Federal HIPAA Medical Privacy Rule
The federal government and many industry groups have led Americans to believe that the HIPAA privacy rule gives patients the final say over the flow of their personal health information. However, under the HIPAA rule individuals do not have the final say in whether their personally identifiable health information—including genetic information—is shared with more than 600,000 organizations. Their personal information can be shared for purposes related to treatment, payment, and health-care operations without individuals’ consent. (See 45 CFR Subtitle A, Subpart E—Privacy of Individually Identifiable Health Information; section 164.502(a)(1)(ii) “Permitted uses and disclosures.”)
In fact, Richard Sobel (former Senior Research Associate at Harvard Medical School’s Program in Psychiatry and the Law) closely examined the HIPAA privacy rule in a 2007 Hastings Center Report article “The HIPAA Paradox: The Privacy Rule That’s Not.” Sobel noted that “HIPAA is often described as a privacy rule. It is not. In fact, HIPAA is a disclosure regulation, and it has effectively dismantled the longstanding moral and legal tradition of patient confidentiality.” [Emphasis added.]
Become informed about the HIPAA privacy rule by reading "What Every American Needs to Know about the HIPAA Medical Privacy Rule."
[Back to related articles]
(Summary updated March 2010)