About Us 

Parents Requesting Open Vaccine Education
    PROVE Home    |     Donations     |     Subscribe     |     Other Resources

Your Rights and the Law
Vaccines: A Closer Look
Other Resources

Bad Medicine
Uncle Sam says a new law bolsters medical privacy. Civil libertarians doubt it.


Cover Story

Mark your calendars for April 14. On that day next year, say civil libertarians, the federal government will move inside your body. The feds will know everything about your medical history -- yeah, Don Juan, even those genital warts -- because of a simple five-letter acronym: HIPAA.Spun to the media as the best thing to happen to personal privacy since the bedroom door, the Health Insurance Portability and Accountability Act will make sweeping changes to the health-care industry in this country.

"Patients now will have a strong foundation of federal protections for the personal medical information that they share with their doctors, hospitals and others who provide their care and help pay for it," U.S. Health and Human Services Secretary Tommy G. Thompson said in August.

The new privacy rules will make personal medical records so secure, the feds say, that football coaches are wondering if they'll still be allowed to release injury reports.

But HIPAA's many critics say that's simply not true. This new federal law gives government agencies and private corporations unfettered access to some of your most personal information, they contend.

"This isn't about medical privacy," said Sue Blevins, president of the Institute for Health Freedom, a Washington, D.C. think tank that advocates consumer choice in health care. "It's truly about making claims processing a faster and more efficient system."

Fifteen years from now, the health-care landscape will have changed dramatically, Blevins and other HIPAA critics say. Buoyed by advances in technology, the federal government and health-care providers will use personal medical IDs to link patients to a centralized database of personal medical records.

Victims of a car accident, or just some random revelers caught on camera as they walk through Ybor City, could be recognized using biometric identifiers and then associated with their medical records. Everything, from a list of immunizations to physical examination dates, would be available to government, medical and insurance personnel.

This, of course, has benefits. An emergency-room trauma team would have easy access to patient information, such as blood type, pre-existing conditions and allergies. Insurers would also be able to process claims more efficiently, speeding up the delivery of health care.

But this also has drawbacks. The federal government, which already has proven itself ineffective at protecting secret Pentagon information from computer hackers, would be responsible for securing medical records.

What's more, under HIPAA, there is little recourse for victims of deliberate or accidental disclosure of sensitive medical information. If the public learned that a celebrity or public official had AIDS, the damage would be done.

"We won't feel HIPAA right away," said Blevins. "But in about 10 to 15 years, people are going to be feeling some pain."

Pain is what people began to feel 10 to 15 years after the federal government's 1973 creation of HMOs. HIPAA might not be that different.

Hillary Health CareSince the Great Depression, the government has been expanding its control over the health care of Americans -- from the Social Security Act of 1935 to the Health Insurance Portability and Accountability Act of 1996.

For the government's more recent expansion, you can thank, in part, Hillary Clinton and her failed proposal to guarantee quality medical care for all Americans.

The Health Security Act of 1993 was supposed to be the First Lady's grand entrance into public policy. But Republicans in Congress killed it. The bill, however, wasn't an entire failure. Many of its proposals became the framework for HIPAA three years later.

As the Health Security Act would have done, HIPAA stops the insidious practice of insurance companies dropping members who file expensive claims. The law's portability provisions also ensure that Americans will not be locked into jobs because of fears they will lose medical coverage while changing employers. Additionally, because of HIPAA, insurers will not as easily deny coverage for pre-existing conditions.

But not everything in "Hillary Health Care," as HIPPA critics like to call it, is so benevolent.

As the Health Security Act would have done, HIPAA enforces the standardization of medical data, the creation of personal medical IDs for every American, and the institution of strict penalties for health-care workers who do not adhere to federal regulations.

"Many of the provisions that are most worrisome in HIPPA were literally copied verbatim" from the Health Security Act, said Charlotte A. Twight, an economics professor at Boise State University and author of Dependent on D.C.: The Rise of Federal Control Over the Lives of Ordinary Americans.

HIPAA designs a medical environment that makes it easier for insurance companies to process claims and turn profits. The law allows anyone to look at your personal medical information as long as it is necessary for an insurer to process claims.

In 1996, up to 400 people would have seen at least part of an individual's medical record during the claims process, according to the Congressional Research Service. Blevins, Twight and other HIPAA critics believe that number can only increase.

And it isn't just fellow Americans who will see your private records. Your mental breakdown at last year's company Christmas party could become the butt of lunch-hour jokes in India.

Yeah, India.

Or Pakistan.

Hell, maybe even the Philippines.

Jewel of the Medical EmpireVickie Julian isn't someone you'd expect to lead a grassroots campaign against federal laws. A registered Republican, she never had an interest in public life. "I never imagined I'd ever be called a radical," Julian said.

But a radical she's been called. Since August, Julian has been collecting signatures for her campaign, "Tighten Up, America." As of the middle of November, she had more than 400.

The owner of a St. Petersburg medical transcription company, Julian, 48, is outraged by the growing trend of outsourcing medical transcription to such countries as India, Pakistan and the Philippines, where labor is cheap and plentiful. She wants Congress, or at least the Florida Legislature, to require medical information to stay within our geographical borders.

Medical transcription is an unregulated industry worth an estimated $15-billion. For some Americans, it offers the benefit of working from home. Julian's workers log on to her secure network using broadband Internet connections.

For time-crunched doctors unwilling to record medical information by hand, transcription is a solution. Doctors use a small Dictaphone to record a patient's ailment and treatment. The recording is then uploaded to a medical transcription company, which transcribes the dictation into a word-processing file that is later printed and inserted into the patient's medical record.

Oftentimes, the doctor's recording includes not only the names of patients but their Social Security number as well.

"Little about a patient is more revealing than the dictated and transcribed or text portion of the health record," Pat Forbis, associate executive director of the American Association for Medical Transcription, testified before Congress.

Advancements in technology, coupled with a shortage of medical transcribers in this country, have led to outsourcing overseas. When a doctor uploads the voice recording, the sound file is just as easily sent to India as it is to Julian's St. Petersburg office.

Under HIPAA, doctors are not obligated to inform patients where information is sent. It's possible, even likely, that doctors themselves do not know where the information goes. Most companies using overseas labor are headquartered, and seemingly operate, in the United States. According to HIPAA, an overseas medical transcription company is a "covered entity" that must comply with U.S. laws and regulations as long as it has a stateside "business associate."

Medical records are perfectly safe overseas, according to Donna Gustafson. A vice president for the global health practice of a Michigan company that provides encryption and security technology to companies that employ overseas transcribers, Gustafson believes medical records are just as safe, if not safer, overseas.

"In these countries -- whether it's India, the U.K. or Australia -- they have very stringent data-protection laws," Gustafson said.

The United States is in fact behind the rest of the world in establishing data-security laws. Europe has been outsourcing medical transcription services for years, Gustafson added.

Tampa Bay area hospitals are among those following Europe into this brave new world of health care. In August, Bayfront Medical Center and St. Anthony's Hospital, both in St. Petersburg, inked deals with CBay Systems for medical transcription services. Maryland-based CBay Systems is known for its large workforce in India. The deals with Bayfront and St. Anthony's mean a significant chance exists that voice recordings created in St. Petersburg's two largest hospitals will be transcribed overseas.

This outsourcing trend has divided the medical transcription industry. The Medical Transcription Industry Alliance, an organization whose board includes chiefs of some of the nation's largest medical transcription companies, promotes the use of overseas labor. The alliance has even been known to serve Indian food at its U.S. conferences.

Conflicted by privacy concerns and the need to maintain its membership numbers, the American Association for Medical Transcription does not take an official stance on overseas transcription services. However, the testimony of association director Forbis before Congress indicated that the organization does have concerns about the security of information once it travels outside our borders.

"Events of the past decade have introduced outside influences that have created a dangerous gap between the public and the confidentiality and security of health care information that they deserve," Forbis testified. "The gap must be closed."

Meet Your Big BrotherAmericans value medical privacy. A Gallup poll commissioned by the Institute for Health Freedom found that 78 percent of those polled said they considered the confidentiality of medical records to be "very important." Even more, 92 percent, opposed granting the government access to medical records, while 82 percent objected to insurance companies having access.

These numbers explain why the most controversial part of HIPAA is not what it says, but what it does not say.

HIPAA's proponents argue that it does not create a centralized database of personal medical information. Critics maintain that HIPAA clears the way for the creation of one or more databases. Both groups are correct.

Nowhere in HIPAA does the federal government legislate the creation of a medical database. Most of the bill seems rather benign. It's filled with simple language intended to standardize data formats and allow insurance companies to perform tasks more expediently.

"A lot people took as part of this that the government used [HIPAA] to get access to medical information that it wasn't able to access," said Tracy M. Field, an Atlanta medical claims attorney specializing in HIPAA regulations.

The federal law does not create a national database, said Field, and you'll only hear wild-eyed conspiracy theorists crying wolf. "It's not that Big Brother is now keeping track of you any more so than could have happened before," Field said.

That's true, agreed Blevins of the Institute for Health Freedom. HIPAA doesn't create a database. But, then, it doesn't stop one from being created, either.

HIPAA reinvigorates the 50-year-old federal National Committee on Vital and Health Statistics and charges it with being the principal advisory group for health information policy. If the federal government creates a national health database, this committee will be responsible for it.

The committee maintains that it is building only a system by which information can be shared between physicians and insurance companies -- a system known as the National Health Information Infrastructure (NHII).

According to committee proposals and reports, every American will have an NHII profile known as a "personal health dimension." While the individual will have ultimate control over what is and is not included in the profile, the NHII will likely have your patient identification and emergency contact information, health history, insurance provider, list of allergies and current medications, and any recommended preventative treatments available to you based on your information.

Physicians will have immediate access to your relevant health information. You'll receive electronic reminders to take medications and vitamins. Patients will be able review physician ratings on the Internet as easily as they view those of eBay sellers.

Americans will be able to transmit their health information to select doctors or insurance companies at their discretion. Indeed, if you listen to Uncle Sam, HIPAA will deliver medical power to the people.

But, then, you also might want to listen to Dawn Richardson. She co-founded Parents Requesting Open Vaccine Education, or PROVE, a citizen group fighting the Texas Department of Health's vaccine-tracking database.

Known as ImmTrac and signed into law by then-Gov. George W. Bush, the database tracks the immunizations of Texas children. Under Texas law, doctors must release child-patient identification and immunization records to the state.

Richardson believes that the law not only represents a breach of privacy, but a way for her state to force immunization on her children. Immunization shots can have serious if rare side effects, some resulting in death. "There are a lot of parents whose children have had bad reactions to vaccines," said Richardson.

While Richardson has been successful in spreading the word about ImmTrac, she has a loftier goal -- taking on HIPAA. ImmTrac and databases like it represent a foundation from which the feds can build a national health database, Richardson believes.

"It burns me up that they're calling these medical privacy rules when they give numerous government agencies access to your records without your knowledge or consent," Richardson said of HIPAA.

The federal government could easily fold databases such as ImmTrac into a single, more comprehensive database of personal health information, according to Dependent on D.C. author Twight. "Even if the databases are decentralized, they can be centralized at the click of a mouse," Twight said.

In 2001, Richardson joined a lawsuit filed by an association of physicians and surgeons against HHS and Secretary Thompson that requested a ruling on whether HIPAA violates constitutional rights by granting unreasonable searches and seizures of private medical information and "chilling" doctor-patient communications.

In addition to Richardson, other plaintiffs included PROVE co-founder Rebecca Rex, Darrel McCormick of Gainesville, Fla., and, most notably, U.S. Rep. Ron Paul (R-Texas), a physician by trade and one of HIPAA's most outspoken critics.

"It puts people in an adversarial position with their physicians," said McCormick, former billing manager at Shands Healthcare System at the University of Florida, speaking of HIPAA. "Why should the government put something between me and my physician?"

Rep. Paul maintains that HIPAA in no way enhances privacy. In fact, the Texas congressman believes it does the opposite.

"Only in Washington can so-called 'medical privacy' regulations actually authorize such blatant invasions of privacy by the government," Paul wrote in one of his online columns.

A federal court in June dismissed the lawsuit. "Because there has been no government attempts to access plaintiffs' medical records, plaintiffs have not experienced any unwarranted invasion of their privacy," U.S. District Judge Sim Lake wrote in his ruling.

A similar fate befell a lawsuit filed by the South Carolina Medical Association, which claimed HIPAA violates the due-process clause of the Fifth Amendment. Both dismissals are under appeal.

Field, the medical claims attorney in Atlanta, believes the federal courts made correct decisions. But could the constitutionality of HIPAA be challenged after next April 14, when the law goes into effect? "I'm going to give you the standard lawyerly response," said Field. "It's possible."

Bad Data, Bad MedicineA database is only as good as its data. HIPAA's critics believe any database the government creates will be so tainted with bad information that the database either will be useless or will substantially decrease the quality of health care provided in this country.

Knowing that what they say could be put in a database and used against them, Americans will not be honest with doctors, critics say.

According to a survey of 344 physicians conducted by the anti-HIPAA Association of American Physicians & Surgeons, 96 percent of surveyed physicians opposed the law's privacy rules.

As proof of what the association characterizes as a "chilling" of doctor-patient confidentiality, 87 percent of physicians reported having been asked to keep information out of patient records, while 78 percent said they had indeed withheld information from records because of privacy concerns.

"Patients are withholding information, and doctors are lying because of privacy concerns," Kathryn Serkes, the association's public affairs counsel, commented in a statement. "The obvious conclusion is that these rules will only exacerbate the situation to the point of distorted, incomplete and potentially dangerous medical records becoming the norm. Physicians' ethics will be further challenged, the choice between government compliance and lying for a patient."

Despite maintaining that a database isn't in the works, federal officials do admit that patient data will be shared for reasons including drug marketing and health studies.

But have no fear, fellow Americans. Your personal data will be de-identified, according to the feds. If someone accesses your medical records, they will have no way of knowing that it belongs to you because it will not include such identifying fields as your name and Social Security number.

After all, who cares if someone finds out that a man born on Feb. 18, 1968, and living in zip code 33701 has a history of manic depression?

Latanya Sweeney does. An assistant professor of computer science and public policy at Carnegie Mellon University, Sweeney proved how easily people could be associated with their purportedly de-identified data. All you need is a person's five-digit zip code, gender and date of birth to uniquely identify 87 percent of the U.S. population.

To make her point, Sweeney used de-identified medical data provided by a Massachusetts agency that purchases health insurance for state employees and compared the data to a list of voters in one Bay State city. Sweeney wanted to show that even then-Massachusetts Gov. William Weld's data was not protected. The Carnegie Mellon professor compared Weld's gender, date of birth and zip code, all provided in the de-identified medical data, to the voter roll in Cambridge, where the governor lived at the time. The roll included the same data fields, plus the voter's name.

"Only six people had his birth date, only three of them were men, and he was the only one in his five-digit zip code," Sweeney explained at a forum on technology and health reform.

Privacy can never be guaranteed. The more widely distributed your information, the higher the chances it could be made public. "If you think the government can protect data, you're living in a fantasy world," said McCormick.

That's one reason Vickie Julian won't give up on her quest to raise awareness of outsourcing medical transcription services to India and other countries, where she speculates that medical information could be bought and sold like spices at a bazaar.

"The dollar is worth a lot of money there," Julian said. "You can't secure the safety of medical records."

But Florida legislators could.

Tally to the Rescue?If doctors in all 50 states and the U.S. territories use the same data formats, insurance companies can streamline the claims-processing system and reduce labor costs. At the same time, if one state or territory refuses to cooperate, HIPAA's power drops significantly.

Florida is among a handful of states that could challenge HIPAA. Because the state constitution includes a privacy clause guaranteeing "the right to be let alone and free from government intrusion into the person's private life," the Florida Legislature could enact privacy laws that trump HIPPA.

That's exactly what Julian has asked Pinellas County's state legislative delegation to do.

"We would like to implement a state law that mandates ... all citizens' medical records be processed within the U.S. geographical border, where our laws are fully enforced," Julian told local lawmakers at a recent hearing in St. Petersburg.

That's the tack the Institute for Health Freedom has advocated for states such as Florida. But our Legislature's willingness to throw a wrench into federal policy remains questionable. Pinellas delegation members seemed uninterested in anything Julian had to say at the hearing.

Maybe it was because her speech involved the complexities of electronic data transfer. Maybe it was because three minutes wasn't enough time to explain the risks of sending medical records overseas. Or maybe, just maybe, Florida lawmakers haven't noticed or cared that the federal government has usurped more of their power.

No matter the reason, Julian isn't planning to give up yet. "Let us close the gap," she said. "One state may follow another."

Contact Staff Writer Trevor Aaronson at 813-248-8888, ext. 134, or

  Contact Us  |  Membership  |  Related Sites

April 5, 2008

 ©2011 Parents Requesting Open Vaccine Education. All rights reserved. Terms of Use | Privacy Statement