Medical Privacy

Document Date: February 17, 2009

Medical information is arguably the most personal and private sources of data about us. Yet privacy protections in this area are far from adequate.

The relentless commercialization of information has also led to the breakdown of some longstanding traditions, such as doctor-patient confidentiality. Citizens share some of their most intimate and embarrassing secrets with their doctors on the oldfashioned assumption that their conversations are confidential. Yet those details are routinely shared with insurance companies, researchers, marketers, and employers.

Current Federal Legislation on E-Medical Records
On February 17, 2009, President Obama signed the American Recovery and Reinvestment Act of 2009 (ARRA), which encourages the adoption of electronic medical records by doctors and hospitals. But, in poll after poll Americans, both doctors and patients, worry that their personally identifiable medical data will not be protected.

Old medical records privacy laws (the Health Insurance Portability and Accountability Act, or HIPAA) failed miserably at protecting patient privacy. The new law includes significant new protections that should go a long way toward protecting the privacy of American patients. However, much will depend on the regulations that are enacted to implement the new law.

Here is the ACLU summary of the new medical records privacy provisions law.

> Coalition Letter to Congress Urging Privacy Protections with Health IT (1/14/2009)
> ACLU Press Release: ACLU Applauds Privacy Safeguards In Stimulus Package For Health IT (1/16/2009)
> ACLU Letter to House in Support of the Privacy Protections Included in the Health Information Technology for Economic and Clinical Health Act (1/21/2009)
> ACLU Press Release: Privacy Needed For Health IT Implementation (1/27/2009)

FAQ on Government Access to Personal Medical Information

FAQ on Access to Patient Information by Friends and Family

Q&A on Emergency Health Powers