[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Health Privacy Legislation - Part III

To: Medical Privacy <med-privacy@tap.org>
Subject: Health Privacy Legislation - Part III
From: Robert Gellman <rgellman@cais.cais.com>
Date: Wed, 15 Nov 1995 17:32:53 -0500 (EST)

This is the third in a series of postings with excerpts from
studies of health privacy.  These studies show uniformly that
health records have inadequate legal protection today.  

     From "Health Data in the Information Age:  Use, Disclosure,
and Privacy" by the Institute of Medicine (1994).

          Legal and ethical confidentiality obligations are
     the same whether health records are kept on paper or on
     computer-based media.  Current laws, however, have
     significant weaknesses.  First, and very important, the
     degree to which confidentiality is required under
     current law varies according to the holder of the
     information and the type of information held.

          Second, legal obligations of confidentiality often
     vary widely within a single state and from state to
     state, making it difficult to ascertain the legal
     obligations that a given health database organization
     will have, particularly if it operates in a multistate
     area.  These state-by-state and intrastate variations
     and inconsistencies in privacy and confidentiality laws
     are well establishing among those knowledgeable about
     health care records law. . . .  

          Third, current laws offer individuals little real
     protection against redisclosure of their confidential health
     information to unauthorized recipients for a number of
     reasons.  Once patients have consented to an initial
     disclosure of information (for example, to obtain insurance
     reimbursement), they have lost control of further
     disclosure.  Information disclosed for one purpose may be
     used for unrelated purposes without the subject's knowledge
     or consent (sometimes termed secondary use).  For instance,
     information about a diagnosis taken from an individual's
     medical record may be forwarded to the Medical Information
     Bureau in Boston, Massachusetts . . . and later used by
     another insurance company in an underwriting decision
     concerning life insurance.  Redisclosure practices represent
     a yawning gap in confidentiality protection.

Comment:  Current health privacy controls are completely
inadequate.  We need uniform federal legislation to keep things
from getting worse. 

+ + + + + + + + + + + + + + + + + + + + + + + + +
+   Robert Gellman          rgellman@cais.com   +
+   Privacy and Information Policy Consultant   +
+   431 Fifth Street S.E.                       +    
+   Washington, DC 20003                        + 
+   202-543-7923 (phone)   202-547-8287 (fax)   +
+ + + + + + + + + + + + + + + + + + + + + + + + +

Follow-Ups:
- Re: Health Privacy Legislation - Part III
  - From: James Love <love@tap.org>

Prev by Date: Re: S. 1360 - Medical Privacy - CPT statement for today's hearing
Next by Date: Re: Health Privacy Legislation - Part III
Prev by thread: Re: S. 1360 - Medical Priva
Next by thread: Re: Health Privacy Legislation - Part III
Index(es):
- Date
- Thread