Is Too Much Privacy Bad for Your Health? An Introduction to the Law, Ethics and HIPAA Rule on Medical Privacy
50 Pages Posted: 27 Jul 2001 Last revised: 16 May 2014
Date Written: 2000
After years of Congressional debates and agency rule-making, the HIPAA health care privacy rule has finally become effective. Why did it take so long? Many of the issues which deadlocked Congressional attempts to pass federal privacy legislation reflect deep disagreements over how much individual privacy should be protected. On one hand, patients often believe that no one except their closest health caregivers should be able to see their medical records without their permission. On the other hand, many other people and entities, mostly strangers to the patient, believe they should have access to those records without having to ask permission. They argue that such relatively free access to individual health care information is good for the patient, good for other patients, and good for society - in other words, that too much privacy protection is bad for our individual and collective health. Indeed, society has often tolerated sacrifices in individual medical privacy in order to promote the public good. This article examines the ethical trade-offs that we have made between the benefits of privacy protection and the benefits of sacrificing it in the name of social welfare, such as advances in scientific research, protection of the public health, higher efficiency and better quality in the delivery of health care, and even improved law enforcement. It analyzes how these ethical trade-offs have been reflected in our laws, Congressional debates, and recent HIPAA privacy rule. It also examines several key issues which created the impasse in enacting comprehensive federal legislation, and which continue to be controversial as providers face the task of compliance. The article serves as a guide for legal and health care professionals who would like to be introduced to what the controversy over health care privacy has been all about and how the HIPAA rule has, at least for the time being, resolved some aspects of it.
Suggested Citation: Suggested Citation