The Women's Health Resource. On the web since 1997.

President Clinton Establishes New Standards to Protect Patient Privacy (dateline January 2, 2001)


In an attempt to ensure patient privacy, the Clinton administration has established the first-ever U.S. national standards to dictate how a patient’s personal medical information may be used and distributed by health insurance providers and physicians. The standards give patients control over their medical information, restrict the use and release of medical information by health plans and providers, increase the security of patient information, and establish criminal and civil penalties for unauthorized use or disclosure of patient information.

According to recent studies cited by the White House, in 1999, 80% of people surveyed agreed that they had "lost all control over their personal information." Currently, patient information can be distributed without the permission of the patient for reasons unrelated to medical treatment (such as marketing research or insurance underwriting). Some patients are also unable to gain access to their own medical records because of policies set by insurance companies or healthcare providers.

According to a White House news release, the new regulations "will give consumers more control over and access to their health information; set boundaries on the use and release of health records; safeguard that information; establish accountability for inappropriate use and release; and balance privacy protections with public safety."

Under the new regulations, health providers will be required to inform patients about how their information is being used and disclosed and give patients the right to a "disclosure history" within 60 days of any release, documenting all companies that receive the patient’s medical information for purposes unrelated to treatment or payment. The new regulations will also limit the release of personal medical information without the patient’s permission, give patients access to their own medical information as well as the right to request corrections or amendments when necessary, and require physicians and hospitals to obtain written permission from patients before using their information for treatment or other purposes.

The new regulations are intended to have a serious impact on the healthcare business, said Larry Ponemon, a senior partner of PriceWaterhouseCoopers. The rules are expected to take effect in two years and would apply to all forms of patient medical records, including paper, electronic, and oral communications. Intentional violators of the new regulations will face fines up to $50,000 and up to a year in prison. Those who disclose patient information with the intent to sell personal data will face fines up to $250,000 and up to 10 years in prison.

Most consumer advocate organizations support the new regulations which will help give patients more control over their medical information. However, the U.S. HMO lobby said it was concerned that the new rules will unintentionally interfere with patient care by limiting disease management processes. The American Medical Association (AMA) is approaching the new standards cautiously. According to surgeon Donald Palmisano, MD, a trustee on the AMA board, the AMA will carefully examine the new regulations to make sure there are not any problems or potential loopholes.

The new standards also allow states to pass stricter regulations if they wish. While the regulations are a first step toward protecting patient privacy, President Clinton has asked Congress to pass additional legislation to further expand the privacy rights of patients and impose stricter penalties on intentional violators of the new regulations.

Additional Resources and References