Medical Privacy 101

Over 4 million businesses, employers, government agencies, insurance companies, billing firms, and all their business associates that may include pharmacy benefits managers, and pharmaceutical companies as well as marketing firms and data miners.  Patient consent is no longer required to share health records, no matter how embarrassing or intensely personal the contents may be.  While your doctor may wish to protect your information, once the records are sent out of their offices, they can no longer control who can see or use your information.
Whose Health Records are Vulnerable?
Employees:   Today, laws governing access to health records expose employees to the possibility of employment discrimination.  Thirty-five percent of Fortune 500 companies admitted to looking at employee’s health records before making hiring and promotion decisions (65 Fed. Reg. 82,467).  As employers seek to reduce health insurance costs, little prevents them from viewing employees’-and employee’s families-health records to get rid of capable employees with costly health conditions. Employment should be based on who can do the job-not what’s in our health files.
Women: Women are particularly vulnerable to discrimination in employment, insurance and in the financial and credit arena.   Women have specific, sensitive health issues that have nothing to do with what kind of job they can perform or whether or not they should get credit or insurance. 
Children:  In the age of genetic testing, how will information about our children’s health affect their futures?  Should they be denied entry to college because they tested positive for a cancer gene or were treated for depression as a teenager? Should they be turned down for a job because they have a grandparent who had Alzheimers?  Without privacy, our children’s health records could deny them the future they deserve.
Seniors:  After a lifetime of health treatment, seniors’ health records contain a wealth of information that could harm them, their children and their grandchildren.  Should a grandmother’s Alzheimer’s disease keep her grandchildren from getting a job?  Should a widower’s depression over the death of a spouse keep him from getting auto insurance?  Should a diagnosis expose a senior to drug company marketing disguised as “education”? 
Consumers:  As health records are spread over electronic networks, banks, insurance corporations, and lenders can access our most personal health records.  Should homeowners pay higher interest rates because they are cancer survivors?  Should drivers be denied automobile insurance because they have a medical condition?  Without privacy, consumers’ health histories expose them to real financial risks and threaten their livelihoods.
How Did This Happen?
A federal agency, not Congress, took away your right to control your health information.  Your right to control the use and disclosure of your personal health information was eliminated in 2003 by regulatory changes made to HIPAA, the Health Insurance Portability and Accountability Act.  HIPAA is a complex 1,500 page set of rules covering things such as the transfer of health insurance when you change jobs.  

The Elimination of Consent
1996 Congress passed HIPAA,  but did not pass a federal medical privacy statute, so the Dept. of Health and Human Services (HSS) was required to develop regulations that specified patients’ rights to health privacy.

“…the Secretary of Health and Human Services shall submit to [Congress]… detailed recommendations on standards with respect to the privacy of individually identifiable health information.”

2001 President Bush implemented the HHS HIPAA “Privacy Rule” which recognized the “right of consent”. “…a covered healthcare provider must obtain the individual’s consent, in accordance with this section, prior to using or disclosing protected health information to carry out treatment, payment or health care operations.”
2002 HHS amended the HIPAA “Privacy Rule”, eliminating the “right of consent”. “The consent provisions… are replaced with a new provision…that provides regulatory permission for covered entities to use and disclose protected health information for treatment, payment, or health care operations.”

The changes mean that millions of strangers, as well as employers, can use your health records for reasons that have nothing to do with your treatment or improving your health care.  In an era of Electronic Health Records (EHRs) and Personal Health Records (PHRs), the problem gets much worse. Privacy is the key to progress with Health Information Technology (HIT).  The potential benefits of electronic health systems cannot be realized unless Americans have confidence that ironclad privacy protections are in place for online health records, databases, and networks. As Americans realize how open their records actually are, they may avoid treatment and be much more selective about important information they share with their doctors. No one should have to choose between privacy and health
Courtesy: The Patient Privacy Rights Foundation (