Notwithstanding the continuing debate over the future of managed care and the appropriate protections to be included in a Patient's Bill of Rights, the safeguarding of patient privacy and the reduction of medical error have emerged as the dominant health law issues. Displacing even the implications of the advances in genomics from the front and editorial pages of our newspapers, privacy and medical error have left the cozy world of professional journals and political platitudes to demand corrective action.
The issue of data privacy already possessed some serious political credentials before the Clinton administration ushered health privacy to center stage by its promulgation of regulations under the Health Insurance Portability and Accountability Act of 1996 (HIPAA).1 Public visibility was increased by the Bush administration's very vocal dissatisfaction with the regulations,2 followed by its well publicized, though probably temporary, capitulation.3 Only recently has medical error resurfaced as an issue of comparable weight attracting public and political concern.4 A series of publications by the Institute of Medicine (IOM) have not only highlighted the quality flaws in our current system, but have intensified the debate beyond cliched calls for action by appending highly concrete suggestions for amelioration of the problem.
This article argues that the forces driving increased privacy and reduced medical error are closely related; that they find common ground in process re-engineering and the adoption of technologies that conceptually, architecturally and operationally will
intersect and frequently combine.5 The new and controversial federal medical privacy regulations should be put into perspective and recognized as a relatively minor, albeit laudable, component of a broader thrust to update our delivery system to improve, among other things, the quality of care. Additionally, this article argues that increased privacy regulation will further stimulate emerging eHealth6 business models as improved privacy and security accelerate the utilization and acceptability of computer-mediated healthcare delivery.
In addition to exploring the close and dynamic relationship between health privacy and medical error, this article examines how the infrastructure developments and new privacy regulations will more immediately and often unintentionally reshape one of our extant quality assurance systems-malpractice law. In this regard, it examines how traditional substantive malpractice law is already reacting to changes in healthcare technologies, suggesting that aspects of the privacy regulations will have serious, albeit unanticipated, effects on doctrines such as informed consent and, by reducing false positives, the overall level of malpractice-based risk reallocation.
Part II begins with a discussion of the process and technological implications of the federal government's regulation of medical privacy, particularly in terms of its structure and architecture. Part III will examine the role of technology in reducing medical error. The remainder of the article focuses on the more technical legal implications of the interaction between privacy regulation and the drive to reduce error. In this context, Part IV will scrutinize the impact of privacy regulation and eHealth on substantive malpractice law. Part V will examine the relationship between consent-to-disclosure in privacy regimes and informed consent. Finally, Part VI will discuss the operational or process implications of new privacy and security regimes on malpractice litigation.
II. BEYOND PRIVACY: ARCHITECTURAL AND QUALITY IMPLICATIONS
OF "ADMINISTRATIVE SIMPLIFICATION"
At first glance, protecting privacy and improving quality seem to implicate diametrically opposed operational imperatives. The protection of privacy suggests a need to decrease the flow of patient-related information, whereas maximizing information and minimizing information costs are key strategies aimed at improving the quality of care. …