[George] is a cancer patient at the university hospital. The hospital maintains a policy of complete separation of research and treatment, and assures him that his file will never be accessed by anyone but his doctor.
[Elaine] is a cancer patient at the university hospital. As a condition of being a patient, she must let data on her recovery be used anonymously in a study of several thousand cancer patients nationwide. Her tests will only be reported as a small part of an average across all patients.
[Tinika] is a cancer patient at the university hospital. As a condition of being a patient, she must release her file to the hospital, to be used as an anonymous case study for the hospital training manual.
[Mark] is a cancer patient at the university hospital. The hospital requires that all patients allow their medical files to be used for research purposes. Any medical researcher may obtain [Mark’s] file.
The most comprehensive legislative attempt to address the issues around the uses of individual health information is the Health Insurance Portability and Accountability Act (HIPAA) of 1996. This act, one of the outcomes of the Clinton administration’s attempt to deal with the overall state of health care in the United States, had as its purpose the protection of health insurance coverage for workers and their families when workers changed or lost their job. However, as is often the case in such bills, the attempt to provide portability of coverage grew to encompass a number of other areas, as well.
Portability required that the insurance companies adopt a common way of representing the medical information about the insured. This common format was also seen as a way of introducing efficiencies in the transmission and payment of claims from health care providers to the insurance companies, and so the effort toward portability also included establishing standards for electronic health care transactions, as well as national identifiers for providers, health plans, and employers. The hope was that by enabling a common format, the industry could adopt electronic means of transmitting and settling claims, which would in turn allow a reduction in the administrative costs of the health system. This administrative cost has been estimated to be 25 percent of the overall cost of the health system in the United States, and so reductions of such costs could have a significant impact on the overall cost of health care.
Although using standardized format for medical information to enable electronic transfer of information was intended to lead to considerable savings and efficiencies, legislators also realized that such standardization and transmission opened the possibility of misuse and privacy invasion. Because of this, the HIPAA legislation addressed the concerns of privacy