The public health information infrastructure. A national review of the law on health information privacy.

Our objectives were to review and analyze the laws in the 50 states, the District of Columbia, and Puerto Rico that regulate the acquisition, storage, and use of public health data and to offer proposals for reform of the laws on public health information privacy. Virtually all states reported some statutory protection for governmentally maintained health data for public health information in general (49 states), communicable diseases (42 states), and sexually transmitted diseases (43 states). State statutes permitted disclosure of data for statistical purposes (42 states), contact tracing (39 states), epidemiologic investigations (22 states), and subpoena or court order (14 states). The survey revealed significant problems that affect both the development of fair and effective public health information systems and the protection of privacy. Statutes may be silent about the degree of privacy protection afforded, confer weaker privacy protection to certain kinds of information, or grant health officials broad discretion to disseminate personal information. Our proposals for law reform are based on a meeting of experts at the Carter Presidential Center under the auspices of the Centers for Disease Control and Prevention and the Council of State and Territorial Epidemiologists: (1) an independent data protection commission should be established, (2) health authorities should justify the collection of personally identifiable information, (3) subjects should be given basic information about data practices, (4) data should be held and used in accordance with fair information practices, (5) legally binding privacy and security assurances should attach to identifiable health information with significant penalties for breach of these assurances, (6) disclosure of data should be made only for purposes consistent with the original collection, and (7) secondary uses beyond those originally intended by the data collector should be permitted only with informed consent.

Electronic databases and privacy protection: issues for a free society.

More efficiently managed programs of health insurance claims processing and remittance with reduced costs and paperwork burdens hold out the potential for increased benefits to subscribers and health insurers alike. The computer/telecommunications systems and databases by which these efficiencies may be realized also hold great promise for improved services in other arenas. Early and candid recognition of the equally great potential for danger and abuse in those systems and the technology can guide the development and implementation of appropriate and necessary safeguards to individual privacy and to a democratic society in concert with system design.

Risk management or political micromanagement?

A major healthcare issue of the 1990s is whether providers will create effective risk management programs to cope with government reform mandates or whether an increasingly costly and complex regulatory structure will force them to make changes. Compliance with the Joint Commission on Accreditation of Healthcare Organizations (JCAHO) standards on patient care will become increasingly important to healthcare risk management in the 1990s. The JCAHO standards create a benchmark from which government entities set their present standards and assemble agendas for the future. Another healthcare risk management factor is compliance with the National Practitioner Data Bank. The data bank is intended to protect healthcare consumers from providers who have demonstrated a tendency to commit malpractice. However, the data bank could cause problems for healthcare providers: Inaccurate or misleading data could unfairly haunt them. Healthcare risk managers should be familiar with the prohibitions on patient dumping found in the Consolidated Omnibus Budget Reconciliation Act of 1985. The amendments of the Omnibus Budget Reconciliation Act of 1989 (OBRA '89) do not create strict liability, nor do they impose traditional tort standards that could guide courts in cases that will inevitably result from new rules, creating a "litigation time bomb." And OBRA '90 significantly revises the law. Other risk management issues include the manner in which facilities handle and dispose of medical waste and the manner in which they resolve disputes.