• employee is still able to perform his or her job functions). Legislation with this effect would eliminate much of the economic incentive for such parties to obtain patient-specific health information and thus reduce many concerns about patient privacy. Although the Americans with Disabilities Act provides some protection of this sort, it applies only to specific predefined disabilities and not to health conditions as a whole.
  • Legislation to establish information rights for patients. As noted in Chapter 2 consumers have few legally enforceable rights regarding the privacy and security of their medical information. Today, patients have no legal basis on which to demand disclosure of information flows, access to their own health records, or redress for breaches of privacy. Passage of the Health Insurance Portability and Accountability Act is a first step toward giving patients greater ability to protect their health information, but efforts to extend the fair information practice requirements of the Privacy Act of 1974 to the private sector (including all organizations that collect, process, store, or transmit electronic health information) would empower the consumer population with enforceable rights and create a powerful force for protecting the privacy and security of sensitive information.
  • Legislation to enable a health privacy ombudsman to take legal action. Most operating concepts of privacy ombudsmen are advisory in nature. In some instances, however, the office of privacy ombudsman has greater authority. For example, in Germany, data protection councils operate at the national level to field complaints from patients and conduct investigations as necessary.

The committee notes that legislation in all of these areas has implications that go far beyond the question of protecting the privacy interests of consumers, and realizes that making recommendations about the desirability of such legislation is beyond its expertise and charge.

  • 2.  

    It should facilitate the identification of parties that link records so that those who make improper linkages can be held responsible for their creation.

  • 3.  

    It should be unidirectional to the degree that is technically feasible: it should facilitate the appropriate linking of health records given information about the patient or provided by the patient (such as the patient's identifier), but prevent a patient's identity from being easily deduced from a set of linked health records or from the identifier itself.

The first criterion requires that the nation decide which types of record linkages will be legal or illegal. The United States has applied this approach sporadically to protect certain types of information. For example, the perceived unfairness of using videotape rental records in the fight against the confirmation of Judge Bork for a seat on the Supreme Court led to the adoption of a law that specifically prohibits such a practice The same law does not apply, however, to other types of records. In practice, it is difficult to legislate a prohibition on the collection of such data because institutions often have a legitimate need for the information Prohi-



The National Academies | 500 Fifth St. N.W. | Washington, D.C. 20001
Copyright © National Academy of Sciences. All rights reserved.
Terms of Use and Privacy Statement