NCPA - National Center for Policy Analysis

Federal Patient Privacy Regulations

December 21, 2000

The new rules on patient privacy announced by President Clinton were five years in the making, and won't take effect for another two years, but supporters argue it can't happen too soon. The health industry, they claim, has profited from the sale and use of private patient information, and has blocked reform attempts. Among the incidents they point to:

  • A medical company employee stole patient information to fraudulently obtain phone service in Massachusetts.
  • An online pharmacy accidentally released customers' names and credit card numbers.
  • Kaiser Permanente sent sensitive health information to the wrong people.
  • Health care companies in Washington state dumped medical records, including patient Social Security numbers, in the trash.

Because they don't trust the health industry to protect their privacy, people act on their own. According to a 1999 Princeton Associates survey, more than 15 percent of Americans protect their privacy by simply avoiding health care or lying to their doctors.

As a result of the new federal regulations, insurers will be required to get patients' permission before releasing their records. They must also:

  • Inform consumers how their health information is being used.
  • Give patients access to their own health file and the right to request amendments or corrections.
  • Restrict the amount of information used and disclosed to "the minimum necessary," as opposed to the current practice of making a patient's entire health record available.
  • Require that information is disclosed only for public health priorities and other responsible research.

Violating the new regulations will carry criminal and civil penalties for improper use or disclosure of information.

Source: Editorial, "Progress on Medical Privacy," USA Today, December 21, 2000 and White House Bulletin, "Clinton Issues Medical Privacy Rules," December 20, 2000.


Browse more articles on Health Issues