BusinessWeek Looks at New Medical Privacy Rules
The current issue of BusinessWeek takes a look at the new federal privacy regulations that will go into effect in April 2003 and reports that while the rules will "make it illegal for health providers and insurers to improperly release patients' medical details without their consent," they also have their limits." The rules contain several provisions designed to protect the privacy of medical information: providers and insurers must have a written privacy policy and give it to patients; consumers can obtain copies of their records and request changes; anyone who "illegally obtain[s] or disclose[s] health information" faces up to a $250,000 fine and 10 years in prison; and self-insured employers must establish a "firewall" to "prevent those processing employee health claims from sharing medical information with others at the company." Still, BusinessWeek reports that the regulations will "lead to less medical privacy in the areas of marketing and law enforcement," as they expressly allow providers and insurers to "use patient information for marketing purposes," and "even to collect money to do so." They also permit providers to submit patient records to police without a court order or subpoena, which was previously not addressed by federal law but assumed by many to be ill-advised, according to Robert Gellman, a privacy consultant in Washington. Moreover, the rules do not bar health insurers from sharing data with life or disability insurers except in some cases where consumers can "opt out of some information sharing." BusinessWeek offers consumers several suggestions on steps they can take to bolster their privacy, such as not filling out health surveys through the mail, and concludes that the new regulations' "biggest benefit may be to raise awareness -- on all sides" (Cropper, BusinessWeek, 11/19).
This is part of the California Healthline Daily Edition, a summary of health policy coverage from major news organizations. Sign up for an email subscription.