Privacy Rights, HIPAA, and the AAP: About Right; About Time

Abstract

In the June 2001 issue of Pediatrics , Russell W. Chesney, MD, published a commentary entitled, “Privacy and Its Regulation: Too Much Too Soon, or Too Little Too Late.”1 His paper outlines many questions about the potential problems and unwarranted intrusions into health care of the Final Privacy Rule of the Health Insurance Portability and Accountability Act of 1996 (HIPAA).2 In the months since the publication of the rule on December 28, 2000, there has been quite a lot of activity. In February 2001, Tommy G. Thompson, the new Secretary of Health and Human Services, reopened this regulation for a second comment period. After some questioning about how they should proceed, the Secretary informed Congress that the Bush Administration would indeed implement the privacy rule’s provisions as published. He described a president taking “ a bold and definitive step to protect the rights of citizens ” and that he “ wants strong patient privacy protections put in place now.”3 With the effective date of implementation of April 14, 2001, the privacy provisions are slated for compliance by most clinical entities by April 14, 2003. This act of acceptance was the culmination of a process toward greater patient privacy that the American Academy of Pediatrics (AAP) has tracked and written about for years.4–7 The AAP was consulted during the writing of these regulations, is quoted in its text, and supports its intent of creating a federal standard for patient confidentiality. Because of its complexity and its wide-ranging scope, many concerns have been raised, and Dr Chesney does a good job of airing these concerns. As I read his commentary, his primary concerns are as follows: 1. The implementation impact on medical education, research, and public health monitoring; 2. The financial impact of the regulations on cost-effective care; …