THE U.S. HEALTH DATA PRIVACY DEBATE

Abstract

After 25 years of debate about privacy of automated personal health data, the U.S. Congress has set a deadline of August 1999 for enacting health information privacy legislation. The urgency to establish national policy in the United States re-emerges with implementation of a 1996 law mandating a unique identifier for each participant in the U.S. medical care system and the use of a uniform electronic data set for all health information transmitted in financial and administrative transactions. The impact of electronic data storage and transmittal on privacy, health outcomes, and medical care is unclear. A three-step analytic scheme can clarify the issues in the policy debate and for future assessment. The first step is intended to elicit, for the first time, a precise, accurate, and reproducible description of personal health data transactions and chains of transactions, independent of the policy preferences of any interested party. The second step allows the reader to analyze these transactions according to who benefits first and foremost from each. This scrutiny clarifies the reasons why parties to the debate tend to disagree. The third step characterizes how Congress is likely to perceive the policy process and consider its options before enacting any particular set of compromises. Understanding the policy deliberations and potential effects of evolving information technologies and new national privacy rules should aid assessment of results.