Hot Topics - Health Privacy

by Lina Tilman


Historically, a puzzling dichotomy has been present and visible in the prevailing attitude towards health privacy on behalf of healthcare consumers in the United States. While most agree that medical data inherently merits high expectation of privacy, and hence strong legal protection, consumers have traditionally acknowledged and accepted that they actually possess little or no control over access, distribution and use of their personal medical records. The paradox resulted from the apparent conflict between the consumers' culturally accepted notion of and approach to sensitive personal information and a virtually unregulated freedom on behalf of healthcare providers, health plans, clearinghouses, and law enforcement agencies, to obtain and employ health records.

Rapid proliferation of information and communication technologies have forced healthcare consumers to redefine, reevaluate and readdress their privacy expectations and needs. It has been empirically established that there exists today an inversely proportional relationship between personal control over one's medical data and the patient's privacy protective behavior, which adversely affects the abilities of the patient's healthcare provider to research and treat health conditions. A survey by the California Health Care Foundation found that one out of every six individuals engages in some form of privacy-protective behavior to shield themselves from the misuse of their health information (including lying to their doctors, providing inaccurate information, doctor-hopping to avoid a consolidated medical record, paying out of pocket for care that is covered by insurance, and avoiding care altogether). Individuals who fear that their sensitive medical data will be distributed and/or misused thus withhold participation or actually interfere with the effectiveness of their healthcare.

In 1996, the United States Congress effectively acknowledged the legitimacy of the increasing privacy concerns regarding health records in the integrated digital world when in passed the Health Information Portability and Accountability Act. Last November, the Clinton Administration submitted a proposal to Congress that further dealt with the growing concern regarding the nation's weak or nonexistent federal regulation of access to hardcopy and digitally stored health data. Since its submission, the document has created notable controversy on two accounts: the first was its failure to propose meaningful restriction with regards to law enforcement agencies access to medical data; the second, Congresses' inability to meet its August deadline for passing a comprehensive health privacy legislation.

Two primary barriers to improving medical care exist in the United States: the incomplete, disintegrated nature of medical data collection, management and storage; and the lack of enforceable privacy standards with regards to access, distribution and use of private medical data. While meaningful integration - which presupposes facilitated access and use - would greatly improve the efficiency of both the healthcare and the criminal justice systems, it must be viewed and evaluated in the light of the direct affect on privacy and personal control that such consolidation entails. Healthcare consumers, along with care providers, privacy advocates, and legislators, will continue to conceptually and practically balance the fundamental right of privacy against need for security and efficiency.


"Do not assume that no one knows about your health but you," warned Ari Schwartz, the moderator of the Health Privacy panel and a CDT Policy Analyst. Healthcare consumers' lack of privacy and control over their medical data in the digital world has inspired debate and controversy for decades; today, medical records remain the most widely circulated of all records that are distributed to third parties. While certain privacy restrictions exist and apply to healthcare providers, clearinghouse employees and healthcare plan workers, access, distribution and use of medical data by researchers, public health workers, law enforcement officials and members of the press is virtually unregulated. "Has the battle already been lost?" Mr. Schwartz asked the diverse, albeit all-American panel.

Peter Swire, the Chief Privacy Counselor of the US Office of Management and Budget, expressed optimism regarding the government's and the industry's ability to "build privacy into [information] structures". Mr. Swire outlined the US legislative history of bills, proposals and initiatives that addressed medical privacy, noting that Congress has made substantial progress in the 1999-2000 period. Mr. Swire's data indicated US healthcare consumers' serious engagement and concern with regards to their health privacy: 60,000 comments, dozens of which consisting of a hundred or more pages, were submitted in response to the 1996 HIPAA (Health Insurance Portability Act), which required Congress to address health privacy issues. Arguments in favor of strict regulation of healthcare information include economic, rights-based, and those founded on public concern. "Records save lives", Mr. Swire concluded, "We want [consolidated medical information] but with better privacy".

Angela Choy, a Field Director for the Georgetown Health Privacy Project, rejected the validity of the commonly perceived conflict between consumers' privacy and practitioners' effective access to medical data. Ms. Choy argued that greater privacy leads to improved healthcare research and service; alternatively, lack of privacy causes healthcare consumers to interfere with and impede the quality of their healthcare. Fear of disclosure (hence, fear of stigmatization, loss of employment, loss of insurance, etc.) may ultimately lead to avoidance of medical aid altogether. Protection of privacy thus signifies protection of public health.

Greg Miller, Chief Internet Strategist of, described a theoretical variety of health risks, inefficiencies and instances of malpractice that result from unavailability of consolidated medical data., through integration and centralization of patients' health records and workflow re-engineering, creates digital health portfolios that seek to reduce errors and omissions, thus enhancing healthcare quality while reducing costs. Mr. Miller acknowledged the issues of security, privacy and reliability as the primary concerns of

Rebecca Daugherty, representing Reporters Committee for the Freedom of the Press, argued that health privacy regulations should not cut off access to reporters to truthful, non-stigmatizing information; privacy regulation should not penalize whistleblowers and cripple reporters. Ms. Daugherty claimed the existence of strong public interest with regards to health and healthcare issues; "The public must know", she stated, "if an airplane pilot has had an alcoholism problem". In response to Ms. Daugherty, audience member and Information and Privacy Commissioner of Ontario Ann Cavourkian expressed concern regarding backdoor disclosure of healthcare records and unscrupulous reporting, which serve public curiosity. On the whole, the panel appeared to acknowledge the legitimacy of healthcare consumers' increasing privacy concerns and agree that even those interests of the press that represent legitimate public interest must be balanced against consumers' right to privacy.