Vanderbilt Law Review

Article Title

The Protection of Privacy in Health Care Reform


Proposals for health care reform seek to control medical costs while also improving the quality of medical services. Each proposal depends, at least in part, on increasing access to personal medical information for a host of interested parties-including doctors, insurers, employers, and government agencies. While increased informational flow may have substantial benefits, any such changes in the use of patient data should be accompanied by improvements in the legal protection of the privacy of health care information.

Current regulations are inadequate to protect the privacy of patient data. First, the regulations permit medical information to be used improperly by both direct market mailers and employers. Additionally, weaknesses in United States data protection threaten the nation's access to international data flows: European law prohibits the transfer of certain personal information to states with insufficient data protection. Finally, these existing problems will be exacerbated by the inevitable increase in the demand for personal medical information, fueled by both governmental measures and market-driven changes.

Accordingly, the United States must develop appropriate federal fair information practices for the use of health care data in the United States. These information practices must include: (1) the creation of a statutory fabric which defines obligations with respect to the uses of personal information; (2) the maintenance of transparent processing systems; (3) the assignment of limited procedural and substantive rights to the individual; and (4) the establishment of effective governmental oversight of data use. Only by incorporating these four principles into a data protection law can the United States com- bat existing weaknesses in the regulation of medical privacy and address the privacy concerns that will inevitably arise as the health care delivery system evolves.