New Medical Privacy Rules Take Effect

[This article was originally published on April 15, 2003.  The links were updated on August 23, 2018.]

The first federal law that guarantees medical privacy, the Health Insurance Portability and Accountability Act, has gone into effect. The new rules--which culminate a decade-long drive to overhaul the way doctors, pharmacists, hospitals, health care providers and others handle patient information--prohibit disclosure, without patient permission, of information for reasons unrelated to health care.

"This is the biggest thing to hit the health care sector since Medicare," says Dr. Jeffrey N. Hausfeld, an ear, nose and throat doctor in the Washington, D.C., area.

The rules were first written by the Clinton administration. The Bush administration weakened them before allowing them to take effect. See ElderLawAnswers news article, "Patient Advocates Critical of Bush's Final Medical Privacy Rules", Aug. 15, 2002.

The rules bar doctors and hospitals from giving out patient information to third parties for marketing purposes or to employers to use in making decisions about such things as promotions, unless a patient specifically agrees. Health care companies may not disclose information beyond what is minimally necessary to deliver care.

When their medical privacy is violated, patients may file complaints with the Department of Health and Human Services, which can then pursue criminal penalties, including a $250,000 fine and 10 years in prison for the most serious offenses.

Among the ways the new rules will change practices: callers to hospitals will be able to get little, if any, information about sick friends or relatives, pharmacists will discuss drug side-effects with customers away from other customers, and patient diagnoses will no longer be on sign-in forms at the doctor''s office.

Read articles about the new rules in the Los Angeles Times, Long Island Newsday, and the Boston Herald. (Articles may be only temporarily available.)