Past Releases and Reports
About Privacilla
Privacy Fundamentals
Privacy and Government
Privacy and Business
Online Privacy
Financial Privacy
Medical Privacy
Let Privacilla know its inadequacies!
Your Source for Privacy Policy from a Free-market, Pro-technology Perspective

Click to return to the Medical Privacy outline

Home > Privacy and Business > Medical Privacy > Select Laws and Regulations > HIPAA Privacy Regulations > Where the HIPAA Privacy Regulations Came From > HHS' Inadequate Privacy Recommendations

HHS' Inadequate Privacy Recommendations

When Congress in the HIPAA law asked the Department of Health and Human Services to recommend standards with respect to the privacy of health information, it asked three very difficult questions:

  • What rights should the subject of individually identifiable health information have?
  • What procedures should be established for the exercise of such rights? and
  • What uses and disclosures of such information should be authorized or required?

HHS did not answer that first, absolutely critical question.

Instead, HHS put forward a document that cheered for broad legislation, never explaining exactly what privacy was, or what interest or right of consumers the legislation would protect. This defect caused the HHS recommendations to be intellectually rootless.

Had HHS analyzed the concept of privacy deeply, it may have recognized the very personal and individual nature of the interest. Uncommon though it would have been for a federal agency not to recommend command-and-control regulation, HHS may have found that privacy is best protected by bolstering existing contract and tort rights, by reducing government mandated collection of health information, and by educating and empowering consumers to determine and pursue privacy as they see fit.


Confidentiality of Individually-Identifiable Health Information: Recommendations of the Secretary of Health and Human Services, pursuant to section 264 of the Health Insurance Portability and Accountability Act of 1996 (September 11, 1997)

Recommendations with Respect to Privacy of Certain Health Information, Section 264 of the Health Insurance Portability and Accountability Act of 1996 (August 21, 1996)

Comments? (Subject: HIPAARecommendations)

[updated 02/18/01]

©2000-2003 All content subject to the Privacilla Public License.