimen (Received Jan 15, 1999 10:32):
1. LARYNGECTOMY.
2. LEFT RADICAL NECK DISSECTION.
Brief Clinical History:
SQUAMOUS CARCINOMA, LEFT TRUE CORD.

Preoperative Diagnosis:
SQUAMOUS CARCINOMA, LEFT TRUE CORD.

Operative Findings:
SAME.

Postoperative Diagnosis:
SAME.
Surgeon/physician:  J SURGEON MD
Gross description:
 PATIENT IDENTIFICATION AGREES WITH REQUISITON AND TWO CONTAINERS.
1. THE SPECIMEN IS RECEIVED FRESH, LABELED WITH THE PATIENT'S NAME,
 AND ADDITIONALLY LABELED "LARYNGECTOMY".
 THE SPECIMEN CONSISTS OF A LARYNGECTOMY RESECTION, MEASURING
 10.5 X 5.5 X 3.5 CM.  THE LARYNX IS EDEMATOUS.  THE LARYNX IS OPENED
 POSTERIORLY, TO REVEAL AN IRREGULARITY OF APPARENT TUMOR, ON THE SURFACE
 OF THE LEFT TRUE VOCAL CORD, MEASURING 3.0 X 1.5 CM.  THE TUMOR DOES NOT
 APPEAR TO INVOLVE THE SUBGLOTTIS, NOR THE ANTERIOR COMMISSURE.  THE SUPERIOR,
 INFERIOR, ANTERIOR, AND POSTERIOR MARGINS ARE GROSSLY UNINVOLVED BY TUMOR
 REPRESENTATIVE SECTIONS OF TUMOR ARE SUBMITTED, AS WELL AS THE SURGICAL
 MARGINS, AS FOLLOWS:

 
 SUMMARY OF SECTIONS:
 1-1, 1 PIECE.  TRACHEAL MARGIN.
 1-2, 1 PIECE.  BASE OF TONGUE MARGIN.
 1-3, 1 PIECE.  RIGHT PYRIFORM SINUS MARGIN.
 1-4, 1 PIECE.  LEFT PYRIFORM SINUS MARGIN.
 1-5, 1 PIECE.  ANTERIOR SOFT TISSUE MARGIN.
 1-6, 1 PIECE.  POSTERIOR SOFT TISSUE MARGIN.
 1-7, 1 PIECE.  LESION OF THE LEFT TRUE CORD.
 1-8, 1 PIECE.  LESION OF THE LEFT TRUE CORD.
 1-9, 1 PIECE.  LESION OF THE LEFT TRUE CORD.
 1-10, 1 PIECE.  EPIGLOTTIS.

 
2. THE SPECIMEN IS RECEIVED FRESH, LABELED WITH THE PATIENT'S NAME,
 AND ADDITIONALLY LABELED "LEFT RADICAL NECK DISSECTION".  THE SPECIMEN
 CONSISTS OF A LEFT RADICAL NECK DISSECTION, MEASURING 25.0 X 15.0 X 5.0 CM.
 THE SPECIMEN IS DIVIDED INTO LEVELS 1, 2, 3, 4, AND 5.  IN LEVEL 1,
 THE SALIVARY GLAND AND ONE PROBABLE LYMPH NODE ARE SUBMITTED.
 IN LEVEL 2, SIX PROBABLE LYMPH NODES ARE SUBMITTED.
 IN LEVEL 3, TWO PROBABLE LYMPH NODES ARE SUBMITTED.
 IN LEVEL 4, ELEVEN PROBABLE LYMPH NODES SUBMITTED.
 IN LEVEL 5, FIVE PROBABLE LYMPH NODES ARE SUBMITTED.
 REPRESENTATIVE SECTIONS ARE SUBMITTED, AS FOLLOWS:

 
 SUMMARY OF SECTIONS:
 1-1, 1 PIECE.  LEVEL 1.
 2-1, 5 PIECES.  LEVEL 2.
 3-1, 5 PIECES.  LEVEL 2.
 4-1, 4 PIECES.  LEVEL 3.
 5-1, 3 PIECES.  LEVEL 3.
 6-1, 6 PIECES.  LEVEL 3.
 7-1, 5 PIECES.  LEVEL 4.
 8-1, 5 PIECES.  LEVEL 4.
 9-1, 4 PIECES.  LEVEL 5.

 
 Microscopic exam/diagnosis:
 1. SQUAMOUS CELL CARCINOMA OF LEFT TRUE CORD, WELL-DIFFERENTIATED, INVASIVE.
 SURGICAL MARGINS OF RESECTION ARE FREE OF TUMOR.

 
 2. RADICAL NECK DISSECTION.  SALIVARY GLAND WITH NOEVIDENCE OF MALIGNANCY.
 ELEVEN OF TWENTY-THREE LYMPH NODES WITH METASTATIC SQUAMOUS CELL CARCINOMA,
 AS FOLLOWS.
 LEVEL I: SALIVARY GLAND AND ONE LYMPH NODE WITH NO EVIDENCE OF MALIGNANCY.
 LEVEL II:  THREE OF FIVE LYMPH NODES WITH METASTATIC SQUAMOUS CELL CARCINOMA.
 LEVEL III:  ONE OF TWO LYMPH NODES WITH METASTATIC SQUAMOUS CELL CARCINOMA.
 LEVEL IV:  SEVEN OF TEN LYMPH NODES WITH METASTATIC SQUAMOUS CELL CARCINOMA.
 LEVEL V:  FIVE LYMPH NODES WITH WITH NO EVIDENCE OF MALIGNANCY.

 
 JOHN Q PATHOLOGIST MD                                  xyz| Date Jan 16, 1999

 
 VETERAN,JOHN Q.                                             STANDARD FORM 515
 ID:123-45-6789 SEX:M DOB:12/01/1940 AGE:58 LOC:ENT J SURGEON

Your health insurer, who would like to discontinue your medical plan, if you have a serious (i.e., expensive) illness;
Your life insurer, who would like not to sell you insurance, if you have a serious (i.e., life-threatening) illness;
Your employer, who would like to fire you.
Your ex-spouse, your angry neighbor, etc.

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

If this person gives away your unlisted number, then this is a BREACH OF CONFIDENTIALITY.

If this person uses his secret knowledge your unlisted number to call annoy you at three o'clock in the morning, then this is a BREACH OF PRIVACY. Privacy is the right to be left alone, not the right to have secrets.

A. Computer security: prevention of breakins into patient database.
B. Confidentiality: concealing the identity of the individual patient.

A. Concealment of individual patient identifiers.
B. Concealment of private facts about a public person.

ONE-TIME PAD METHOD: quick-and-dirty, difficult to maintain, unbreakable.
PUBLIC/PRIVATE ENCRYPTION: sender, receiver, attacker.

PUBLIC-KEY, distributed to everybody, for ENCRYPTION.
PRIVATE-KEY, known only to the receiver, for DECRYPTION.

Public-key: product of two prime numbers, generated by software.
Private-key: two individual prime numbers.

There are MANY LARGE PRIME NUMBERS, and methods to discover them.
The multiply/factorize paradigm is a CONJECTURE, NOT A THEOREM.
Some future mathematician might develop a fast factorization algorithm.
If so, then the world banking system would totter.

name; address, including street address, city, county, zip code, or equivalent geocodes; names of relatives and employers; birth date; voice telephone and fax numbers; email addresses; social security number; medical record number; health plan beneficiary number; account number; certificate/license number; any vehicle or other device serial number; web URL; Internet Protocol (IP) address; finger or voice prints; photographic images; and any other unique identifying number, characteristic, or code (whether generally available in the public realm or not) that the one has reason to believe may be available to an anticipated recipient of the information.

A. The old country-doctor's fax machine.
B. Quaternary-care university-based medical center.

Every person has certain public attributes (gender, age, height, etc.).
Some persons have numerous public attributes (political, entertainment figures).
Even public persons have some right/expectation of privacy.
Example: the hypothetical presidential autopsy report.

Male. Caucasian. 1.91 m. 95.5 kg.
born 1908, died 1973.
Occupations: U. S. Congressman, U. S. Senator, U. S. President.

Status post: Appendectomy. (C0003611)
Status post: Cholecystectomy. (C0008320)
History of: Renal Calculi. (C0022650)
Myocardial Infarct. (C0027051)
Marked Generalized Atherosclerosis. (C0205082, C0205046, C0205246)

What if public medical records lead to medical discoveries that are good for some patients but bad for a subgroup of patients (e.g., alcoholics, HIV-patients, etc.)?

Do the adversely-affected patients have the right, as a group, to withhold their specimens from the public database?

Is it possible that potentially adversely-affected patients, who choose to withhold their specimens from the public database, might be given less-than-optimal care?

Is there a danger of "patient profiling"?

If you know more about a patient, can you deny care to that patient?

If you know more about a GROUP OF PATIENTS, can you deny care to that group of patients?

If this denial of care is possible, should everybody be forced to buy medical insurance?

Is that the same as socialized medicine?

Why is the USA the only advanced country without some form of universal health insurance?

Over 50,000 autopsy abstracts in JHAR.
Patients born over a span of two centuries.
Over one million tissue blocks.
May be obtained for collaborative research investigations.
Over 1300 publications in scholarly journals, many with PubMed hyperlinks.
Patient confidentiality: each autopsy abstract has demographic line, followed by diagnoses.

Only public demographic information is: age in decades, race, sex, decade of autopsy.
Key-number used to decrypt the patient identification, with IRB approval.
Double-brokered encryption of patient identifiers.

Requires participation of JHAR administrator and officials of Department of Pathology of The Johns Hopkins Medical Institutions to re-identify individual patients.

As an additional security measure, key-number may correspond to multiple patients, with the number-of-patients for a given key-number known only to the JHAR administration.

Diagnoses stripped of names of persons, locations, and institutions.
Diagnoses autocoded into generic medical language and UMLS codes in XML format.