HIPAA Privacy Regulations -- The End of Personal Medical Privacy
The federal Government tracks as much information about your finances
as it can. From 1099s and W2s to banking records, from cradle to
grave, they've got it all. But they're getting more. Much more.
April 15th, 2003 didn't just see the end to our extra spending money.
One day earlier we saw the end to the privacy of our medical records.
The much touted "HIPAA Privacy Rule" went into effect on the 14th of
April. Among others, this new ruleset applies to:
- Health Plans. The HIPAA definition includes large Health Care
organizations such as Blue Cross/Blue Shield. It also includes
employer-sponsored group health plans.
- Health Care Providers. HIPAA includes everyone, "regardless of
size," who provides any type of health care services and
electronically transmits health information.
Specifically the rule protects all "individually identifiable health
information." It sounds pretty good. With a name like "Privacy Rule"
it must be increasing my privacy, right?
The HIPAA regulations do provide for additional security for some
aspects of your data. It requires that it be encrypted when it is
being exchanged between providers, data warehouses, and insurance
companies. It also requires that your personal medical information
not be disclosed accidently to other patients, or even to your
family in most cases.
HIPPA's True Face
"While masquerading as patient protection, the (new) rules would
actually eliminate any last shred of confidentiality and risk lives,"
said Kathryn Serkes, public-affairs counsel for the Association of
American Physicians and Surgeons, in Florida Today.
These new privacy regulations eliminate the need to obtain patients'
consent for disclosure of their medical records to dozens of people
and organizations -- including the federal government. This means
that the embarrassing fact that you whispered to your family Physician
may also have been whispered to countless bureaucrats and industry
operatives. All of this disclosure has become legal, and is in fact
some of it is mandated by these new "Privacy Regulations."
The current Health Information Portability and Accountability Act
(HIPAA) was passed by Congress in 1996. The Clinton administration
wrote numerous rules to flesh out the Act, and published them
late in 2000. The Bush administration took those rules,
and has started enforcing them with little modification.
Legislation itself is never the beginning. The "need" for this
act arose because of other actions the federal government was
taking. The feds had earlier mandated a nationwide, standardized,
easily transmitted electronic format for databases of personal medical
information. There are federally mandated codes used to track
everything from your heart condition to your last menstrual period.
With all of this newly standardized information flowing, it became
obvious that it needed to be protected. But the feds didn't start
with security rules.
Cart Before The Horse
New security rules, which constitute the final phase of this
government mandated intrusion into our medical privacy, won't go into
effect until 2005. Attorney Jim Pyles, who has filed suit to overturn
these regulations, says that these new security rules should have gone
into effect before these new medical privacy measures. "It's like
buying an alarm system for your home, but not turning it on yet," says
The Lack of Privacy is Getting Worse
John Poindexter is spear-heading the federal government's next big step
into our lives. The Total Information Awareness program is being
developed by the Defense Advanced Research Projects Agency (DARPA) --
the people who brought us the Internet.
This Orwellian plan is to develop a broad, interconnected database
covering almost every aspect of the lives of law-abiding Americans.
In addition to financial (banks, credit cards), education, travel,
veterinary, border crossing, place/event entry, transportation
(i.e. airline tickets, rail, rental cars), housing, communications
(cell, land-line, Internet), and other data, the Total Information
Awareness program is targeting our personal medical information. In
fact, medical data is considered key "transactional data". All in the
name of catching terrorists.