Commentary : This Prescription Isn’t a Cure-All : Health: Our plan offers some protection of public’s medical records. But it’s up to Congress for the panacea.
Who should have the right to see your personal medical records? You and your physician? Certainly. But what about your boss? Ask almost any American, and he or she will tell you personal health records should be used to heal, but never to reveal. And for good reason: The unwarranted disclosure of medical problems isn’t only embarrassing, it can result in the denial of insurance, jobs and even bank loans.
However, while most of us would agree that private health records should be just that, the law currently takes a different view. In fact, federal law does more today to guarantee the privacy of our choice of video rentals than it does our personal medical histories. That’s why the 1996 Health Insurance Portability and Accountability Act--the Kassebaum-Kennedy law--required Congress to act to protect medical privacy by Aug. 21, 1999.
Although Congress has had plenty of time to act, there is still hope it will pass comprehensive legislation this fall. If it does not, it will be the job of the Department of Health and Human Services to issue a new rule to protect the privacy of Americans’ medical records. And, as the president said in his State of the Union address, we have every intention of doing so.
The Kassebaum-Kennedy law gives the department until Feb. 21, 2000, to issue a final rule, but we’re working to have our proposed plan ready this fall. Our plan, roughly based upon the recommendations I first made to the Congress in September 1997, is a common-sense project built upon five basic principles:
* Boundaries. We believe that, with very few exceptions, a health care consumer’s personal information should only be used for health-related activities. For example, a hospital should be able to use personal health information to provide care, teach, train, conduct research and ensure quality. However, employers should be barred from using such information for non-health purposes like hiring, firing or determining promotions, and insurers shouldn’t be able to use it for underwriting purposes.
* Security. When Americans provide personal health information, they should know they’re leaving it in safe hands. That means requiring those entrusted with health information to protect it from misuse or improper disclosure.
* Consumer control. Just as every American has the right to see his or her credit history, we believe all citizens should have the right to know what’s in their medical records. What’s more, they should also know how this information is being used and how to correct any errors.
* Accountability. Under our recommendations, anyone who misuses personal health information risks being punished. We should, at a minimum, ensure that state enforcement provisions now in place are not preempted by a bill that provides even weaker protections.
* Public responsibility. We understand that, in a democratic society, the right to privacy, like the right to free speech, is never absolute. For example, public health agencies routinely use health records to protect us from outbreaks of infectious diseases. We recognize that the need for privacy must always be measured against this and other national priorities.
Would a privacy rule based on these five principles eliminate the need, for comprehensive legislation? Unfortunately, no. Under current law, the department only has limited authority in this area. That’s why it’s still up to Congress to do its part. Whether it will is an open question. What’s not open to debate 21st century is this: The privacy of our medical records is even more important than the privacy of what we rent at the video store.
