Balancing Communal Goods and Personal Privacy Under a National Health Informational Privacy Rule

Posted: 8 Apr 2002

See all articles by Lawrence O. Gostin

Lawrence O. Gostin

Georgetown University - Law Center - O'Neill Institute for National and Global Health Law

James G. Hodge

Arizona State University (ASU) - Sandra Day O'Connor College of Law

Mira S. Burghardt

Georgetown University Law Center

Abstract

The newly-introduced Standards for Privacy of Individually Identifiable Health Information represent the first systematic national privacy protections of health information. Flowing from a Congressional mandate in the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the regulations protect the privacy of individually-identifiable health records in any form (including electronic, paper and oral) through disclosure and use limitations, fair information practices, and privacy and security policies that apply to covered entities (meaning health providers, health insurance plans and health care clearinghouses) and their business associates.

Privacy safeguards are needed because of the personal nature of health data, the rapid shift from paper to electronic records, and actual and perceived risks of unwarranted disclosures. Existing health information privacy legal protections at the federal and state levels are fragmented, inconsistent, and variable. The new standards endeavor to protect patient privacy by limiting disclosures of individually-identifiable medical information (or protected health information (PHI)). Disclosure and use of PHI can only occur upon patient consent, subject to several exceptions outside the health care transaction setting. The regulations also implement fair information practices, which have long been a feature of existing federal laws. Fair information practices allow patients to (1) inspect and amend their records, (2) receive notice of covered entities privacy practices and potential uses and disclosures of health information, and (3) request confidential communications and an accounting of actual disclosures.

Through the regulations, HHS attempts to protect individual privacy while recognizing legitimate needs for such data to process health claims and deliver medical care as well as provide for communal goods (including public health and health research).

Many of these provisions leave significant gaps in privacy protection. At times the regulations promote inappropriate trade-offs between the public welfare and individual privacy. The regulations inadequately protect privacy in certain contexts, including consent requirements for use and disclosure of PHI for health care purposes and some fair information practices provisions. In contrast, the regulations sometimes fail to assure that information can be used when necessary for significant communal benefits or require substantial burdens on the health care industry without providing meaningful protection for patients.

Suggested Citation

Gostin, Lawrence O. and Hodge, James G. and Burghardt, Mira S., Balancing Communal Goods and Personal Privacy Under a National Health Informational Privacy Rule. Available at SSRN: https://ssrn.com/abstract=306532

Lawrence O. Gostin

Georgetown University - Law Center - O'Neill Institute for National and Global Health Law ( email )

600 New Jersey Avenue, NW
Washington, DC 20001
United States
202-662-9038 (Phone)
202-662-9055 (Fax)

James G. Hodge (Contact Author)

Arizona State University (ASU) - Sandra Day O'Connor College of Law ( email )

Sandra Day O'Connor College of Law
111 E. Taylor Street, MC 9520
Phoenix, AZ 85004-4467
United States
480-727-8576 (Phone)

HOME PAGE: http://https://law.asu.edu/degree-programs/public-health-law-policy

Mira S. Burghardt

Georgetown University Law Center ( email )

600 New Jersey Avenue, NW
Washington, DC 20001
United States

Do you have negative results from your research you’d like to share?

Paper statistics

Abstract Views
2,981
PlumX Metrics