HIPAA - it’s not an anniversary worth celebrating.

HIPAA, enacted 20 years ago yesterday, has all but eliminated patient privacy. The Health Insurance Portability and Accountability Act of 1996 (HIPAA), enacted on August 21, 1996, enabled computerization of medical records without patient consent and state and national health information (“on the grid”) networks, established national health data and transaction standards and created federal identification and tracking numbers for doctors, hospitals, clinics, health plans, employers and patients. 
 
All HIPAA national ID numbers are in place except the unique patient ID (UPI). In 1998, CCHF testified against the UPI before a federal committee in Chicago and in 1999, Congressman Ron Paul (R-TX) stopped the UPI by placing a ban on any funding for its development. But now lobbyists from the health information industry and others are pushing Congress to repeal the UPI funding prohibition to allow nationwide tracking and linking of patient data. 
 
In addition, the HIPAA “no-privacy” rule, which become effective in April 14, 2003, provides 2.2 million entities (plus local, state and federal government agencies) with access to private patient data without patient consent if a doctor, hospital, clinic, health plan, data clearinghouse, or other “covered entity,” as defined by the HIPAA law, grants access. Such access is being used to profile patients and doctors and to penalize both.
 
Congress needs to act. Congress should restore privacy rights to all patients everywhere by repealing the law (P.L. 104-191), rescinding the HIPAA “no-privacy” rule and restoring patient consent requirements for disclosure of and access to patient medical records.
 
And remember, the law does not require you to sign the HIPAA form or Notice of Privacy Practices acknowledgement…and the doctor still has to treat you (See #4). Twelve stories of those who refused.