[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Health Privacy Legislation - Part II
This is the second in a series of postings with excerpts from
studies of health privacy. These studies show uniformly that
health records have inadequate legal protection today.
From "Protecting Privacy in Computerized Medical
Information" by the Office of Technology Assessment (1993):
There is tremendous variation in the number and
quality of State laws on medical confidentiality.
While it may be difficult to generalize about the
adequacy of State medical confidentiality laws, a
report of the Committee on Government Operations of the
House of Representatives concluded in 1980 that "most
States do not have well defined, modern laws on the
confidentiality of medical records." A survey of State
statutes governing privacy in medical records published
by Robert Ellis Smith emphasizes this point.
<begin italics> These statutes, however, do not address
the flow of medical information to secondary users outside
the treatment process who are deemed to legitimately have
access to the information. They do not address the
responsibilities of third-party payers in handling this
information, nor do they impose rules about the use of
medical information by secondary users of that data:
parties that use medical records for nonmedical purposes.
This patchwork of law addressing the question of privacy in
personal medical data is inadequate to guide the health care
industry in carrying out its obligations in a computerized
environment. <end italics>
* * * * * * * * * * * * * * * *
<begin italics> Legal and ethical principles currently
available to guide the health care industry with respect to
obligations to protect the confidentiality of patient
information are inadequate to address privacy issues in a
computerized environment that allows for intra- and
interstate exchange of information of research, insurance
and patient care purposes. Lack of legislation in this area
will leave the health care industry with little sense as to
their responsibilities for maintaining confidentiality. It
also allows for a proliferation of private sector computer
databases and data exchanges without regulation, statutory
guidance, or recourse for persons wronged by abuse of data.
<end italics>
The scheme, as it exists, does not adequately take into
account the tremendous outward flow of information generated
in the health care relationship today . . . . This problem
has always existed, but was not serious because medical
records were only occasionally used outside the medical
treatment process. <begin italics> The expanded use of
medical records for nontreatment purposes exacerbates the
shortcomings of existing legal schemes to protect privacy in
patient information. The law must address the increase in
the flow of data outward from the medical care relationship
by both addressing the question of appropriate access to
data and providing redress to those that have been wronged
by privacy violations. Lack of such guidelines, and failure
to make them enforceable could affect the quality and
integrity of the medical record itself. <end italics>
Comment: The health privacy situation today is awful and it is
getting worse. In the absence of new legislation, new and
expanded uses of health records will continue to expand in a
largely uncontrolled fashion. Private, computerized databases
are unregulated and are growing.
+ + + + + + + + + + + + + + + + + + + + + + + + +
+ Robert Gellman rgellman@cais.com +
+ Privacy and Information Policy Consultant +
+ 431 Fifth Street S.E. +
+ Washington, DC 20003 +
+ 202-543-7923 (phone) 202-547-8287 (fax) +
+ + + + + + + + + + + + + + + + + + + + + + + + +