[Politech] Robert Gellman on Texas attorney general and privacy [priv]

From: Declan McCullagh (declan@private)
Date: Tue Mar 02 2004 - 05:46:12 PST

  • Next message: Declan McCullagh: "[Politech] An election judge replies to Politech over secure e-voting"

    -------- Original Message --------
    Subject: Re: [Politech] Texas atty general sides with open government over 
    privacy [priv]
    Date: Mon, 01 Mar 2004 15:01:20 -0500
    From: Robert Gellman <rgellman@private>
    To: Declan McCullagh <declan@private>
    References: <4042B4C9.1070008@private>
    
    Declan McCullagh wrote:
    
    > An interesting clash between (1) open-government vs.
    > personal-privacy, and (2) state's rights vs. federal authority.  
    
    I have seen information about the Texas AG's HIPAA opinion discussed
    here and there on the Net, including your list.  This is one of the
    most over-reported and least understood stories about the HIPAA health
    privacy rule that I have seen.
    
    The reports are that the AG said that Texas law requiring disclosure of
    medical information takes precedence over the HIPAA privacy rule.  Guess
    what?  That's exactly what the HIPAA rule says.  Disclosures required
    under state laws are not blocked by HIPAA and never were.  No news here.
    
    The AG said that "Thus, government records are presumed to be open to
    the public unless the governmental body shows that an exception to
    disclosure applies."  Nothing new here either, but remember that the
    state open records law only applies to state agencies.  It doesn't apply
    to private hospitals or other medical practitioners.
    
    So what medical information is left to be disclosed by entities that are
    part of the state of Texas and that are also covered by the HIPAA rule?
      Here's what the AG said:  "We further emphasize that Texas law, like
    HIPAA, protects the privacy interests of individuals in their health
    information. Texas statutory law contains a myriad of protections
    specifically for health information."
    
    Wait, there's more:  "In addition, information that is intimate or
    embarrassing and in which the public has no legitimate interest is
    protected from required public disclosure under Texas commonlaw."
    
    "Under Texas law, individuals have "the right to be free from the
    government disclosing private facts about its citizens and from the
    government inquiring into matters in which it does not have a legitimate
    and proper concern."
    
    "Furthermore, this office will raise these privacy doctrines on behalf
    of a governmental body even if the governmental body fails to raise them
    in seeking an open records ruling and will require the governmental body
    to withhold the information from public disclosure whenever it is
    apparent from the information that the release of the information would
    implicate an individual's privacy interests."
    
    So when we boil down the opinion, there is absolutely nothing new or
    surprising here.  If state law requires a disclosure, it can be done
    without violating HIPAA.  But state law protects most patient
    information.  And the ruling has nothing to do with most hospitals and
    practitioners in Texas.
    
    Bob
    
    -- 
    + + + + + + + + + + + + + + + + + + + + + + +
    + Robert Gellman                            +
    + Privacy and Information Policy Consultant +
    + 419 Fifth Street SE			    +
    + Washington, DC 20003			    +
    + 202-543-7923        <rgellman@private> +
    + + + + + + + + + + + + + + + + + + + + + + +
    
    _______________________________________________
    Politech mailing list
    Archived at http://www.politechbot.com/
    Moderated by Declan McCullagh (http://www.mccullagh.org/)
    



    This archive was generated by hypermail 2b30 : Tue Mar 02 2004 - 06:42:04 PST