By Erin Sherbert
By Erin Sherbert
By Leif Haven
By Erin Sherbert
By Chris Roberts
By Kate Conger
By Brian Rinker
By Rachel Swan
For example, under HIPAA, the bulk of a mental health patient's file might be obtained by the FBI, and then be turned over to the CIA -- which might decide to pass it on to the White House.
Given the known activities of J. Edgar Hoover and Richard Nixon, one does not necessarily need a conspiratorial mind to imagine possible government misuse of personal information obtained via a HIPAA administrative subpoena. What if a Democrat from a small flyover state who was rumored to be a womanizer happened to be running for president, and the FBI happened to find out that he'd contracted syphilis during a misspent youth? What if you are a vocal critic of the district attorney, and he lets you know that he knows you are addicted to pain medicine? What if you develop a heart murmur and, suddenly, the promotion you thought was in the bag goes to someone else?
"Under the Bush administration, we have lost a great deal of personal freedom, and most people are not even aware of it," says Robert Moffit, a deputy assistant secretary at the Department of Health and Human Services during the Reagan administration who now is director of the Center for Health Policy Studies at the Heritage Foundation in Washington. The right-leaning Heritage Foundation generally objects to government regulation of the health care market, but the Republican-dominated think tank particularly dislikes HIPAA. Several years ago, it joined forces with its natural-born enemy, the American Civil Liberties Union, to lobby against the regulations. Both organizations claim that the new rules undermine patient confidentiality and violate the Fourth Amendment by allowing warrantless searches.
Ann Brick, an ACLU staff attorney based in San Francisco, is concerned that national security agencies will use HIPAA and the Patriot Act to search combined medical and consumer databases for particular identifiers, such as "Arab AND diabetes AND airplane mechanic." It goes without saying that the search could be changed to have political parameters, "Democrat AND bipolar," for example.
Actually, HIPAA is more law enforcement friendly in regard to medical records than the oft-criticized Patriot Act, which, at least, requires a judge to sign a court order every time that the FBI or its national security cousins want to search an HMO database, or take a peek at your gynecology file. Unlike the Patriot Act's limited due-process provisions, HIPAA's criteria for issuing subpoenas do not even require judicial review; law enforcers simply have to assert that a medical record or database is "relevant" to an investigation. And HIPAA is slated to outlive the medical-records portion of the Patriot Act, designed to "sunset" in 2005 unless Congress gives it a second life.
Ohio State University law professor Peter Swire was the White House coordinator for medical privacy rules in the Clinton years, and he played an instrumental role in the writing of the HIPAA Privacy Rule. Swire says that, under HIPAA, medical records are not protected by the Fourth Amendment's probable-cause requirement because the Supreme Court has ruled that a person loses "a reasonable expectation of privacy" when his papers (or records) are not in his home. "Once you have voluntarily given over your records to doctor or a bank, they can decide to turn over your record to the police," he says. "It's as if you have given a key to your house to a neighbor."
But Daniel Solove, an associate professor at Seton Hall Law School in New Jersey who has written extensively in national legal journals about Fourth Amendment protections of electronic records, says it is unreasonable to exclude medical records from constitutional protection against unwarranted government search or seizure. "That HIPAA allows law enforcement to take action on a mere administrative subpoena is unconstitutional," Solove says. "For centuries, it has been reasonable for people to expect their doctors to keep their intimate confidences under the Hippocratic oath and the common law."
In 1971, as the Vietnam War raged, a Defense Department analyst named Daniel Ellsberg gave the New York Times 47 volumes of secret documents -- the Pentagon Papers -- showing that American politicians had been systematically lying to the public about events in Vietnam for decades. President Richard Nixon responded by authorizing his aides to burglarize the office of Ellsberg's psychiatrist, in an attempt to discredit the DOD analyst. The aides eventually went to prison, Nixon resigned in disgrace, and Congress passed the Privacy Act of 1974, which greatly limited the government's ability to acquire or to use personal information without a court order.
HIPAA has effectively unwritten the Privacy Act in regard to medical records, and America's psychiatrists are leading the charge against it. "An ethical physician would decline to release information to anyone without patient consent," says Dr. Paul S. Appelbaum, outgoing president of the American Psychiatric Association.
"The government can issue regulations, but it can't change the fundamental ethics that the medical profession has held for several thousand years. We are concerned by the [HIPAA Privacy Rule] provision that would allow for the release of medical information anytime the police are trying to identify a suspect. This broad exception would allow computerized medical records to be sifted through by police to seek matches for blood or other health traits."