How did this happen?
A federal agency, not Congress, took away your right to control your health information. Your right to control the use and disclosure of your personal health information was eliminated in 2003 by regulatory changes made to HIPAA, the Health Insurance Portability and Accountability Act. HIPAA is a complex 1,500 page set of rules covering things such as the transfer of health insurance when you change jobs.
The changes mean that millions of strangers, as well as employers, can use your health records for reasons that have nothing to do with your treatment or improving your health care. In an era of Electronic Health Records (EHRs) and Personal Health Records (PHRs), the problem could get worse as your personal health information is more easily accessible. Though the promise of electronic records is great, privacy is the key to realizing the potential benefits of these new and innovative systems.
The Elimination of Consent
| 1996 | Congress passed HIPAA, but did not pass a federal medical privacy statute, so the Dept. of Health and Human Services (HHS) was required to develop regulations that specified patients’ rights to health privacy.
PL 104-191, Sec 264 |
|
|
| 2001 | President Bush implemented the HHS HIPAA “Privacy Rule” which recognized the “right of consent”.
65 Fed. Reg. 82,462 |
|
|
| 2002 | HHS amended the HIPAA “Privacy Rule”, eliminating the “right of consent”.
67 Fed. Reg. at 53,211 |
|