Proposed United States medical privacy rules deemed inadequate
In Tennessee, the theft of 57 computer hard drives at a health insurance call center exposed personal information on as many as one million people. In Virginia, the hacking of a government prescription database compromised millions of records. In California and beyond, celebrity peepers have snooped on the medical particulars of stars.
This is already a digitized world, as the health system juggles vast volumes of the most deeply private information. Add to that the acceleration in US doctors’ offices of electronic record-keeping, spurred by hefty aid from a government eager to reap efficiencies in medical care.
Trying to keep all of that information properly corralled is a tall order. And President Barack Obama’s administration has backtracked on a major attempt to sort out the thicket of privacy rules supporting that effort.
The Health and Human Services Department published a set of regulations governing how health care providers must respond when medical privacy is breached. The rules, although not final, had the force of law. But now the department is retracting them. “This is a complex issue,” the department said by way of understatement.
Privacy advocates and members of Congress had sharply criticized the controls as inadequate. After a period of reflection — and reportedly pressure from the White House — the department appeared to agree…
Watchdogs asserted that health professionals should not be the judge of whether a breach is significant enough to a patient’s livelihood or reputation. “That puts the foxes in charge of the hen coops,” says Dr. Deborah C. Peel, founder and chair of the Patient Privacy Rights Foundation, which presses for strict consumer safeguards. “It shows the incredible overbearing influence of industry in the crafting of regulations. The idea that someone else knows when you’re harmed better than you do, doesn’t make sense.”