|
|
|
|||||
|
|
|||||||
|
|||||||
|
EFF ALERT: Ask Bush Administration to Implement Privacy Regulations - CorrectlyHIPAA Regs a Good First Step in Medical Privacy Protection But Need Loopholes ClosedElectronic Frontier Foundation Press Release March 5, 2001The Health & Human Services privacy regulation issued by the Clinton Administration in December 2000 was originally scheduled to go into effect on February 26, 2001, but was delayed due to an administrative oversight. Though it could be a first major step to national medical privacy protection, it has flaws.
The public has until Friday, March 30, 2001, to submit comments to HHS on
the regulation. Comments can be submitted electronically at: Comments can also be snail mailed, or hand-delivered to:
U.S. Department of Health and Human Services Our comments:Sent via Web site submission Dear Secretary Thompson: Today there are no comprehensive federal rules to protect the confidentiality of medical record information. The rules mandated by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) are a good first step at protecting the sensitive information kept in our medical records by providing a baseline of significant privacy protection for medical records. Delaying implementation of the rule is not warranted. We need to be able to know that information in our private medical files will have the benefit of baseline protection, even as further protections are considered. Important Fair Information Practices Included in HIPAAFair Information Practices form one of the cornerstones for protecting privacy in this country today. Most of the major Federal privacy laws incorporate fair information practices, including the Privacy Act of 1974 and the Fair Credit Reporting Act. Including fair information practices in this rule maintains that strong tradition. Specifically, Sec. 164.520; Sec 164.522; Sec. 164.524; Sec. 164.526; Sec. 164.530; and Sec. 160.306 contain support for these Fair Information Practices. The HIPAA rules grant us the important right to be notified of the data practices of those who handle personal health records. There are also rights to request restrictions on use and disclosures of health records. The HIPAA rule grants new rights for individuals like myself to access our own medical files and amend it if there is erroneous information. Before HIPAA, doctors often did not allow patients to view their own medical files. One area that needs to be strengthened in the rule is the section that allows individuals to file a complaint with HHS and with the covered entity. We should have the right to sue directly those who violate our privacy rights. Gaps that need to be addressed by Congress or the StatesI support efforts to further strengthen the HIPAA regulations. For example, there should be limitations on the use of patients' data for marketing purposes. Sec. 154.501; Sec. 164.514. Use of health information is not the proper place to give equal weight to business and individual interests; an individual's privacy and health interests should always prevail. Protecting privacy for individuals would dictate that any disclosure of medical conditions and/or records should be by an opt-in process only, not opt-out. An opt-out standard, with its focus on initial disclosure followed by a subsequent revocation, will not protect any individual's privacy. Law enforcement must be required to obtain a warrant before it may obtain access to patients' data. Sec. 164.512. A properly drawn court order or warrant must first be obtained before medical information is released to law enforcement. The Government Health Database was discussed in the Standards for Privacy of Individually Identifiable Health Information in December, 2000, (65 Fed. Reg. 62462). Under Disclosures and Uses for Government Health Data Systems, the proposed rule had allowed a covered entity that was itself a government agency collecting health data for analysis in support of policy, planning, regulatory, or management functions, to disclose protected health information to government health data systems. The final rule explicitly eliminated that provision. Consent by the patient is now required, but it contains a loophole when disclosure is permissible under another provision of the rule. This seems like a way to implicitly side step the consent issue. Patients should always be asked for their consent before their health information is funneled from one government database to another. Unless individuals are able to give true informed consent that is not conditioned upon treatment, government will steadily be able to build surveillance and tracking systems that will touch every aspect of our lives so much so that it will become a threat to our open society. ConclusionIndividuals want the privacy of their sensitive medical records to be strongly and unambiguously protected. In fact, given the potential for medical records to impact employment opportunities, financial offerings, family relations, social standing, and even our ability to obtain housing, medical records deserve the strongest possible protection. This is the farthest our nation has ever come toward protecting the sensitive, personal information contained in our medical records. There are still privacy-damaging sections included in the rule but I believe that the rule gives a baseline right to privacy that can be enlarged by either Congress or the States. I encourage you to implement this rule without further delay.
Sincerely,
__________________________________________________________
P.S. (Choose one) US Rep. Ron Paul Moves to Close the Loopholes; letter to other legislators:Dear Colleague: Proponents of the Department of Health and Human Services' (HHS) so-called "medical privacy" regulation have launched a campaign to convince the American people that these regulations protect their medical privacy. However, these supposed "privacy advocates" are neglecting to mention that buried within this 367-pages of small print which comprise the medical privacy regulation are provisions that : Give state-favored special interests the right to access private medical information -- including genetic information -- without patients' consent (Sections 164.502 and 164.506). Force physicians to turn confidential medical records over to HHS and other government agencies and law enforcement officials without either individual consent or a warrant in complete disregard of the Fourth and Fifth Amendments (Section 160.310). I have introduced the Medical Privacy Protection Resolution (H.J.Res. 38), which uses the Congressional Review Act process to overturn this misnamed and misguided regulation. Please don't allow medical privacy be eroded by a regulation which allows government and the politically-connected to access personal medical records without a patient's consent. Call Norm at 5-2831 and cosponsor the Medical Privacy Protection Resolution today! Sincerely, Ron Paul, M.D. EFF observes that even with these loopholes, which Paul's legislation will hopefully soon resolve, the HIPAA regs would be a net increase in national-level US medical privacy protection (there is virtually none at all now.)
|
|
|
|
|||
|
|
|||||||
|
|
Please send any questions or comments to webmaster@eff.org. |
||||||
