Your Medical Privacy

Nurses Activism


Your Medical Privacy

By Jennifer Van Bergen

t r u t h o u t | Report

Monday 19 May 2003

All across America, medical providers and pharmacists are requesting clients sign a form that acknowledges the client has read the provider's privacy policies. Most providers claim they continue to protect your privacy. Do they?

There are two answers to that question and they are both "Not really." The first "not really" answer comes under the law that requires medical providers to give you their privacy policy to acknowledge. The second "not really" involves the PATRIOT Act.

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) establishes a set of national standards for the protection of certain health information. According to the United States Department of Health and Human Services (HHS), the "Privacy Rule" promulgated as part of HIPAA, provides patients "with access to their medical records and more control over how their personal health information is used and disclosed." HHS states that the new standards "represent a uniform, federal floor of privacy protections for consumers across the country." The Privacy Rule does not preempt any state law that requires more privacy. It merely provides a bottom-line standard.

This is a good idea. However, unfortunately, the HIPAA Privacy Rule does not really protect your privacy very much at all. While doctors, medical facilities, and pharmacies might really intend to protect your records from unwanted intrusions, there are numerous exemptions which allow disclosure without your authorization. For example, "covered entities may use and disclose protected health information without individual authorization as required by law (including statute, regulation, or court orders)." More specifically, "covered entities may disclose protected health information to law enforcement officials for law enforcement purposes" related to certain kinds of criminal investigations. This makes some sense. Furthermore, criminal investigations must adhere to strict constitutional standards, such as probable cause to obtain a warrant, and so on.

Yet, there are other exemptions that show the lie behind the notion of privacy protection in the HIPAA Privacy Rule. For example, your supposedly protected health information is subject to disclosure without your authorization for research or for "essential government functions." Research may include "any systematic investigation designed to develop or contribute to generalizable knowledge." Essential government functions may include "assuring proper execution of a military missions [and] conducting intelligence and national security activities." Even "determining eligibility for or conducting enrollment in certain government benefit programs" creates an exemption.

Thus, within the HIPAA Privacy Rule, the exemptions are numerous and broad enough to create concern. Of at least equal concern is the fact that under HIPAA, medical providers are incorrectly informing their patients (and having them put their signatures to it) that the privacy of their health records is protected. When someone comes along who challenges that assertion, the Good Samaritan is viewed with suspicion. In the current climate and under current laws which already threaten many civil liberties, this creates even greater cause for concern.

Finally, it is not commonly known that your medical records are subject to the same provision of the USA PATRIOT Act that requires libraries to give federal law enforcement your computer usage and book borrowing information upon request without telling you. Section 215 of the PATRIOT Act does not just apply to libraries. It applies to any records kept by a third party, including medical records. Thus, if federal law enforcement requested your medical records, your doctor would have to provide them and would not be able to tell you. HIPAA protection is utterly without teeth in this circumstance.

The problem with the PATRIOT Act's intrusion into your medical records is that those records can be obtained by any FBI agent without probable cause that you are involved in any criminal activity at all. The agent need only certify that he seeks the records for a foreign intelligence investigation and the judge must rubber stamp the request.

What all this comes down to is that your medical privacy is not protected, despite HIPAA's good intentions. The ACLU is considering how best to inform medical providers about the PATRIOT Act's effect on medical privacy. At the very least, every medical office and pharmacy should post a notice like those posted in libraries that inform clients that under the PATRIOT Act, the medical provider would have to divulge your private medical records if federal law enforcement asked.

What can you do? Tell your doctors about Section 215 of the PATRIOT Act. Ask them to post a notice to their patients.

Home Health Columnist / Guide


11 Articles; 18,064 Posts

Specializes in Vents, Telemetry, Home Care, Home infusion.

Every HIPPA privacy notice I've read has included the statement that health info can be disclosed to law enforcment if related to a crime along with state health department if requested.

We require a judge to make request for release of records to law emforcement.

P.S.: I have a keener understanding since assigned to perform the HIPAA assessment for my agency and helped draft our Privacy notice.

(Saved the agency $30,000 to boot.)


4,491 Posts

Originally posted by NRSKarenRN

Every HIPPA privacy notice I've read has included the statement that helath info can be disclosed to law enforcment if related to a crime along with state health department if requested.

We require a judge to make request for release of records to law emforcement.

I am glad. Unfortunately too many people sign HIPPA papers, surgical consents and so on without reading them.

Articles such as this do no harm. How much good? Who knows?

This topic is now closed to further replies.

By using the site, you agree with our Policies. X