NEGATIVE – MEDICAL – INHERENCY 239

NEGATIVE — MEDICAL — INHERENCY 239

MEDICAL PRIVACY IS PROTECTED NOW

THERE ARE FIVE SOURCES OF LEGAL PROTECTIONS OF HEALTH INFORMATION

David M. Studdert, Policy Analyst, RAND Institute for Civil Justice and RAND Health; "Direct Contracts, Data Sharing and Employee Risk Selection:" American Journal of Law & Medicine , 1999, 25 Am. J. L. and Med. 233, EE2001-JGM, P.254

Legal protections of health information privacy emanate from five sources: (1) the federal constitution; (2) state constitutions; (3) federal statutes; (4) state statutes; and (5) state common law. The Supreme Court's decision in Whalen v. Roe n172 stands as the leading consideration of a federal constitutional right to informational privacy in the context of health care. However, the right or interest in informational privacy articulated in that case was a fairly weak one; it was counterbalanced on the facts by New York State's interest in collecting drug prescription data, and it did not take root in subsequent litigation. n173 At the state level, numerous constitutional amendments over the past two decades have sought to protect privacy interests; some have explicitly placed limitations on access to personal information. n174

CURRENT MEDICAL PRIVACY CONTROLS ARE NOW TIGHTER THAN THEY WERE

The Washington Post, October 31, 1999, SECTION: EDITORIAL; Pg. B06, TITLE: Privacy Cliffhanger // acs-EE2001

Some exchange among caregivers is obviously necessary and valuable -- that's the point of the 1996 law. Privacy rules must also make exceptions for investigators pursuing fraud, law enforcement authorities armed with court orders and some public health and research needs. But those exceptions need to be narrow and, whenever possible, confined to information stripped of identifying marks. An early draft of the HHS rule drew criticism for making the loopholes too wide -- for instance, allowing police to see records without a court order. Those requirements are now tighter.

THE FOUR PRINCIPLES OF STATUS QUO MEDICAL PRIVACY REGULATIONS

Donna Shalala, Sec of Health & Human Services, Chicago Sun-Times, September 11, 1999, SECTION: EDT; Pg. 14 TITLE: Privacy of medical records is non-negotiable // acs-EE2001

Boundaries. We believe that, with very few exceptions, a health care consumer's personal information should only be used for health-related activities. For example, a hospital should be able to use personal health information to provide care, teach, train, conduct research and ensure quality. However, employers should be barred from using such information for nonhealth purposes such as hiring, firing or determining promotions, and insurers shouldn't be able to use it for underwriting purposes.

Security. When Americans provide personal health information, they should know they're leaving it in safe hands. That means requiring those entrusted with health information to protect it from misuse.

Consumer control. Just as every American has the right to see his or her credit history, we believe all citizens should have the right to know what's in their medical records and how to correct any errors.

Accountability. Under our recommendations, anyone who misuses personal health information risks being punished. We should ensure that state enforcement provisions now in place are not pre-empted by a bill that provides even weaker protections.

Public responsibility. We understand that, in a democratic society, the right to privacy, like the right to free speech, is never absolute. For example, public health agencies routinely use health records to protect us from outbreaks of infectious diseases.