Privacy advocates criticize GAO testimony, HHS

Author’s note: On Tuesday, in testimony before a congressional oversight committee hearing, the Government Accountability Office criticized the lack of progress by HHS and its Office of the National Coordinator for Health Information Technology in developing a federal privacy policy. In this second section of a two-part series, some privacy advocates add their criticism, but direct it at HHS and the GAO, while other healthcare commentators testified both in favor of the privacy rules written by HHS under the Health Insurance Portability and Accountability Act of 1996, and against their application by HHS and the Justice Department.

In late 2000, HHS issued an initial HIPAA privacy rule that required covered organizations to obtain consent “prior to using or disclosing protected health information to carry out treatment, payment or healthcare operations.” In 2002, HHS amended that rule, replacing the consent requirement with a new provision “that provides regulatory permission for covered entities to use and disclose protected health information for treatment, payment and healthcare operations.” Covered organizations could obtain patient consent, the HIPAA rule said, but only if they wanted to do so.

James Pyles, a lawyer with the Washington firm Powers Pyles Sutter & Verville, sued HHS on behalf of a coalition of providers and privacy advocates that included the American Association of Practicing Psychiatrists, American Mental Health Alliance, American Psychoanalytic Association and National Coalition of Mental Health Professionals and Consumers. The lawsuit was filed in April 2003 just before the revised HIPAA privacy rule went into effect. It alleged the HHS revisions would violate patients’ constitutional rights to privacy. The lawsuit failed at the trial and appellate court levels and was denied a hearing by the U.S. Supreme Court on appeal.

{The GAO gave testimony before the American Health Information Community (AHIC) on June 22 about how HHS is still not addressing the need for privacy in health IT systems. But neither the GAO nor HHS can face the obvious fact that since HHS gutted the HIPAA privacy rule, relying on it as the federal standard for privacy cannot possibly ensure privacy. This really is an emperor-has-no-clothes situation—the GAO and HHS expect Congress and the nation to go along with the pretense that HHS and HIPAA are protecting our privacy when our records are naked for covered entities to see, use and disclose for virtually any reason. ~ Dr. Deborah Peel, Patient Privacy Rights}

Download Full GAO Report and the GAO Highlights

Leave a Reply

Your email address will not be published. Required fields are marked *