Let’s first explore why health records are such a crucial issue, and one that both the federal and state governments must take every opportunity to protect. Health information reveals an alarming amount of information and personal facts about individuals which can in turn lead “to stigma and discrimination when possessed and misused by government officials, employers, insurers, and by friends and family.” (National Center 2006). Consider the fact that an employer could access a potential employee’s medical records only to find out that the candidate had hepatitis or any other serious medical condition. This fact could then influence the employer’s decision on whether or not to hire this individual. An insurance company could find out the same kind of confidential information and subsequently deny insurance coverage to the individual.
While physicians have always had an ethical obligation to keep their patients’ medical information confidential based on the AMA’s Council on Ethical and Judicial Affairs, the AMA’s ethical guidelines are not binding by law. Instead, these guidelines allow “the patient to feel free to make a full and frank disclosure of information to the physician with the knowledge that the physician will protect the confidential nature of the information disclosed.” (AMA 2005). The patient’s full disclosure will then help the physician to diagnose and properly treat conditions, and in return for his patient’s honesty, the physician is generally bound by his ethical considerations not to reveal confidential patient/doctor communications. The legal obligations of the physician are defined by the US Constitution, as well as by federal and state laws and regulations. (AMA 2005).
Because unauthorized access and misuse of private health records were becoming more and more common, in April of 2003, the first federal privacy standards enacted to protect patients’ medical records and other health information was put into place. These standards were developed by the Department of Health and Human Services and “provide patients with access to their medical records and more control over how their personal health information is used and disclosed. State laws providing additional protections to consumers are not affected by this rule.” (Health and Human Services 2003).
The new federal laws offer these provisions:
v Patient access to their own medical records as well as the ability to request corrections if they identify errors or mistakes. Access to these records must be provided within 30 days, however the patient may be charged for copying.
v Covered health plans, doctors and other health care providers must provide a notice to their patients how they may use personal medical information and their rights under the new privacy regulation.
v The privacy rule sets limits on how health plans and covered providers may use individually identifiable health information; however the rule does not restrict the ability of doctors, nurses and other providers to share information needed to treat their patients.
v The privacy rule sets new restrictions and limits on the use of patient information for marketing purposes.
v The new federal privacy standards do not affect state laws that provide additional privacy protections for patients.
v Patients can request that their doctors, health plans and other covered entities take reasonable steps to ensure that their communications with the patient are confidential.
v Consumers may file a formal complaint regarding the privacy practices of their doctor or covered health plan. (Health and Human Services 2003).
The general purposes of the recommendations of the Department of Health and Human
Services were for boundaries to be set in the realm of health care information being disclosed only for health purposes and that health information should not be distributed unless the patient authorizes it or there is a clear legal basis for doing so. Additionally, the Department of Health and Human Services strives for accountability in that those who “improperly hold, distribute, or use health information should be criminally punished, especially when such actions are for monetary gain.” (National Center 2006). Finally, the goal of the Department of Health and Human Services is that “private interests of individuals must not override national priorities of public health, medical research, health services research, health care fraud and abuse, and law enforcement in general.” (National Center 2006).
As far as both regular and mental health issues are concerned, nearly all states address the
confidentiality of mental and other health records and information, although in a handful of states only a general law which applies to all health care information applies. One common criticism of health care information laws are that they mostly apply to information which is garnered in the “course of treatment and in the possession of the caregiver.” (Mental Health 2006). Because of this fact, different standards apply to the distribution of information that is in the possession of others who are not a party to the treatment relationship. In 1982 one expert found that between 25 and 100 people have access to an individual patient record, a number which has dramatically increased in subsequent years as the computer age has taken over.
There are exceptions to the current confidentiality laws, including consent by the person in treatment. If the person who has been in treatment consents to a waiver of confidentiality, or in the case of minors, their parents or guardians consent then the privacy and confidentiality laws become null and void. (Mental Health 2006) Some state laws include the exception that a clinician may restrict access to the patient’s records, even to the patients, if, in his opinion, access would cause harm to the client. Some proposals before Congress would permit disclosure to other providers without the patient’s consent, another exception. Finally, many states have provisions that permit disclosure of confidential information as needed in order to obtain reimbursement for treatment, and in the case of mental health, the controversy is ongoing as to whether families should be provided information regarding their adult children under certain circumstances. Some states allow that parents who are acting in the caregiver capacity can have access to patient records, others do not.
The debate will no doubt continue as access to information of all types grows easier and easier to come by, and each individual becomes more and more concerned about their own privacy.
AMA (2005). Patient Confidentiality. Retrieved September 8, 2006 from:
Health and Human Services. (2003). Protecting the Privacy of Patients’ Health Information.
Retrieved September 7, 2006 from:
Mental Health Resources. (2006). The Surgeon General’s Report on Mental Health
Confidentiality. Retrieved September 8, 2006 from:
National Center for Health Statistics (2006). Balancing Individual Privacy and Communal Uses
of Health Information. Retrieved September 8, 2006 from: