EFFector Vol. 14, No. 5 Mar. 27, 2001 editor@eff.org
A Publication of the Electronic Frontier Foundation ISSN 1062-9424
EFFector Vol. 14, No. 5 Mar. 27, 2001 editor@eff.org
A Publication of the Electronic Frontier Foundation ISSN 1062-9424
For more information on EFF activities & alerts: http://www.eff.org
The Health & Human Services privacy regulation issued by the Clinton Administration in December 2000 was originally scheduled to go into effect on February 26, 2001, but was delayed due to an administrative oversight. Though it could be a first major step to national medical privacy protection, it has flaws.
The public has until Friday, March 30, 2001, to submit comments to HHS on
the regulation. Comments can be submitted electronically at:
http://aspe.hhs.gov/admnsimp/
Comments can also be snail mailed, or hand-delivered to:
U.S. Department of Health and Human Services
Attention: Privacy I
Room 801
Hubert H. Humphrey Building
200 Independence Avenue, SW.
Washington, D.C. 20201
Sent via Web site submission
Dear Secretary Thompson:
Today there are no comprehensive federal rules to protect the confidentiality of medical record information. The rules mandated by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) are a good first step at protecting the sensitive information kept in our medical records by providing a baseline of significant privacy protection for medical records. Delaying implementation of the rule is not warranted. We need to be able to know that information in our private medical files will have the benefit of baseline protection, even as further protections are considered.
Fair Information Practices form one of the cornerstones for protecting privacy in this country today. Most of the major Federal privacy laws incorporate fair information practices, including the Privacy Act of 1974 and the Fair Credit Reporting Act. Including fair information practices in this rule maintains that strong tradition.
Specifically, Sec. 164.520; Sec 164.522; Sec. 164.524; Sec. 164.526; Sec. 164.530; and Sec. 160.306 contain support for these Fair Information Practices. The HIPAA rules grant us the important right to be notified of the data practices of those who handle personal health records. There are also rights to request restrictions on use and disclosures of health records.
The HIPAA rule grants new rights for individuals like myself to access our own medical files and amend it if there is erroneous information. Before HIPAA, doctors often did not allow patients to view their own medical files.
One area that needs to be strengthened in the rule is the section that allows individuals to file a complaint with HHS and with the covered entity. We should have the right to sue directly those who violate our privacy rights.
I support efforts to further strengthen the HIPAA regulations. For example, there should be limitations on the use of patients' data for marketing purposes. Sec. 154.501; Sec. 164.514. Use of health information is not the proper place to give equal weight to business and individual interests; an individual's privacy and health interests should always prevail. Protecting privacy for individuals would dictate that any disclosure of medical conditions and/or records should be by an opt-in process only, not opt-out. An opt-out standard, with its focus on initial disclosure followed by a subsequent revocation, will not protect any individual's privacy.
Law enforcement must be required to obtain a warrant before it may obtain access to patients' data. Sec. 164.512. A properly drawn court order or warrant must first be obtained before medical information is released to law enforcement.
The Government Health Database was discussed in the Standards for Privacy of Individually Identifiable Health Information in December, 2000, (65 Fed. Reg. 62462). Under Disclosures and Uses for Government Health Data Systems, the proposed rule had allowed a covered entity that was itself a government agency collecting health data for analysis in support of policy, planning, regulatory, or management functions, to disclose protected health information to government health data systems. The final rule explicitly eliminated that provision. Consent by the patient is now required, but it contains a loophole when disclosure is permissible under another provision of the rule. This seems like a way to implicitly side step the consent issue. Patients should always be asked for their consent before their health information is funneled from one government database to another. Unless individuals are able to give true informed consent that is not conditioned upon treatment, government will steadily be able to build surveillance and tracking systems that will touch every aspect of our lives so much so that it will become a threat to our open society.
Individuals want the privacy of their sensitive medical records to be strongly and unambiguously protected. In fact, given the potential for medical records to impact employment opportunities, financial offerings, family relations, social standing, and even our ability to obtain housing, medical records deserve the strongest possible protection.
This is the farthest our nation has ever come toward protecting the sensitive, personal information contained in our medical records. There are still privacy-damaging sections included in the rule but I believe that the rule gives a baseline right to privacy that can be enlarged by either Congress or the States. I encourage you to implement this rule without further delay.
Sincerely,
__________________________________________________________
Your Name
P.S. (Choose one)
____Please do not post my personal information on any government website
____Feel free to post my personal information on the DHHS website
Rep. Paul identifies clear loopholes in the existing proposal, in the dear-colleague letter below, and EFFector readers should be aware of them. While we agree with Rep. Paul's observations, we believe his position, that the entire HIPAA should be repealed, is too extreme. The regs - even with these loopholes - would be a net gain for American privacy. Instead we hope that either Congress will fix the loopholes directly with an amendment, or that recently announced plans to amend the regs from within HHS are carried out, and that these problems are solved.
Dear Colleague:
Proponents of the Department of Health and Human Services' (HHS) so-called "medical privacy" regulation have launched a campaign to convince the American people that these regulations protect their medical privacy. However, these supposed "privacy advocates" are neglecting to mention that buried within this 367-pages of small print which comprise the medical privacy regulation are provisions that :
Give state-favored special interests the right to access private medical information -- including genetic information -- without patients' consent (Sections 164.502 and 164.506).
Force physicians to turn confidential medical records over to HHS and other government agencies and law enforcement officials without either individual consent or a warrant in complete disregard of the Fourth and Fifth Amendments (Section 160.310).
I have introduced the Medical Privacy Protection Resolution (H.J.Res. 38), which uses the Congressional Review Act process to overturn this misnamed and misguided regulation. Please don't allow medical privacy be eroded by a regulation which allows government and the politically-connected to access personal medical records without a patient's consent. Call Norm at 5-2831 and cosponsor the Medical Privacy Protection Resolution today!
Sincerely,
Ron Paul, M.D.
The National Committee for Information Technology Standards (NCITS) Technical Committee T13 ( http://www.t13.org ) is designing copy prevention technology into all hard drives, at the behest of the entertainment industry. T13 has become the latest battleground in record and movie industry efforts to cripple digital technologies and force copy "protection" schemes onto the public's hardware. The end result of these proposals is to place limitations on how you use music and movies in your digital environment. And it's being voted on right now.
For more information, see our full alert & backgrounder at:
WHAT: "BayFF" at UC Hastings - Challenges and Opportunities Facing Online
Artists in the
World of Digital Music
WHO: Electronic Frontier Foundation, UC Hastings, Chuck D
WHEN: Friday, April 6th, 2001 at 7PM PST
WHERE: University of California - SF
Hastings College of the Law
198 McAllister Street
San Francisco, CA. 94012
Room: The Louis B. Mayer Lounge (LBML)
The building is on the northeast corner of the Hyde and
McAllister
intersection. Parking is available at the Civic Center
parking lot by city
hall.
This event is free and open to the general public. Food and beverages will be served.
Famed rapper and outspoken activist Chuck D, formally of Public Enemy, will keynote April's BayFF as part of the Electronic Frontier Foundation's Campaign for Audio-Visual Free Expression (CAFE). CAFE works to protect freedom of expression by empowering the creative community in cyberspace. Chuck D will address these issues directly, speaking on "The Challenges and Opportunities Facing Online Artists."
As leader and co-founder of legendary rap group Public Enemy, Chuck D redefined rap music and Hip Hop culture. His messages addressed weighty issues about race, rage and inequality.
Most recently, Chuck has become a spokesperson for, and major proponent of music on the Internet. In September 1999, he launched a multi-format website called Rapstation.com. The site is a home for the global hip hop community. It provides both a television and radio station with original programming, a slew of Hip Hop's most prominent DJs, celebrity interviews, free MP3 downloads (the first was contributed by rap star Coolio), social commentary, current events, and regular features dedicated to empower aspiring musicians with the knowledge to turn their craft into a viable living.
Chuck has also launched a radio station on the Internet, BringTheNoise.com, and has made Public Enemy the first multi-platinum selling act to release their album in MP3 format via the Internet before it was available in retail stores.
For directions to the event, you can use free services like http://www.mapquest.com or http://maps.yahoo.com to generate driving directions or maps. For CalTrain and Muni directions, please call their information lines. You can subscribe to receive future BayFF annoucements. To subscribe, email majordomo@eff.org and put this in the text (not the subject line): subscribe bayff.
The Electronic Frontier Foundation is the leading civil liberties organization working to protect rights in the digital world. Founded in 1990, EFF actively encourages and challenges industry and government to support free expression, privacy, and openness in the information society. EFF is a member-supported organization and maintains one of the most-linked-to Web sites in the world: http://www.eff.org
Hastings College of the Law was founded in 1878 by Serranus Clinton Hastings (the first Chief Justice of California) Hastings is the oldest public law school in California and the oldest in the western U.S. It is a part of the University of California system. In addition to legal practice that covers the entire spectrum of law, many Hastings graduates sit as judges on the California bench.
Continuing over 10 years of defending civil liberties online, EFF presents a series of monthly meetings to address important issues where technology and policy collide. These meetings, entitled "BayFF", (Bay-area Friends of Freedom), kicked off on July 10, 2000, and will continue on a monthly basis
For more information, see: The Electronic Frontier Foundation: http://www.eff.org
BayFF Meetings Info Page: http://www.eff.org/bayff
Contact:
Katina Bishop
Director of Education & Offline Activism
Electronic Frontier Foundation
+1 415 436 9333 x101
katina@eff.org
In conjunction with EFF Pioneer Award winner & blocking software expert Seth Finkelstein, EFF has submitted not one but two concise whitepapers on the problems presented by government mandated use of "censorware" in public libraries, in response to a National Research Council call for comments:
"Blacklisting Bytes", co-authors: Seth Finkelstein, Consulting
Programmer; Lee Tien, Senior Staff Attorney, EFF. EFF's thesis is
simple: The quest for a technical solution to the alleged problem of
minors' access to "harmful" material on the Internet is both
misguided and dangerous to civil liberties. (Mar. 6, 2001)
"The
'vexing' question of the state's interest in preventing minors' access
to 'harmful to minors' material", author, Lee Tien, Senior Staff
Attorney, EFF. In this White Paper, EFF argues that the state interest
in regulation of non-obscene non-indecent materials is much narrower
than it appears at first glance. EFF does not here challenge the
proposition that the government has a legitimate interest of some sort,
but we believe that such arguments are specious. In particular, EFF
believes that the government has failed to establish that there exists a
problem to be solved, as distinguished from a vague fear. (Mar. 6, 2001)
EFF and attorneys Edward Hernstadt & Martin Garbus of the Frankfurt Garbus law firm file detailed reply brief in landmark New York DVD/DeCSS appeal, directly addressing all of the motion picture industries claims against 2600 Magazine. The full text of the document is available at:
The MPAA brief it is a response to is at:
See two groups of law professors (50 to 4 in favor of 2600) argue the matter:
Full text of Seventh Circuit decision overturning district court's finding that an Indianapolis video game censorship law was constitutional. Appeals court differentiates "violent" video games (intended for children) from sexually explicit "harmful matter" that is "an adult invasion of children's culture" (Mar. 23, 2001)
EFFector is published by:
The Electronic Frontier Foundation
454 Shotwell Street
San Francisco CA 94110-1914 USA
+1 415 436 9333 (voice)
+1 415 436 9993 (fax)
http://www.eff.org
Editor: Stanton McCandlish, EFF Advocacy Director/Webmaster (editor@eff.org)
Membership & donations: membership@eff.org
General EFF, legal, policy or online resources queries: ask@eff.org
Reproduction of this publication in electronic media is encouraged. Signed articles do not necessarily represent the views of EFF. To reproduce signed articles individually, please contact the authors for their express permission. Press releases and EFF announcements & articles may be reproduced individually at will.
To subscribe to EFFector via e-mail, send message BODY (not subject) of:
subscribe effector
to majordomo@eff.org, which will send you a confirmation code and then add you to a subscription list for EFFector (after you return the confirmation code; instructions will be in the e-mail).
To unsubscribe, send a similar message body to the same address, like so:
unsubscribe effector
(Please ask listmaster@eff.org">listmaster@eff.org to manually add you to or remove you from the list if this does not work for you for some reason.)
To change your address, send both commands at once, one per line (i.e., unsub your old address, and sub your new address).
Back issues are available at:
http://www.eff.org/effector
To get the latest issue, send any message to effector-reflector@eff.org (or er@eff.org), and it will be mailed to you automagically. You can also get, via the Web:
http:// www.eff.org /pub /EFF /Newsletters /EFFector /current.html
Return to EFFector Newsletter Menu
![[*]](/Icons/home_blue_icon.gif){kind=icon}
EFF Welcome Page
Please send any questions or comments to webmaster@eff.org