Newsletter

Health-Related Privacy

February 2000

For the health care industry in particular, there are at least three ongoing developments will be worth following over the next few months. First, on February 8, President Clinton issued Executive Order 13145 – "To Prohibit Discrimination in Federal Employment Based on Genetic Information.” This obligates heads of executive departments and agencies to prevent discrimination "because of protected genetic information with respect to the employee, or because of information about a request for or receipt of genetic services.” Federal employers "shall not request, require, collect or purchase” such information and "shall not disclose such information” except under specified circumstances. The requested information shall not be maintained "in general personnel files.”

In general, "protected genetic information” is defined to mean only "information about an individual's genetic tests,” "information about the genetic tests of an individual's family members,” or "information about the occurrence of a disease, or medical condition or disorder in family members of the individual.”

The White House release announcing this "historic action” goes on to emphasize that the President "will also endorse the Genetic Nondiscrimination in Health Insurance and Employment Act of 1999,” introduced by Senator Daschle (S. 1322) and Congressman Slaughter (H.R. 306), which is designed to "extend these protections to the private sector and to individuals purchasing health insurance.” The nature and speed of congressional response to this Presidential initiative clearly merit attention.

Second, the Health Privacy Project, an Institute affiliated with Georgetown University, released the results of a study indicating that health care websites often do not follow their own published privacy tatements. The report profiled 21 health-related websites. The major findings of this report are:

  • Visitors to health websites are not anonymous, even if they think they are.
  • Health websites recognize consumers' concern about the privacy of their personal health
    information and have made efforts to establish privacy policies; however, the policies fall short of truly safeguarding consumers.
  • There is inconsistency between the privacy policies and the actual practices of health websites.
  • Consumers are using health websites to manage their health better, but their personal health information may not be adequately protected.
  • Health websites with privacy policies that disclaim liability for the actions of third parties on the site negate those very policies.

The report's stated objective is "to alert consumers and the industry to an impending problem so the industry can address the problem before it becomes acute.” Reportedly, the FTC also is taking an official interest.

Third, HHS has received an avalanche of comments on the proposed rules for the confidentiality of electronic medical records. The comment period closed on February 17, at which time HHS Asst. Secretary Hamburg advised the House Ways and Means Health Subcommittee that HHS "had received over 30,000 comments by mail or hand delivery, and another 10,000 on our website.” She expressed an agency commitment "to reviewing all the public comments” using an "interagency team,” but offered no suggestion as to the timing or content of the final rules.

The key areas of controversy involve the following areas, each of which has significant risk management implications:

  • The requirements that will be imposed on "business partners” of health care providers and health plans;
  • Whether patients have (or should be given) an effective right to enforce their privacy as the "third-party beneficiaries” of privacy agreements;
  • What "security levels” will be imposed on confidential data;
  • Whether all medical information, not just electronic records, will be encompassed within the regulations; and
  • Whether law firms will be treated as "business partners” and, if so, how this will affect privilege issues.

Last, the true wild card in the health care privacy debate is Congress. There is mounting pressure for Congressional intervention, and both parties recently have formed "Privacy Caucuses” to examine privacy policies. With all of this change, and the new activity at state legislatures to supplement the federal protections, carriers insuring affected industries may wish to include a review of privacy practices as a component of risk assessment.

For additional information please contact Kirk J. Nahra at (202) 719-7335 or .

Read Time: 3 min
Jump to top of page

Wiley Rein LLP Cookie Preference Center

Your Privacy

When you visit our website, we use cookies on your browser to collect information. The information collected might relate to you, your preferences, or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. For more information about how we use Cookies, please see our Privacy Policy.

Strictly Necessary Cookies

Always Active

Necessary cookies enable core functionality such as security, network management, and accessibility. These cookies may only be disabled by changing your browser settings, but this may affect how the website functions.

Functional Cookies

Always Active

Some functions of the site require remembering user choices, for example your cookie preference, or keyword search highlighting. These do not store any personal information.

Form Submissions

Always Active

When submitting your data, for example on a contact form or event registration, a cookie might be used to monitor the state of your submission across pages.

Performance Cookies

Performance cookies help us improve our website by collecting and reporting information on its usage. We access and process information from these cookies at an aggregate level.

Powered by Firmseek