Abstract

http://ssrn.com/abstract=346506
 
 

Footnotes (173)



 


 



Personal Privacy and Common Goods: A Framework for Balancing Under the National Health Information Privacy Rule


Lawrence O. Gostin


Georgetown University - Law Center - O'Neill Institute for National and Global Health Law

James G. Hodge Jr.


Arizona State University (ASU) - Sandra Day O'Connor College of Law


Minnesota Law Review, Vol. 86, p. 1439, 2002

Abstract:     
The newly-introduced Standards for Privacy of Individually Identifiable Health Information represent the first systematic national privacy protections of health information. Flowing from a Congressional mandate in the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the regulations protect the privacy of individually-identifiable health records in any form (including electronic, paper and oral) through disclosure and use limitations, fair information practices, and privacy and security policies that apply to "covered entities" (health providers, health insurance plans and health care clearinghouses) and their business associates.

Privacy safeguards are needed because of the personal nature of health data, the rapid shift from paper to electronic records, and actual and perceived risks of unwarranted disclosures. Existing health information privacy legal protections at the federal and state levels are fragmented, inconsistent, and variable. The new standards endeavor to protect patient privacy by limiting disclosures of individually-identifiable medical information (or "protected health information" (PHI)). Disclosure and use of PHI can only occur upon patient consent, subject to several exceptions outside the health care transaction setting. The regulations also implement fair information practices, which have long been a feature of existing federal laws. Fair information practices allow patients to (1) inspect and amend their records, (2) receive notice of covered entities' privacy practices and potential uses and disclosures of health information, and (3) request confidential communications and an accounting of actual disclosure.

Through the regulations, HHS attempts to set a "floor" for protections that, it suggests, "balance[s] the needs of the individual with the needs of society." Reaching this balance, however, is precarious. The national privacy rule does not always achieve a fair and reasonable allocation of benefits and burdens for patients and the community. We suggest a framework for balancing that values privacy and common goods, without a priori favoring either. We instead seek to maximize privacy interests where they matter most to the individual and maximize communal interests where they are likely to achieve the greatest public good. Thus, where the potential for public benefit is high and the risk of harm to individuals is low, we suggest that public entities should have discretion to use data for important public purposes. Provided that the data are used only for the public good (e.g., research or public health), and the potential for harmful disclosures are negligible, there are good reasons for permitting data sharing.

Conversely, if data are disclosed in ways that are unlikely to achieve a strong public benefit, and the personal risks are high, individual interests in autonomy should prevail. Consequently, for these kinds of disclosures, the law should strictly prohibit the release of information without the patient's consent. Through this framework we attempt to maximize individual and communal interests in the handling of identifiable health data.

Number of Pages in PDF File: 53

Accepted Paper Series





Download This Paper

Date posted: November 4, 2002  

Suggested Citation

Gostin, Lawrence O. and Hodge, James G., Personal Privacy and Common Goods: A Framework for Balancing Under the National Health Information Privacy Rule. Minnesota Law Review, Vol. 86, p. 1439, 2002. Available at SSRN: http://ssrn.com/abstract=346506 or http://dx.doi.org/10.2139/ssrn.346506

Contact Information

Lawrence O. Gostin (Contact Author)
Georgetown University - Law Center - O'Neill Institute for National and Global Health Law ( email )
600 New Jersey Avenue, NW
Washington, DC 20001
United States
202-662-9038 (Phone)
202-662-9055 (Fax)
James G. Hodge Jr.
Arizona State University (ASU) - Sandra Day O'Connor College of Law ( email )
Box 877906
Tempe, AZ 85287-7906
United States
Feedback to SSRN


Paper statistics
Abstract Views: 1,842
Downloads: 252
Download Rank: 70,195
Footnotes:  173

© 2014 Social Science Electronic Publishing, Inc. All Rights Reserved.  FAQ   Terms of Use   Privacy Policy   Copyright   Contact Us
This page was processed by apollo8 in 0.297 seconds