HIPAA news
HIPAA advisory
HIPAAdvisory > HIPAAnews Phoenix Health Systems
news
regs
action
tech
views
wares
alert
live
notes
latest
online HIPAA training
HIPAAstore
HIPAA help desk
search
contact us
site map

Rep. Armey Urges HSS Sec.Thompson to Fix Controversial Medical Privacy Regulations

May 2, 2001

House Majority Leader Dick Armey wrote to Secretary of Health and Human Services Tommy Thompson today, urging specific changes to the controversial Health Insurance Portability and Accountability Act (HIPAA) regulations recently finalized by the department.

Though the regulations are intended to increase privacy protection for medical records, one provision would actually undermine that goal by giving the government unprecedented access to sensitive medical records.

"This startling provision grants federal agents the power to look into citizens' medical records without a warrant, 'at any time and without notice,'" wrote Armey. "Americans' medical records should be protected from all bureaucrats, not just corporate ones."

Armey urged Secretary Thompson to take advantage of his authority to modify the regulations for up to two years after they have been finalized. The suggested changes would require the Secretary to obtain a search warrant in exigent cases where documents might be hidden or destroyed.

"We demand federal agents obtain a search warrant before going through our other personal papers," wrote Armey. "Why not our medical records, which are often even more sensitive?"

"As you work to modify the medical privacy regulations, please, Mr. Secretary, consider the wisdom of opening up people's personal medical records to federal agents without Fourth Amendment protections," wrote Armey.

Full text of Rep. Armey's letter follows:

Letter: Fixing the Medical Privacy Regulations

May 2, 2001

The Honorable Tommy G. Thompson
U.S. Department of Health and Human Services
200 Independence Avenue, SW
Washington, D.C. 20201

Dear Secretary Thompson:

Now that the President has decided to finalize the medical privacy regulation under the Health Insurance Portability and Accountability Act (HIPAA), I write to suggest specific changes to that controversial regulation, in hopes you will use your authority to strengthen rather than endanger the medical privacy of all Americans.

As I said in my earlier letter, there is language in the medical privacy regulation that grants the Department of Health and Human Services (HHS) full access to every American's private patient medical records. To wit:

A covered entity must permit access by the Secretary during normal business hours to its facilities, books, records, accounts, and other sources of information, including protected health information, that are pertinent to ascertaining compliance with the applicable requirements of this part 160 [relating to the administration of this regulation] and the applicable standards, requirements, and implementation specifications of subpart E of part 164 of this subchapter [relating to the protection of patient medical records]. If the Secretary determines that exigent circumstances exist, such as when documents may be hidden or destroyed, a covered entity must permit access by the Secretary at any time and without notice. (Emphasis added.)

-- Federal Register, Vol. 65, No. 250, December 28, 2000, p. 82802, Sec. 160.310(c)(1).

This startling provision grants federal agents the power to look into citizens' medical records without a warrant, "at any time and without notice." Every family that cherishes its privacy ought to be disturbed by this massive grant of federal authority. Americans' medical records should be protected from all bureaucrats, not just corporate ones.

I therefore respectfully suggest the following changes be made to this section of the regulation:

  1. Insert the words "upon at least 24 hours' notice" after the word "Secretary" in the first sentence.
  2. Strike out the last sentence altogether.
  3. Add language requiring the Secretary to obtain a search warrant in those exigent cases where he or she has reason to believe documents might be hidden or destroyed.

We demand federal agents obtain a search warrant before going through our other personal papers. Why not our medical records, which are often even more sensitive?

Let us remember that federal agencies have a terrible track record when it comes to protecting sensitive information:

  • HHS received an "F" last year on computer security from the House Government Reform and Oversight Subcommittee on Management and Information Technology.
  • Monday's newspapers reported that websites operated by HHS and Labor were broken into and vandalized Saturday by hackers, who posted a picture of a deceased Chinese pilot on the HHS site. How can we be sure that other, more sensitive HHS databases have not been similarly compromised?

As you work to modify the medical privacy regulations, please, Mr. Secretary, consider the wisdom of opening up people's personal medical records to federal agents without Fourth Amendment protections. Americans deserve to know their privacy is being protected and not threatened by their own government.

Thank you for your consideration.

Respectfully,
Dick Armey
Member of Congress

Go to TOP