Skip to main content
ad info technology > computing
    Editions | myCNN | Video | Audio | Headline News Brief | Feedback  




Consumer group: Online privacy protections fall short

Guide to a wired Super Bowl

Debate opens on making e-commerce law consistent



More than 11,000 killed in India quake

Mideast negotiators want to continue talks after Israeli elections


4:30pm ET, 4/16










CNN Websites
Networks image

Expanded privacy rules perpetuate debate


(IDG) -- President Clinton's last-minute introduction of sweeping federal rules to protect patient privacy has sparked a new round of debate in the health-care industry, which has been awaiting the privacy regulations for the past five years.

While health privacy advocates said they favor the rules, which Clinton announced Dec. 20, critics said the unexpected move by the administration to apply health privacy protection to oral and written communications will add unnecessary complexity to an industry that's already heavily regulated. The original proposal applied only to electronic records.

"Does the government have the right to regulate every single letter that a doctor writes about a patient?" said Mark Anderson, a vice president at Meta Group Inc. in Stamford, Conn., and a former hospital CIO.

But Zoe Hudson, a senior policy analyst at the Health Privacy Project at Georgetown University in Washington, said the regulations are necessary to protect patient privacy. INFOCENTER
Related Stories
Visit an IDG site search

"Until now, there has been no federal law that protects patient privacy," she said. "In practice, [health records] receive less protection than financial records or even video rental records."

Critics said president-elect George W. Bush could make additional changes to the Health Insurance Portability and Accountability Act of 1996 (HIPAA) after he takes office Jan. 20. Bush's office didn't immediately return phone calls seeking comment.

Under the rules, health care organizations would need to have patients sign a one-time consent agreement allowing their health data to be shared for billing and treatment purposes. Patients must also be given detailed written information about their privacy rights and be informed of any planned use of their personal information. Failure to comply with the regulations could result in civil fines or criminal charges against those who sell health information.

The regulations, which were prepared by the U.S. Department of Health and Human Services, are the final version of proposed rules that were issued a year ago, after Congress failed to pass comprehensive medical privacy legislation as required by the HIPAA.

Applying the medical privacy rules to paper and oral communications shouldn't have much impact on IT workers, said Scott Cebula, executive director of information services at MemorialCare in Long Beach, Calif.

According to the American Hospital Association in Chicago, the privacy rules will cost hospitals as much as $22.5 billion over five years. The Clinton administration, however, has estimated that the HIPAA will cost the entire health care industry $17.6 billion over 10 years.

The act also calls on hospitals, health insurers and health care clearinghouses to establish procedures for protecting patient privacy, such as appointing executives to oversee their internal procedures. And companies are prohibited from accessing health records for employment purposes.

Claudine Singer, a senior analyst at New York-based Jupiter Media Metrix Inc., said that while the HIPAA will have an enormous impact on the health care industry in the long run, it will be some time before changes occur. Most health care organizations will have two years to comply with the final rules, and smaller health care groups and community hospitals have three years.

"Don't expect enormous change tomorrow in your doctor's office," Singer said.

Hospital hack points to need for standards
December 20, 2000
Hospital confirms copying of patient files by hacker
December 15, 2000
Sites for movers, shakers and hackers
December 14, 2000
Hacker steals huge credit card database
December 13, 2000
NASA hacker pleads guilty
December 6, 2000
Analysis: Home workers can imperil systems
November 7, 2000

Power Prognosticator: Net privacy law
(Network World Fusion)
Expanded privacy rules perpetuate debate
FTC seeks input on new data privacy guidelines
Hospital hack points to need for standards
Take my privacy, please
Truste, Hi-Ethics to develop privacy seal for health sites
Canadian privacy law raises ante
Privacy package unveiled for financial institutions

U.S. Department of Health and Human Services

Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.


Back to the top  © 2001 Cable News Network. All Rights Reserved.
Terms under which this service is provided to you.
Read our privacy guidelines.