Sure, the Health Insurance Portability and Accountability Act of 1996 has scared your employer from telling your coworkers...

Share story

Sure, the Health Insurance Portability and Accountability Act of 1996 has scared your employer from telling your coworkers you are home sick with strep throat. But recent administrative rule changes protect patient privacy as much as a too-small hospital gown.

Initially, the HIPAA law required an individual’s consent before information could be disclosed, specifically only to carry out treatment, payment or health-care operations. But in 2003, the Department of Health and Human Services (HHS) changed the privacy rules to allow disclosure of private information to “covered entities.” In congressional testimony, one patient-rights advocate showed that her doctor’s notification form suggested the covered entities might include legal services, accountants and auditors, insurance agents and brokers, other insurers, consumer reporting agencies, health-care clearinghouses, data processing firms.

Deborah C. Peel, M.D., founded Patient Privacy Rights out of concern that sensitive information about patients was becoming ripe for the picking as more information was stored and shared electronically. A psychiatrist of 30 years, her concern was that people struggling with mental illness might not want to risk seeking treatment for fear of being found out.

Her organization found that 35 percent of Fortune 500 companies admit to seeking and using private medical records to make hiring and promotion decisions. Other companies, including insurance and drug companies, data-mine such information for marketing purposes.

This week, save 90% on digital access.

The Bush administration has pushed for a national health database where all citizens would have all of their medical histories stored. Sen. Sam Brownback, R-Kans., is considering reintroducing a bill that would permit individuals to establish an electronic medical file that they retain control over. An individual must give consent if their data is to be released for anything from medical research to marketing.

We are in an electronic age when sensitive information is vulnerable to abuse from well-monied industries with resources to influence legislation and federal policy. Put patients themselves, not for-profit companies, in the disclosure seat.

Custom-curated news highlights, delivered weekday mornings.