The Digital Age and Data Privacy.

• Author: BUCHALTER, ALICE

As the 106th Congress moves through its shortened election-year session of challenging policy topics, a number of information privacy issues, prompted by advances in technology, have emerged as legislative proposals.

One indicator of the level of congressional interest in privacy issues is the amount of legislation pending in the Congress. According to the Library of Congress on-line database, there are dozens of bills addressing privacy of financial and other information in the 106th Congress, with almost 50 of them highlighting a privacy issue in the bill title.

Another development indicating ongoing congressional interest is the recent establishment of a Congressional Privacy Caucus, which is an informal network of interested senators and representatives. Their guiding principles call for clear notice to individuals when firms or government agencies collect or disclose personally identifiable information, individual access to that information and consent regarding its use for other purposes than originally provided, and protection of stronger state privacy laws from federal preemption.

Medical Records Privacy

In 1996, Congress enacted legislation (the Health Insurance Portability and Accountability Act, Public Law 104-191) requiring that if medical record privacy legislation was not enacted in three years (by August 21, 1999), the Department of Health and Human Services (HHS) was required to implement regulations within the following six months. The regulations were to cover only electronically maintained or transferred medical information. During that three-year period, Congress wrestled with numerous bills, never able to reach a consensus among medical providers, insurers, and privacy advocates. Absent the enactment of legislation, in October 1999 the Clinton administration released comprehensive regulations establishing privacy protections for electronically transmitted health information.

The proposed rules represent the first federal effort to protect the privacy of medical records and are designed to greatly limit the release of private health information without patient consent. The regulations are applicable to electronic medical records created by health care providers, health plans, and health care clearinghouses. Under these regulations, health information can be disclosed and used without patient consent only when necessary for medical treatment; the payment of claims; and certain "health care operations," including...