The "preamble" to the Health Insurance Portability and Accountability Act privacy
regulations — the section that describes their basis and purpose — calls privacy
a "fundamental right" and discusses how the Fourth Amendment allows people to be "secure
in their persons, houses, papers and effects . . . ."
While there is no question that privacy is very important, it is not
clear that privacy is a constitutional or fundamental "right".
The Fourth Amendment is
also a poor example to illustrate the importance of privacy
in a regulation of the private sector. The Fourth Amendment,
after all, was designed by the Founders to protect citizens
from governments, which they recognized to have powers that
are rightly to be feared and distrusted. The Fourth Amendment
does not apply to the private sector.
There are fundamental
differences between government and the private sector,
differences which make the government a much clearer threat
to Americans' privacy. Reciting the Fourth Amendment as if
it applies to the private sector can only confuse the public,
and distort future enforcement of HIPAA privacy regulations.
Further evidence that the HIPAA regulations will be enforced without a clear founding
in basic principles is the fact that the Secretary of Health and Human Service delegated
responsibility for enforcement to HHS' Office for Civil Rights. As important as
privacy protection is, it is not a traditional civil right. Better that HHS' Office for
Civil Rights should be working to protect freedom of speech and worship, and ensuring
an end to government-sponsored racial discrimination.
Civil Rights; Statement of Delegation of Authority, Office of the Secretary,
Department of Health and Human Services (December 28, 2000)