Online Medical Records and Privacy


Who gets a peek at online medical information?

It’s 10 a.m. Do you know where your medical records are? That’s a question that has a lot of people worried. What if the boss found about that mental health problem you were treated for? Or suppose the life HIPAA, for the bipartisan Health Insurance Portability and Accountability Act, also known as the Kennedy-Kassebaum Act of 1996.

The act is designed to encourage the use of electronic transactions in health-care while safeguarding the security and confidentially of health information. According to the U.S. Department of Health and Human Services, most health insurers, pharmacies, doctors, and other health-care providers are required to comply with the standards.

Among other things the HIPAA rules are supposed to guarantee:

  • Patient access to copies of their medical records within 30 days of request for identification of errors and mistakes the records.
  • Notification of how personal health information may be used, and the right to restrict how that information is used, as well as limits imposed on providers. Under the rules, patients need to grant specific authorization for release of records to outside entities such as life insurers, banks, marketing firms, or other businesses.
  • Prohibition on sharing of patient information by pharmacies, , and others with marketing firms without the express consent of the patient.

To put some teeth into the measure, Congress provided civil and criminal penalties for individuals or groups that misuse personal health information. Violations of patient civil rights are subject to penalties of up to $100 per violation for a maximum of $25,000 per year.

“Criminal penalties apply for certain actions such as knowingly obtaining protected health information in violation of the law. Criminal penalties can range up to $50,000 and one year in prison for certain offenses; up to $100,000 and up to five years in prison if the offenses are committed under ‘false pretenses’; and up to $250,000 and up to 10 years in prison if the offenses are committed with the intent to sell, transfer or use protected health information for commercial advantage, personal gain or malicious harm,” according to a fact sheet published by the HHS Office of Civil Rights.

Will all of these measures protect patient privacy? Maybe. But in any case, privacy has long been an uncertain commodity in American life. As Irish playwright and author George Bernard Shaw told a New York audience in 1933, long before the Internet was even dreamed of, “an American has no sense of privacy. He does not know what it means to. There is no such thing in the country.”

Originally Published: September 2003