Slashdot Mirror

← Back to Stories (view on slashdot.org)

US Approves New Guidelines For Medical Privacy

Posted by michael on from the in-the-insurance-industry,-everyone-knows-you're-an-AIDS-patient dept.

iElucidate writes: "Mindwire.org is reporting on the adoption by the US Department of Health and Human Services of guidelines for privacy of personal medical records. In 1996 Congress mandated the creation of medical privacy standards by the end of 1999. Since Congress did not act, responsibility went to the Department of Health, which drafted a standard, gave a year for public comment, and finally approved it for use. The new standard requires that hospitals and HMOs keep information secure, and requires stiff penalties for the release of unauthorized information. Finally, no more employers snooping on employees psych. records. About bloody time!" The Department of Health and Human Services issued a fact sheet summarizing the new regulations.

12 of 36 comments (clear)

  1. I have worked in the health field for many years.. by buckrogers · · Score: 2

    These regulations really do nothing to protect your privacy.

    Most of the time your medical information is sent unencrypted across computer networks using well known protocols such as HL7.

    Nearly anyone with a packet sniffer at a major university with a medical center can watch patient data flow past.

    These regs are just feel good things and do not change anything.

    --
    -- Never make a general statement.
  2. This is a major law, and no one's really ready by mat+catastrophe · · Score: 3
    I work for for a medical-related education center, and I can tell you that hospitals have been *anxious* about this for over a year now. They know that these regs are serious and that any infraction will mean some hefty fines.

    The problem is that very few organizations are really ready. While hospitals are probably the most ready, it's only the ones with a top-notch IT staff that think they'll make it. As for your local general practitioner's office: Forget It. These people have little idea the law was passed, much less that it's going into effect. If I had the background in CS/Security, I would seriously think about starting a company to *specialize* in HIPPA regulations. The public health industry will pay big bucks to make sure they don't run afoul of these laws....

    Examples:

    If a fed walks into a doctor's office, or a hospital and can walk up to a machine that's on a network and/or has access to any health or billing record, that's a fine. A big one. How many nurses/doctors do you think will logout or secure their terminals everytime they have to walk down the hall?

    Fax machines? Ever screwed up and sent your office's lunch order to a vendor? Or, vice-versa? Doing that with a patient's file will get you slapped.

    Telemedicine? Absolutely a biggie. If someone who isn't supposed to be viewing a consultation through a teleconference system, people are in trouble....
    Now, the good news is that these laws won't fully go into effect for a few months, and it's very hard to see right now what priority the incoming Bush Jr. Administration will put on these regulations....
    --
    sig not found
  3. Not ignorance... by www.sorehands.com · · Score: 2
    It was my lack of clarity. I was looking at functional relief, you were looking at the statute and seeing a little token.

    --
    Fight Spammers!
  4. Excellent by Anonymous Coward · · Score: 2
    IMO, insurance companies shouldn't have the right to any personal health information, even things like whether or not you smoke cigarettes. A disturbing trend here in FL is that some alcohol/tobacco stores are starting to require that you not only show your ID, but also have it scanned. (Most notably ABC Liquors.) Now, before you flame me saying that they're only trying to verify your date of birth, consider that a friend of mine wasn't allowed to make a liquor purchase because his driver's license was expired. That, in my eyes, is evidence that they're not only checking the date but also tracking your purchases. Probably by storing your social security number, which as any US resident knows, can uniquely identify any citizen. Of course, what I'm leading to is just what they're planning on doing with that information: selling it to insurance companies and whoever else has the money to buy it.

    Now, the real question is, how in the world did these companies aquire the right to information that is supposed to be between you and the government, and nobody else?

    Also consider the telephone company, which operates by similar policies of "to hell with customer privacy, we're making money". Witness the following scenario: I move to a new apartment. I set up my new phone service. By default, my name, address, and phone number are pimped out to whoever has the money to buy them, aka the phone book. It's the same idea as the ID scanning. What in the world gives these people the right to our personal information? Of course the answer is the US government. They probably encourage this behavior, since it only adds to their ability to "protect us from ourselves".

    Sorry for the rant, but this really makes me want to puke.

  5. High Time, but too late for some. by LauraLolly · · Score: 4
    These regulations are too late for many people, as a news brief on firing by genetype makes clear in this month's Scientific American.

    Although it may be illegal by the ADA, I know of people who were not hired because of health info, and I know another who was denied a mortgage because of a heart ailment.

    May this help others in like case.

  6. Re:Downside by Masem · · Score: 2
    They don't lose access -- they lose *unchecked* access. If your health insurence co. wants your health records, they need you to sign a consent form which they have to keep on record for several years. This allows you to know that you data is being transferred. In the case of health insurence, I would figure they do need this data, so I'd allow it.

    And if you don't already believe that health insurence co's based their rates on your age already, in addition to other medical conditions, then you've been living in the wrong world.

    --
    "Pinky, you've left the lens cap of your mind on again." - P&TB
    "I can see my house from here!" - ST:
  7. Cool, it's about time! by KlomDark · · Score: 2
    At least some laws are now being passed protecting our privacy. I'm glad to see it. Now I only can hope for more privacy laws. Maybe this will start a trend. So much for that guy that said "You don't have any privacy, get over it" (Scott McNealy??)

    Remember, they are not going to just give you privacy - you have to DEMAND your privacy.

  8. Re:It's None of the Gov't's Business by Nicolas+MONNET · · Score: 2

    I'd rather take my business to those companies and doctors that cherish my privacy rather than trust the government to put a gun to the head of those doctors and entities that don't cherish my privacy

    How can you those company who claim to "cherish" actually respect your privacy if there's nothing that prevents them to get that information without telling you?


    --

  9. Not enough! by www.sorehands.com · · Score: 2
    I didn't see anything about civil penalties.

    When there are criminal penalties, it's very difficult to get them enforced. The only time that government will press charges is in an extreme case or when someone has political connections. This does not provide much of a stick.

    By providing a private right of action, along with statutory damages, it makes it easier for an individual to take action. It's very hard, in most cases, to set damages. How can you indicate what damages have occurred when your employer is notified that you took an HIV test and then fired the next day? Prove it was them knowing that you were tested as the reason you lost a job. It's the same as proving it was one item on your credit report that caused you not to get that credit card that includes air-miles.

    For the record, the above incidents did not occur.

    --
    Fight Spammers!
    1. Re:Not enough! by www.sorehands.com · · Score: 2
      No. They may be there, but they don't exist.

      Without awards of attorney fees and costs, it won't work.

      Even if filed in small claims court against a hospital or HMO, they can remove the case to federal court (based on federal question). Then, either you'd have to learn rules of procedure, or get an attorney.

      With most consumer protection acts, it includes attorney fees to encourage people to assert their rights. With anti-discrimination laws, wage payment laws, fee shifting was put into place for that reason.

      --
      Fight Spammers!
  10. The Cost of Privacy by robbway · · Score: 2

    The best part is the restriction of non-medical use of the information, which should always be by permission. The downside are the release and waiver forms you'll have to sign to get your lab results worked on. This will be reflected in higher costs. Time will tell if it's worth it.

    ----------------------

  11. It's a Good Day (TM) by bwt · · Score: 2

    First the NSA releases GPL'd security code and now this. It is officially a Good Day (TM).

    I almost can't believe it. My natural inclination is to look for some cynical motive, but I just can't find one.

    Merry Xmas, Slashdoters...