Tell Congress to pass a real health privacy law.
How would you feel about your personal health information flowing freely over the Internet between public health officials, healthcare providers, insurance and data clearinghouse companies, and others – without your permission?
If this doesn't sound like a good idea, it's time to become informed about federal health privacy law.
Today, when Americans visit a healthcare provider for services (including dental and eye exams), they receive a form with a title such as "Notification of Privacy Rights." Many assume that signing the form guarantees that personal information won't be shared with third parties. But the form offers no such guarantees. And neither does federal law.
In fact, the privacy rule established under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) legally permits healthcare providers to share patients' information with more than 600,000 health- and data-related entities – without a patient's consent. Yet the notification form doesn't clearly explain this.
Individuals control their information when they give consent; they don't with notification. When you sign a notification form, all you are doing is acknowledging its receipt. The HIPAA notification form offers no control over who sees your information and instead just you about some of the entities that can access your information, rather than for your permission.
Consequently, many physicians and other healthcare providers are urging Congress to strengthen privacy rights. They know firsthand that the HIPAA rule fails to ensure true confidentiality.