[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Health Privacy Project: Key Issues

To: me <rocque@eskimo.com>
Subject: Health Privacy Project: Key Issues
From: Peter Marshall <techdiff@ix.netcom.com>
Date: Fri, 12 Feb 1999 10:39:55 -0800



         KEY HEALTH PRIVACY ISSUES

  Proposals to establish a federal health privacy law have been debated
  for more than 20 years, but a consensus has yet to emerge. However,
  most of the recent federal health privacy bills include provisions in
  the following areas:

  Patient Access to Medical Records
  When and how can individuals access, supplement, or amend their medical
  records?
  As more medical information is shared, it becomes increasingly
  important for consumers to see and understand the contents of their own
  medical records. Only 28 states give individuals a right to see and
  copy their medical records. Allowing patients to see their own medical
  records serves many purposes: it allows patients to flag incorrect
  information, to supplement the record, and to engage in a more
  informed, meaningful discussion with their provider or insurer about
  what information can be disclosed.

  Consent
  Under what circumstances, how, and how often should patient consent be
  obtained prior to the release of health information that identifies
  them individually?
  Developing a meaningful consent process remains a challenge. Are there
  some activities that do not require a patient's consent? Under what
  circumstances should consumers be allowed to "opt-out" - or "opt-in" -
  of disclosures? When and where should patient consent be obtained: at
  the time of application, enrollment, treatment, or periodically? Should
  consent be limited to the "minimum amount of information necessary" to
  accomplish the purpose?

  Notice
  When and how should individuals be notified about how their medical
  records are used, and when health information is disclosed to third
  parties?
  All current federal proposals require that people be given written,
  easy-to-understand information about how their health information will
  be used.

  Security
  What security safeguards should be required to protect medical records?
  All of the federal proposals require security safeguards for the use
  and disclosure of personal health information. Although it is critical
  to acknowledge that networked health information systems can pose a
  risk of greater magnitude of harm, technology can be used to better
  safeguard personal health information in electronic form than it might
  be protected in paper form.

  Research
  What protections should be in place for identifiable medical records to
  be used for research?
  Currently, federal regulations regarding privacy apply only to
  researchers who receive federal funds or are conducting research in
  anticipation of FDA review. The regulations require that prior to using
  identifiable health information, the research study must be approved by
  an Institutional Review Board (IRB) and that participants give their
  informed consent; however, the law allows the IRB to grant a waiver of
  informed consent under some circumstances. Increasingly, research is
  privately funded and may not involve direct contact with patients. As a
  result, more research that relies primarily on the patient record or
  "encounter data" is falling outside the scope of these federal
  regulations. Almost every recent federal medical privacy bill requests
  a formal study of the issue to determine whether existing patient
  protections for research studies are adequate, and to identify what
  research falls outside current regulations.

  Law Enforcement Access, Oversight
  Under what circumstances can law enforcement officials access medical
  records? What safeguards or protections do individuals have when their
  medical records are used in criminal investigations of providers or
  plans, or for the purposes of health care oversight?
  Most of the legislative proposals to date require law enforcement
  officials to present a warrant, court order, or subpoena prior to
  obtaining medical records. No federal privacy statute now provides a
  broad exemption for law enforcement to get access to personal
  information. All other federal privacy statutes (i.e., those protecting
  video rental records, credit reports, and bank and education records)
  protect individuals from unfettered government access to their records.

  Penalties
  What penalties will apply to those that violate the law? What remedies
  should be available to individuals whose medical information was
  improperly disclosed?
  All federal proposals establish strict penalties for those who misuse
  personal health information.

  Preemption
  Will a federal law create a "floor" above which states would be free to
  enact greater protections, or will a federal law enact a "ceiling"
  eliminating both weaker and stronger state laws?
  Each of the federal proposals takes a different approach to the issue
  of federal preemption. All of the bills that preempt state law
  establish different exceptions to the preemption rule related to state
  communicable disease, mental health and public health laws. No
  precedent exists in federal privacy, consumer protection and civil
  rights laws for preempting state law. As yet, there is no comprehensive
  survey of state health privacy laws to indicate the impact that
  preemption would have on the states. The Health Privacy Project is
  currently at work on a comprehensive compilation of state health
  privacy laws.


   Institute for Health Care Research and Policy, Georgetown
   University, 1999.

Follow-Ups:
- Health Privacy: Journal special issue
  - From: Ross Anderson <Ross.Anderson@cl.cam.ac.uk>

Prev by Date: Internet 2
Next by Date: Boiler Plate Authorizations vs. Physican Release Information
Prev by thread: Internet 2
Next by thread: Health Privacy: Journal special issue
Index(es):
- Date
- Thread