Medical information is arguably the most personal and private sources of data about us, yet privacy protections in this area are inadequate. The relentless commercialization of information has led to the breakdown of doctor-patient confidentiality. Citizens share some of their most intimate and embarrassing secrets with their doctors on the old-fashioned assumption that their conversations are confidential. Yet those details are routinely shared with insurance companies, researchers, marketers, and employers. More
On February 17, 2009, President Obama signed the American Recovery and Reinvestment Act of 2009 (ARRA), which encourages the adoption of electronic medical records by doctors and hospitals. But, in poll after poll Americans, both doctors and patients, worry that their personally identifiable medical data will not be protected.
Make a Difference
Your support helps the ACLU defend privacy rights and a broad range of civil liberties.
Old medical records privacy laws (the Health Insurance Portability and Accountability Act, or HIPAA) failed miserably at protecting patient privacy. The new law includes significant new protections that should go a long way toward protecting the privacy of American patients. However, much will depend on the regulations that are enacted to implement the new law.
We need real patient control of data and damages for misuse or theft. Patients must be able to review files, correct bad data, and block access without consent to personal information. The current law calls for the segmentation of sensitive information and use of the minimum about of information but it doesn’t explicit require informed patient consent for many uses of medical information.
While having a nationally connected electronic network for storing and sharing Americans’ medical information promises to reduce medical error and improve patient care both in emergencies and chronic situations, medical privacy should not become a casualty of the race to set up databases of electronic health records.
If the Obama Administration fails to require strong privacy and security standards now, during the early stages of ARRA implementation, Americans’ will lose this once in a generation chance to shape a system that puts the patient at the center of decisions about how their medical information is accessed, stored and used.
Protecting Minor's Health Information Under the Federal Medical Privacy Regulations (2003 PDF): This guide is intended to help health care providers, plans, and others to understand their obligations under the regulations in dealing with health information about minors.
FAQ On Access to Patient Information by Friends and Family (2003 resource): Answers to Frequently Asked Questions about Access to Patient Information by Family, Friends, and Others
FAQ on Government Access to Medical Records (2003 resource): Answers to Frequently Asked Questions about Government Access to Personal Medical Information
Medical Privacy (2009 resource): Medical information is arguably the most personal and private sources of data about us. Yet privacy protections in this area are far from adequate.
For Sale: Your Medical Records? (2009 blog)