[Med-privacy] toolkit/legislation

[peter marshall]

In April 2008, 130,000 Wellpoint, Inc. customers learned that the health
insurer disclosed their private medical records, including their social
security numbers, on the Internet. This followed a virtually identical
February breach that disclosed health information on the Internet
regarding 71,000 people enrolled in Georgia public health programs.
These breaches make clear that numerous privacy violations have exposed
millions of Americans' medical information to criminals, identity
thieves, and other prying eyes. Despite citizens' unambiguous desire to
keep their medical information private, their wishes have been
frustrated by these medical data breaches and a lack of easily available
information about how citizens can protect themselves.

In an effort to make medical record privacy information more accessible
to the public, Patient Privacy Rights, a non-profit group whose mission
is to ensure that Americans control all access to their health records,
created the Patient Privacy Toolkit.  "The move to electronic health
records, the lack of protection for personal health records, and the
ineffectiveness of HIPPA can cause serious consequences for citizens,
including discrimination against people with a genetic predisposition or
a previous illness," said Katherine Johnson, the program and outreach
coordinator of Patient Privacy Rights.  The toolkit includes important
information and documents, such as forms to opt out of the American
Medical Association's database, a summary of health privacy laws in each
state, and consent forms to request that a doctor only disclose medical
information with the patient's consent. It is available for free on the
Patient Privacy Rights website.

Congress is currently considering a bill on medical records privacy. The
discussion draft of the bill includes breach notification similar to
that in California, which would let citizens know if their records are
breached. Congress recently invited EPIC to comment on the discussion
draft. EPIC suggested additions, including a clear statement of
Americans' right to privacy of their health records, incorporation of
enhanced privacy protections for especially sensitive health
information, establishment of a patients' right of action for
individuals whose medical privacy is violated, and a requirement that
companies take commonsense steps to secure electronic health
information.

Patient Privacy Rights:

       http://www.patientprivacyrights.org/

EPIC's Medical Records Privacy Site:

       http://epic.org/privacy/medical/

EPIC's comments on the discussion draft on medical records privacy
(pdf):

       http://epic.org/privacy/medical/EPIC_HIT_060908.pdf

Wellpoint Data Breach - Chicago Tribune Review

       http://epic.org/redirect/wellpoint_databreach.html

Bill to Amend the Public Health Service Act to Promote the Adoption of
Health Information Technology, and for Other Purposes:

       http://www.govtrack.us/congress/bill.xpd?bill=h110-6357