April 14 Federal Medical Privacy Rule is About Sharing Data
April 8, 2003
Patient consent requirements for disclosure of medical-record information will no longer be required as of April 14, 2003. That day, the federal Standards for Privacy of Individually Identifiable Health Information take effect.
"The so-called federal medical privacy rule will add confusion, cost, and complications to health-care access, but it will not protect the privacy of patients. In essence, the rule is a federal license to intrude," says Twila Brase, president of the Citizens' Council on Health Care, a St. Paul-based health-care policy organization.
- NO CONSENT: The rule allows doctors, hospitals, health-care institutions, and data clearinghouses to disclose individually identifiable medical information without patient consent for 12 "national priority activities" and "payment", "treatment," and "health care operations."
- NATIONAL PRIORITY ACTIVITIES INCLUDE: Law enforcement activities, state and federal health-care databases, public health activities, national security, and providing names of dying patients to organ donor solicitation organizations.
- PAYMENT, TREATMENT, AND HEALTH CARE OPERATIONS: The rule's broad definitions allow broad disclosures; and no audit trail is required for these disclosures...
- GOVERNMENT EXEMPT: Government agencies are not required to follow the rule [unless they are functioning as a health-care provider, insurer or data processing company]. Therefore, once government agencies get patient data, they can use or distribute it except as prohibited by other law.
- NEXT STEP--NATIONAL MEDICAL ID NUMBER: Now that the rule has been implemented, there is pressure to create a national medical identification number for every citizen as Congress authorized in 1996 [via the Health Insurance Portability and Accountability Act of 1996]. Such a number could facilitate patient profiling, and result in denial of health care to those without a card.
"Enormous sums of money will go into following a rule that no one truly understands. Computerized data systems will be built, illogical restraints will be implemented in health-care settings, but no one's privacy will be protected where it counts--in their medical records," said Brase.
"Because the privacy rule does not even define the term privacy, the message should be clear. This rule is all about sharing data, not protecting privacy," Brase said.
This news release was reprinted with permission from Citizens' Council on Health Care (CCHC), an independent nonprofit free-market health-care policy organization located in St. Paul, Minnesota.