March 22, 2001, 11:36 AM — House Majority Leader Dick Armey (R-Texas) recently sent Health and Human Services Secretary Tommy G. Thompson the following letter outlining his concerns on the privacy aspects of the HIPAA:
I am pleased to have this opportunity to comment on the proposed regulation regarding medical privacy issued under the Health Insurance Portability and Accountability Act (HIPAA). Considering the unseemly rush to get the rule finalized before the end of the previous administration, I think it is indeed prudent to look before we leap.
As you may know, I have taken a considerable interest in privacy issues. I was among the first to question the legitimacy of the Carnivore program at the Department of Justice, which is designed to track the Internet activity of suspected criminals without detection but threatens the privacy of every e-mail you or I send. I have also worked with Rep. Billy Tauzin (R-La.) to determine how well federal government Web sites protect online privacy, as defined by the Federal Trade Commission. I take the privacy of personal information very seriously.
The HIPAA regulations were drafted to address a concern that many Americans have that their personal medical records aren't kept private.
The lengthy document outlines complicated new requirements for patients to sign authorizations for the release of personal information under specific circumstances. It isn't entirely clear to me how the new rules will actually address real medical privacy harms currently suffered by patients not already covered by tort law or other remedies. Nonetheless, the stated purpose of the rules was to improve the privacy of medical records.
The proposed HIPAA regulations, however, may actually have the opposite effect, putting private personally identifiable information at greater risk than exists today. What hasn't been widely reported are the rule's new mandates requiring doctors, hospitals and other health care providers to share patients' personal medical records with the federal government, sometimes without notice or advance warning. (See, for example, Federal Register, Vol. 65, No. 250, December 28, 2000, p. 82802, Sec. 160.310.)
The federal government is probably the single largest collector and compiler of personally identifiable medical information in America. Federal computer data banks are filled with intimate details of the medical histories of millions of Americans -- and often the poor, who are least able to monitor and safeguard their own rights. The Medicare and Medicaid systems, the Veterans Health Administration and other government-run health care programs all collect the kinds of medical information the proposed privacy regulation is supposed to protect. Far from protecting privacy, the proposed regulation actually provides the federal government with more access to people's personal medical records.
A "Trust me, I'm from the government" approach just won't wash.