WASHINGTON -- Who would you entrust with the secret flaws of your mind and body? Your doctor? Your therapist? Your HMO?

How about Citicorp? The House just did. While we were getting ready for Independence Day, it seems, the House of Representatives voted overwhelmingly to open our medical records to the businesses that profit from prying into them.

On the night of July 1, in a 343-86 vote, the House of Representatives passed the sweeping Financial Services Act of 1999, the first major overhaul of the finance sector since the Great Depression. The bill creates a legal framework for the coming megamergers of insurance companies, banks and other financial firms. But it also contains an amendment, under the innocuous heading "Confidentiality of Health and Medical Information," with potentially disturbing implications for medical privacy.

The amendment's sponsor, Iowa Republican Rep. Greg Ganske, described it as language to protect the medical records of people whose health insurance policies become accessible to banks through mergers. But a close reading suggests that it does just the opposite. The amendment prohibits the disclosure of patient information to anyone "without the consent of customers," then goes on to list a series of exceptions that includes just about any conceivable use of health records -- from insurance underwriting to research to bill-collecting to criminal investigation. In short, the amendment was written very loosely, enabling companies that hold medical records to release them to virtually anyone with whom they do business.

"This could, frighteningly enough, be the last word on medical privacy," says an aide to Democratic Sen. Patrick Leahy, the author of a liberal medical privacy bill that died in committee.

There are innocent readings as to how Ganske's amendment was passed, and there are conspiratorial ones. Medical privacy has become a hot-ticket item in Washington in recent years, as privacy advocates and ordinary citizens alike began to realize there were no federal laws to protect their health records. Indeed, such records have become commodities like any other in the information age, bought and sold by a variety of interested parties. Various research studies published in the past several years have shown that corporations routinely peruse employee health records in making hiring, promotion and firing decisions. Pharmacies sell patient information to drug companies, which use it for marketing back to the patient or his medical group. Managed care plans ogle patient files to find ways to refuse payment or to urge doctors to stop expensive procedures. Insurers look for ways to deny claims.

In the absence of privacy laws or universal health care, discrimination against the ill or potentially sick will grow more acute as genetic examinations become a more routine part of clinical science and DNA profiles enter medical records. A 1996 study by Stanford and Harvard researchers found 206 asymptomatic individuals who lost jobs or insurance coverage because of their genetic profiles. Other studies have cited cases where people, after innocently donating blood samples, were blackballed from jobs because of secret readings of their DNA sequences.

A study to be published next week in the journal Neurology indicates that many people who carry the Apo-E4 gene variant -- about a quarter of the population -- suffer progressive memory loss starting in late middle age. Imagine the discussions that could go on in boardrooms of companies that get their hands on this information: "Should we promote Jerry to VP?" "Nah, he's an 'E4' -- he'll be a bozo in 10 years."

A national medical privacy bill was supposed to prevent this kind of Orwellian scenario. The 1996 Health Insurance Portability and Accountability Act ordered Congress to pass a medical privacy law by Aug. 21, 1999. Fifteen different bills have been introduced, but all have foundered under intense industry pressure. A compromise measure introduced by Vermont Republican Rep. Jim Jeffords stalled in the Labor Committee in June. Four times Jeffords called a meeting to mark up the bill for a vote in the full Senate, but had to cancel each time because of disagreements between the health care industry and privacy advocates. Business interests, represented by conservative Republicans on the committee, wouldn't budge in response to privacy advocates' demands: that the bill not preempt stronger state legislation, and that it give citizens the right to sue health care firms.

Around the time the last meeting was canceled, Ganske introduced his amendment into the Financial Services Act without consulting any of the pro-privacy lobbyists. Ganske, a physician himself, said the bill was worded to make sure financial companies could get the information they needed to pay patients' bills. "We all want privacy for patients," he reassured colleagues during the debate, adding in a letter that the bill "will not preempt state privacy laws. It will not create a disincentive for comprehensive medical privacy legislation."

It is possible the amendment could be thrown out when the Senate and House meet in conference to integrate their two versions of the finance bill. Ganske has told Democratic colleagues he is willing to discuss changing the language in conference committee. However, an aide to another Republican congressman involved in the legislation acknowledged that the amendment as it is currently written could become law if Congress, as expected, fails to pass a more comprehensive privacy law in its final two weeks before recess.

"I think this amendment was written very cleverly in a sneaky way. It's shameful, a massive step backward," says Janlori Goldman, an activist whose Health Privacy Project has spearheaded attempts to bring advocates and industry together. Goldman and others assume that the insurance industry -- which is big in Iowa -- wrote the amendment. "It shows how powerful these industries are that you can get Ganske to rise on the floor of Congress and say his amendment will protect privacy when he's heard over and over that it's a disaster for privacy," she says. "Why call it a privacy amendment? Why not say who put it in?" Groups opposing the amendment included not only privacy gadflies, but many of the major physician and patient groups, among them the American Medical Association, the American Association of Retired Persons and the American Psychiatric Association.

Industry's interest in data sharing, of course, is not entirely malevolent or pointless. Managed-care companies use electronic databases to make sure kids are immunized, to make sure diabetics are filling their prescriptions, to hold down costs -- although customers rarely seem to benefit from the latter. The Centers for Disease Control and Prevention uses databases to track infections. The government uses them to catch Medicare fraud; academics and pharmaceutical companies use them for research.

But it was easy to imagine less benevolent uses when Travelers Group and Citicorp merged two years ago -- even though the two firms' executives promised to keep the two functions separate. With the new banking law in place, mergers of insurers and banks are likely to be plentiful. Wells Fargo, Fleet Financial and BBT are some of the larger banking companies expected to get into the insurance business once the banking reform law gets final passage; John Hancock and State Farm have already bought thrifts. It would be naive to think that financial companies won't use information that helps the bottom line. Under the House-passed bill, they can.

"If someone is deciding to give you a car loan, they might want to know if you have high blood pressure," says Jim Pyles, a lobbyist for the American Psychoanalytic Association who alleges that Citicorp/Travelers was involved in shaping the medical privacy amendment. "If you want a home loan they might want to know if you've been treated for depression. I'm sure they'd be quite interested. Plus they can also sell it. They can transmit it, sell it to anybody who wants it."

"At first glance we think of the wish for privacy as a need to be alone," writes psychotherapist Janna Malmud Smith in her recent book, "Privacy Matters." "But it also makes possible a deeper, more particular openness." For now, most Americans seem oblivious to the invasion of their health privacy. But in the world of psychotherapy it is already keenly felt. Managed mental health care companies have become ever more intrusive in demanding detailed patient information before they authorize payment. In response, many therapists simply don't tell their patients about the dozens of health industry bureaucrats who will be examining the patients' inner lives. Those who do inform their patients do so at their own risk: Patients sometimes flip out and decide either to pay out of pocket, thereby keeping their names out of the computers, or abandon therapy all together.

"I get increasing numbers of patients through the yellow pages, which never used to happen," says Paul Ling, a Massachusetts psychiatrist. "People are a lot more savvy to the fact that they don't have confidentiality if they get me through an HMO or health plan. The only way to get total confidentiality is to pay out of pocket."

The sense of violation is not limited to psychotherapy. Patrick Dunn and Jocelyn White, internists in Portland, Ore., found in a recent survey of area physicians' practices that more than half the patients claimed to have withheld information out of concern that it would come around to damage them. The physicians Dunn and White talked to had, on average, one patient each who had been harmed by the release of information; most of the time, these were people who were refused coverage due to a "prior condition" clause. A larger survey in California, released in January, found only about a third of patients trusted their health plans to maintain patient confidentiality.

"Medical records privacy is the absolutely fundamental core of the doctor-patient relationship," says an American Medical Association representative. "If you believe you could lose your job or not qualify for a mortgage or life insurance, why seek treatment? It puts a tremendous chill on somebody's interest in seeking care."

One reason that health insurers say they need detailed patient information is for research. But if patients are submitting false or incomplete information, how sound will the research be?

The odd thing about Americans is that while we are paranoid about government intrusion in our private lives, we generally let corporations snoop on and market to us without protest -- when they're really just after our money. The citizenry has been generally passive in the face of the growing transparency of its medical records -- except when it stops to think about it.

"When I talk to people on my book tour they're simply shocked. Most of the public doesn't know that people are getting fired already for their genetic profiles. Prospective employers are already checking peoples' DNA," says philosopher Amitai Etzioni, who has been speaking to groups on a tour for his book, "The Limits of Privacy." "It takes a Columbine or a Kosovo for Americans to focus on a problem. And there hasn't been anything like that yet for medical privacy."