Home » Politics & Society » Technology & U.S. Politics » New medical privacy rules foreshadow privacy policy changes

New medical privacy rules foreshadow privacy policy changes

© Alan Kotok

On December 20, President Clinton announced new rules for protecting the privacy of patient medical records, raising once more a sensitive issue to the IT industry, consumers, and policy makers. The greater the reach of electronic records into people’s lives, the greater the perceived need for protection from abuse of those records. And this issue crosses the party aisles and ideological boundaries.

According to the White House announcement, “This rule, which applies to health insurers, virtually all health care providers and clearinghouses, will give consumers more control over and access to their health information; set boundaries on the use and release of health records; safeguard that information; establish accountability for inappropriate use and release; and balance privacy protections with public safety.”

The rules came about as a result of the Health Insurance Portability and Accountability Act of 1996 or HIPAA, best known for its provisions that make it easier for workers to transfer their health insurance from one employer to another. Other provisions require insurers and health care providers to start using standard electronic transactions to exchange business data, instead of hundreds of proprietary formats.

HIPAA gave Congress until August 21, 1999 to pass legislation on medical record privacy, but no new bills emerged in that time. The Department of HHS then drafted its own regulations and submitted them for public comments, receiving some 52,000 responses.

The rules cover health plans, health care clearing houses (medical transaction services), and health care providers that conduct transactions such as billing and funds transfers electronically. However, the scope of the rules cover any identifiable health information, whether communicated electronically, in writing, or orally.

The new rules give significantly more control to consumers over their medical records. Health care providers now need to get their patients’ consent before they can share information for routine treatment and financial purposes. And to share the data for non-medical reasons, such as inquiries from mortgage lenders or mailing lists to live insurance companies, patients must give their specific approval. The rules ensure consumer access to their records, and providers need to give clear written explanations about how they use, keep, and disclose health information.

Moreover, the new rules have teeth. Should health plans, providers, or clearing houses violate the standards they can be subject to civil fines of up to $25,000 per infraction. Where health care companies knowingly and willingly disclose personal medical information or collect the data under false pretenses, violators face fines of up to $250,000 and prison terms of up to 10 years. The rules allow exceptions for emergencies, public health, certain research activities, identification of deceased persons, and law-enforcement or national security reasons.

The copyright of the article New medical privacy rules foreshadow privacy policy changes in Technology & U.S. Politics is owned by . Permission to republish New medical privacy rules foreshadow privacy policy changes in print or online must be granted by the author in writing.