and institutions. In addition, the Americans with Disabilities Act (ADA) was intended to safeguard certain kinds of employee medical information and protect employees with disabilities from discrimination, but the scope and interpretation of the law are not yet clearly defined. Although the law restricts employer access to information from preemployment physical examinations and certain other sources, it is silent about employer access to the much greater volume and sensitivity of information that is generated from employee health insurance programs.⁸ Another IOM committee has recommended that the protections of the ADA be extended to this latter information (IOM, 1993b).

Private organizations may also establish policies to protect the privacy of personal medical information. The JCAHO, for example, includes privacy protections in its accreditation standards for health care institutions. The American Medical Association has set forth ethical standards that may "take on the force of law when they are expressly incorporated, or implied in, physician licensure laws" (AMA, 1995, p.3).

Centuries ago, the Hippocratic Oath required that physicians keep silent what they learn about people, "counting such things to be as sacred secrets" (cited in IOM, 1994b, p. 148). The expectation of such secrecy has become increasingly fragile as physicians' control over information has diminished and as more and more individuals have claimed access to personal medical information for people with whom they have no personal connection and for whom they lack professional responsibility. Contemporary threats to informational privacy arise from several interrelated developments, including the computer-based patient record, the creation of large databases, new