Spring, 1998
19 Hamline J. Pub. L. & Pol'y 553
LENGTH: 14558 words
CURRENT PUBLIC LAW & POLICY ISSUE: IT'S 1998, DO YOU KNOW WHERE YOUR MEDICAL
RECORDS ARE? MEDICAL RECORD PRIVACY AFTER THE IMPLEMENTATION OF THE HEALTH
INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996. n1
n1. Health Insurance Portability and Accountability Act of 1996, Pub. L. No.
104-191, 262(a), 110 Stat. 1936 (1996) (codified as amended in scattered
sections of 18, 26, 29 and 42 U.S.C.A.); 42 U.S.C.A. 1320d to 1320d-8 (West
Supp. 1998).
Eric Wymore
SUMMARY:
... With the increased computerization of the health care industry and the
increased pressure placed upon health care providers for patient records by
insurers, employers and others, the amount of personal medical information that
is routinely disclosed has become enormous. ... Two important elements of this
provision are the requirement that all health information be kept in electronic
form and that each individual be given a unique health identifier. ... Finally,
this article contends that the implementation of standards enabling wide
availability of individually-identifiable medical records requires careful
attention to both the establishment of comprehensive privacy legislation to
protect patients from illicit use of their medical information, and to the
creation of the standard for the individual health identifier, which will ensure
the security of the information contained in computer databases. ... Rather,
strong federal privacy legislation should provide the minimum level of
protection for medical record privacy. ... With the possibility of linked
medical databases resulting from the Administrative Simplification provisions of
HIPAA, greater access to comprehensive medical data about an individual may
become available to researchers. ... Due to the problems surrounding the
existing SSN system, some of which will not be solved with the modified SSN,
proposals have been made that would create an entirely new identification system
for the health care identifier. ...
TEXT:
[*553]
I. Introduction
Most Americans are probably unaware that their video rental records are better
protected by law than their medical records. n2 In fact, the only protections
medical records have are the self-imposed standards of the medical community n3
and, to some degree, state and federal laws. With the increased computerization
of the health care industry and the increased pressure placed upon health care
providers for patient records by insurers, employers and [*554] others, the
amount of personal medical information that is routinely disclosed has become
enormous. n4
- - - - - - - - - - - - - - - - - -Footnotes- - - - - - - - - - - - - - - - - -
n2. See Confidential Medical Information, Before the Senate Comm. on Labor &
Human Resources, 105th Cong. (1997) [hereinafter Labor Comm. Hearing] (testimony
of Donna Shalala, Sec'y of Health & Human Servs.), available in Westlaw,
USTESTIMONY, 1997 WL 566029 (citing 18 U.S.C.A. 2710 (West Supp. 1998)
(prohibiting wrongful disclosure of video rental records)). This example has
been widely used in newspaper reports due to the stark contrast between the
federal protection of video rental records and medical records. Id. Also see,
e.g., Rx for Privacy, Courier-Journal (Louisville, KY), Sept. 21, 1997, at 2D.
This contrast exists despite the fact that most Americans believe their medical
records are "somewhat" to "very important." See Harris survey, Nov. 1993,
available in Westlaw, POLL Library, File No. USHARRIS.93PRIV RK03.
n3. The Hippocratic Oath, required of physicians prior to entering the medical
profession, contains a provision demanding respect for patient privacy. "All
that may come to my knowledge in the exercise of my profession or outside of my
profession or in daily commerce with men, which ought not to be spread abroad, I
will keep secret and will never reveal." Stedman's Medical Dictionary 799 (26th
ed. 1995).
n4. See Paul M. Schwartz, The Protection of Privacy in Health Care Reform, 48
Vand. L. Rev. 295, 305, 310-11 (1995). A detailed example of the use of medical
information in the health care industry is provided in Why Your Health Privacy
is Threatened, Consumers' Res. Mag., Apr. 1997, at 24.
- - - - - - - - - - - - - - - - -End Footnotes- - - - - - - - - - - - - - - - -
Medical information in the wrong hands can not only be embarrassing, but
potentially devastating to an individual. Employers interested in reducing costs
look to medical information to make hiring, firing and promotional decisions. n5
Individuals can use this information to harass, embarrass or discriminate
against others. Examples of abuses of medical information have included the
following: A cost-conscious, self-insured employer, checking the utilization of
prescription drugs, discovered one of its employees was suffering from AIDS. n6
A political candidate's childhood treatment for depression was publicly revealed
by his opponent. n7 A thirty-one-year veteran FBI agent was reassigned and
ordered to undergo testing after records showing he had sought psychiatric
counseling for depression somehow found their way to the Bureau. n8 A convicted
child rapist, employed at a hospital, used the computer system to get the phone
numbers of almost 1000 [*555] young female patients to make obscene phone
calls. n9 These and many more abuses of health information have occurred due to
the lack of protection afforded to personal medical records.
- - - - - - - - - - - - - - - - - -Footnotes- - - - - - - - - - - - - - - - - -
n5. See, e.g., David F. Linowes & Ray C. Spencer, Privacy: The Workplace Issue
of the "90s, 23 J. Marshall L. Rev. 591, 593-94 (1990) (citing a survey of
Fortune 500 companies, which found that half of all employers use medical
records to make employment-related decisions).
n6. Doe v. Southeastern Pennsylvania Transp. Auth., 72 F.3d 1133, 1134-35 (3d
Cir. 1995), cert. denied, 117 S. Ct. 51 (1996). Although Doe remained an
employee, he maintained that he was treated differently by his coworkers after
their discovery of his disease. Id. at 1136.
n7. John Elvin, Medical Records - America's Private Parts Available to Prying
Eyes, Insight Mag., May 26, 1997, at 16. Tom Turnipseed, a Democrat from South
Carolina, was treated as a teenager for depression. Id. His opponent's campaign
director, Lee Atwater, commented "What do you expect from a guy who was hooked
up to jumper cables?" Id. Also, Senator Thomas Eagleton, selected as George
McGovern's presidential running mate in 1972, was replaced upon the disclosure
of his electroshock treatments for depression. Id.
n8. Rx for Privacy, supra note 2.
n9. Matthew Brelis, Patients' Files Allegedly Used for Obscene Calls, Boston
Globe, Apr. 11, 1995, at 1; Mark Hagland, Confidence and Confidentiality, Health
Mgmt. Tech., Nov. 1997, at 20.
- - - - - - - - - - - - - - - - -End Footnotes- - - - - - - - - - - - - - - - -
Broad access to medical information, however, can be a benefit to both the
individual and society. Immediate access to personal medical information can
greatly assist medical providers in emergency situations. Researchers use
medical information from patients to study long-term health effects and to
evaluate treatment methods. n10 Access by the government and insurers helps
fight fraud and abuse in the industry. n11 Access by employers can help ensure
the accommodation and safety of workers, as required by the Americans with
Disabilities Act and the Occupational Safety and Health Act. n12 The issues of
who has access to medical records and the privacy afforded those records have
become even more important as a result of recent federal legislation.
- - - - - - - - - - - - - - - - - -Footnotes- - - - - - - - - - - - - - - - - -
n10. See Labor Comm. Hearing, supra note 2 (testimony of Elizabeth B. Andrews,
Ph.D., Director, Worldwide Epidemiology for Glaxo-Wellcome, on behalf of the
Healthcare Leadership Council), available in Westlaw, USTESTIMONY, 1997 WL
679254.
n11. Lawrence O. Gostin, Health Information Privacy, 80 Cornell L. Rev. 451,
453-56 (1995).
n12. The Americans with Disabilities Act (ADA) requires reasonable accommodation
for disabled workers. 42 U.S.C. 12112(a), 12112(b)(5)(A) (1995). The ADA also
allows employers to require medical examinations and inquire into medical
histories under specific circumstances related to accommodation and safety. Id.
12112(d)(3). The Occupational Safety and Health Act (OSHA) mandates medical
surveillance programs which include medical examinations and inquiries in some
circumstances, such as when employees have occupational exposure to asbestos. 29
C.F.R. 1910.1001 (1997).
- - - - - - - - - - - - - - - - -End Footnotes- - - - - - - - - - - - - - - - -
In 1996, Congress passed legislation which could dramatically change the way
medical records are accessed. An "Administrative Simplification" provision of
the Health Insurance Portability and Accountability Act of 1996 (HIPAA) requires
the implementation of standards to facilitate the electronic transfer of [*556]
health information. n13 Two important elements of this provision are the
requirement that all health information be kept in electronic form n14 and that
each individual be given a unique health identifier. n15 These two requirements
will facilitate the creation of large, possibly nationwide, interconnected
databases of individually-identifiable medical records. n16 Two issues which
must be addressed before such networks become reality are the privacy
protections which will be provided for medical records and the security of the
information within the computerized databases.
- - - - - - - - - - - - - - - - - -Footnotes- - - - - - - - - - - - - - - - - -
n13. Health Insurance Portability and Accountability Act of 1996, Pub. L. No.
104-191, 262(a), 110 Stat. 1936 (1996) (codified as amended in scattered
sections of 18, 26, 29 and 42 U.S.C.A.); 42 U.S.C.A. 1320d to 1320d-8 (West
Supp. 1998).
n14. 42 U.S.C.A. 1320d-2, 1320d-4 (West Supp. 1998) (requiring health plans to
conduct electronic transactions when requested, either directly or through a
clearinghouse, which implicitly requires the information to be available in
electronic form).
n15. 42 U.S.C.A. 1320d-2(b)(1) (West Supp. 1998).
n16. See infra notes 64-71 and accompanying text.
- - - - - - - - - - - - - - - - -End Footnotes- - - - - - - - - - - - - - - - -
This article begins with a review of the statutory protection currently afforded
to the privacy of medical records by federal and state laws. Next, changes
brought about by the Administrative Simplification provisions of HIPAA will be
presented. This article asserts that the implementation of these provisions will
facilitate the creation of a national database of medical records by enabling
the linking of these records across numerous computer databases. Finally, this
article contends that the implementation of standards enabling wide availability
of individually-identifiable medical records requires careful attention to both
the establishment of comprehensive privacy legislation to protect patients from
illicit use of their medical information, and to the creation of the standard
for the individual health identifier, which will ensure the security of the
information contained in computer databases.
[*557]
II. Historical Protection of Medical Information
A. The Federal Privacy Act
Privacy provisions enacted by Congress over the years have had little effect in
protecting medical records. The legislation which has been promulgated either
regulates only the government's use of information about individuals, ignoring
the private sector, or regulates the handling of medical records in only
specific and narrow circumstances. The Privacy Act of 1974, n17 for example,
provides protection for individuals' records which are kept in a "system of
records" by government agencies. n18 The Act also requires that an agency may
only collect information to the extent necessary and relevant to accomplish its
purpose. n19
- - - - - - - - - - - - - - - - - -Footnotes- - - - - - - - - - - - - - - - - -
n17. 5 U.S.C. 552a (1994). The Privacy Act was amended by the Computer Matching
and Privacy Protection Act of 1988, which further regulates an agency's
disclosure of records "for use in a computer matching program ... [by another]
... agency or non-Federal agency ..." Id. 552a(o)(1).
n18. Id. 552a(a)(5) (defining a system of records as "a group of any records
under the control of any agency from which information is retrieved by the name
of the individual or by some identifying number, symbol, or other identifier ...
assigned to the individual").
n19. Id. 552a(e)(1).
- - - - - - - - - - - - - - - - -End Footnotes- - - - - - - - - - - - - - - - -
While this law provides some protection of individual medical records, the
protection falls short, as only information kept by government agencies is
covered. For example, an individual's medical records kept by the Veteran's
Administration would be covered by the law, but medical records of the same
individual in a private health plan would not. In addition, while the law
prohibits an agency from disclosing information to any person outside that
agency, it is subject to various exceptions, including statistical researchers,
court-authorized personnel or agencies, consumer reporting agencies, the Bureau
of the Census and, subject to some [*558] restrictions, law enforcement
agencies. n20 Since most medical information resides outside governmental
agencies, n21 the Privacy Act is of little help in protecting the privacy of
most medical records.
- - - - - - - - - - - - - - - - - -Footnotes- - - - - - - - - - - - - - - - - -
n20. 5 U.S.C. 552a(b) (1994). "No agency shall disclose any record which is
contained in a system of records by any means of communication to any person, or
to another agency, except pursuant to a written request by, or with the prior
written consent of, the individual to whom the record pertains, [subject to
provided exclusions]." Id.
n21. Terra Ziporyn, Hippocrates Meets the Data Banks, 252 JAMA 317, 318 (1984).
"Data systems maintained by states, multistate groups, insurance companies, or
health maintenance organizations are not covered under the act." Id.
- - - - - - - - - - - - - - - - -End Footnotes- - - - - - - - - - - - - - - - -
B. Other Federal Legislation
Federal lawmakers have also crafted narrow legislation which provides adequate
protection of health care records in specific circumstances. For example, strict
regulations limit disclosure of medical records related to the treatment of an
individual for drug or alcohol abuse. n22 These restrictions apply to all drug
or alcohol abuse programs which are federally assisted. n23 With few exceptions,
these records are released only with the [*559] express consent of the
individual to whom the records pertain. n24 Again, the weakness of this
protection is that it applies only to federally-assisted programs or
institutions and therefore does not provide any protection of records in
non-federally-assisted facilities. n25 Further, this law does not provide
protection for medical records outside of drug or alcohol programs.
- - - - - - - - - - - - - - - - - -Footnotes- - - - - - - - - - - - - - - - - -
n22. 42 U.S.C. 290dd-2 (1994).
n23. Id. 290dd-2(a).
Records of the identity, diagnosis, prognosis, or treatment of any patient which
are maintained in connection with the performance of any program or activity
relating to substance abuse education, prevention, training, treatment,
rehabilitation, or research, which is conducted, regulated, or directly or
indirectly assisted by any department or agency of the United States shall,
except as provided in [other provisions], be confidential and be disclosed only
for the purposes and under the circumstances expressly authorized under [this
provision].
Id.
n24. Id. 290dd-2(b)(1). This section does not apply to the exchange of records
within the Armed Forces or the Department of Veterans Affairs. Id. 290dd-2(e).
See also 42 U.S.C.A. 290dd-2(b)(2) (providing exceptions for bona fide
emergencies, scientific research and management audits with identifiable
information removed from the records, as well as court ordered disclosure).
n25. See Terra Ziporyn, supra note 21, at 318 (estimating "only 5% of the
medical data banks in the United States are covered").
- - - - - - - - - - - - - - - - -End Footnotes- - - - - - - - - - - - - - - - -
In 1990, Congress passed the Americans with Disabilities Act (ADA). n26 While
this law does little to protect the privacy of medical information, it does
attempt to limit how this information may be used. Specifically, the law forbids
employers from using medical information to pre-screen job applicants. n27 Only
after a conditional offer of employment may an employer seek medical
information, either by a medical examination or from medical histories. n28 The
information thus gathered from the employee cannot be used to deny employment or
advancement unless the employer can show that it would create an undue hardship
to accommodate the employee's physical or mental limitations. n29 Nevertheless,
once an employer has access to the information, it is possible that this
information will be used to discriminate against an employee. In short, the ADA
provides little protection for the privacy of an employee's medical information.
- - - - - - - - - - - - - - - - - -Footnotes- - - - - - - - - - - - - - - - - -
n26. 42 U.S.C. 12101 to 12213 (1994).
n27. Id. 12112(d)(2)(A).
n28. Id. 12112(d)(3) to 12112(d)(4).
n29. Id. 12112(a), 12112(b)(5).
- - - - - - - - - - - - - - - - -End Footnotes- - - - - - - - - - - - - - - - -
In sum, federal legislation has afforded little protection to most medical
information. Rather, Congress has, for the most part, left the level of privacy
afforded to medical information to the [*560] keepers of that information and
to the states. n30 The following section will show that the states' approach to
medical records has varied considerably. Responses range from a piecemeal
approach, similar to current federal protection, to comprehensive legislation
providing detailed regulation of medical records to ensure their privacy. This
will be illustrated by examples from three states.
- - - - - - - - - - - - - - - - - -Footnotes- - - - - - - - - - - - - - - - - -
n30. See Labor Comm. Hearing, supra note 2 (testimony of Donna Shalala, Sec'y of
Health & Human Servs.), available in Westlaw, USTESTIMONY, 1997 WL 566029.
- - - - - - - - - - - - - - - - -End Footnotes- - - - - - - - - - - - - - - - -
C. State Privacy Laws
Today's health care industry operates on a national basis with health care
providers and insurers spanning several states. n31 [*561] Due to the
interstate nature of the modern health care industry, much confusion surrounds
the application of the myriad state laws concerning medical records. When
records cross state boundaries, the laws change with respect to how that
information must be kept, and the level of protection afforded to those records.
n32 To help alleviate the problem of conflicting state laws, the National
Conference of Commissioners on Uniform State Laws proposed the Uniform Health
Care Information Act (UHCIA) for enactment by the states. n33 This Act was
designed to provide a model for state health care information protection. To
date, however, only two states, Montana and Washington, have adopted the UHCIA.
n34
- - - - - - - - - - - - - - - - - -Footnotes- - - - - - - - - - - - - - - - - -
n31. See Perspectives on Privacy, Confidentiality, Data Standards and
Medical/Clinical Coding and Classification Issues in Implementation of
Administrative Simplification Provisions of P.L. 104-191, before the National
Committee on Vital and Health Statistics, 105th Cong. (1997) [hereinafter
Perspectives on Privacy Hearing] (testimony of Michael Ralston, M.D., Director
of Quality Demonstration for Kaiser Permanente Medical Care Program) (visited
Mar. 1, 1998) <http://aspe.os.dhhs.gov/ncvhs/970604t1.htm>. "Kaiser Permanente
is the preeminent HMO in the United States.... Our national membership exceeds
7.9 million members in 18 states and the District of Columbia. It is the largest
private healthcare delivery program in the United States with 90,000 employees
and 9,400 full-time equivalent contracting physicians." Id.
It is not uncommon for a patient to receive care at a health care facility in
one state, to undergo tests in another state, and to obtain insurance coverage
from a firm in a third state. Francoise Gilbert, Privacy of Medical Records? The
Health Insurance Portability and Accountability Act of 1996 Creates a Framework
for the Establishment of Security Standards and the Protection of Individually
Identifiable Health Information, 73 N.D. L. Rev. 93, 94 (1997). Further, with
the distributed nature of some health care computer systems, a patient's medical
records may reside in one or more computers in one or more states. Id.
Furthermore, in some areas of the country, "telemedicine" (medical professionals
collaborating via electronic means, sometimes across several states) is rapidly
becoming more popular as a way of providing much needed medical expertise to
remote areas. Kent Conrad, Introduction to Symposium Issue, 73 N.D. L. Rev. 1
(1997). Examples of telemedicine can include "a specialist in a remote city ...
assessing a patient's medical condition ... [using records] sent via modem or
satellite," or the increasingly common practice of sending tests or x-rays to a
specialist in another state or city to be interpreted. Gilbert, supra note 31,
at 94.
n32. In her September 11, 1998 report to Congress, Donna Shalala, Health and
Human Services Secretary commented:
The computer and telecommunications revolutions mean that information no longer
exists in one place. It often travels in real time across hospitals, physicians,
insurers, even state lines. And, it can no longer be protected by simply locking
up the office doors each night.... When we give a physician or health insurance
company precious information about our mood or motherhood, money or medication,
what happens to it? As it zips from computer to computer, from doctor to
hospital, who can see it? Who protects it? What happens if they don't? It all
depends on the states you live in....When it comes to our private health care
records, we rely on a patchwork of state laws. [This] patchwork of state laws
does not provide Americans the privacy protections they need, particularly as
our health information becomes increasingly national - crossing state
boundaries." Labor Comm. Hearing, supra note 2 (testimony of Donna Shalala,
Sec'y of Health & Human Servs.), available in Westlaw, USTESTIMONY, 1997 WL
566029.
n33. Uniform Health Care Information Act (1985).
n34. Mont. Code Ann. 50-16-501 to 50-16-553 (1997); Wash. Rev. Code Ann.
70.02.005 to 70.02.904 (West 1997).
- - - - - - - - - - - - - - - - -End Footnotes- - - - - - - - - - - - - - - - -
[*562] The differences in state privacy protection can be illustrated by
examining three states: Oklahoma, California, and Minnesota.
1. Oklahoma
Oklahoma's privacy laws, as they relate to medical records, are similar to the
narrow approach taken by federal laws. Oklahoma has specific provisions
regarding the confidentiality of medical records relating to the treatment of
mental health disorders and drug and alcohol dependency, as well as information
identifying persons with communicable or sexually transmitted diseases. n35 It
also has laws regulating the use of medical records of nursing home residents.
n36 The State further provides for a patient's right to access her complete
medical record upon request. n37 Overall, however, the lack of comprehensive
state laws regulating medical records provides little protection for medical
records outside these specific areas.
- - - - - - - - - - - - - - - - - -Footnotes- - - - - - - - - - - - - - - - - -
n35. Okla. Stat. Ann. tit. 43A, 3-422 (West 1997) (relating to confidentiality
of drug and alcohol treatment records); Okla. Stat. Ann. tit. 43A, 1-109 (West
Supp. 1998) (relating to confidentiality of medical records for the treatment of
mental health); Okla. Stat. Ann. tit. 63, 1-502.2 (West 1997) (relating to
confidentiality of information identifying a "person who has or may have any
communicable or venereal disease....").
n36. Okla. Stat. Ann. tit. 63, 1-1918 (West 1997).
n37. Okla. Stat. Ann. tit. 76, 19 (West 1997 & Supp. 1998). However, "in the
case of psychological or psychiatric records, the patient shall not be entitled
to copies unless access to said records is consented to by the treating
physician or practitioner or is ordered by a court of competent jurisdiction
upon a finding that it is in the best interest of the patient...." Id.
- - - - - - - - - - - - - - - - -End Footnotes- - - - - - - - - - - - - - - - -
2. California
California is one of a few states which have comprehensive laws regulating the
treatment of individually-identifiable medical information. n38 California's
medical privacy laws allow health care [*563] providers complete access to
health care information, while reducing the amount of information accessible to
those responsible only for payment. n39 The law prohibits health care providers,
including clinics, health dispensaries or other health facilities, from
disclosing individually-identifiable medical information without authorization
from the individual. n40 The law allows for reduced access to insurers,
employers, and health care plan administrators responsible for rendering payment
for medical services. n41 These entities may receive information only to the
extent necessary to allow determination of responsibility for payment. n42
- - - - - - - - - - - - - - - - - -Footnotes- - - - - - - - - - - - - - - - - -
n38. Gostin, supra note 11, at 506. See Cal. Civil Code 56 to 56.37 (West 1997 &
Supp. 1998);
n39. Cal. Civ. Code 56.10 (West Supp. 1998); Lindbergh Porter, Jr., Employee
Privacy and Statutory Individual Rights, 548 Prac. L. Inst. 127, 147-48 (1996).
n40. Cal. Civ. Code 56.05(d), 56.10 (West 1997 & Supp. 1998). Subject to some
exceptions. See id. 56.10(b), 56.10(c) (including court orders, subpoenas and
search warrants, as well as health care professionals and facilities providing
care to the patient).
n41. Id. 56.10(c)(2).
n42. Id.
- - - - - - - - - - - - - - - - -End Footnotes- - - - - - - - - - - - - - - - -
The California law's weakness is its slight penalties for violations. Violation
of the law is only a misdemeanor offense. n43 Although the law also allows an
individual to recover compensatory damages, n44 civil claims for punitive
damages are limited to a maximum of $ 3,000 plus $ 1,000 in attorney fees. n45
In the context of a multi-billion dollar health care industry, these penalties
for wrongful disclosure seem unlikely to significantly deter violations. n46
- - - - - - - - - - - - - - - - - -Footnotes- - - - - - - - - - - - - - - - - -
n43. Cal. Civ. Code 56.36 (West 1997).
n44. Id. 56.35.
n45. Id.
n46. In 1995, more than $ 321 billion was spent on health services. Statistical
Record of Health and Medicine 2 (Charity Anne Dorgan, ed., Gale Research, Inc.,
1995). Total health expenditures by households, businesses, federal, state and
local governments was in excess of $ 706 billion. Id.
- - - - - - - - - - - - - - - - -End Footnotes- - - - - - - - - - - - - - - - -
[*564]
3. Minnesota
Minnesota has also enacted laws protecting individually-identifiable medical
information. Minnesota law forbids a health care provider, or a person who
receives health records, to release these records to someone other than the
patient, without that patient's signed and dated authorization. n47 The law
provides exceptions for disclosure to other health care providers treating the
patient, for medical emergencies, and with some restrictions, to insurers and
other claims payors. n48
- - - - - - - - - - - - - - - - - -Footnotes- - - - - - - - - - - - - - - - - -
n47. Minn. Stat. 144.335, subd. 3a(a) (1996). Like California, Minnesota law
also has slight penalties for violations. Violation of the law "may be grounds
for disciplinary action against a provider by the appropriate licensing board or
agency." Id. 144.335, subd. 6. See also, J.T.P v. St. Paul Ramsey, 1997 WL 65511
at *2 (holding violation of Patient's Bill of Rights, Minn. Stat. 144.651 to
144.6581 (1996), provides no private cause of action).
n48. Minn. Stat. 144.335, subd. 3a(a) (1996).
- - - - - - - - - - - - - - - - -End Footnotes- - - - - - - - - - - - - - - - -
Minnesota goes further than most states in its protection of medical records in
the hands of researchers. n49 Most notably, the law requires that for
information gathered after January 1, 1997, the patient must be notified and
must give written authorization for the use of her records in research. n50 This
consent may be revoked at any time. n51 Although this provision has been
controversial because of its possible negative effect on the availability of
data for research purposes, n52 it has nonetheless been considered a model for
federal privacy legislation. n53
- - - - - - - - - - - - - - - - - -Footnotes- - - - - - - - - - - - - - - - - -
n49. Id. 144.335, subd. 3a(d) (1996 & Supp. 1997).
n50. Id. The law requires that providers of medical information use reasonable
efforts to determine if the identity of the patient is important to the research
and that the recipient has established adequate safeguards to protect the
records from unauthorized disclosure. Id. 144.335, subd. 3a(d)(4).
n51. Minn. Stat. 144.335, subd. 3a (d)(2)(ii) (1996).
n52. Some researchers fear this will negatively affect their ability to conduct
research by jeopardizing this valuable source of medical data. L. Joseph Melton,
III, M.D., Sounding Board: The Threat to Medical-Records Research, 337 New Eng.
J. Med. 1465, 1466 (1997). Research utilizing information gathered from
individual medical records has resulted in "more than a thousand publications
describing the frequency and natural history of hundreds of different
conditions." Id. Also, at the Mayo Clinic in Rochester, Minnesota, medical
records from the more than 5.1 million patients treated there since 1907 have
been used to conduct "literally tens of thousands of studies...." Id.
n53. Minnesota's law requiring informed consent for researcher's use of
individually-identifiable medical information is a "potential model" for federal
privacy legislation. Information Privacy: Front Burner Issue in '98 Session?,
Med. & Health Perspectives, Nov. 10, 1997, at 4 [hereinafter Front Burner
Issue].
- - - - - - - - - - - - - - - - -End Footnotes- - - - - - - - - - - - - - - - -
[*565]
4. Summary of State Protection
Although not intended as a complete review of all state statutes relating to the
protection of medical information, the preceding examples illustrate that the
level of statutory privacy protection afforded to medical records varies
considerably from state to state. n54 This creates difficulties for health care
providers who deal with records crossing state lines in determining which laws
apply to which records. Furthermore, patients should be concerned, because
whatever privacy laws exist in their state may not protect their records once
those records cross the state's border. The creation of a national network of
medical records could compound this problem by making the medical records of
every American available in all fifty states. The current patchwork of state
privacy laws is not a viable means of enforcing the privacy of medical records
in such a nationwide network.
- - - - - - - - - - - - - - - - - -Footnotes- - - - - - - - - - - - - - - - - -
n54. In addition to enacted law, some states also have constitutional and common
law privacy protections. See, e.g., Cal. Const., art. I, 1 (recognizing an
inalienable right to privacy); Schwartz v. Thiele, 51 Cal. Rptr. 767, 770 (Cal.
Dist. Ct. App. 1966) (recognizing a right to privacy). An analysis of state
constitutional and common law privacy protections as they relate to the privacy
of medical records is beyond the scope of this article.
- - - - - - - - - - - - - - - - -End Footnotes- - - - - - - - - - - - - - - - -
[*566]
III. The Health Insurance Portability and Accountability Act of 1996
A. Administrative Simplification
The Health Insurance Portability and Accountability Act (HIPAA) n55 requires
that Congress enact comprehensive privacy legislation for medical records. n56
The central purposes of the Act, however, are to ensure that health insurance
remains available to Americans who change employers or insurers and to combat
waste, fraud and abuse in the health care industry. n57 To support these central
aims of the legislation, the Act mandates health care industry action under a
call for "Administrative Simplification." n58 Specifically, the Act requires
health care providers n59 and health [*567] plans n60 to accommodate
electronic exchanges of certain health information, including information
related to health claims, enrollment, disenrollment, eligibility, payment, and
claim status. n61 To accomplish this, the information must be kept in electronic
form in computer databases. n62 The Act also requires that every individual be
given a unique health care identifier. n63 The identifier is necessary to ensure
that a patient's medical records, transferred between the computer systems of
the health care entities, can be properly matched together.
- - - - - - - - - - - - - - - - - -Footnotes- - - - - - - - - - - - - - - - - -
n55. Health Insurance Portability and Accountability Act of 1996, Pub. L. No.
104-191, 110 Stat. 1936 (1996) (also known as the Kassebaum-Kennedy Act).
n56. Id. at 264(c). The Act itself creates an offense related to the
unauthorized use of an individual's medical identifier and the unauthorized use
or disclosure of individually-identifiable health information; however, the Act
fails to define what constitutes a wrongful disclosure. 42 U.S.C.A. 1320d-6(a)
(Supp. I 1997).
n57. Health Insurance Portability and Accountability Act of 1996, Pub. L. No.
104-191, 110 Stat. 1936 (1996) at preamble.
n58. Id. at 261.
It is the purpose of this subtitle to improve the Medicare program under title
XVIII of the Social Security Act, the medicaid program under title XIX of such
Act, and the efficiency and effectiveness of the health care system, by
encouraging the development of a health information system through the
establishment of standards and requirements for the electronic transmission of
certain health information.
Id.
n59. 42 U.S.C.A. 1320d(3), 1395x(u) (1997) (defining a health care provider to
include "a provider of medical or other health services" including "a hospital,
critical access hospital, skilled nursing facility, comprehensive outpatient
rehabilitation facility, home health agency, hospice program," or "any person
furnishing health care services or supplies").
n60. Id. 1320d(5) (defining a health plan to include "an individual or group
plan that provides or pays the cost of, medical care"). Examples include group
health plans, employer self-insured plans and health insurance issuers. Id.
1320d-1(a).
n61. Id. 1320d-2(a)(2). This information must be made available in electronic
form, either directly by the provider or plan, or through use of a
clearinghouse. 42 U.S.C.A. 1320d(2) (1997) (defining a health care clearinghouse
as a "public or private entity that processes or facilitates the processing of
non-standard data elements of health information into standard data elements").
These clearinghouses are especially useful to smaller health care providers who
do not have the technology to provide medical record data in the necessary
format.
n62. See Labor Comm. Hearing, supra note 2 (statement of Sen. Patrick Leahy),
available in Westlaw, USTESTIMONY, 1997 WL 679244. See generally 42 U.S.C.A.
1320d-4(a)(1) to 1320d-4(a)(2), 1320-7(a) (1997).
n63. Id. 1320d-2(b) ("The Secretary shall adopt standards providing for a
standard unique health identifier for each individual ... for use in the health
care system.").
- - - - - - - - - - - - - - - - -End Footnotes- - - - - - - - - - - - - - - - -
B. The Potential for a Nationwide Medical Records Database
Contrary to the views of some who have opposed the Act, HIPAA does not mandate
the creation of a nationwide database of medical records. n64 It does, however,
provide two fundamental [*568] building blocks for such a database or network
of databases to be created: medical records in electronic form and a unique
heath care identifier for every individual. With these two building blocks in
place, the process of linking a patient's records together across many computer
systems becomes much easier.
- - - - - - - - - - - - - - - - - -Footnotes- - - - - - - - - - - - - - - - - -
n64. See, e.g., News & Events, Clinton Privacy Recommendations Open Medical
Records to Desktop Snooping (visited Mar. 1, 1998)
<http://www.aclu.org/news/n091197c.html>. In a September 11, 1997 press release,
the American Civil Liberties Union viewed the HIPAA as creating "massive
national databases of every citizens' cradle-to-grave personal medical
information ... linked to a massive shared database accessible to all." Id.
- - - - - - - - - - - - - - - - -End Footnotes- - - - - - - - - - - - - - - - -
Large private health care providers and health plans have welcomed the
Administrative Simplification provisions of HIPAA, because it provides the
necessary infrastructure to develop linked databases of medical records. n65 The
benefits of linked databases to [*569] these health care providers and plans
include more effective health care service and cost reduction. n66 Researchers
also anticipate the creation of linked databases of health information for use
in medical research. n67 The benefits to researchers include a "massive amount"
of individually-identifiable, longitudinal data available [*570] for study.
n68 Thus, the health care industry and those involved in medical research,
anticipate broad access to linked databases containing individually-identifiable
medical information. The implementation of these linked databases could
eventually create a nationwide network of medical records.
- - - - - - - - - - - - - - - - - -Footnotes- - - - - - - - - - - - - - - - - -
n65. See, e.g., Perspectives on Privacy Hearing, supra note 31 (testimony of
George B. (Peter) Abbott, M.D., M.P.H., Acting Deputy Director, Health Info. &
Strategic Planning Div., Cal. Dep't of Health Servs.) (visited Mar. 1, 1998)
<http://aspe.os.dhhs.gov/ncvhs/970603t5.htm>. The California Department of
Health Services is "a provider of local public health services and ... a payor
of health care services for medically indigent populations in California." Id.
The HIPAA simplification provisions for unique identification of individuals,
providers, plans and individuals (along with standardized health data items,
transactions specifications, and coding sets), offer potentially even greater
benefits for providers and users of public, preventive, and environmental health
data ... [including the i]ncreased ability for health care providers, payors,
and public health researchers to link and use current data sets for more
effective and comprehensive case management, administrative simplification and
enhancements, health care outcomes assessments, public health surveillance,
quality control, and fraud detection.... Please ensure in your deliberations and
recommendations [concerning privacy legislation] that appropriate and reasonable
access is allowed for authorized public health interests to access, link and
utilize the extremely valuable databases that should result from implementation
of HIPAA.
Id.
See also Perspectives on Privacy Hearing, supra note 31 (testimony of Michael
Ralston, M.D., Director of Quality Demonstration for Kaiser Permanente Medical
Care Program) (visited Mar. 1, 1998)
<http://aspe.os.dhhs.gov/ncvhs/970604t1.htm> ("We believe wide use of EDI using
standard formats, codes, and identifiers [mandated by HIPAA] will result in
significant cost savings in the US health care system."). Kaiser is the largest
private healthcare delivery program in the United States, with a membership of
7.9 million members in 18 states and the District of Columbia. Id.
n66. Perspectives on Privacy Hearing, supra note 31 (testimony of George B.
(Peter) Abbott, M.D., M.P.H., Acting Deputy Director, Health Info. & Strategic
Planning Div., Cal. Dep't of Health Servs.) (visited Mar 1, 1998)
<http://aspe.os.dhhs.gov/ncvhs/970603t5.htm>. Examples of cost reduction include
"more effective and comprehensive case management, administrative simplification
and enhancements, health care outcomes assessment, public health surveillance,
quality control, and fraud detection." Id.
n67. See Perspectives on Privacy Hearing, supra note 31 (testimony of Ciaran S.
Phibbs, Ph.D., HSR&D Center for Health Care Evaluation, Veterans Affairs Palo
Alto Health Care System Cooperative Studies Program, Veterans Affairs Palo Alto
Health Care System Dep't of Health Research & Policy, Stanford Univ., though not
testifying as an official representative of the Dep't of Veterans Affairs)
(visited Mar. 1, 1998) <http://aspe.os.dhhs.gov/ncvhs/970603t1.htm>.
Adding unique identifiers to data sets will significantly increase the research
potential of most, if not all, data sets. Unique identifiers will allow the
linking of data sets, which can allow researchers to conduct more detailed
analyses than would otherwise be possible.... A major problem that health
researchers face today is that the information they really need is contained in
multiple data sets that can not be linked with each other.... If all health
related data sets had a standard set of unique identifiers these linkages would
be much easier.
Id.
n68. See Perspectives on Privacy Hearing, supra note 31 (testimony of Mitchell
P. LaPlante, Ph.D., Disability Statistics Ctr., Inst. for Health & Aging, Univ.
of Cal.) (visited Mar 1, 1998) <http://aspe.os.dhhs.gov/ncvhs/970603t6.htm>.
If all transactions are represented in the system and can be linked together ...
this system may provide needed statistical data for determining the rate of low
prevalence chronic diseases and disabling conditions.... [The system would also
allow] people [to be] tracked from provider to provider while also tracking
disability and functional status, and changes therein.
Id.
- - - - - - - - - - - - - - - - -End Footnotes- - - - - - - - - - - - - - - - -
The negative implications of such a network include its effect on the security
and privacy of individually-identifiable medical information. By linking medical
records from many different computer systems, the amount of accessible personal
medical information could increase dramatically. n69 Furthermore, a nationwide
medical records database could increase the number of individuals with access to
a patient's records, thereby increasing the chance that the privacy of a
patient's medical records could be compromised. n70 Therefore, it is imperative
that the privacy ramifications be addressed before such a nationwide system is
[*571] developed. Even if an interconnected system of medical records does not
come into existence, the impact of computerized medical databases on an
individual's privacy is still a concern. Many large integrated medical providers
and health plans already keep patient records in computer databases, and
violations of privacy have occurred at the hands of health care employees or
those with access to these computer systems. n71
- - - - - - - - - - - - - - - - - -Footnotes- - - - - - - - - - - - - - - - - -
n69. See Adele A. Waller, Health Care Information Issues in Health Care Reform,
16 Whittier L. Rev. 15, 16-17 (1995). "Linkages will be created among sets of
data that have previously been separate and discrete." Id. "[These] files will
be linked together, creating one longitudinal patient record that follows a
patient across all care, care-management and payor settings...." Id. "When this
vision of health care information becomes reality, more people are going to have
access to [individually-identifiable] health information...." Id. See also Front
Burner Issue, supra note 53.
n70. See Waller, supra note 69.
n71. See, e.g., Leah R. Garnett, An Open Book, Harv. Health Letter, Sept. 1995.
Harvard Community Health Plan (HCHP) "routinely entered detailed notes of
psychiatric sessions into patients' computerized medical records...." Id. These
records "were available to hundreds of administrative and medical staff" until
complaints from members and a newspaper article prompted the HCHP to restrict
access to patients' records. Id. HCHP is the largest Health Maintenance
Organization in New England with about 500,000 members. Id.; Matthew Brelis,
Patients' Files Allegedly Used for Obscene Calls, Boston Globe, Apr. 11, 1995,
at 1.
- - - - - - - - - - - - - - - - -End Footnotes- - - - - - - - - - - - - - - - -
IV. New Federal Privacy Legislation
By requiring medical records to be maintained in electronic form, keyed to an
individual's unique health identifier, HIPAA may create broad accessibility to
these records. As the privacy protection afforded to medical records by the
states varies greatly, and as protections offered by current federal laws are
limited, comprehensive federal privacy protection is needed to ensure the
privacy of medical records once the Administrative Simplification provisions of
HIPAA are implemented. Realizing the implications of HIPAA in relation to the
privacy of medical information, Congress assigned itself the task of drafting
privacy legislation designed to protect personally-identifiable medical
information. n72 Congress has thirty-six months from the passage of the Act to
enact this legislation. n73 If Congress fails to act, the Secretary of the
Department of Health and Human Services has an additional six [*572] months to
implement privacy regulations. n74 The Act was passed in August 1996, therefore
Congress has until August 1999 to enact privacy legislation; if no legislation
is passed, it could be February 2000 before any privacy regulations are
promulgated.
- - - - - - - - - - - - - - - - - -Footnotes- - - - - - - - - - - - - - - - - -
n72. Health Insurance Portability and Accountability Act of 1996, Pub. L. No.
104-191, 264(c), 110 Stat. 1936 (1996).
n73. Id. at 264(c)(a), 110 Stat. at 2033.
n74. Id.
- - - - - - - - - - - - - - - - -End Footnotes- - - - - - - - - - - - - - - - -
The Act also required the Secretary of Health and Human Services to implement
the standards required to facilitate the electronic transfer of health
information by February 1998. n75 These standards are to include the data
format, as well as standards for the unique health care identifiers for
individuals, employers, health plans and health care providers. n76 Once these
health data standards are developed, the Act calls for the health care industry
to begin complying with the standards and for the standards to be completely
implemented by February 2000. n77 However, standards for the individual health
care identifier have proven difficult to develop. n78 The Secretary has thus far
postponed implementation of a standard for the individual identifier beyond the
February 1998 deadline. n79 The timetables mandated by HIPAA, however, indicate
that the building blocks for developing a network of databases containing
individually-identifiable medical information could be implemented before any
privacy regulations are promulgated.
- - - - - - - - - - - - - - - - - -Footnotes- - - - - - - - - - - - - - - - - -
n75. 42 U.S.C.A. 1320d-3(a) (West Supp. 1998).
n76. Id. 1320d-2 (West Supp. 1998).
n77. Id. 1320d-4(b)(1)(A). Small health plans, which are to be defined by the
Secretary, are allowed an additional year to be in compliance with the adopted
standards. 42 U.S.C.A. 1320d-4(b)(1)(B). To comply with the standards, a health
plan must accommodate electronic exchange of health data either directly or
through a third-party clearinghouse. Id. 1320-4(a)(1) to 1320-4(a)(2).
n78. Due to the implications of the individual health care identifier on the
privacy and security of medical records, the decision on a standard for the
individual identifier has been delayed. See Front Burner Issue, supra note 53,
at 1.
n79. As of April 17, 1998, the Secretary of Health and Human Services has not
adopted a standard for the individual health care identifier. Hearings on the
individual health care identifier have also been postponed from May to July
1998. The National Committee on Vital and Health Statistics (visited Apr. 17,
1998) <http://aspe.os.dhhs.gov/ncvhs/index.htm>.
- - - - - - - - - - - - - - - - -End Footnotes- - - - - - - - - - - - - - - - -
[*573] The delay in the implementation of the health data standards provides
Congress with an important opportunity to implement comprehensive privacy
legislation before these standards are implemented. Congress should not lose
this opportunity to enact privacy legislation as it may be much easier to design
privacy protections initially, than to have to "retrofit" these protections to
the health data standards once those standards are already in place. n80 Though
HIPAA requires Congress to pass legislation protecting medical records, the Act
does not establish what this legislation should include. Rather, the Act calls
for the Secretary of Health and Human Services to submit detailed
recommendations on privacy standards to Congress for use in crafting privacy
legislation. n81
- - - - - - - - - - - - - - - - - -Footnotes- - - - - - - - - - - - - - - - - -
n80. See Front Burner Issue, supra note 53, at 1. Another impetus for quick
congressional action to protect the privacy of medical records comes from the
European Union's Data Privacy Directive 95/46/EC, passed in 1995. Council
Directive 95/46/EC of 24 October 1995 on the Protection of Individuals with
Regard to the Processing of Personal Data and on the Free Movement of Such Data,
1995 O.J. (L 281). The Directive requires Member States of the European Union to
pass legislation adopting the Directive into national law within three years.
Id. at 69. Once the Directive is adopted, the Member States must ensure that
individually-identifiable information transferred to a third country is afforded
an "adequate level of protection" measured "in light of all the circumstances
surrounding a data transfer operation ... [including] the rules of law ... in
force in the third country ...." Id. Art. 25 at 1-2. As the United States is
without a comprehensive federal privacy law protecting medical records, transfer
of this information to the United States may be in jeopardy. Jennifer M. Myers,
Creating Data Protection Legislation in the United States: An Examination of
Current Legislation in the European Union, Spain, and the United States, 29 Case
W. Res. J. Int'l L. 109, 114 (1997). "If we do not act promptly, this directive
may act as a bar to the international exchange of health information and reduce
potential advances in improving the quality of health care." Front Burner Issue,
supra note 53, at 1 (quoting Senator James Jeffords of Vermont).
n81. Health Insurance Portability and Accountability Act of 1996, Pub. L. No.
104-191, 264(a), 110 Stat. 1936.
- - - - - - - - - - - - - - - - -End Footnotes- - - - - - - - - - - - - - - - -
[*574]
A. The HHS Privacy Recommendations
On September 11, 1997, Health and Human Services Secretary Donna Shalala
presented to Congress her recommendations for privacy legislation. n82 The
recommendations include provisions permitting the use of "health information
only for purposes compatible with and directly related to the purposes for which
... [it] was collected or received...." n83 The recommendations also provide
that disclosures of medical information be limited "to the minimum amount of
information necessary to accomplish the purpose for which the information is
used or disclosed." n84 Further recommendations call for health care providers
and payors to inform patients, in writing, of the patient's rights to her health
information. n85 These rights include the ability to limit disclosure, and the
right to inspect, copy and seek correction or amendment of her records. n86
Patients must also be informed of the health care provider's information
practices and the uses and disclosures authorized by the federal legislation.
n87 Finally, the Secretary's recommendations require those who hold health
information to retain a history of all disclosures of the patient's health
records. n88
- - - - - - - - - - - - - - - - - -Footnotes- - - - - - - - - - - - - - - - - -
n82. Donna Shalala, Secretary of Health and Human Services, Confidentiality of
Individually-Identifiable Health Information [hereinafter Shalala Proposal]
(visited Sept. 11, 1997) <http://aspe.os.dhhs.gov/admnsimp/ pvcrec0.htm>.
n83. Id. at II(B)(1). This language is substantially similar to portions of the
Privacy Act of 1974, 5 U.S.C.A. 552a(a)(7), 552a(b)(3) (1996).
n84. Shalala Proposal, supra note 82, at II(B)(3).
n85. Id. at II(C)(1).
n86. Id.
n87. Id.
n88. Shalala Proposal, supra note 82, at II(C)(4).
- - - - - - - - - - - - - - - - -End Footnotes- - - - - - - - - - - - - - - - -
Overall, the recommendations by the Secretary provide sensible yet strong
federal privacy protection for medical records. Medical information will be
available to those who require it for payment of services or for the provision
of health care, while the patient's privacy will be protected by the mandate of
minimum [*575] necessary disclosure to facilitate payment or care, by the
patient's right to ensure the accuracy of her medical records, and by the
patient's right to know how her medical information will be used. n89 It can be
argued, however, that the Secretary's proposals do not go far enough,
particularly in the areas of federal preemption and the protections afforded to
records used by researchers. The following section will discuss these
controversial areas of the Secretary's proposal.
- - - - - - - - - - - - - - - - - -Footnotes- - - - - - - - - - - - - - - - - -
n89. Id. at (B)(1) to (D)(1).
- - - - - - - - - - - - - - - - -End Footnotes- - - - - - - - - - - - - - - - -
1. Preemption
Secretary Shalala recommends "that the [federal privacy] legislation preempt
State laws only to the extent that those laws are less stringent or restrictive
than the Federal law." n90 This provides a minimum level of privacy to every
individual, but allows those who live in states with stronger privacy
protections to continue to benefit from those protections. Some have argued that
federal privacy legislation, mandated by HIPAA, should completely preempt the
myriad state laws in order to provide a truly national standard of privacy for
medical records. n91 Federal preemption [*576] would ease administration of
interstate health care systems and assist researchers by requiring compliance
with a single federal law. n92 Federal preemption would also allow both the
health care industry and patients to more easily determine what protections are
afforded to medical records, regardless of the state in which the information is
located.
- - - - - - - - - - - - - - - - - -Footnotes- - - - - - - - - - - - - - - - - -
n90. Id. at (G)(4).
n91. See Perspectives on Privacy Hearing, supra note 31 (testimony of David R.
Schinderle, Vice President of Finance & Treasurer, St. Joseph Health System)
(visited Mar. 1, 1998) <http://aspe.os.dhhs.gov/ncvhs/970604t8.htm>. "[We are]
concerned that states may be able to "opt out' of some or all of HIPAA's
requirements. Patients and data cross state lines; therefore, any exception
becomes a break in uniformity and eliminates the benefits intended for payers,
providers, and ultimately patients." Id. See also Proceedings before the
Subcomm. on Privacy and Confidentiality of the Nat'l Comm. on Vital and Health
Statistics, 105th Cong. (1997) [hereinafter Subcomm. on Privacy Hearing]
(testimony of Alan R. Goldhammer, Ph.D., Biotechnology Industry Organization)
(visited Mar. 1, 1998) <http://aspe.os.dhhs.gov/ncvhs/970204tr.htm>. "It is
critical to insure that a medical privacy bill, while protecting the privacy and
confidentiality of individual health information, will not place unreasonable
burdens on medical research. Federal medical privacy laws should preempt state
law and not inhibit medical or epidemiological research on patients from
different states." Id.
n92. Shalala Proposal, supra note 82, at II(G)(4). The arguments in favor of
federal preemption for laws protecting the privacy of medical records "are based
on the increasing integration of the health care information system in this
country, in which information passes easily from State to State, when
information generated in one State may with ease be retrieved in another State,
and when it is difficult even to identify the "location' of information to
determine which State's law applies." Id.
- - - - - - - - - - - - - - - - -End Footnotes- - - - - - - - - - - - - - - - -
A federal law which preempts more stringent state protections is not, however,
in the public's interest. Rather, strong federal privacy legislation should
provide the minimum level of protection for medical record privacy. n93 Citizens
of states that have implemented strong privacy legislation, such as California
and Minnesota, should not see the protection of their medical records reduced
merely for the ease of administration available under a single federal privacy
law. Furthermore, a preemptive federal law can also act to "stifle innovative
state initiatives." n94 This is especially important as new technologies and
problems affecting medical record privacy emerge. n95 For example, some health
care providers are considering placing medical records on the Internet in order
to allow patients easier access to their medical information. n96 As emerging
technologies may not be taken into [*577] account by federal legislation, the
states should retain the authority to respond to new threats to medical record
privacy as they arise. This is especially true since states are able to respond
more quickly than federal lawmakers to the need for additional privacy
protections. n97 Thus, federal privacy legislation should only provide the
minimum level of protection by allowing stronger state privacy laws to preempt
federal legislation.
- - - - - - - - - - - - - - - - - -Footnotes- - - - - - - - - - - - - - - - - -
n93. See id. "The Federal protection would ensure that everyone has an adequate
level of privacy protection, and if the people of the several States wish more,
or see special privacy needs which are not being met, they can retain or enact
additional safeguards." Id.
n94. Marc Rotenberg, Health Data in the Information Age: Use, Disclosure, and
Privacy, 20 J. Health Pol. Pol'y & L. 235, 237 (1995) (book review).
n95. Id.
n96. Greg Borzo, PCASSO with a mouse (visited Mar. 1, 1998)
<http://www.ama-assn.org/sci-pubs/amnews/net<uscore>97/logo1013.htm>. The
University of California San Diego School of Medicine will start a program with
250 patients who volunteered to have their full medical records put on the
Internet. Id. Recognizing the issues associated with security of information on
the Internet, the principal focus of the project will concern the security of
the records. Id. "The system will assign all information to one of five security
levels depending on [the content of the information]." Id. With these
protections, Dixie Baker, principal investigator on the project, "maintains that
the system will make patient-identifiable information "very, very tough to
uncover'" but she also "concedes that nothing in cyberspace is impregnable." Id.
See Perspectives on Privacy Hearing, supra note 31 (testimony of Ann Geyer,
President & CIO of Healthcare Data Info. Corp. (HDIC)) (visited Mar. 1, 1998)
<http://aspe.os.dhhs.gov/ncvhs/970604ta.htm>. "[HDIC] is a California non-profit
organization which acts as an industry initiative to facilitate the existence of
a statewide health information network." Id. "[HDIC has policies] currently
under review to determine what changes may be necessary to address HDIC's recent
decision to adopt the use of the Internet as our information infrastructure."
Id.
n97. See Subcomm. on Privacy Hearing, supra note 91 (testimony of Donald
Palmisano, M.D.) (visited Mar. 27, 1998)
<http://aspe.os.dhhs.gov/ncvhs/970218tr.htm>. "States can do a quicker job in
enhancing privacy. I give you the example of Louisiana. It is rare that a year
goes by when individuals are not at the Legislature trying to change the rules
by which you can get medical records." Id.
- - - - - - - - - - - - - - - - -End Footnotes- - - - - - - - - - - - - - - - -
2. Access to Medical Records by Researchers
Secretary Shalala's recommendations provide for individually-identifiable
medical information to be made available to researchers without the need for
patient authorization. n98 With the possibility of linked medical databases
resulting from the Administrative Simplification provisions of HIPAA, greater
access to comprehensive medical data about an individual may become [*578]
available to researchers. n99 Individually-identifiable information is used to
conduct research in which the health status of an individual over time is an
important element. n100 It is also useful in research which requires other
criteria such as demographic or environmental data. n101 Further, providing
identifiable information to researchers helps to avoid duplication of data and
allows them to contact patients to request additional information. n102
- - - - - - - - - - - - - - - - - -Footnotes- - - - - - - - - - - - - - - - - -
n98. Shalala Proposal, supra note 82, at II(E)(4).
n99. See Perspectives on Privacy Hearing, supra note 31 (testimony of George B.
(Peter) Abbott, M.D., M.P.H., Acting Deputy Director, Health Info. & Strategic
Planning Div., Cal. Dep't of Health Servs.) (visited Mar. 1, 1998)
<http://aspe.os.dhhs.gov/ncvhs/970603t5.htm>.
n100. Shalala Proposal, supra note 82, at II(E)(4).
n101. See Labor Comm. Hearing, supra note 2 (testimony of Elizabeth B. Andrews,
Ph.D.), available in Westlaw, USTESTIMONY, 1997 WL 679254.
n102. Shalala Proposal, supra note 82, at II(E)(4).
- - - - - - - - - - - - - - - - -End Footnotes- - - - - - - - - - - - - - - - -
Many, however, believe that disclosure of individually-identifiable health
information to researchers should require informed consent by the patient. n103
Minnesota, which recently passed legislation mandating consent be granted before
medical information can be used in research, has been considered a model for
federal legislation. n104 Those against requiring consent, however, argue that
it is impractical at best or even impossible to seek authorization from
thousands or possibly millions of patients, and that those who refuse
authorization may distort the results of the research, thereby rendering it
useless. n105 Those who would require patient consent maintain that identifiable
information can be deleted from patients' records and replaced with arbitrary
identifiers. n106 These arbitrary identifiers would be useful only to link
information within the researchers' data, thereby giving [*579] researchers
the advantages of linked data without compromising patients' privacy through
disclosure. n107
- - - - - - - - - - - - - - - - - -Footnotes- - - - - - - - - - - - - - - - - -
n103. See Harris survey, Nov. 1993, available in Westlaw, POLL Library, File No.
USHARRIS.93PRIV RE01. Sixty-four percent of respondents do not want their
medical records used for research purposes without consent, even if the
individual is never identified. Id.
n104. See Front Burner Issue, supra note 53, at 1.
n105. Shalala Proposal, supra note 82, at II(E)(4).
n106. See Perspectives on Privacy Hearing, supra note 31 (testimony of Harold S.
Luft, Ph.D.) (visited Apr. 4, 1998)
<http://aspe.os.dhhs.gov/ncvhs/970603tb.htm>.
n107. Id. "Once the [individually identifiable medical] records are linked, the
true identifiers can be easily replaced by a set of arbitrary identifiers that
are unique for an individual, but need not match any other set of identifiers."
Id.
- - - - - - - - - - - - - - - - -End Footnotes- - - - - - - - - - - - - - - - -
It may also be argued that requiring disclosure will not result in a great
reduction in available data for research. Following the implementation of the
Minnesota law, in a study at the Mayo Clinic, ninety-six to ninety-seven percent
of patients who returned authorization forms agreed to the release of their
medical records for research purposes. n108 Polls have also shown that the
public sees a great need for the availability of medical data for research. n109
Therefore, by educating patients about the need for their records in medical
research, the great majority will likely authorize disclosure of their medical
records. n110
- - - - - - - - - - - - - - - - - -Footnotes- - - - - - - - - - - - - - - - - -
n108. Melton, supra note 52, at 1467.
n109. See Harris survey, Nov. 1993, available in Westlaw, POLL Library, File No.
USHARRIS.93PRIV RC01E. Eighty-six percent of respondents said "providing better
data for research into diseases and treatments" was either absolutely essential
or very important. Id.
n110. See id. See also Melton, supra note 52, at 1467.
- - - - - - - - - - - - - - - - -End Footnotes- - - - - - - - - - - - - - - - -
The availability of individually-identifiable medical records to researchers
deserves careful consideration. The continuation of important medical research
utilizing these records must be weighed against the ability of individuals to
keep their records private. The study at the Mayo Clinic has shown that
requiring authorization for researchers' use of individually-identifiable
medical records has resulted in only a small decrease in the number of records
available to researchers. Whether this decrease will adversely affect the
outcome of some research, or whether such research can continue using data
without individually-identifiable information, are questions which must be
carefully considered before federal legislation is enacted.
[*580]
V. The Security of Medical Record Databases: Choosing an Identifier
The protection of medical records can not be ensured by privacy legislation
alone. Careful consideration must also be given to the security of the databases
containing the health care information required by HIPAA. The security measures
adopted in the health data standards to be promulgated by the Secretary of
Health and Human Services will help control who has access to a patient's
medical records, how much access is granted, and to a great extent, will
determine the ease or difficulty of gaining unauthorized access to these
records. n111 The individual health care identifier will be one of the key
elements of the data standards to be adopted by the Secretary, and a key
building block for constructing a network of interconnected databases of medical
records. n112 Every individual will be given a unique health care [*581]
identifier for use when interacting with the health care system. n113 This
identifier will be the key to accessing the individual's personal medical
information. The decision concerning the format of this identifier will greatly
determine the level of security possible for medical records.
- - - - - - - - - - - - - - - - - -Footnotes- - - - - - - - - - - - - - - - - -
n111. 42 U.S.C.A. 1320d-2(d)(1) (West Supp. 1998). "The secretary shall adopt
security standards that take (A) into account (i) the technical capabilities of
record systems used to maintain health information; (ii) the costs of [the]
security measures; (iii) the need for training persons who have access to health
information; (iv) the value of audit trails in computerized record systems ..."
Id. The Act further provides that health care providers, clearinghouses and
health plans which "maintain[] or transmit[] health information shall maintain
reasonable and appropriate administrative, technical and physical safeguards (A)
to ensure the integrity and confidentiality of the information; (B) to protect
against any reasonably anticipated (i) threats or hazards to the security or
integrity of the information; (ii) unauthorized uses or disclosures of the
information; and (C) otherwise to ensure compliance ... by the officers and
employees of [these organizations]." Id. at 1320d-2(d)(2).
n112. See Perspectives on Privacy Hearing, supra note 31 (testimony of George B.
(Peter) Abbott, M.D., M.P.H., Acting Deputy Director, Health Info. & Strategic
Planning Div., Cal. Dep't of Health Servs.) (visited Mar. 1, 1998)
<http://aspe.os.dhhs.gov/ncvhs/970603t5.htm>. "The HIPAA simplification
provisions for unique identification of individuals, providers, plans and
individuals ... offer potentially even greater benefits ... [including the
i]ncreased ability for health care providers, payors, and public health
researchers to link and use current data sets for more effective and
comprehensive case management, administrative simplification and enhancements,
health care outcomes assessments, public health surveillance, quality control,
and fraud detection." Id.
n113. 42 U.S.C.A. 1320d-2(b) (West Supp. 1998).
- - - - - - - - - - - - - - - - -End Footnotes- - - - - - - - - - - - - - - - -
The mechanics and form of the identifier are to be determined by the Health and
Human Services Secretary. n114 Many proposals have been proffered for the format
of a unique health care identifier, from the use of a "smart card," which would
carry an individual's identity and medical information, to the use of the
existing social security number system. n115 In determining the characteristics
of the identifier, factors such as the cost and time required to implement the
system will need to be considered. Most importantly, however, the system adopted
must be one that instills public confidence in the security of the identifier.
n116 The following section will examine the characteristics of several proposals
for the identifier.
- - - - - - - - - - - - - - - - - -Footnotes- - - - - - - - - - - - - - - - - -
n114. Id.
n115. Soloman I. Appavu, Analysis of Unique Patient Identifier Options Final
Report (visited Mar. 27, 1998) <http://aspe.os.dhhs.gov/ncvhs/app0.htm>; Gostin,
supra note 11, at 461. A smart card is a "plastic wallet-sized card [which can]
be used for the collection, retention, use, and disclosure of portable files of
personal information." Id. See infra notes 128-33 and accompanying text.
n116. See Perspectives on Privacy Hearing, supra note 31 (testimony of George
Flores, M.D., Sonoma County Dep't of Health Servs.) (visited Mar. 1, 1998)
<http://aspe.os.dhhs.gov/ncvhs/970603td.htm>.
- - - - - - - - - - - - - - - - -End Footnotes- - - - - - - - - - - - - - - - -
A. The Individual Health Care Identifier
Since the key to accessing information about an individual is the individual's
health care identifier, it is important that the identifier not be easily
mis-entered, stolen, or otherwise misappropriated. Furthermore, information in a
patient's medical records should be accessed, used or changed only by personnel
[*582] with proper authorization and purpose. For example, an easily determined
identifier facilitates illicit use which can result in unauthorized access to
sensitive personal information. If the identifier is also easily linked to
non-medical data, such as financial data, the result can be an even greater
threat to the individual's privacy. Finally, the choice of an identifier can
have an enormous impact on the validity and quality of information in the
patient's record. If the identifier is easily mis-entered, the risk of that
record containing errors is greatly increased. n117
- - - - - - - - - - - - - - - - - -Footnotes- - - - - - - - - - - - - - - - - -
n117. Incorrect information can have serious repercussions. For example, a
California physician, having trouble acquiring disability and life insurance
found her medical records incorrectly listed her as having heart problems and
suffering from Alzheimer's disease. See Labor Comm. Hearing, supra note 2
(testimony of Donna Shalala, Sec'y of Health & Human Servs.), available in
Westlaw, USTESTIMONY, 1997 WL 566029.
- - - - - - - - - - - - - - - - -End Footnotes- - - - - - - - - - - - - - - - -
A look at some competing proposals for health care identifiers will help
illustrate the positive and negative aspects of those choices. n118
- - - - - - - - - - - - - - - - - -Footnotes- - - - - - - - - - - - - - - - - -
n118. Other proposals for a unique medical identifier, which are not discussed
in this article include: Patient Identification Number based on Bank Card
Method; Model UPI Based on Personal Immutable Properties; Lifetime Human
Services and Treatment Record (LHSTR) Number based on the Birth Certificate; and
Biometric Information. These identifiers are either similar to the proposals
discussed, have similar characteristics or exist only as a concept and afford
few tangible characteristics to discuss. See generally Appavu, supra note 115.
- - - - - - - - - - - - - - - - -End Footnotes- - - - - - - - - - - - - - - - -
1. The Existing SSN System
The use of the existing social security number (SSN) as the medical identifier
has been proposed and is popular because it would be the most cost effective and
timely means of implementing the identification requirement. n119 Due to the
need for [*583] security and authentication, however, the use of the current
SSN system is unsuitable. The SSN has become the standard individual
identification number in America and is used to identify a person in many
computerized record systems including credit, banking, education and employment,
as well as in many government agencies. n120 Where the SSN is used as an
identifier, there exists the possibility of relating an individual's medical
records to other non-medical databases containing her financial history,
educational status, and employment records to obtain an entire profile of the
individual. n121 Also, the frequency with which the SSN is used makes it
relatively easy to discover, thereby gaining access to the key to an
individual's personal medical records.
- - - - - - - - - - - - - - - - - -Footnotes- - - - - - - - - - - - - - - - - -
n119. See Gostin, supra note 11, at 459. The existing SSN would be less
expensive to implement as the individual health care identifier as it is already
"used as a unique patient identifier in healthcare for about 20% of the
population and as a secondary patient identifier by most of the healthcare
organizations. It is [also] used in VA hospitals, Department of Defense and
Medicare." Appavu, supra note 115, at 1(IV).
n120. Gostin, supra note 11, at 460-61.
n121. For example, in 1993 a banker on a state health commission generated a
list of cancer patients in his area. Christine Gorman & Michael Bruntonondon,
Who's Looking at Your Files? Prying Eyes Find Computerized Health Records an
Increasingly Tempting Target, Time, May 6, 1996, at 60, 61. He then matched this
information against a list of customers who had outstanding loans at his bank
and canceled their loans. Id.
- - - - - - - - - - - - - - - - -End Footnotes- - - - - - - - - - - - - - - - -
In addition, the SSN is unsuited to verification. The medical identifier should
be capable of verification so that when entered, the validity of the identifier
can be checked to ensure it was not mis-keyed. This verification ensures that
the patient's medical records are correctly updated. As SSN's do not have the
means by which they can be verified, for example by a "check digit," there is no
way to determine whether a mistake is made when entering the number. n122 For
these reasons - lack of security [*584] and inability to be verified - the
existing SSN is inappropriate as a medical identifier. n123
- - - - - - - - - - - - - - - - - -Footnotes- - - - - - - - - - - - - - - - - -
n122. Kenneth R. Redden & Gerry W. Beyer, Modern Dictionary for the Legal
Profession 158-59 (1993) (defining a check digit as "one or more computer digits
contained in a piece of computer data ... which when taken with the other digits
in the same piece of data, provides a self-checking or error detection
function." Id.
n123. Additionally, as many as four million individuals have multiple SSN's
resulting in some individuals having more than one health care identifier.
Appavu, supra note 115, at 1(VII).
- - - - - - - - - - - - - - - - -End Footnotes- - - - - - - - - - - - - - - - -
2. A Modified SSN System
A modified SSN system has been proposed in response to the concerns about the
weaknesses of the existing SSN system. n124 Recommendations for changes to the
existing system include the addition of alphanumeric characters to increase
capacity and allow for population growth, check-digits for verifying accuracy,
and encryption technology to insure the security of the number. n125 Although
these changes address many of the intrinsic weaknesses of the existing SSN
system, they do not resolve the fundamental problem of the overuse of the SSN as
the default identifier in databases outside the medical industry. n126 Thus, the
issues concerning the discovery and use of the SSN would still exist even with
the proposed modified SSN. n127
- - - - - - - - - - - - - - - - - -Footnotes- - - - - - - - - - - - - - - - - -
n124. See id. at 1(I). The Computer-based Patient Record Institute (CPRI)
recommends a modified Social Security identification system as the unique
patient identifier. Id.
n125. See id. at 1(III)(e). Encryption is "[a] process for scrambling access
codes to computer programs to prevent illicit entry into and control of the
system." American Heritage Dictionary, 451 (2d College ed. 1985).
n126. See Appavu, supra note 115, at 1(VII). "The SSN is in extraordinarily wide
use as a personal identifier ... [and] ... has the potential for linkage with
non-healthcare data bases." Id. See also supra notes 119-23 and accompanying
text.
n127. See generally Barry Hieb, M.D. & Elmer R. Gabrieli, Social Security Number
Unsuited to be Identifier, Health Data Mgmt., Apr. 19, 1997, at 8; Waller, supra
note 69, at 37-38; Gostin, supra note 11, at 459-61.
- - - - - - - - - - - - - - - - -End Footnotes- - - - - - - - - - - - - - - - -
3. Smart Cards
Another proposal for the medical identifier is some form of "smart card." The
smart card would be about the size of a credit [*585] card and would hold some
amount of medical information about the individual in addition to her unique
health identifier. n128 Smart cards are currently being used by the French and
German governments to carry medical information and to facilitate billing. n129
The proponents of smart cards point to the increase in privacy afforded by the
card's ability to hold a patient's sensitive medical information. n130 This
information can then be maintained outside any health care industry computer
databases and would allow the patient greater control of when and to whom the
information will be disclosed. n131
- - - - - - - - - - - - - - - - - -Footnotes- - - - - - - - - - - - - - - - - -
n128. See Gostin, supra note 11, at 461-63. The amount of data stored on a smart
card is dependent on the technology used to create the card. Id. See also Andrew
A. Skolnick, Protecting Privacy of Computerized Patient Information May Lie in
the Cards, 272 Med. News & Persp. 187 (1994).
n129. William W. Lowrance, U.S. Department of Health and Human Services, Privacy
and Health Research, A Report to the U.S. Secretary of Health and Human Services
36 (1997).
n130. Skolnick, supra note 128.
n131. Id.
- - - - - - - - - - - - - - - - -End Footnotes- - - - - - - - - - - - - - - - -
Smart cards, however, have many drawbacks. The technology used to manufacture
smart cards is relatively expensive. n132 Additionally, because the card is
subject to theft or loss, a copy of the information would still need to reside
in a database (or risk the total loss of valuable medical information). n133 The
use of a smart card, at least for the foreseeable future, does not provide a
satisfactory solution.
- - - - - - - - - - - - - - - - - -Footnotes- - - - - - - - - - - - - - - - - -
n132. Id. (estimating that smart cards could cost up to $ 30 each to produce).
n133. Gostin, supra note 11, at 463.
- - - - - - - - - - - - - - - - -End Footnotes- - - - - - - - - - - - - - - - -
4. The ASTM Recommendation--A New Medical Identifier n134
Due to the problems surrounding the existing SSN system, some of which will not
be solved with the modified SSN, [*586] proposals have been made that would
create an entirely new identification system for the health care identifier. One
such proposal is from the American Society for Testing and Materials (ASTM).
ASTM's proposal calls for a twenty-eight character identifier. n135 Although
longer than the current SSN, ASTM's recommendation includes a sixteen-digit
patient identifier, with six check digits to ensure accuracy and six digits for
use in encryption to allow greater security when linking personal medical
information. n136 The proposed system has enough digits to accommodate the
current world population and thus can handle population increases well into the
future. n137
- - - - - - - - - - - - - - - - - -Footnotes- - - - - - - - - - - - - - - - - -
n134. Appavu, supra note 115, at 2(II) (describing Dr. Barry Heib's proposal
utilizing the American Society for Testing and Materials, Standard E 1714-95,
Standard Guide for Properties of a Universal Healthcare Identifier (UHID). Id.
n135. Id. at 2(V).
n136. Id.
n137. Appavu, supra note 115, at 2(II)(e).
- - - - - - - - - - - - - - - - -End Footnotes- - - - - - - - - - - - - - - - -
The disadvantages of the ASTM proposal are its clumsiness and its cost. The use
of a twenty-eight character identifier could make manual entry of the identifier
time-consuming and cumbersome. n138 Additionally, the number would be difficult
for patients to remember and communicate verbally. n139 Although detailed
estimates are not available, it is expected that the implementation of the ASTM
system "will require substantial investment of resources, a huge effort and a
longer time frame than enhancing the existing (SSN) identification system." n140
- - - - - - - - - - - - - - - - - -Footnotes- - - - - - - - - - - - - - - - - -
n138. Id. at 2(V) and 2(VII).
n139. Id.
n140. Id. at 2(VII).
- - - - - - - - - - - - - - - - -End Footnotes- - - - - - - - - - - - - - - - -
B. Adoption of the ASTM Proposal
Of the proposals discussed, the ASTM standard, or a similar system, should be
adopted. The advantages of the ASTM proposal include its inability to be easily
linked with non-medical databases, thus providing more security than either SSN
proposal, and its provisions for encryption and error correction by the use of
check digits. The cost and time required to implement the solution should be
seen as an investment in the security of this nation's [*587] medical records.
This investment in accuracy and security will facilitate public acceptance of
the identifier. The twenty-eight character length of the identifier, however, is
unwieldy. Moreover, the need for an identifier that can accommodate the entire
world's population is questionable. By reducing the size of the identifier to
only that needed to support the population growth of those using the system, the
length of the identifier could undoubtedly be reduced.
Secretary Shalala has already missed the February 1998 deadline for the
promulgation of the standard for the individual health care identifier. Rather
than rush this process, Congress should provide the Secretary with additional
time to implement a truly secure identifier, such as the ASTM proposal.
VI. Conclusion
HIPAA called for the adoption of health data standards by February 1998, n141
and for the health care industry to begin implementation of these standards to
ensure compliance by February 2000. The choice of the standard for the
individual health care identifier is very important if medical records are to be
truly secure and accurate. The proposed ASTM standard for the health care
identifier accommodates these goals. It may, however, require much more time to
implement than was first imagined. n142 Secretary Shalala should adopt the ASTM
standard, or a similar standard, which would include check digits to ensure
accuracy, encryption technology to ensure privacy and security, but would not
use the existing SSN system (to avoid facilitating the linking of medical and
non-medical databases). Congress should amend HIPAA to ensure the Secretary is
allowed the time necessary to implement such a standard.
- - - - - - - - - - - - - - - - - -Footnotes- - - - - - - - - - - - - - - - - -
n141. 42 U.S.C.A. 1320d-3(a) (West Supp. 1997).
n142. Although scheduled for February 1998, as of April 17, 1998, Secretary
Shalala has not yet adopted a standard for the individual health care
identifier.
- - - - - - - - - - - - - - - - -End Footnotes- - - - - - - - - - - - - - - - -
[*588] If the health data standards are implemented without comprehensive
federal privacy legislation in place, the protection of medical records will be
governed by a patchwork of state laws, many of which are inadequate. Combined
with increased access to medical records under HIPAA, the result could be a
dramatic decrease in the privacy provided for an individual's medical records.
If the Secretary is not given the time necessary to adopt an adequate standard
for the individual health care identifier and Congress fails to act promptly to
enact comprehensive privacy legislation, we could be entering a Brave New World
where complete medical histories of individuals are kept in computer databases
which can be linked together by an individual's identifier with little federal
protection for the access, use or distribution of the information.
Document 4 of 86.
Search Terms: privacy and medical and hamline and 1998
To narrow your search, please enter a word or phrase:
Copyright© 2000, LEXIS-NEXIS, a division of Reed Elsevier Inc. All Rights
Reserved.