FC: Privacy villain of week: HIPAA & Dept of Health and Human Services

From: Declan McCullagh (declanat_private)
Date: Thu Apr 18 2002 - 20:50:27 PDT

  • Next message: Declan McCullagh: "FC: Bill Gates is scheduled to testify in antitrust case in DC"

    ---
    
    Date: Thu, 18 Apr 2002 23:32:07 -0400
    From: J Plummer <jplummerat_private>
    Subject: NCP: Privacy Villain of the Week: HHS and its HIPAA rule
    
    Privacy Villain of the Week:
    HHS and its HIPAA rule
    
    The Department of Health and Human Services announced last month that it 
    will be accepting comments until next friday -April 26 - for the final 
    revision <http://www.access.gpo.gov/su_docs/fedreg/a020327c.html> of 
    "medical privacy" rules. The "revised final" rule represents a slight 
    change to the already-horrible "final" 
    <http://www.access.gpo.gov/su_docs/fedreg/a001228c.html> regulations issued 
    by the Clinton Administration. Under the new rule, doctors and hospitals 
    will be required to open up their records to HHS and other government 
    agents without so much as a court order. The rules also override private 
    contractual arrangements between patient and doctor with a bureaucratic 
    mandate.
    
    The whole mess got started in 1996, when the Congress passed the Health 
    Information and Portability Accountability Act (HIPAA) containing a key 
    provision <http://www.privacilla.org/business/medical/hipaaabout.html> 
    abandoning its Constitutional law-making responsibility. HIPAA directed HHS 
    bureaucrats to write the rules regarding medical privacy if our elected 
    representatives didn't get around to it themselves within 42 months. And 
    they didn't.
    
    So, the HHS, given the power to write the law, naturally decided that the 
    most important thing in medical privacy law is a provision opening 
    individual medical records to the HHS any time it asks. To be fair, HHS 
    also gave this power to the FDA, foreign governments "acting in 
    collaboration with a public health authority," and various and sundry other 
    government agents tasked to "public health."
    
    And no federal privacy regulation would be complete if it did not try to 
    override private contracts on information gathering and dissemination. 
    Besides making it illegal to enter into a contract with your doctor to 
    protect your health information from the feds, the rule turns the long-held 
    assumption of patient-doctor confidentiality on its head, essentially 
    mandating an "opt-out" situation when it comes to sharing or selling your 
    inforamtion to non-government entities. The presumption of confidentiality 
    which dates back hundreds or thousands of years was, of course, "opt-in" 
    when it comes to such sharing. Many people who don't follow the day-to-day 
    power plays inside the Beltway will incorrectly assume that to still be the 
    case for years to come.
    
    Of course, many health consumers understand the benefits that can arise 
    from sharing their helth information - they may get a heads-up or discount 
    on new prescription or over-the-counter drugs they find useful, for 
    instance. But another portion of the bill mitigates even this benefit. It's 
    useful to get a coupon in the mail for a new allergy drug when you know the 
    details of your condition are still relatively safe in a folder in the back 
    of your doctor's office. But the regulations also mandate a specific coding 
    and database for virtually every possible ailment or condition, coded down 
    to your individual visits. This mandated categorization will not only make 
    it easier for the government to get your profile, but by making your data 
    more easily dissected leaves doubt as to the continued benficence of many 
    data-sharing arrangements which before had definite benefit.
    
    And all of this mandated coding and other requirements of HIPAA will raise 
    health costs to consumers -- which are already spiraling due to laws 
    favoring third-party payment plans (which encourage more health care 
    spending on someone else's dime, raising costs for everyone) over 
    fee-for-service.
    
    For gutting consumer health privacy, raising costs, and obscuring what has 
    been done with a patina of reasssuring doublespeak, Health and Human 
    Services is Privacy Villain of the Week.
    
    The Privacy Villain of the Week and Privacy Hero of the Month are projects 
    of the National Consumer Coalition's Privacy Group. For more information on 
    the NCC Privacy Group, see www.nccprivacy.org or contact James Plummer at 
    202-467-5809 or jplummerat_private . To access this release 
    directly, go to http://nccprivacy.org/handv/020418villain.htm 
    
    
    
    
    -------------------------------------------------------------------------
    POLITECH -- Declan McCullagh's politics and technology mailing list
    You may redistribute this message freely if you include this notice.
    To subscribe to Politech: http://www.politechbot.com/info/subscribe.html
    This message is archived at http://www.politechbot.com/
    Declan McCullagh's photographs are at http://www.mccullagh.org/
    -------------------------------------------------------------------------
    Sign this pro-therapeutic cloning petition: http://www.franklinsociety.org
    -------------------------------------------------------------------------
    



    This archive was generated by hypermail 2b30 : Thu Apr 18 2002 - 21:03:37 PDT