Medical Records, Privacy & Confidentiality

Last Updated by Bill Manning 8/03/97

About This Page

Today, individual health and medical data can be collected, collated, stored, analyzed and distributed in unprecedented quantities and put to diverse uses. Payers can not only tap patient data for claims payment; they use it for utilization review, underwriting and coverage decisions. Employers use health data to reduce their health care and workers compensation costs, as well as to identify employees who may be costly in the future. Health care providers use the data for research, to collect reimbursement, coordinate diagnosis and treatment, conduct quality assurance and monitor other providers. Clinical data repositories and management systems will likely reduce health care costs and improve patient care.
Clinical data management (CDM) systems and increasing automation of the electronic medical record ("EMR") also present significant patient privacy and confidentiality issues, among others, which executives and planners must recognize. Understanding these issues insures that CDM and EMR systems are effective without exposing its hosts and users to liability.
The resources on this page are intended to bring the internet's resources to the interested individual on medical records, privacy and confidentiality issues. Please feel free to contribute material here by e-mailing me at wmanning@netreach.net

What's

Patient privacy standards sought, Boston Globe Online

Selected Resources

Standards for Medical Records

Information about the HHS standards adoption process, the workgroups and the progress of the Administrative Simplification effort mandated under the Health Insurance Portability and Accountability Act will be made available on the HHS Data Council and NCVHS web pages at the following addresses: http://aspe.os.dhhs.gov/datacncl/ or http://aspe.os.dhhs.gov/ncvhs/.

The HHS Data Council meets monthly to coordinate all health and non-health data collection and analysis activities of the Department of Health and Human Services through an integrated health data collection strategy, coordination of health data standards, and health information and privacy policy activities. As an example, the Secretary has placed the Data Council in charge of the implementation of the Administrative Simplification provisions of the Health Insurance Portability and Accountability Act of 1996.
Confidentiality, Computers AMA Council on Judicial Opinions, AMA 5.07.
Disclosure of Records to Data Collection Companies AMA Council on Judicial Opinions, AMA 5.075.
Model Privacy, Procedures, and Standards for State Government Privacy, Confidentiality and Security (LINKS) Information for State Health Policy Program.
Information Security Handbook: information security handbook from Harvard University's gopher home page.

Studies and Reports

Privacy and Health Research, A Report to the U.S. Secretary of Health and Human Services, May 1997. zipped WordPerfect 5.1 version of this report.
Legislative Survey of State Confidentiality Laws, Lawrence Gostin, et al., Feb. 1997.
The testing and mapping of human genes push scientific boundaries into questions of personal privacy. As more is known, more may be concealed, Internal Affairs (15.9k), Summer 1995, Brian Cunningham and Douglas Haeuber, Cooley Godward LLP.
Privacy and Confidentiality in Clinical Data Management Systems: Why You Should Guard the Safe, by William L. Manning, Summer 1995.
"Protecting Privacy In Computerized Medical Information" , Digest of OTA Report, September, 1993. For the full text, Click here or Here.
Defending Secrets, Sharing Data: New Locks and Keys for Electronic Information, OTA Report (October 1987).
Electronic Record Systems and Individual Privacy, OTA Report (June 1986).
Information Security and Privacy in Network Environments, OTA Report (September 1994).
Issue Update on Information Security and Privacy in Network Environments, OTA Report (September 1995).
Consumer Health Informatics: Emerging Issues.GAO testimony, GAO/T-AIMD-96-134; July 26, 1996.
PRIVACY AND THE NII: Safeguarding Telecommunications-Related Personal Information The Information Infrastructure Task Force (IITF), Information Policy Committee, Privacy Working Group has released the Final Version of Privacy and the NII: Principles for Providing and Using Personal Information. NTIA staff made major contributions to the development of this document. To download the ASCII text version, click here. (40K)
AHCPR Report on Informatic Standards A compilation of activities voluntarily reported by selected healthcare informatics standards organizations. Provided by HHS, Office of Science and Data Development (OSDD), Agency for Health Care Policy and Research (AHCPR).
Health Care Privacy Issues paper that identifies some information privacy issues arising in relation to health care data arising in sole and group health care practices as well as in larger health care organizations.
Ethics and Confidentiality Report from the Minnesota Health Data Institute on "Guiding Principles Governing Data Access and Disclosure."
An Empirical Analysis of the Medical Informed Consent Doctrine: Search for a Standard of Disclosure, F. Merz --- Evaluates the informed consent doctrine in tort cases and concludes that it is now difficult for physicians to decide what must be disclosed.
Eggs, Embryos & Ethics: Reproductive Technology & Policy -- Volume 6:2, Spring, 1995, The Stanford Law & Policy Review.

Legislation and Legislative Models

Electronic Communications Privacy Act 18 USC §2701 (1988) from Cornell's database.
AHIMA's Model Health Information Legislation on computer-based patient records.
MGMA Health Care Reform Summaries, for Patient Protection Activities (New Mexico, California, North Carolina, Texas).
State Legislative Profiles, MGMA representatives and state legislative information.

Recently In the News

Patient privacy standards sought, Boston Globe Online
Carolina begins to address health privacy, Raleigh-Durham Triangle Business Journal, 7-23-97.
Researchers, Providers Assail Medical Records Privacy Bill, Reuters, 6-6-97.
Florida Man Convicted In Confidentiality Breech Of HIV Information, Reuters, 5-01-97.
Disclosure Of HIV Status Of Healthcare Workers Fuels Ethics Debate, Reuters, 4-17-97.
Rx for Privacy: Improve Security of Medical Records, Kerry Hall, Medill News Service, PCWorld Online, 3-10-97.
Medical Files in the Ether, The Washington Post, 3-09-97, Page C06.
FBI Urges HHS To Allow Law Enforcers Access To Medical Information, Reuters, 2-21-97.

Related Resources

The Medical Records Institute A collection of information and useful links to medical records practices and standards
Politecno di Milano Continuing education and international studies in medical informatics.
JCAHO Reports Archives of JCAHO survey reports on medical records practices, organized by institution surveyed.
Work Group for Electronic Data Interchange(WEDI)
Confidentiality of Electronic Health Data NIH, 448 citations (CBM 95-10), 5/30/96 104K ASCII.
Confidentiality of Electronic Health Data, 448 citations (CBM 95-10), 5/30/96 138K Binary WP61.
Public Policy Issues National Center for Genome Resources Genetics & Public Issues.
Relevant Congressional bills, federal regulations, state legislation, legal materials, and other policy information related to managing genetic information and technology (full text).

Explore These Relevant Links

HCFA
GPO Access search the Federal Register, U.S. Code, Congressional bills and other government pubs.
State Statutes by Topic
The Journal of Informatics in Primary Care
Health & Medical Informatics Digest, Bi-monthly e-zine affiliated with Univ. of Wisconsin-Madison keeping medical and health researchers up to date on the latest information in the areas of health and medical informatics and primary care research.