It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Some features of ATS will be disabled while you continue to use an ad-blocker.
Would American citizens object if they knew 4 million health-related businesses distributed private details about their mental illnesses, cancer diagnoses, sexually transmitted diseases, prescriptions, addictions and sensitive genetic information?
'Part of the language that keeps people assured is they say things like, 'No unauthorized users can see your information.' That sounds pretty good,' she said. 'The problem is, they don't tell you how many authorized users there are.'
Amending HIPAA 'Privacy Rule'
Congress passed HIPAA in 1996, but it did not include a medical privacy statute. Rather, the Department of Health and Human Services, or HHS, was required to submit detailed recommendations on patient health privacy regulations. In 2001, HHS released "Standards for Privacy of Individually Identifiable Health Information," also known as "the Privacy Rule," 65 Fed. Reg. 82,462. The HIPAA "Privacy Rule" recognized the patient's "right of consent"
...the HHS amended the "Privacy Rule" in 2002 and eliminated the patient's right of consent, granting permission to "covered entities" to share private health information:
"The consent provisions … are replaced with a new provision … that provides regulatory permission for covered entities to use and disclose protected health information for treatment, payment, and health care operations."
67 Fed. Reg. at 53,211
This amendment provides federal "regulatory permission" to more than 600,000 "covered entities" and millions of "business associates" to use and disclose identifiable health information for a variety of "routine" purposes.