The Tech - Online EditionMIT's oldest and largest
newspaper & the first
newspaper published
on the web
Boston Weather: 39.0°F | Mostly Cloudy

HHS Proposes New Standards, Will Protect Medical Privacy

By Amy Goldstein
The Washington Post
WASHINGTON

Federal health officials Thursday proposed the first comprehensive ground rules for protecting the confidentiality of medical records in an era of exploding computer information about people's medical histories.

The standards, released by Health and Human Services Secretary Donna E. Shalala, would require that doctors, hospitals and insurance companies release individual patient records only when needed for medical treatment and payments. The rules would establish new federal criminal penalties for misusing such information, and would guarantee patients the right to see their records and find out who else has looked at them.

But in a provision that drew swift denunciations from privacy advocates, Shalala proposed a broad exception for law enforcement authorities, who would continue to enjoy relatively ready access to doctor records - with the names of patients attached and without those individuals' knowledge. Those investigators would be allowed to keep the records indefinitely and use them as they saw fit, conceivably even to prosecute a patient.

In granting ready access to law enforcers, Shalala disregarded the work of an advisory group that three months ago urged her to adopt "the strongest substantative and precedural protections" against subsequent uses of medical records by investigators.

The Clinton administration's recommendations, required by Congress a year ago, represent the federal government's most significant attempt to control the flow of medical information at a time when new computer networks have allowed patients' most personal medical details to be glimpsed - and used - ways that would until recently have been inconceivable. Thursday, Shalala cited the case of a Boston health maintenance organization in which every clinical employee could read notes from patients' pscyho-therapy sessions. In another case, she said, a Colorado medical student copied patients' health records and sold them to medical malpractice attorneys.

The federal standards would augment a patchwork of privacy measures that most states have begun to enact in recent years. Although a few states have comprehensive laws, most provide protection on narrower matters of particular sensitivity, such as AIDS tests and mental health records. Slightly more than half the states ensure patients some kind of access to their own records.

Unlike most state laws, the standards put forth by the Clinton administration would apply to all settings in which medical records are kept, including doctors' offices, hospitals, insurance companies, claims administrators and pharmaceutical companies. It would extend protections that now apply only to government-funded research to all types of medical study.