Computer World –
WASHINGTON -- President Clinton will unveil a set of federal privacy rules for several types of patient medical records at a ceremony at the Department of Health and Human Services (HHS) at noon today.
In one of the last official acts of his administration, Clinton will announce regulations for the sharing of patient data by health providers, health payers and clearinghouses, as called for in the Health Insurance Portability and Accountability Act of 1996. That law requires the administration to promulgate new regulations when Congress fails to act. The deadline for compliance with the new rules, which will be enforced by HHS, isn't until early 2003. The rules are expected to be posted on the HSS Web site at 1 p.m. ET.
The rules are designed to give patients greater control over how their medical information is used by health care providers and health plans. Proposed rules issued in October 1999 covered only electronic records, but the final rules will also cover paper records and oral communications.
Patients are granted the right to see a copy of their records, request corrections in some cases and be notified about information-handling practices. Health care providers, meanwhile, are restricted from using such data for any reason -- even for treatment and payment purposes or health care oversight -- without patient consent. Providers, however, are permitted to refuse treatment to patients who don't consent to the sharing of their information for those purposes, according to people familiar with the rules. Employers, meanwhile, are permitted to use their employees' medical data to administer only employer health-benefit programs.
The final rules establish stiff civil and criminal penalties for violations, and set minimum requirements for state medical privacy laws. Patients won't have the right to file federal lawsuits charging misuse of personal medical data under the rules. But any state law stricter than the federal rules would take precedence.
The rules don't cover some major users of health records such as public health authorities, researchers and law enforcement officers. Clinton will issue an executive order setting a higher standard for use of patient data acquired for health oversight purposes by federal law enforcement, according to people familiar with the rules.
The long overdue final rules are being released even as Congress begins mulling whether and how to pass a broad Internet privacy law next year. Congress has been widely expected to pass such a law, but the shift to a Republican administrations could change that. Even opponents of a broad new law agree that the triumvirate of medical, financial and children's data needs to be safeguarded. Two laws passed since 1998 already protect financial and children's data.
The administration has received tens of thousands of public comments since releasing the proposed medical privacy rules last year.