Home > Privacy and Business > Medical Privacy > How Medical Privacy Regulations Can Backfire
How Medical Privacy Regulations Can Backfire
Though privacy of medical information is an area of utmost importance, it is
not easy to write laws or regulations that protect privacy without hindering
needed and important uses of medical information. The experience of Maine
provides a case study in how medical privacy regulations can backfire.
In January 1997, Maine legislators began writing a medical privacy law for
their state. They worked diligently for two years and ultimately passed a
law in the final hours of the 1998 session that took effect January 1, 1999.
Despite all the work of the legislature, serious unintended consequences became
apparent quickly. The statute defined "health care information" very broadly, for
example, to include any information that directly identifies the patient and relates
to his or her physical, mental, or behavioral condition, or personal or family medical
history or medical treatment. The law generally prohibited disclosure of health care
information, as defined, without written authorization from the individual
or a legally appointed representative.
As described in testimony to the the U.S. House of Representatives Government
Reform Committee's Subcommittee on Government Management, Information, and
Technology, these provisions had the following consequences:
Needless to say, the Maine legislature acted quickly to undo the trauma it caused
patients and their families by attempting to protect their medical privacy. This
case study provides a good example of how diligent, hard-working legislators and
their staffs can utterly and completely fail to predict and forsee all the uses that
are made of information in our society and in the health care system.
- A hospital could not release "directory" information about an in-patient,
so if a patient could not fill out appropriate paperwork, visitors
and clergy could not visit, phone calls could not be connected, and even flower
deliveries could not be accepted.
- Without specific written authorization from parents, health care providers
could not tell school nurses, day care providers, and camp counselors about
childhood allergies or immunization histories.
- Without specific written authorization, military officers and relief
organizations could not learn about the medical condition of their enlistees
or get information about the condition of a loved one hospitalized in this
country to share with an enlistee overseas.
- Without specific written authorization, jails could not learn the
condition of inmates or learn information about inmates' loved ones to share
- Without specific written authorization, routine medical appointments
could not be confirmed by telephone, nor could test results be released by phone.
- Without specific written authorization, the media could not learn summaries
about the conditions of accident and disaster victims.
- Without specific written authorization, friends and family members could
not purchase or refill prescriptions for their loved ones.
- Maine residents traveling out of state could not call for their medical
records. Instead, they had to complete, sign, and submit a specific written
authorization that complied with Maine law before their records could be
sent as they wished.
Heartache Over HIPAA, Center for Individual Freedom (May 15, 2003).
of Maine Hospital Association to the Committee on Government Reformís Subcommittee on
Government Management, Information and Technology by Sandra Parker, Director
of Government Affairs and Health Policy, Maine Hospital Association (April 12, 2000)
(Subject: Medical Backfire)
All content subject to the Privacilla