Logo Parade
Nutrition
Medicine
Exercise
Complementary
Professional and Personal Alliances
Quality of Life
Message from White House
Sponsors
HIV & Conference News
Founders Speak Out
Hope In Africa
Internet and Community Resources
Dosing Chart
Survey
Free Subscriptions
Copyright Information
Back Issues On Line
Letters to the Editor
Patients Assistance Program
Sponsorship and Media Guide
Enter Keywords
 

Medical Records Privacy for People with HIV

By Catherine Hanssens

In Washington, DC, a man leaving the hospital after treatment for an AIDS-related illness stops to chat with the receptionist who also has a second job where the man himself is employed. After he leaves, the receptionist gets access to his medical records, learns he has HIV, and tells everyone at their shared workplace.

In Atlanta, a bail bondsman loses his contract with the city after a local Health Department worker, who knows of the bondsman's HIV status, informs the local sheriff. Across town, a dental hygienist is fired after his treating physician takes it upon himself to inform the hygienist's employer. Outside of Baltimore, a gay father living with his lover has his child-visitation rights challenged by his ex-wife, who asks that the judge order the father to submit to an HIV test. The above scenarios are not hypotheticals from the early, bad days of AIDS, but real, and recent incidents. As these examples make plain, the privacy and confidentiality rights of people living with HIV have a continuing importance and immediacy.

With the rapid rise of reliance on electronic storage and transfer of sensitive personal information, the public has voiced increasing concern about the rights and abilities of citizens to control third-party access to private medical information. This concern is particularly acute for people living with HIV and AIDS, due to the continuing stigma and punitive reactions that their status engenders and the questionable ability of federal disability antidiscrimination laws to curb such reactions. The Department of Health and Human Services (HHS) has proposed rules creating national standards for the privacy of medical records. According to HHS, these standards will address growing public concerns about the use of electronic technology and the substantial erosion of the privacy surrounding individually identifiable health information maintained by their doctors and insurers. While the proposed standards, lauded by President Clinton last fall, do provide some important protections, less publicized provisions allowing disclosures of this information without individual authorization raise major privacy concerns, particularly for those whose medical and insurance records contain sensitive information such as HIV status.

An initial problem is the limited scope of the rules. Many of those who receive information from health insurers and care providers are not subject to the rules restrictions mandated by the rules on subsequent disclosures. Researchers, life insurers and marketing firms, for example, are not covered under the rules.

A second, equally serious shortcoming is the explicit exclusion of inmates and detainees from any protection under these rules. Incorrectly asserting that existing federal laws adequately protect inmate records, and citing the unique circumstances involved in overseeing prisoners and detainees, the rules completely exempt correctional employees from the confidentiality requirements of the HHS rules. A more reasonable alternative would tailor the rules to accommodate the peculiarities of prison healthcare services while limiting access to non-medical staff to sensitive medical information. Inmates retain the right to the confidentiality of personal medical information. Maintaining good order and protecting prisoners' well-being does not necessitate a complete lack of restriction on the sharing of sensitive health information. While limited information, such as the identity of suicide risks, must be shared with correctional personnel to ensure proper supervision and the safety of those in their custody, there is no justification for providing criminal justice personnel carte blanche to share inmate health information for purposes unrelated to the provision of health care. This is particularly true for former inmates and detainees, where the legitimate purposes of maintaining order and providing needed care no longer apply. The failure to protect this information is in conflict with current case law and can produce serious consequences for inmates and their families.

Finally, the proposed rules permit inappropriately broad use and disclosure of personal medical information without the consent of or even notice to the affected individual in court proceedings (without a court order in many circumstances) and in connection with law-enforcement activities. Despite the well-documented misuse of information about HIV status of individuals by criminal-justice personnel, the rules actually propose to relax some current restrictions on the access of law-enforcement authorities to this information.

Allowing law enforcement officials to have access to sensitive health information armed only with an administrative request in many instances effectively ensures inappropriate privacy intrusions. The risk of harm posed by these intrusions is significant, particularly for individuals with HIV, whose health status alone is often treated as evidence of a crime in itself. The regulations should require that law enforcement officials obtain legal process issued by a neutral magistrate or judge prior to securing access to protected health information. The standard used in determining whether personal medical information should be released to the police should provide at least as much protection as federal law currently gives to the records of the videos we rent. The Video Privacy Protection Act of 1988 states that law enforcement personnel can obtain access to an individual's video rental information only after obtaining a warrant or court order, based on a showing of a compelling need for the information that can't be accommodated by any other means.

The HHS rules will not be finalized before late spring, 2000. Until then, it is particularly important that health care professionals let officials at HHS and in Congress know the importance of privacy guarantees to doctor-patient relationships and the provision of care. The need for privacy assurances is particularly urgent for members of already-marginalized communities, which have ample reason to hesitate in assuming the good faith of law enforcement attentions that HHS seems to take for granted.

Catherine Hanssens is director of the AIDS Project for Lambda Legal Defense and Education Fund. Active in HIV/AIDS legal and policy issues since 1984, Hanssens plays the leading role in development of Lambda's HIV policies on issues such as testing and surveillance, appropriate prevention interventions, autonomy in health care decision making, and access to care. Hanssens manages all of Lambda's briefing on U.S. Supreme Court cases affecting people with HIV.
Back to top | back to
CVS ProCare Pharmacies BMS Virology MTI Biotech Roche Laboratories GlaxoSmithKline Ortho-Biotech Roche Diagnostics