Medical Privacy

Introduction

If you belive that you have medical privacy...think again. Your video rental records have substantially more governmental protection than your medical records.   For years the primary protection our medical records had, was the simple fact that they were paper (or microfiche) tucked away in doctor's offices and hospitals across the nation. Getting any individual's record, (much less distributing it far and wide) was simply too difficult. Computer technology changed all that. With the advent of computerized files your medical records are now only 1 click away from an army of people eager to get at them. Worst of all, there isn't much legal or governmental protection that you can depend on.

Medical Records...(some facts)

- You do NOT own your medical records:
Your medical records are the property of the doctor, hospital, or clinic, that has them. While the information is about you, the records themselves belong to the entity that collected them. Correspondingly, you have NO right of ownership over the record.

- Until recently (Aug. 2002) there was no comprehensive over-arching Federal Law or binding guidelines covering medical records or medical privacy. The HIPAA Act of 2001 left medical privacy completely in the hands of the Health and Human Services Department (HHS).

- Each state has it's own set of laws governing medical privacy. Even states with tighter restriction on the dissemination of medical records, generally have huge loopholes with regard to the definition of "medical entity". For example...your medical insurance company (HMO, PPO, whatever) claims legal right for access to your records. They may send these records virtually where ever they like as long as they cover it by claiming something ambiguous such as "medical consulting".

- Once your records have "left the building"...that is once your medical records are actually out in the world, there are few (if any) laws, rules, or restrictions on what the new owners may do with this information.

Federal Government Rules for Medical Records

In August 2002, the Federal Government began "phasing in" new guidelines and regulations covering the privacy rights of individuals with regard to their medical records. (NOTE: at the time of this writing, Congress and the Bush Administration were still wrangling over a number of issues). While this legislation adds some rights for the individual, the Bush administration removed the Clinton provisions that required your approval before your medical records could be sent elsewhere. The Bush administration provisions only require "Notification"...which means that your records can be sent where ever....they are only required to make a "best effort" to notify you that they have disseminated your records.

Health Insurance Portability and Accountability Act (HIPAA)

In April 2001, federal regulations adopted in the name of medical privacy, actually made access to individually identifiable medical records less secure.   HIPAA did this without requiring patient permission and was supported by some of the very groups whose unauthorized access Americans most strongly oppose.   The federal legislation underlying the new regulations is part of the HIPAA, (aka; the Kennedy-Kassebaum bill...Public Law 104-191, Aug. 21, 1996).   Enacted in 1996 with virtually no opposition, HIPAA was widely proclaimed to only provide good things for the ordinary American.   Members of Congress, the president and the news media repeatedly emphasized HIPAA's appealing objectives, chief among them reduction of the "job lock" that tied many workers to their existing employment for fear of losing insurance coverage if they switched jobs.   Prior to HIPAA's passage, however, lawmakers seldom told the public about the act's more ominous side - privacy-threatening provisions buried in a section entitled "Administrative Simplification".   The HIPAA's requirements for uniform electronic databases of personal medical information nationwide and the creation of a "unique health identifier" for every American, spelled real trouble for Medical Privacy.   The 1996 act empowered the federal government, at its discretion, to require detailed information on what lawmakers called "encounters" between doctors and patients.   The secretary of the U.S. Department of Health and Human Services (HHS) was empowered to adopt standards to enable "health information"...that is, everything a doctor, employer, university, or life insurer ever learns about an individual... "to be exchanged electronically."   The legislation aimed to create a "health information system" through the "establishment of standards and requirements for the electronic transmission of certain health information" by medical practitioners (Public Law 104-191, Title II).   The issuance of privacy regulations to protect this new electronic flow of personally identifiable medical information was not required until three and a half years after the passage of HIPAA
- See Footnote below: from the HIPAA Legislation.    
"If legislation governing standards with respect to the privacy of individually identifiable health information transmitted in connection with the transactions described in section 1173(a) of the Social Security Act (as added by section 262) is not enacted by the date that is 36 months after the date of the enactment of this Act,  the Secretary of Health and Human Services shall promulgate final regulations containing such standards not later than the date that is 42 months after the date of the enactment of this Act"
(HIPAA, Public Law 104-191, Aug. 21, 1996, sec. 264c).
Congress also did not formulate the medical privacy standards that took effect in April 2001. Instead, it delegated that responsibility, along with other duties under HIPAA, to HHS. Between 1996 and 2000, HHS released HIPAA-based regulatory packages one by one: hundreds of pages of proposed rules, explanations of proposed rules, responses to public comments on proposed rules, preliminary releases of final rules, actual final rules, explanations of final rules, and lots of other bureaucratic gobbledygook. The HHS fine print supposedly fills a 9 inch high stack of paper (and probably still growing). with so much fine print and absent specific legislation, it is a certainty that your medical records privacy is virtually nonexistent.

State Government Rules for Medical Records

There are simply too many different states rules and guidelines for me to know...(much less publish on the Internet). Check with a lawyer who knows your state guidelines...or check with your State government web pages for possible information.

What Can You Do???

Unfortunately, there isn't much you can do to protect your medical records. Every time you go to the doctor's office, hospital, clinics, etc...you sign a release form that allows them to send your medical information to just about anyone. The list of people, companies, and groups "authorized" to acquire your medical information is staggering. Insurance companies, HMO's, PPO's, Medicare/Medicaid, pharmacies, clinics, doctor's offices, laboratories, pharmaceutical companies, and just about anyone even remotely connected to the medical field can acquire and pass on your medical records to anyone else even remotely connect to the medical field. You could of course refuse to sign the release...but then you most likely will not get treatment. This pretty much puts you behind the 8 ball (so-to-speak) and leaves you with no good way to limit or control your medical records. Unfortunately for us, our Federal government has proven itself very willing to cave in to special interests, (as the Bush administrations rollback of the Clinton privacy provisions shows...). This means that you most likely cannot depend on getting Federal Government protection any time soon. As of Aug. 2002 the individual states can still pass and enforce their own Medical Record privacy laws...as long as these laws are at least as restrictive as the Federal laws. If you are concerned about the privacy of your medical records, I would suggest that you pester your state congressman until he/she gets off their butt and passes meaningful legislation to protect you.

More Information...

Ironically, the current state of Medical Records Privacy, flies in the face of what most Americans say they want. In a September 2000 Gallup Poll, a huge majority of Americans placed a high value on medical privacy. (the poll was sponsored by the Institute for Health Freedom).in which the respondents strongly opposed unauthorized access to medical records. Seventy-eight percent regarded the protection of the confidentiality of their medical records as "very important"; 91 percent opposed government-mandated medical identification numbers; and 88 percent opposed storing patient medical records in a national computerized database for use without the patient's permission. When questioned about who should be allowed to see individuals' medical records without their consent, of the respondents questioned....
      - 92 percent opposed access by government agencies
      - 88 percent opposed access by law enforcers ("police or lawyers")
      - 95 percent opposed access by banks
      - 84 percent opposed access by employers
      - 67 percent opposed access by medical researchers
Fully 95 percent agreed that doctors and hospitals should be required to obtain an individual's permission before storing his medical records in a national computerized database. Unfortunately, most of the threats to medical privacy mentioned in the Gallup survey had already been either enacted into law or proposed as part of regulatory efforts to implement existing law. When asked about this, only 16 percent of those surveyed had heard of new federal laws and regulations changing the rules regarding access to personal medical records. When asked about governmental efforts to assign medical identification numbers, (similar to a social security number), to all Americans to facilitate the creation of a national database of medical records", 87 percent had never heard of or were unaware of this. While not specifically asked, it is a safe bet that most of those asked did not know that the laws to do most of this were already on the books, and that the implementation was underway.

The following links will take you to various sites related to Medical Records Privacy. All efforts are made to substantiate the information presented on these sites...however...No claim is made by "Keep Your Secrets" about the complete accuracy of any specific site.

• EPIC Medical Privacy
• Washington Post Article
• Privacilla.org
• Institute for Health Freedom
• National Consumer Coalition
• Medical Records Privacy Nightmare at Kaiser HMO
  NOTE: This web site contains various references to harassment that may not be relevant to the actual security of the medical records involved.   However, the general lack of security related to Kaiser's medical records has been restated in the public press.
• Fed Gov. HHS Site
  Not a privacy site per se...but it is the Fed. government's portal to the web.   Not much info, but if you have a comment, here is the place to make it

<==Back          

[  Home  ] [  Book Store  ] [  Links  ] [  FAQ  ]

Keep Your Secrets t Copyright © 1999
The tutorials and articles on these pages are © by KeepYourSecrets.com 1999   and may not be used or reposted without written permission from the author, and may not be reprinted for profit.
 
Please send E-mail comments and suggestions to... Keep Your Secrets

a