Ooops! Medical Privacy Rules Aren't Written in Stone After All

  • Share
  • Read Later

Medical records: The battle over privacy goes on

President Clinton thought he had closed a privacy loophole.

He was wrong.

In late December, the Federal Register published the administration's hard-fought and exhaustively researched medical privacy rules, hailed by privacy advocates as the most comprehensive and sweeping protections ever. But thanks to an administrative glitch (chalk it up to end-of-term nerves), the rules were never sent to Congress for a required 60-day review — until February 13.

And that, says new Health and Human Services Secretary Tommy Thompson, means the rules cannot be adopted until at least April 14. And in the meantime, both the health care industry and the public will have a second chance to review the rules before they are implemented.

The new guidelines, drawn up after the Clinton administration received more than 50,000 suggestions and comments from the public, would require health care providers to get patients' written consent before using or disclosing any information in their medical records. In a breakthrough for patients' rights groups, patients would also have a federal right to review and copy their own medical records, and to make corrections. Patients could also demand a complete list of the people who had seen their medical records — lists that would be kept by the health care providers.

While privacy advocates applauded the broad-reaching rules, health care providers balked at the requirements, arguing that following such strict protocol would hurt them financially, and that waiting for written permission could conceivably delay a patient's treatment — even fatally.

But while the debate is likely to be heated on Capitol Hill, don't look for it to take over the town square in Peoria. Despite privacy protection's rising profile as a political issue, Americans aren't exactly up in arms over protecting their medical records from prying eyes, says Robert Belair, a privacy lawyer in Washington, D.C., and cofounder of Privacy and American Business at the nonprofit Center for Social and Legal Research. "That's partly because this issue gets technical in a hurry," Belair says. "But it's also because the public is fairly pessimistic about privacy — a lot of folks may think their privacy is already gone."

For an attorney whose main concern is confidentiality issues, Belair offers a surprisingly cautious take on Clinton's rules for privacy of medical records. "These are the most sweeping health regulations of their kind. And I think the Bush administration did the right thing, opening up the rules to another round of commentary. There are still lingering questions about who's covered and when they're covered."

Measured debate, says Belair, will help to save what privacy advocates and health care providers most want from these regulations. "Health information is very personal, and can be stigmatizing, and patients are right to be cautious about making it available," he says. "On the other hand, the health care sector needs to be able to use this information to deliver care and keep costs down. So there are very compelling arguments on both sides."