Medical Privacy

In part due to the outbreak of AIDS, there has been renewed concern on both the state and federal level regarding the confidentiality of medical information. There are three interests that together create a legal and ethical dilemma for policy makers: 1) the rights of individuals with HIV and AIDS; 2) the public interest in controlling and fighting an epidemic; and 3) the interest of employers, insurers, and health officials in providing adequate and affordable medical care (Caldwell 2001).

Laws regulating access to personal medical records vary from state to state, but all states have at least some degree of privacy protection. There are two important pieces of federal legislation that relate to privacy of records maintained by insurance carriers. The Health Insurance Portability and Accountability Act of 1996 (HIPAA) was enacted in August 1996, but regulations did not become finalized until seven years later. After significant concerns were expressed over the potential cost impact of privacy regulations originally published on December 28, 2000 (65 FR 82462), the regulations were revised considerably and the final modification of these regulations was not issued until August 14, 2002 and became effective on April 14, 2003. Another federal law called the Gramm-Leach-Bliley Act (GLBA) was passed in 1999.

Most states have required registration of persons infected with certain contagious diseases (e.g. AIDS, tuberculosis, STDs). However, the access to those person’s medical records is usually highly guarded and the cases reported are usually done so in the strictest of confidence. Thus a certain basic level of privacy protection is provided by most states (Caldwell 2001). The federal privacy regulations included in HIPAA guarantees patients access to their medical records, gives them more control over how their protected health information is used and disclosed, and provides a clear avenue of recourse if their medical privacy is compromised.

The Duke Center for Health Policy has developed a draft working paper assessing the costs and benefits of privacy regulations, including HIPAA (1996) and state requirements.


  • Privacy Rule. The Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule
  • Office for Civil Rights enforces the HIPAA Privacy Rule, which protects the privacy of individually identifiable health information. This link summarizes the Privacy Rule’s protection of the privacy of individually identifiable health information, the rights granted to individuals, OCR’s enforcement activities, and how to file a complaint with OCR.
  • A Fight Over How Drugs Are Pitched (Natasha Singer, NYT, 4.24.11). 3 states have enacted laws prohibiting using of prescription drug data to market to physicians.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: