Engaging Privacy and Information Technology in a Digital Age

Questions? Call 800-624-6242

About | Ordering | New

LoginRegister

| Items in cart [0]

HARDBACK
price:$49.95
add to cart

Rights & Permissions

Free PDF Access

Free Resources

PDF SUMMARY

Related Titles

Engaging Privacy and Information Technology in a Digital Age (2007)
Computer Science and Telecommunications Board (CSTB)

Citation Manager Export the bibliographic data for this book in your chosen format
Web Search Builder Use this book's key terms to search within this book, across our collection, or across the Web.
Skim This Chapter Skim this chapter and use this chapter's key terms to search within this book.
Reference Finder Paste in your own text to find books that relate to your topic.

Citation Manager

. "7 Health and Medical Privacy." Engaging Privacy and Information Technology in a Digital Age. Washington, DC: The National Academies Press, 2007.

Please select a format:

Page
223


E-mail Share on facebook Facebook Share on delicious Delicious Share on stumbleupon Stumble Share on twitter Twitter More Sharing ServicesMore

The following HTML text is provided to enhance online readability. Many aspects of typography translate only awkwardly to HTML. Please use the page image as the authoritative form to ensure accuracy.

Engaging Privacy and Information Technology in a Digital Age

under what circumstances.⁷ Whether this confusion merely reflects a transitional effect between pre-HIPAA and post-HIPAA regimes remains to be seen.

The requirement for training has been seen by some as a way of changing the culture of the medical provider profession in a way that is positive albeit costly. The impact on researchers, especially those wishing to do large-scale and long-term investigations across sets of medical records, is currently unknown; however, the formulation of the privacy regulation has created a mechanism for dialog between researchers and regulators.

Finally, there remains the question of enforcement of HIPAA’s privacy regulations. In June 2006, the Washington Post reported that in the 3 years since the HIPAA regulations went into force, thousands of complaints alleging violations have resulted in two criminal prosecutions, no civil fines, and many agreements to fix problems that may have occurred without any penalty.⁸ These complaints have included allegations that personal medical details were wrongly revealed, information was poorly protected, more details were disclosed than necessary, proper authorization was not obtained, and that patients were frustrated in obtaining their own records. One administration official was quoted as saying that “our first approach to dealing with any complaint is to work for voluntary compliance.” Critics have asserted, however, that a lack of aggressive enforcement has made providers and insurers complacent about complying.

In the long run, an enforcement regime of some sort is likely to be needed to ensure substantial compliance with the regulations. But as with the confusion about the circumstances under which what personal health information may be provided to which parties, the long-term results of the current approach to compliance remain to be seen.

7.3.3
Patient Perspectives on Privacy

7.3.3.1
Notifications of Privacy Policy

As noted above, HIPAA mandates a number of privacy protections for personal health information. The concept of informed consent is important to these protections, and thus health care providers are required to

⁷	Rob Stein, “Patient Privacy Rules Bring Wide Confusion: New Directives Often Misunderstood,” Washington Post, August 18, 2003, available at http://www.washingtonpost.com/ac2/wp-dyn/A7124-2003Aug17.
⁸	Rob Stein, “Medical Privacy Law Nets No Fines: Lax Enforcement Puts Patients’ Files at Risk, Critics Say,” Washington Post, June 5, 2006, available at http://www.washingtonpost.com/wp-dyn/content/article/2006/06/04/AR2006060400672_pf.html.