President Bush issued this past week an executive order mandating that the health care industry keep all its records in electronic format. With the HIPAA 'privacy' rules now in effect, and Rep. Ron Paul's annual crusade to render inoperative the national health identification number facing an unsure fate, the move holds the potential to seriously negatively impact the de facto state of patient privacy.

Executive Order 13335, signed on April 27 by Bush, directs the Department of Health and Human Services to establish the "nationwide implementation of an interoperable health information technology infrastructure." The order lays out sweet-sounding justifications for the mandate, which indeed are not entirely without merit. Computerized health records can be more convenient for patients who often find themselves being shuffled between several doctors and are disinclined to keep a copy of their records themselves.

But ultimately, this "collaboration among public and private interests . . . consistent with . . . health information technology standards for use by the Federal Government," represents a usurpation of consumer choice among available tradeoffs between privacy, risk, security and convenience. Computerized records can be more easily passed not only from one relevant physician to another, but from database to database, accessible by not only doctors, but HMOs, insurance companies, marketers, and governments.

Consider that the HIPAA (Health Insurance Portability and Accountability Act of 1996) privacy rules require doctors and hospitals to open up their records to HHS and other government agents without so much as a court order. Besides HHS, the Food and Drug Administration, foreign governments "acting in collaboration with a public health authority," and various and sundry other government agents tasked to "public health," can all access private patient records. Such accesses can easily be done without notification of the patient, or for that matter anyone else under a national system of interoperable health databases.

Elsewhere in "HIPAA", language mandates a "unique health identifier" be assigned to every individual, employer, health-care provider, and health insurer. Rep. Ron Paul has been successful in having the Congress withhold funding for this provision each year since HIPAA was passed. The Institute for Health Freedom reports that Paul this year has requested that the House Appropriations Committee repeal the provision altogether.

If Rep. Paul's effort is unsuccessful, a national "unique health identifier," combined with the grand scheme interoperable computerized health databases and rather open access to files mandated by HIPAA, could conceivably spell a privacy doomsday for health records.

Consumers should be free to choose whether they want their sensitive health records so easily accessible in these interconnected databases, and take this into account when deciding how to obtain health care. Policymakers in the Beltway who aggregate unto themselves these important consumer decisions are the Privacy Villains this week.

By James Plummer

government surveillance

medical privacy

financial privacy

online privacy

News | Press Releases | Online Privacy Tools | Privacy Principles | Experts | Links
About NCC | About Consumer Alert | Contact Us | NCC Privacy Home