WASHINGTON — Doctor groups and privacy advocates have charged that new government rules, touted as protecting patients' confidentiality, will instead make it easier for employers, researchers, law-enforcement officials, the federal government and others to gain access to people's medical records without their consent.
The Department of Health and Human Services is reviewing some 53,000 public comments on the proposed regulations, which were announced last fall and are expected to be issued in final form in the next few months.
The rules, mandated by Congress, represent the first federal effort to safeguard the privacy of medical records. When President Clinton unveiled them last fall, he said that "they would greatly limit the release of private health information without consent."
But by eliminating the requirement for patient consent in many situations, the rules would have the opposite effect, predicted Richard Sobel, a political scientist at Harvard Medical School.
The administration "stressed the privacy protections," Sobel said. "But . . . it turns out that these regulations essentially abolish informed consent" if a patient's medical records are being used for providing treatment, arranging payment or for "health-care operations," an ill-defined term that covers many activities of managed-care plans and health insurers.
In addition, under some circumstances, the rules would permit health providers to release private medical information without obtaining a patient's consent to police, employers, researchers and government data banks.
*
The tug-of-war over medical records has intensified in the last decade, as computers have allowed health-care providers, insurers and others to store vast quantities of information and to search and transfer it rapidly. A 1996 law required Health and Human Services to issue rules protecting privacy of medical records transmitted via computers if Congress didn't pass legislation on medical privacy within a specified period. Last year, Congress missed the deadline, triggering the rule-making process.
Administration officials and many members of Congress consider the new rules a stopgap measure and believe a comprehensive medical privacy law is sorely needed. For example, the proposed rules would apply only to medical records sent by computer--not to those solely on paper, nor to records typed on a word processor or sent by fax but never transmitted via computer network.
