Health Insurance Portability and Accountability Act of 1996, Pub. L. No. 104-191, 110 Stat. 1936 (codified as amended in scattered sections of U.S.C. and I.R.C.) (1996).
2.
S. 1360, 104th Cong. (1996).
3.
ShalalaD.E., “Confidentiality of Individually-Identifiable Health Information: Recommendations of the Secretary of Health and Human Services, pursuant to section 264 of the Health Insurance Portability and Accountability Act of 1996” (visited at http://aspe.os.dhhs.gov/admnsimp/index.htm).
4.
See id. at § II.E3.
5.
Id. at § I.I.
6.
In the federal regulations regarding research on human subjects, “a medical record” is given as an example of “private information” which deserves the protections of the regulations. 45 C.F.R. § 46.102(f)(2) (1991) (“Definitions”).
7.
“Medical Files, or Fishbowls?,”Washington Post, Sept. 23, 1997, at A16 (emphasis added).
8.
See Jaffee v. Redmond, 116 S. Ct. 1923 (1996).
9.
See HageyJ., “Privacy and Confidentiality Practices for Research with Health Information in Canada,”Journal of Law, Medicine & Ethics, 25 (1997): At 137.
FeinleibM., “The Epidemiologist's Responsibilities to Study Participants,”Journal of Clinical Epidemiology, 44, Supp. 1 (1991): 73S–79S.
12.
Id. at 77S.
13.
Bruce Phillips comments: “Easy as it is to rationalize data gathering as beneficial for the individual and society, the information might not be used for benevolent purposes. The collection of medical data can slide imperceptibly from health care to medical supervision to lifestyle surveillance and, ultimately, to a more generalized form of surveillance by the state.” See Phillips, supra note 10.
14.
I would add that the “routine use” exceptions permitted by the federal Privacy Act appear to be the black hole of confidentiality with respect to records held by governmental agencies. Even the better privacy statutes and regulations cited by Richard Turkington do not protect sensitive information from being widely shared among federal and state agencies.
