Politech mailing list archives

Previous By Date Next
Previous By Thread Next

FC: Privacy villain of week: HIPAA & Dept of Health and Human Services

From: Declan McCullagh <declan () well com>
Date: Thu, 18 Apr 2002 20:50:27 -0700

---

Date: Thu, 18 Apr 2002 23:32:07 -0400
From: J Plummer <jplummer () consumeralert org>
Subject: NCP: Privacy Villain of the Week: HHS and its HIPAA rule

Privacy Villain of the Week:
HHS and its HIPAA rule
The Department of Health and Human Services announced last month that it will be accepting comments until next friday -April 26 - for the final revision <http://www.access.gpo.gov/su_docs/fedreg/a020327c.html> of "medical privacy" rules. The "revised final" rule represents a slight change to the already-horrible "final" <http://www.access.gpo.gov/su_docs/fedreg/a001228c.html> regulations issued by the Clinton Administration. Under the new rule, doctors and hospitals will be required to open up their records to HHS and other government agents without so much as a court order. The rules also override private contractual arrangements between patient and doctor with a bureaucratic mandate.
The whole mess got started in 1996, when the Congress passed the Health Information and Portability Accountability Act (HIPAA) containing a key provision <http://www.privacilla.org/business/medical/hipaaabout.html> abandoning its Constitutional law-making responsibility. HIPAA directed HHS bureaucrats to write the rules regarding medical privacy if our elected representatives didn't get around to it themselves within 42 months. And they didn't.
So, the HHS, given the power to write the law, naturally decided that the most important thing in medical privacy law is a provision opening individual medical records to the HHS any time it asks. To be fair, HHS also gave this power to the FDA, foreign governments "acting in collaboration with a public health authority," and various and sundry other government agents tasked to "public health."
And no federal privacy regulation would be complete if it did not try to override private contracts on information gathering and dissemination. Besides making it illegal to enter into a contract with your doctor to protect your health information from the feds, the rule turns the long-held assumption of patient-doctor confidentiality on its head, essentially mandating an "opt-out" situation when it comes to sharing or selling your inforamtion to non-government entities. The presumption of confidentiality which dates back hundreds or thousands of years was, of course, "opt-in" when it comes to such sharing. Many people who don't follow the day-to-day power plays inside the Beltway will incorrectly assume that to still be the case for years to come.
Of course, many health consumers understand the benefits that can arise from sharing their helth information - they may get a heads-up or discount on new prescription or over-the-counter drugs they find useful, for instance. But another portion of the bill mitigates even this benefit. It's useful to get a coupon in the mail for a new allergy drug when you know the details of your condition are still relatively safe in a folder in the back of your doctor's office. But the regulations also mandate a specific coding and database for virtually every possible ailment or condition, coded down to your individual visits. This mandated categorization will not only make it easier for the government to get your profile, but by making your data more easily dissected leaves doubt as to the continued benficence of many data-sharing arrangements which before had definite benefit.
And all of this mandated coding and other requirements of HIPAA will raise health costs to consumers -- which are already spiraling due to laws favoring third-party payment plans (which encourage more health care spending on someone else's dime, raising costs for everyone) over fee-for-service.
For gutting consumer health privacy, raising costs, and obscuring what has been done with a patina of reasssuring doublespeak, Health and Human Services is Privacy Villain of the Week.
The Privacy Villain of the Week and Privacy Hero of the Month are projects of the National Consumer Coalition's Privacy Group. For more information on the NCC Privacy Group, see www.nccprivacy.org or contact James Plummer at 202-467-5809 or jplummer () consumeralert org . To access this release directly, go to http://nccprivacy.org/handv/020418villain.htm 



-------------------------------------------------------------------------
POLITECH -- Declan McCullagh's politics and technology mailing list
You may redistribute this message freely if you include this notice.
To subscribe to Politech: http://www.politechbot.com/info/subscribe.html
This message is archived at http://www.politechbot.com/
Declan McCullagh's photographs are at http://www.mccullagh.org/
-------------------------------------------------------------------------
Sign this pro-therapeutic cloning petition: http://www.franklinsociety.org
-------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: