-------- Original Message --------
Subject: Re: [Politech] Texas atty general sides with open government over privacy [priv]
Date: Mon, 01 Mar 2004 15:01:20 -0500
From: Robert Gellman <[EMAIL PROTECTED]>
To: Declan McCullagh <[EMAIL PROTECTED]>
References: <[EMAIL PROTECTED]>
Declan McCullagh wrote:
An interesting clash between (1) open-government vs.
personal-privacy, and (2) state's rights vs. federal authority.
I have seen information about the Texas AG's HIPAA opinion discussed here and there on the Net, including your list. This is one of the most over-reported and least understood stories about the HIPAA health privacy rule that I have seen.
The reports are that the AG said that Texas law requiring disclosure of medical information takes precedence over the HIPAA privacy rule. Guess what? That's exactly what the HIPAA rule says. Disclosures required under state laws are not blocked by HIPAA and never were. No news here.
The AG said that "Thus, government records are presumed to be open to the public unless the governmental body shows that an exception to disclosure applies." Nothing new here either, but remember that the state open records law only applies to state agencies. It doesn't apply to private hospitals or other medical practitioners.
So what medical information is left to be disclosed by entities that are part of the state of Texas and that are also covered by the HIPAA rule? Here's what the AG said: "We further emphasize that Texas law, like HIPAA, protects the privacy interests of individuals in their health information. Texas statutory law contains a myriad of protections specifically for health information."
Wait, there's more: "In addition, information that is intimate or embarrassing and in which the public has no legitimate interest is protected from required public disclosure under Texas commonlaw."
"Under Texas law, individuals have "the right to be free from the government disclosing private facts about its citizens and from the government inquiring into matters in which it does not have a legitimate and proper concern."
"Furthermore, this office will raise these privacy doctrines on behalf of a governmental body even if the governmental body fails to raise them in seeking an open records ruling and will require the governmental body to withhold the information from public disclosure whenever it is apparent from the information that the release of the information would implicate an individual's privacy interests."
So when we boil down the opinion, there is absolutely nothing new or surprising here. If state law requires a disclosure, it can be done without violating HIPAA. But state law protects most patient information. And the ruling has nothing to do with most hospitals and practitioners in Texas.
Bob
-- + + + + + + + + + + + + + + + + + + + + + + + + Robert Gellman + + Privacy and Information Policy Consultant + + 419 Fifth Street SE + + Washington, DC 20003 + + 202-543-7923 <[EMAIL PROTECTED]> + + + + + + + + + + + + + + + + + + + + + + + +
_______________________________________________ Politech mailing list Archived at http://www.politechbot.com/ Moderated by Declan McCullagh (http://www.mccullagh.org/)
