FC: Ron Paul's comments on HHS medical privacy regulations

[Declan McCullagh <declan () well com>]

> December 9, 1999
>
>
> U.S. Department of Health and Human Services, 
> Assistant Secretary for Planning and Evaluation, 
> Attention: Privacy-P, 
> Room G-322A, Hubert H. Humphrey Building, 
> 200 Independence Avenue SW, 
> Washington, DC 20201         
>
> Dear Assistant Secretary:
>
> I wish to convey my displeasure with the Department of Health and Human
> Services' (HHS) proposed medical privacy regulations which were published in
> the Federal Register on November 3, 1999.  Protecting medical privacy is a
> noble goal, however, the federal government is not constitutionally
> authorized to mandate a uniform standard of privacy protections for every
> citizen in the nation. Rather, the question of who should have access to a
> person's medical records should be determined by private contracts between
> that person and their health care provider.
>
> Unfortunately, government policies encouraging citizens to rely on
> third-party payors for even routine heath care expenses has  undermined the
> individual's ability to control any aspect of their own health care,
> including questions regarding access to their medical records. All too
> often, third-party payors use their control over the health care dollar to
> gain access to even the most personal details of an individual's health
> care, using the justification that because they are paying for the
> treatments they must to have access to the patient's medical records to
> protect against fraud or other malfeasance. Because most of the concerns
> about medical privacy are rooted in the loss of individual control over the
> health care dollar, the solution to the loss of medical privacy is to
> empower the individual by giving them back control of their health care
> dollar. The best way to do this is through means such as Medical Savings
> Accounts and individual tax credits for health care. When the individual has
> control over their health care dollar, they can control all aspects of their
> health care -- including who should have access to their medical records. 
>
> Rather than support efforts to place the individual back in control of
> health care, this administration has consistently pursued an agenda that
> would enhance the power of the federal government over health care. HHS'
> proposed medical privacy regulations continue in that sad tradition. In the
> name of protecting privacy, HHS has reduced the individual's control over
> their medical records. HHS' proposal, if enacted, would deny, as a matter of
> federal law, individuals the ability to contract with the providers or
> payors to establish limitations on who should have access to their medical
> records. Instead, every American will be forced to accept the privacy
> standard decided upon by Washington-based bureaucrats and politicians.
>
> Individual citizens would not only have to accept the privacy standards
> dictated to them by Washington bureaucrats, they would even be deprived the
> ability to hold those who violated their privacy accountable in a court of
> law. Instead, the regulations give the Federal Government the power to
> punish those who violate these federal standards. Thus, in a remarkable
> example of government paternalism, individuals are forced to rely on the
> good graces of government bureaucrats for  protection of their medical
> privacy. These regulations also create yet another unconstitutional federal
> crime, at a time when voices from across the political spectrum are decrying
> the nationalization of law enforcement.
>
> These so-called "privacy protection" regulations not only strip individuals
> of any ability to determine for themselves how best to protect their medical
> privacy, they also create a privileged class of people with a
> federally-guaranteed right to see an individual's medical records without
> the individual's consent. For example, medical researchers may access a
> person's private medical records even if an individual does not want their
> private records used for medical research. Although individuals will be told
> that their identity will be protected the fact is that no system is
> fail-safe. I am aware of at least one incident where a man had his medical
> records used without his consent and the records inadvertently revealed his
> identity. As a result, many people in his community discovered details of
> his medical history that he wished to keep private!
>
> Forcing individuals to divulge medical information without their consent
> also runs afoul of the Fifth Amendment's prohibition on taking private
> property for public use without just compensation. After all, people do have
> a legitimate property interest in their private information; therefore
> restrictions on an individuals ability to control the dissemination of their
> private information represents a massive regulatory taking. The takeings
> clause is designed to prevent this type of sacrifice of individual property
> rights for the "greater good."   
>
> In a free society such as the one envisioned by those who drafted the
> Constitution, the federal government should never force a citizen to divulge
> personal information to advance "important social goals." Rather, it should
> be up to the individuals, not the government, to determine what social goals
> are important enough to warrant allowing others access to their personal
> property, including their personal information. To the extent these
> regulations sacrifice individual rights in the name of a
> bureaucratically-determined "common good," they are incompatible with a free
> society and a constitutional government.
>
> In addition to the general constitutional and philosophic objections, I also
> have a number of specific concerns with the details of the proposal. My
> primary objection is that the regulations allow law enforcement and other
> government officials access to a citizen's private medical record without
> having to obtain a search warrant. 
>
> Allowing law enforcement officials to access a private person's medical
> records without a warrant is a violation of the Fourth Amendment to the
> United States Constitution, which protects American citizens from
> warrantless searches by government officials. The requirement that law
> enforcement officials obtain a warrant from a judge before searching private
> documents is one of the fundamental protections against abuse of the
> government's power to seize an individual's private documents. While the
> fourth amendment has been interpreted to allow warrantless searches in
> emergency situations, it is hard to conceive of a situation where law
> enforcement officials would be unable to obtain a warrant before electronic
> medical records would be destroyed. 
>
> The proposal's requirement that law enforcement officials submit a written
> request to review a citizen's medical file to doctors, hospital and
> insurance companies before they can access private medical records  is a
> poor substitute for a judicially-issued warrant. Private citizens are more
> likely to want to cooperate with law enforcement officials than are members
> of the judiciary, if for no other reason than because hospital
> administrators, insurance company personnel, and health care providers will
> lack the time and expertise to properly determine if a government officials'
> request is legitimate. Furthermore, private citizens are more likely to
> succumb to pressure to "do their civic duty" and cooperate with law
> enforcement-- no matter how unjustified the request -- than members of the
> judiciary.
>
> Finally, I object to the fact that these proposed regulations permit health
> care providers to give medical records to the government for inclusion in a
> federal health care data system. Such a system would contain all citizens'
> personal health care information. History shows that when the government
> collects this type of personal information the inevitable result is the
> abuse of citizens' privacy and liberty by unscrupulous government officials.
> The only fail-safe privacy protection is for the government not to collect
> and store this type of personal information. 
>
> The collection and storing of personal medical information authorized by
> these regulations may also revive an effort to establish a "unique health
> identifier" for all Americans. As you are aware, a moratorium on funds for
> developing such an identifier was included in the HHS' budget for fiscal
> years 1998 and 1999. This was because of a massive public outcry against
> having one's medical records easily accessible to anyone who knows their
> "unique health identifier." The American people do not want their health
> information recorded on a database and they do not wish to be assigned a
> unique health identifier. The Department of Heath and Human Services should
> heed the wishes of the American people and make sure these privacy
> regulations do not become a backdoor means of numbering each American and
> recording their information in a massive health care database.
>
> As an OB-GYN with more than 30 years experience in private practice, I am
> very concerned           by the threat to good medical practice posed by
> these regulations. The confidential  physician-patient relationship is the
> basis of good health care; oftentimes effective treatment depends on
> patients' ability to place absolute trust in his or her doctors. The legal
> system has acknowledged the importance of maintaining physician-patient
> confidentiality by granting physicians a privilege not to divulge
> information confided to them by their patients. 
>
> Before implementing these rules , HHS should consider what will happen to
> that trust between patients and physicians when patients know that any and
> all information given their doctor may be placed in a government database or
> seen by medical researchers or handed over to government agents without a
> warrant?
>
> Questions of who should or should not have access to one's medical privacy
> are best settled via contract between a patients and a provider. However,
> the government-insurance company complex that governs today's health care
> industry has deprived the individual patients of control over their health
> care records, as well as over numerous other aspects of their health care.
> Rather then put the individual back in charge of his or her medical records,
> the Department of Health and Human Services proposed privacy regulations
> give the federal government the authority to decide who will have access to
> individual medical records. These regulations thus reduce individuals'
> ability to protect their own medical privacy.
>
> These regulations violate the fundamental principles of a free society by
> placing the perceived "societal" need to advance medical research over the
> individuals right to privacy. They also violate the Fourth and Fifth
> Amendments by allowing law enforcement officials and government -favored
> special interests  to seize medical records without an individual's consent
> or a warrant and could facilitate the creation of a federal database
> containing the health care data of every American citizen. These
> developments could undermine the doctor-patient relationship and thus worsen
> the health care of millions of Americans. 
>
> In conclusion, I respectfully request that the Department of Health and
> Human Services withdraw this proposal and instead put its efforts behind
> meaningful measures to place patients back in control of the health care
> system so that individuals could once again determine who should and should
> not have access to their private medical records.
>
> Sincerely,
>
>
> Ron Paul



--------------------------------------------------------------------------
POLITECH -- the moderated mailing list of politics and technology
To subscribe: send a message to majordomo () vorlon mit edu with this text:
subscribe politech
More information is at http://www.well.com/~declan/politech/
--------------------------------------------------------------------------