Health and Human Services "Privacy" Standards: The Coming Destruction of American Medical Privacy
Twight, Charlotte, Independent Review
Federal privacy regulations issued by the Clinton administration on December 28, 2000, and adopted by the Bush administration on April 14, 2001, perpetrate a fraud on the American people, proclaiming privacy as their goal when ever-wider access to individual medical records is their actual and intended effect. In this article, I document the stark contrast between what Americans want and what they are getting from the federal government with respect to medical privacy, examining how and why that incongruity emerged.
Recently, the high value that ordinary Americans place on medical privacy was shown in a September 2000 Gallup poll sponsored by the Institute for Health Freedom, in which the respondents strongly opposed unauthorized access to medical records. Seventy-eight percent regarded the protection of the confidentiality of their medical records as "very important"; 91 percent opposed government-mandated medical identification numbers; and 88 percent opposed storing patient medical records in a national computerized database for use without the patient's permission. Questioned about who should be allowed to see individuals' medical records without their consent, 92 percent of the respondents opposed access by government agencies, 88 percent by law enforcers ("police or lawyers"), 95 percent by banks, 84 percent by employers, and 67 percent by medical researchers. Fully 95 percent agreed that doctors and hospitals should be required to obtain an individual's permission before storing his medical records in a national computerized database (Gallup Organization 2000).
Ironically, unbeknown to the majority of respondents, most of the threats to medical privacy mentioned in the Gallup survey had already been either enacted into law or proposed as part of regulatory efforts to implement existing law. Yet only 16 percent of those surveyed had heard of new federal laws and regulations changing the rules regarding access to personal medical records, and 87 percent were not aware of a "federal proposal to assign medical identification numbers, similar to a social security number, to you and all other Americans to create a national database of medical records" (Gallup Organization 2000, 8, 12-13).
However, the laws were already on the books, and their implementation was accelerating. In April 2001, federal regulations adopted in the name of medical privacy further expanded access to individually identifiable medical records, without patient permission, by some of the very groups whose unauthorized access Americans most strongly oppose. How did this widely opposed result come about?
"Administrative Simplification" and the Erosion of Medical Privacy
The federal legislation underlying the new regulations is part of the Health Insurance Portability and Accountability Act (HIPAA), commonly known as the Kennedy-Kassebaum bill (Public Law 104-191, August 21, 1996). Enacted in 1996 with virtually no opposition, HIPAA seemed to foreshadow only good things--at least, it did so if one listened only to government officials and to the popular press. Members of Congress, the president, and the news media repeatedly emphasized HIPAA's appealing objectives, chief among them reduction of the "job lock" that tied many workers to their existing employment for fear of losing insurance coverage if they switched jobs.
Prior to HIPAA's passage, however, lawmakers and the press seldom told the public about the act's more ominous side--privacy-threatening provisions buried in a section entitled "Administrative Simplification," which included some of the most feared elements of the rejected 1993 Clinton health security bill. Copied almost verbatim from the 1993 bill were HIPAA's requirements for uniform electronic databases of personal medical information nationwide and for the creation of a "unique health identifier" for every American. The 1996 act empowered the federal government, at its discretion, to require detailed information on what lawmakers called "encounters" between doctors and patients. …