This website provides readers an historical perspective on the evolution of various healthcare laws and regulations affecting healthcare freedom and privacy.
For updated information about healthcare freedom and privacy issues, visit Citizens' Council for Health Freedom's website
Browse by Topic

Five-Page "Notice of Privacy Practices" Reveals Important Information

By Dr. Paul Hein
August 14, 2003

The Washington gang must have passed some sort of privacy law recently, judging by the number of "privacy notices" I've received from my health insurer, broker, and banker.

I haven't paid much attention to them, for a couple of reasons: I don't need these people to tell me what my rights are, and my broker and banker are among the principal violators of my privacy. It's ludicrous to think they would protect it.

However, [on May 16, 2003] I got a "Notice of Privacy Practices" from my drug store! I found this so remarkable that I actually took time to read the almost five-page document.

True "Protection"?

The pharmacy, it appears, keeps information about me, referred to as PHI (protected health information). The Notice describes how "we may use and disclose PHI about you to carry out treatment, payment or health care operations and for other specified purposes." The Notice also states that the pharmacy will not "use or disclose PHI about you without your written authorization, except as described in this Notice. We reserve the right to change-the Notice" [emphasis added]. Gee, my privacy is secured by rivets made of Jell-O! The use of the word "protected" in Protected Health Information evidently means protected from me.

Requested Restrictions Not Guaranteed

The Notice then proceeds to list my rights: "You have the right to request additional restrictions on our use or disclosure of PHI about you by sending a written request to [us]." Aha! My privacy assured! Oops—here's the next sentence: "We are not required to agree to those restrictions." Oh, well.

Request to Inspect and Copy Records May Be Denied

I also have the right to "access and copy PHI about you contained in a designated record set for as long as the Pharmacy maintains the PHI.—We may deny your request to inspect and copy in certain limited circumstances." Ah, but if my request is denied, I can request a review!!! I suspect THAT request could be denied, also.

Request for Amendment May Be Denied

But if the information in my PHI is incorrect, I "may request an amendment. To request an amendment, you must send a written request to [us]. In addition, you must include a reason that supports your request. In certain cases, we may deny your request for amendment." But I have the "right" to file a statement of disagreement if my request is denied. I'm breathing easier!

Full Accounting of Disclosures Not Guaranteed

The pharmacy may make disclosures of my PHI to "friends or family members involved in your care." I have the "right to receive an accounting of the disclosures we have made of PHI about you for most purposes other than treatment, payment, or health care operations" [emphasis added]. This right to an accounting is "subject to certain other exceptions, restrictions, and limitations." Why am I not surprised?

Of course, I can get tired of this whole runaround, and simply insist that the pharmacy stop disclosing information about me. I have that right: it says so right in the Notice: "You may revoke a consent in writing at any time. Upon receipt of the written revocation, we will stop using or disclosing PHI about you, except to the extent that we have already taken action in reliance on the consent. We may refuse to continue to treat a customer that revokes his or her consent" [emphasis added]. That means finding another drug store, and guess what?— another Notice! And I cringe at that word "treat." I don't want to be "treated" by the drug store!

Pharmacy "Likely" to Disclose Personal Health Information (PHI)

Well, what, exactly, is the pharmacy going to do with this PHI of mine? According to the Notice, it is "likely" that it will be provided to:

  • insurance companies,
  • business associates (of the pharmacy, such as billing agencies, but they will be "required" to safeguard the PHI!!),
  • family members, other relatives, close friends, or any person I identify,
  • FDA, regarding adverse effects,
  • worker's compensation,
  • public health or legal authorities concerned with preventing disease,
  • law enforcement. . . ,
  • health oversight activity agencies,
  • courts. . . pursuant to subpoena, or "administrative order,"
  • researchers (who will guarantee my privacy, however!),
  • coroners, medical examiners, and funeral directors,
  • organ banks,
  • fundraisers (!),
  • correctional institutions,
  • the military,
  • "authorized federal officials for intelligence, counterintelligence, and other national security activities,"
  • authorized federal officials so that [they] may provide "protection to the President," his cronies, and foreign heads-of-state, and
  • social service [agencies] regarding abuse, neglect, or domestic violence.

In other words, my "protected" health information can be made available to hundreds of nameless persons, for reasons so vague as to be hard to challenge, and interpreted by others, not me. The whole absurd business is given an aura of propriety, if not actual legality, by describing it in a wordy "notice." That makes it OK, of course! I shudder to think what would happen if my health information weren't protected.

That which the government would destroy it first legislates to "protect!"

Dr. Hein is a semi-retired ophthalmologist in St. Louis. This article was originally published online at Reprinted with permission.