Printer Friendly

Universal health identifier: invasion of privacy or medical advancement?


In today's world of constant change, legislation often cannot keep abreast of technological developments,(1) The increasing use of computers to maintain a variety of data, from health information to shopping habits, has raised concerns about the protection of confidential information.(2) President Bill Clinton addressed these concerns in his January 2000 State of the Union address by emphasizing that breakthroughs in science and technology "must be used in ways that reflect our most cherished values. First and foremost, we must safeguard our citizens' privacy."(3)

In 1996, Congress enacted the Health Insurance Portability and Accountability Act of 1996 ("Portability Act").(4) The Portability Act provides standards for the electronic transmission of health information(5) and the establishment of unique health identifiers to be used throughout the health care industry.(6) Recent technological advances enable medical practitioners to access a centralized database of medical records, thus affecting every individual's privacy rights. This Note will argue that privacy rights will be violated unless the medical industry effectively regulates itself and Congress enacts clear standards regarding access to medical data. Proper guidelines must address the rapidly developing technology facilitating not only the transmission of data, but also access to that information. In this era of globalization, the United States must cooperate with international organizations to create universal standards.

This Note will also discuss privacy concerns regarding the computerization of medical records and enactment of the Portability Act, which requires a universal health identifier for every "individual, employer, health plan, and health care provider."(7) In order to better clarify the issues involved in having a universal health identifier, Part I will provide background information on the right to privacy. Part II then discusses the concept of a universal identifier. This Note analogizes the potential privacy issues of a universal health identifier to the problems encountered by the use of the Social Security number as an identifier. Part III discusses the Portability Act and the unique health identifier's advantages and disadvantages. Lastly, this Note concludes that although a national centralized computer database of Americans' health information may lead to privacy right violations, it is imperative that the government collaborate with the health and information technology industries to create a system that works to prevent such violations.


A. Background of the General Right to Privacy

For over a century, scholars have debated the boundaries of the right to privacy. In response to the proliferation of sensational newspaper stories and the invention of the camera in the 1800s, Louis D. Brandeis and Samuel Warren articulated the need for a new cause of action, namely, the invasion of privacy.(8) Since then, the right to privacy has been an evolving concept, rather than an explicitly guaranteed constitutional right.(9) Justice Brandeis wrote in his dissenting opinion in Olmstead v. United States(10) that the Founding Fathers "conferred, as against the Government, the right to be let alone - the most comprehensive of rights and the right most valued by civilized men. To protect that right, every unjustifiable intrusion by the Government upon the privacy of the individual.... must be deemed a violation of the Fourth Amendment."(11)

Since Brandeis and Warren, scholars have struggled to establish the parameters of the right to privacy. J2 Some viewed this right as "an expression of one's personality or personhood, focusing upon the right of the individual to define his or her essence as a human being."(13) Others define the right as one "of autonomy - the [individual's] moral freedom ... to engage in his or her own thoughts, actions, and decisions."(14) Yet another group, led by Professor Alan Westin,(15) contends that privacy is the right to determine for oneself whether and how much personal information is communicated to others.(16)

The Supreme Court has struggled to define the right to privacy, gradually setting parameters for discussions of this right.(17) In an early case, the Court held that wiretapping by federal agents did not violate the Fourth Amendment.(18) Brandeis noted, however, that: "every unjustifiable intrusion by the Government upon the privacy of the individual ... must be deemed a violation of the Fourth Amendment."(19) He warned that scientific progress could potentially lead to greater governmental intrusion into private lives.(20)

In determining whether an individual's privacy was violated, the Court balanced the individual's privacy interest against the interests of society.(21) The Court found that the right to privacy protects an individual's interests in: (1) avoiding disclosure of personal matters,(22) and (2) independently making important decisions.(23) In the landmark abortion case, Roe v. Wade, the Court found that "only personal rights that can be deemed `fundamental' or `implicit in the concept of ordered liberty,' ... are included in this guarantee of personal privacy."(24) The right to privacy has been found in the First, Fourth and Fifth Amendments, as well as the Fourteenth Amendment's notion of personal liberty.(25)

In Griswold v. Connecticut,(26) the Supreme Court found that the spirit of the Bill of Rights gives substance to a right to privacy.(27) When deciding whether a particular situation deserves constitutional protection, the Court usually first determines whether there was a legitimate governmental interest in protecting the contested right.(28)

Two years later, the Court refined the concept of the right to privacy in Katz v. United States.(29) In Katz, the FBI recorded a telephone call placed by the defendant from a public telephone booth.(30) The Court held that a wiretap could violate the Fourth Amendment even though it did not involve a physical trespass onto the area occupied by the defendant.(31) Moreover, the Court proclaimed that constitutional protection must be accorded to a person who justifiably relies upon the privacy of a particular place, be it a home, office, car, or telephone booth.(32)

In 1973, the Supreme Court found that a woman's right to terminate her pregnancy is protected by the Constitution.(33) Further, the Court required that state regulations limiting those privacy rights be justified by showing a compelling state interest.(34)

In 1977, the Court examined the right of informational privacy in Whalen v. Roe.(35) This was considered a milestone case in the area of privacy and technology.(36) In Whalen, physicians and patients challenged the constitutionality of New York statutes that required disclosure to a state-controlled databank of the names and addresses of individuals receiving prescriptions for potentially dangerous drugs.(37) The Court upheld the statutes, finding this was a reasonable exercise of the state's police powers.(38) In particular, the Court recognized that the statutes provided specific protections against unauthorized use and disclosure of data.(39) Although the Court did not find constitutional violations in the statutes, the Court recognized the possibility of a constitutional interest in personal information.(40) The Court also acknowledged the dangers of amassing personal information in centralized computer data banks.(41) The government has a legitimate need to collect certain personal data for public purposes, but there is also a duty to avoid unwarranted disclosures, which "arguably has its roots in the Constitution."(42)

B. Privacy and Tests Involving Medical Information

The Supreme Court uses a special needs analysis to analyze cases where one's privacy interests are implicated by a search yet there is an important governmental interest involved in the intrusion.(43) To determine whether a search is reasonable under the Fourth Amendment, a court must balance the encroachment on an individual's constitutional right against the advancement of legitimate state goals.(44) There is a general need to show individualized suspicion to find a warrantless search to be reasonable; however, this prerequisite may be unnecessary when special needs are found.(45)

The Court used the special needs test in a case where a Georgia statute required drug testing of candidates for state office.(46) In another case, the Court used the same analysis to find that a school district may require all student athletes to submit to drug tests, where the results are not shared with law enforcement authorities and the testing is conducted in a relatively non-intrusive manner.(47) The Court contended that governmental benefits from the testing program outweighed the interference with students' privacy interests.(48)

Privacy is an evolving concept that is to be balanced against the state's legitimate interests. However, does this protection extend to private organizations, such as employers, seeking to intrude on the privacy of employees?


The concept of a universal identifier is not unique to American society. For a long time now, Americans have provided their Social Security numbers ("SSNs") as a unique identifier for many of their activities.(49) David Medeen of the Federal Trade Commission said that "your Social Security number is often the best way to distinguish you from everyone else."(50) Additionally, Medeen claimed that it "may be the one thing that doesn't change with someone as they go through life."(51)

The SSN is a unique nine-digit number assigned to any legal resident in the United States who completes an application at the Social Security Administration.(52) As a result of the assignment of a unique number for each American, an Internal Revenue Service audit found that the SSN is the nation's most frequently used number for keeping records.(53) The pervasive use of the SSN has created privacy concerns that are now being raised with the impending establishment of a unique health identifier.(54)

A. The Use of the Social Security Number as an Identifier

Government and private sectors use SSNs as unique identifiers for data collected on individuals.(55) Various government agencies, from courts to the Internal Revenue Service, require individuals to provide their SSNs as part of their records. In fact, the Internal Revenue Code requires the use of the SSN as the principal identifying number for tax filers.(56) Employers, in turn, request employees to provide their SSNs in order to properly account for tax withholding.(57) Other governmental agencies that frequently require SSN disclosure include the courts,(58) motor vehicle offices,(59) and the Department of Veterans Affairs.(60) The problem of the inclusion of the SSN in court documents surfaces when those documents become public records.

Private, non-governmental agencies that routinely ask for the SSN of applicants include financial institutions(61) and schools.(62) Students who receive any federal education loans or grants must provide their SSNs in order for the government and the schools to maintain data.(63) Additionally, an individual's SSN is used by banks and other financial institutions to report to the Internal Revenue Service the interest earned on accounts.(64)

Another industry that uses the SSN as an identifier is the medical field. Federal law now authorizes governmental and private organizations that collect blood donations to request the SSNs of donors, even requiring the SSN of any donor.(65) Further, an organization called the Medical Information Bureau,(66) located in Weston, Massachusetts, "maintains and exchanges millions of United States residents' medical records, which usually contain SSNs."(67) Their records of 15 million Americans are accessible to approximately 750 participating insurance companies.(68)

Although the SSN is currently used to interconnect the many facets of our lives, from finances to education, the original intent of the Social Security Administration in creating the SSN was the record keeping of the earnings, and eventually the benefits, of employees covered under the social programs created during the New Deal.(69) The SSN as an identifier was so convenient that soon the commercial world also used it as an identifier.(70) In fact, the SSN is so widely used as a critical identifier that David Medeen of the Federal Trade Commission has proclaimed "it's probably too late to put that cat back in the bag right now."(71) Medeen believes that the pertinent question now is how to limit access to SSNs to those individuals or entities with legitimate use.(72)

B. Abuses of the Social Security Number as Identifier

The need for limiting access to the SSN is important because the potential for abuse is great when vast amounts of personal data is linked to one number. Moreover, the number is easily accessible by numerous people who work in the various agencies and organizations that use the number as an identifier.(73) The problem is compounded with the expansion of the Internet and its relatively unregulated transactions.(74) With the ease of a modem and a phone line, much personal information is transmitted about individuals as they converse, shop, and surf the Web.(75)

Growing increasingly common in recent years is a phenomenon known as "identity theft," where thieves steal someone's identity to get their driver's licenses and credit cards, buying everything from mobile homes to toys.(76) The use of someone's SSN is one way thieves get their "identity".(77) Criminals can get one's personal information by ordering credit reports, digging through garbage, stealing mail, and through other means.(78) There are many "lookup" service companies that provide private information about individuals to law-enforcement agencies, private investigators, law firms, banks and various businesses.(79) Although the Federal Trade Commission reported that access provided by these look-up services was not the only factor contributing to fraud, these services greatly increase risks of fraud because they substantially facilitate access to public records.(80) In 1997, the General Accounting Office found that identity theft contributed to the loss of $745 million by consumers and institutions.(81) In addition, Trans Union, one of the three major credit-reporting agencies, reported a major increase from 1992 (35,235) to 1997 (522,922) in requests for help from fraud victims.(82)

In order to foil identity thieves, some key information suggested for safekeeping include an individual's Social Security number, driver's license number and birthdate,(83) which are all frequently requested information to determine identity. The Social Security Administration warns that they cannot stop other government agencies or the private sector from using the SSN as an identifier, therefore, they vaguely warn everyone to be careful with their SSNs.(84) They do, however, guarantee that an individual's Social Security record is protected from disclosure unless the law requires disclosure to another government agency or the information is necessary to manage Social Security or other government health or welfare programs.(85)

Social Security numbers currently most resemble a universal identifier. Nevertheless, if the Portability Act is fully implemented, everyone in this nation will soon have a unique health identifier. With the fervor of privacy concerns coinciding with the impending implementation of this new identifier that is intended to be universal, what is the American sentiment over the privacy of their records?

C. Some Statistics on American Concerns Over Privacy

Studies show that Americans are concerned about keeping their personal information to themselves,(86) Nevertheless, "Americans trust their doctors and hospitals with confidential medical information, but fear disclosure when it is handled and stored by private health insurance plans or others."(87) A survey conducted by the Princeton Survey Associates for the California Healthcare Foundation found that "over half of all adults in the United States ([54%]) ... say the shift from paper record-keeping systems to computerized systems makes it more difficult to keep personal medical information private and confidential."(88)

The fear of computer hackers is quite high. Across the nation, 55% express worry about computer hackers breaking into the system, but only 30% worry more about information being leaked by authorized users.(89) Most people acknowledge that individuals besides their "immediate providers can access their personal medical records and they have strong preference" for access restriction.(90) The majority of those surveyed would not give access to groups seeking permission to their personal medical records "except [for] medical research studies conducted by government or academia."(91) But the majority of them (60%) would deny access to hospitals extending preventive care programs or to potential employers.(92) Moreover, 56% of the surveyed adults would not give access to a new health insurance company, while 70% of them are willing to allow drug companies access for purposes of marketing new drugs and other health care products.(93)

Although concern about privacy of records is high, most Americans believe their medical privacy was never violated.(94) Only 18% believe that "a health care provider, insurance plan, government agency, or employer has ever improperly disclosed personal medical information."(95)

 On August 21, 1996, the Portability Act was enacted to:improve portability
 and continuity of health insurance coverage in the group and individual
 markets, to combat waste, fraud, and abuse in health insurance and health
 care delivery, to promote the use of medical savings accounts, to improve
 access to long-term care services and coverage, and to simplify the
 administration of health and insurance.(96)

Every American's health care status, as well as their individual privacy interests, will be affected by a portion of the statute, which provides for each American to be assigned a unique health identifier.(97) When surveyed, however, Americans showed little support for the adoption of a unique health identifier system.(98)

A. Overview of the Portability Act

The Portability Act is divided into five titles. The first title affects health care access, portability and renewability, while Title II concerns the prevention of health care fraud and abuse.(99) Title III amends the Internal Revenue Code of 1986, specifically those provisions dealing with medical savings accounts, deductions for health insurance costs, and the treatment of long-term care services.(100) Title IV deals with the application and enforcement of group health plan requirements.(101) Lastly, Title V concentrates on revenue offsets.(102) Section 262 of the Act established standards for the electronic transmission of health information, as well as penalties for failing to observe these requirements.(103) This section also mandates that every American be assigned a unique health identifier.(104)

The unique health identifier raised concern for privacy advocates because the identifier will be openly accessible to many individuals throughout the health care industry. However, one must ask whether patients have a right to their own medical records.

B. Privacy of Medical Data

1. Judicial Background

The right to privacy has been recognized over time by the United States Supreme Court, based on the First, Fourth, Fifth, and Ninth Amendments to the Constitution, and the Fourteenth Amendment's guarantee of liberty for all Americans. The Court has recognized "zones of privacy" within which an individual has a right to make certain personal decisions, such as those concerning marriage, contraception, procreation, and raising children, without government encroachment.(105)

Generally, the individual has been found to possess the right not to have her private affairs disclosed to the public by the government.(106) This right ensures that an individual retains control of her personal data and the ability to decide when, where, and how that information is shared with others.(107) The government is restrained from compelling disclosure of certain information regarding one's private life, especially when relationships of trust and confidentiality are involved.(108) Furthermore, the Fourth Amendment(109) prohibits unreasonable searches and seizures where an individual has a reasonable expectation of privacy.(110)

Medical records are usually the product of doctor-patient relationships in which there is an expectation of privacy.(111) Moreover, one's reputation might be affected by the disclosure of medical information.(112) Consequently, unwarranted disclosure of medical record information might be a violation of due process under the Fourteenth Amendment. However, the federal courts have found that pharmacies are pervasively regulated by industry regulations "and that consequently pharmacists and distributors subject to the Controlled Substances Act have a reduced expectation of privacy in the records kept in compliance with the Act."(113)

This treatment of pharmaceutical records illustrates that the courts will weigh state interests in public health against private interest in avoiding disclosure of individual disease.(114) As the automation of medical records continues, courts will be required to weigh the two interests in order to determine whether to allow the disclosure of information.(115) However, the courts must also recognize that with computerized record keeping, medical records can be accessed with greater ease.(116) The Court in Whalen v. Roe recognized this potential problem when it noted that personal information that is accumulated in a centralized computer database might threaten privacy.(117)

2. Federal Legislation

The right to privacy is protected by certain statutes, such as the Privacy Act(118) and the Freedom of Information Act ("FOIA").(119) These two acts provide safeguards protecting individuals against inappropriate government use of private information.(120) The Privacy Act was designed to give private citizens control over their information gathered by the federal government.(121) This act governs federal government procurement and use of personal information found in federal agency records.(122) Prior to disclosing personal information, the Privacy Act requires written consent of the individual whose record is being disclosed.(123) Individuals are allowed access to their own records and an opportunity to challenge the contents.(124) In addition, the statute provides remedies for violations in the form of monetary damages, injunctive relief, and in the case of willful violations, criminal penalties.(125)

The Computer Matching and Privacy Protection Act of 1988 amended the Privacy Act and regulates the computerized comparison of records by governmental agencies for the purpose of establishing or verifying the eligibility of individuals for benefits or to recover payments of delinquent debts.(126) The Freedom of Information Act allows the public to access executive branch records, except those within the stated exemptions, such as personnel and medical files that, upon disclosure, would constitute a clear unwarranted violation of personal privacy.(127) One of the criteria for this exemption is to weigh the invasion of personal privacy against the public's interest in the disclosure of government information.(128) Courts have tended to interpret the congressional policy as favoring disclosure.(129) Nevertheless, federal courts have also found that the FOIA prohibits businesses from obtaining personal information for commercial use.(130)

Although the FOIA and the Privacy Act generally apply only to government agencies, the Privacy Act also applies to government contractors who were hired to operate the agency's record systems.(131) For example, insurance companies hired to serve as intermediaries for Medicare and hospitals maintaining medical records under government contract are regulated by the Privacy Act.(132)

C. Unique Health Identifier and Its Not-So-Unique Privacy Concerns

The Portability Act is another piece of legislation enacted by Congress to address the privacy of medical information. Title II of this Act addresses concerns about health care fraud and abuse, and administrative simplification. Section 262 specifically focuses on creating standards for electronic transmission of medical information and addresses the need to provide security, integrity, and authenticity of health information.(133)

One of the most controversial(134) portions of the Portability Act is the required use of a "unique health identifier for each individual, employer, health plan, and health care provider for use in the health care system."(135) It is controversial not only for privacy reasons, but because it is seen as a special interest addition to the Portability Act.(136) Representative David Hobson (R-Ohio) tacked the unique health identifier on the 1996 Kennedy-Kassebaum health-care bill.(137) The critics of this amendment contend that it is a measure written by private interest groups comprised of large healthcare management organizations, such as the American Health Information Management Association, as well as large corporations, such as IBM.(138) As discussed above, the concept of a unique identifier is nothing new to American society,(139) and the same concerns about the pervasive use of the SSN apply here as well.

1. Proponents' Views

Proponents of a unique health identifier believe it would create efficiency in the maintenance of medical records and provide scientific researchers with a national database of information to create a more complete survey. A unique identifier would be assigned at birth to the individual for life.(140) It would be used for health, administrative, financial, statistical, and research purposes.(141)

Proponents foresee a more detailed examination and evaluation of the health care system.(142) Advocates point to the fact that doctors will be able to follow a patient's medical history from birth and be able to provide better diagnoses.(143) Researchers claim that the information gathered will allow for more detailed and complete analysis of medical studies of the population.(144) Furthermore, proponents argue that when someone is in the emergency room with little decision time, that person would receive better care if the hospital could immediately retrieve a complete medical history, including allergies and current medications.(145)

There are currently many entities that hold each American's medical records. The doctors and hospitals that patients visit maintain records of each patient's medical information. Moreover, unless one opts to pay for the treatment entirely on one's own, insurance companies are able to obtain similar information. The national clearinghouse of health data promises to consolidate all of one's medical information into a central computerized database.

Public health officials believe it is important to gather precise medical information on the population in order to prevent the spread of disease. As physical borders become more fluid in today's global economy, and traveling becomes ever more popular, the only effective way to control diseases is through international collaboration. This collaboration requires the sharing of data on the health status of each nation's population. For example, the World Health Organization ("WHO") estimated that HIV would affect about forty million people worldwide by year 2000; however, a consortium of independent health care professionals led by Harvard School of Public Health's Dr. Jonathan Mann estimated up to 110 million people would be affected.(146) The discrepancy between the two estimates stem from the fact that the WHO gathers information furnished by governments, which may be reluctant to disclose true estimates of diseases within their populations.(147)

2. Opponents' Views

Conversely, opponents and skeptics assert that a unique health identifier is an imposition on an individual's privacy.(148) When President Clinton first introduced the Portability Act, he was enthusiastic about requiring every American to carry a health card, similar to the unique health identifier.(149) During the summer of 1998, however, the Clinton Administration decided to reserve their support of a unique health identifier until Congress has enacted comprehensive legislation to protect patient privacy.(150)

Vice President Albert Gore Jr. has requested Congress to create legislation that would cover medical records, financial data and information gathered from children over the Internet.(151) With the imminent automation of all medical information, concerns over access and transmission of the data are compounded.(152) Many are afraid that whatever form the health identifier takes, it will only add to the increasing links to an individual's personal data.(153) It seems inevitable that databases will be linked and unauthorized individuals will be able to easily establish a connection between two sets of personal identifiers and gain access to more than just medical information.(154)

3. Potential Problems With the Unique Health Identifier

Potential for abuse of data can be seen by looking at the pharmaceutical industry. Many new computer software programs assist pharmacists in their clerical, managerial and professional duties.(155) The software might help a pharmacist to screen prescriptions, document and bill for services, and track a patient's progress; however, this requires the pharmacist to enter personal data about the patient.(156) This information might include the patient's date of birth, gender, drug allergies, any past diseases, as well as any current diseases, and lifestyle notes.(157) At first glance, this seems to help the patient because the pharmacist can now warn the patient about any potential reactions to prescriptions. However, pharmacists have become a hot commodity in the new market for information in their databases.(158) Additionally, pharmaceutical companies use the information gathered for marketing purposes.(159)

Currently, the "data collection industry is unregulated and confidentiality is self-enforced."(160) Although pharmacists have an ethical duty to keep patient information confidential,(161) there is no law prohibiting this information from being disclosed.(162) One of the major problems is the broad range of individuals who might be able to access the full patient record. In addition to the physicians, nurses and pharmacists who have access to the information, lab technicians, administrators, payors, regulators, health management organizations and social workers have access as well.(163)

D. Portability Act's Standards and Its Scope

Fortunately, the picture is not completely grim for the future of patient privacy. The Portability Act has set standards that will apply to health plans, health care clearinghouses, and health care providers who transmit any health information in electronic form, which is connected with particular financial or administrative transactions.(164) Although the Portability Act does not address all aspects of confidentiality, it does provide some guidance for further policy making.(165)

The Portability Act set security standards and created criminal sanctions for violators.(166) Any person who knowingly violates the statute by disclosing identifiable health information may be penalized by a fine of up to $50,000 and/or imprisonment for up to one year.(167) Nonetheless, beyond the punishment of violators, the difficulty of implementing the unique health identifier also involves its format.

A major issue regarding a unique health identifier is the ability to protect the confidentiality of individuals without sacrificing convenience.(168) One proposed alternative is combining a public universal identifier with a private number that the individual could control, similar to the personal identification numbers (PIN) that every credit card holder possesses.(169) Another would be encrypted keys that can only be unlocked by the individual in possession of the key.(170) A more troubling proposed alternative is the use of biological information, such as DNA data, as the basis for a unique health identifier.(171)

With the increasing popularity of the Internet as the medium of information exchange, legislation must address the potential abuses of information obtained over the Internet. An individual's privacy rights, like intellectual property rights, are likely to be infringed when individuals use the Internet. With this in mind, Vice President Al Gore has proposed the "electronic bill of rights."(172) The intention is for Congress to address privacy concerns as well as protect the use of information obtained via the Internet.(173) Any legislation Congress eventually proposes must consider that virtually anyone could access personal and confidential medical information without proper authorization.(174)

Many Americans, whether politically conservative or liberal, are uneasy with this governmental intrusion into their health records.(175) Because many aspects of people's lives are already easily accessible, some nihilists believe that the intrusions cannot worsen.(176) Arthur Caplan, the director of the Center For Bioethics at the University of Pennsylvania, believes that "[b]ig brother has already found you" and safeguards to medical records are useless because "[w]e are not at T-minus 30 seconds and holding. We are trying to grab a missile that has cleared the atmosphere and bring it back."(177)

Although the picture for privacy might seem grim when viewing it from the nihilist's point of view, Congress and various organizations are attempting to create legislation to provide greater privacy protection. Indeed, organizations such as the ACLU want legislation that will make it difficult for anyone, including law enforcement officials, to access medical records without a warrant.(178)

The ACLU has previously endorsed legislation that protects patient privacy.(179) Some of the provisions endorsed by the ACLU include: (1) access to patients' medical records should never be given to anyone, except immediate health care providers, without patient permission; (2) public officials must set standards for privacy protection on a nationwide basis and not preempt state laws that are more protective of patients' rights.(180)

Pending legislation that privacy advocates are supporting includes the Personal Information Privacy Act of 1997 and the S. 377, Promotion of Commerce in the Digital Era.(181) The former is intended to protect individuals' SSNs(182) and the latter demands encryption technology.(183)

In the State of the Union address on January 27, 2000, President Clinton briefly spoke of citizens' privacy rights and the need to protect Americans' medical records.(184) The President's words highlight the need for Congress to enact strong legislation that will withstand the test of time and advancing technology.


The Portability Act contains measures to protect privacy, but a unique health identifier can create potential abuses that have not been adequately addressed. Congress needs to enact legislation that will address issues of privacy in the face of technological advancements that promise to link the world. The legislation must address patient access and patient permission for third parties to gain access. Although the Portability Act's intent is sound and should improve healthcare for all Americans, the unique identifier needs unambiguous guidelines in order to prevent abuse.

(1.) Due to an impasse in Congressional debates on patient privacy, plans to enact the universal health identifier required by the Portability Act were postponed until 1998. See ACLU Welcomes Clinton Medical Privacy Regulations; Says Major Components Must Be Strengthened (visited Apr. 8, 2000) <>. As of January 2000, the universal health identifier has not been implemented because effective protections for patients' privacy have not been established. See id; see also Frank Bruni, Democrats Stall Bill to Force Consideration of Patients' Rights, N.Y. TIMES, Jun. 22, 1999, at A23.

(2.) See Editorial, Electronic Threats to Medical Privacy, N.Y. TIMES. Mar. 11, 1997, at A22 (discussing the need tot uniform federal standards to preserve medical privacy); see also, Cathy Young, Opinion, Private Medical Database Beast Protects Confidentiality, DET. NEWS, Oct. 7, 1998, at A13 (recommending privatization of medical databases to alleviate concerns about governmental intrusions and abuse of personal medical data); see also Jeremy Gruber, Testimony Presented to the Senate Labor and Human Resources Committee (visited Apr. 8, 2000) <> (calling for the restriction of employer and insurer access to genetic data).

(3.) President Clinton's State of the Union Address to Congress (Jan. 27, 2000), in Grand Ideas, Little Time, N.Y. TIMES, Jan. 28, 2000, at A1.

(4.) See Health Insurance Portability and Accountability Act: of 1996, Pub. L. No. 104-191, (codified in scattered sections of 42 U.S.C.).

(5.) See id. at [sections] 1320d-2(a)(1).

(6.) See id. at [sections] 1320d-2(b).

(7.) Id. at [sections] 1320d-2(b)(1). For a detailed discussion, see infra Part III.


(9.) See id.

(10.) 277 U.S. 438 (1928) (Brandeis, J., dissenting), overruled by Katz v. United States, 389 U.S. 347 (1967).

(11.) Id. at 478.

(12.) See William H. Minor, Identity Cards and Databases in Health Care: The Need for Federal Privacy Protections, 28 COLUM. J.L. & SOC. PROBS. 253, 260-61 (1995).

(13.) Id. (citing Ken Gromley, One Hundred Years of Privacy, 1992 WlSC. L. REV. 1335, 1336 (1992)).

(14.) Id. at 261.

(15.) Professor Emeritus of Public Law and Gov't, Columbia University, Author, PRIVACY AND FREEDOM (1967).

(16.) See id.

(17.) See, e.g., Griswold v. Connecticut, 381 U.S. 479 (1965) (holding that the Constitution protects a fundamental right to privacy, including the right of a married couple to decide whether to use contraceptives); Katz v. United States, 389 U.S. 347, 353 (1967) (Harlan, J., concurring) (stating that constitutional protection extends to an individual who demonstrates a legitimate expectation of privacy in a particular place, and that society is willing to recognize that individual's interest as reasonable); Roe v. Wade, 410 U.S. 113 (1973); Whalen v. Roe, 429 U.S. 589, 603-05 (1977) (upholding the constitutionality of a New York statute requiring that a copy of prescriptions for potentially harmful yet legal drugs be forwarded to the state for recording, but recognizing individuals' interest in protecting the disclosure of personal information).

(18.) See Olmstead v. United States, 277 U.S. 438, 466 (1928), overruled by Katz v. United States, 389 U.S. 347 (1967).

(19.) See id. at 478 (Brandeis, J., dissenting).

(20.) See id. at 473-74.

(21.) See Katz, 389 U.S. at 353 (Harlan, J., concurring).

(22.) See, e.g., Whalen v. Roe, 429 U.S. 589, 603-05 (1977).

(23.) See, e.g., Roe v. Wade, 410 U.S. at 152-53.

(24.) Id. at 152.

(25.) See id.

(26.) 381 U.S. 479 (1965).

(27.) See id. at 484.

(28.) See id. at 487-89 (Goldberg, J., concurring).

(29.) 389 U.S. 347 (1967).

(30.) See id. at 348.

(31.) See id. at 353.

(32.) See id.

(33.) See Roe v. Wade, 410 U.S. 113, 153 (1971) (finding Texas criminal abortion statutes prohibiting abortions at any stage of pregnancy, except to save the mother's life, unconstitutional).

(34.) See id. at 154.

(35.) 429 U.S. 589 (1977).


(37.) See Whalen, 429 U.S. at 591.

(38.) See id. at 605-06.

(39.) See id. at 607.

(40.) See id. at 605.

(41.) See id. ("We are not unaware of the threat to privacy implicit in the accumulation of vast amounts of personal information in computerized data banks or other massive government files").

(42.) Id.

(43.) See Skinner v. Labor Executive Ass'n, 489 U.S. 602, 624 (1989).

(44.) See id. at 619.

(45.) See id.

(46.) See Chandler v. Miller, 520 U.S. 305, 305 (1997).

(47.) See Vernonia School Dist. 47J v. Acton, 515 U.S. 646, 658 (1995).

(48.) See id. at 647.

(49.) See Morning Edition (NPR radio broadcast, 10:00 AM E.S.T., April 20, 1998), available in 1998 WL 3307089 [hereinafter NPR Morning Edition].

(50.) Id.

(51.) Id.

(52.) See 20 C.F.R. [subsections] 422.103(b) (1999).

(53.) See Aaron Zitner, IRS Tightens Rules to Shield Taxpayer Privacy; Audit Showed Agents Often Duped Into Improperly Giving Out Data, BOSTON GLOBE, Nov. 29, 1997, at E1.

(54.) See NPR Morning Edition, supra note 49. The problem with access to SSNs is that it can lead to consumer fraud. See id. The Social Security Administration acknowledges the concerns regarding the multiplying uses of the SSN for identification and record keeping, and has suggested ways to protect privacy of Social Security records. See Social Security: Your Number and Card (visited March 11, 1999) <>.

(55.) See id.; NPR Morning Edition, supra note 49. For example, since 1961, the Internal Revenue Service has been using SSNs as identifiers on tax returns. See Hugh R. Jones, Your Number's Up: Social Security Numbers and the Right to Privacy, HAW. B. J., Nov. 1996, at 40.

(56.) See 26 U.S.C. [sections] 6109(a)(4), (d) (1999). In addition to requiring the tax flier's own SSN, s/he must provide the SSN of dependents for whom s/he claims a deduction. See Flavio L. Komuves, We've Got Your Number: An Overview of Legislation and Decisions to Control the Use of Social Security Numbers as Personal Identifiers, 16 J. MARSHALL J. COMPUTER & INFO. L. 529, 540-41 (1998). Originally, the tax filer was only required to provide the SSN of children over five years old; however, Congress has since eradicated the minimum age, creating the use of the SSN as a personal identifier from one's birth. See id.

(57.) See id.

(58.) The Bankruptcy Rules require SSN disclosure of either the debtor or the preparer, while the Tax Court's rules have a similar requirement for all filings with that court. See id. at 543-44. Some courts even list the SSN of litigants in court opinions for no justifiable reason. See id.

(59.) While most states merely request SSN disclosure, some states, e.g., Illinois, require printing of the SSN on the license. See id. at 545 n. 79. The Department of Transportation's National Highway Traffic Safety Administration issued a proposed rule aimed at establishing a national identification card by requiring SSNs to be on all valid state-issued drivers' licenses. See Gregory T. Nojeim, A National ID Card, National ID Systems, and Their Impact on Civil Liberties (visited Mar. 23, 1999) <>. Civil libertarians are staunchly opposed to such actions because of the fear that this would lead to easy access to vast amounts of private information, in addition to turning state motor vehicle offices into immigration checkpoints. See id.

(60.) See 38 U.S.C. [sections] 5101(c)(1) (1994); see also 38 C.F.R. [sections] 3.216 (1999) (stating that if a beneficiary fails to provide the Department of Veterans' Affairs with his or her SSN within 60 days from the date an SSN is requested, then benefits will be discontinued).

(61.) See Steven A. Bibas, A Contractual Approach to Data Privacy, 17 HARV. J.L. & PUB, POL'Y 591, 593-95 (1994). Credit bureaus maintain financial information on nearly ninety percent of adult Americans. See Komuves, supra note 56, at 536. The credit files are coded with the individual SSN and the information within is sold and traded with few legal constraints. See id.

(62.) See Alexander C. Papandreou, Krebs v. Rutgers: The Potential for Disclosure of Highly Confidential Personal Information Renders Questionable the Use of Social Security Numbers as Student Identification Numbers, 20 J.C. & U.L. 79, 79 n. 2 (1993).

(63.) See 20 U.S.C. [sections] 1091(a)(4)(B) (1994).

(64.) See Social Security: Your Number and Card, supra note 54.

(65.) See 42 U.S.C. [sections] 405(c)(2)(D) (1999). The Code provides that:
 (D)(i) It is the policy of the United States that-

 (I) any State (or any political subdivision of a State) and any authorized
 blood donation facility may utilize the social security account numbers
 issued by the Secretary ... for the purpose of identifying blood donors,
 and (II) any State (or political subdivision of a State) may require any
 individual who donates blood within such State ... to furnish to such
 State, ... [and] to any authorized blood donation facility the social
 security account number ... issued to the donor by the Secretary.


(66.) The Medical Information Bureau ("MIB") is a nonprofit agency founded in 1902 that centralizes the collection of medical data and provides access to medical records. See BRANSCOMB, supra note 8, at 67. Their records of 15 million Americans are accessible to approximately 750 participating insurance companies. See id.

(67.) Komuves, supra note 56, at 539.

(68.) See BRANSCOMB, supra note 8, at 67.

(69.) See Social Security: Your Number and Card, supra note 54. The SSN began in 1935. See id.

(70.) See NPR Morning Edition, supra note 49.

(71.) Id.

(72.) See id.

(73.) See, e.g., Zitner, supra note 53, at E1. The Internal Revenue Service's report found that an impostor who has the name, address, and SSN of a taxpayer can "find out tax and income information from the IRS with a simple phone call." Id. The IRS has since implemented tougher procedures, demanding more information in order to confirm the identity of a caller. See id.

(74.) In 1996, Lexis-Nexis, one of the country's largest electronic information brokers, came under fire for invasion of privacy when it launched its online "look-up" service called the P-Trak. See Timothy Burn, Database Companies Agree to Police On-line Information on Net Users, WASH. TIMES, June 11, 1997, at B12.

(75.) See id.

(76.) See Michael Higgins, Identity Thieves, A.B.A. J., Oct. 1998, at 42, 43 (discussing stories of those who have been victims of "identity theft" and their fight to get legislation passed making identity theft a felony).

(77.) See id. To commit identity theft, all a thief would need is a credit card application and the target individual's basic personal data. An important piece of information is the target's SSN, which is easily obtainable through credit reports. See id.

(78.) See id.

(79.) See Katharine Q. Seelye, A Plan for Database Privacy, But Public Has to Ask for It, N.Y. TIMES, Dec. 18, 1997, at A1.

(80.) See id. In 1997, the Federal Bureau of Investigation ("FBI") found that complaints of wrongful access to data stored in computers had increased six-fold since 1991. See id.

(81.) See Tom Lowry, Information Brokers Put on Brakes; New Limits Aim to Cut Identity Theft, USA TODAY, Jan. 18, 1999, at 3B.

(82.) See id.

(83.) See Higgins, supra note 76, at 46..

(84.) See Social Security: Your Number and Card, supra note 54.

(85.) See id.

(86.) A 1997 Georgia survey showed that 87% of people online want total control over their personal data. See Denise Caruso, Exploiting and Protecting Personal Information, N.Y. TIMES, (visited March 1, 1999) <>.

(87.) Americans Worry About the Privacy of Their Computerized Medical Records (visited Feb. 15, 1999) <>. Following the conversion of Blue Cross of California from non-profit status to a for-profit corporation, WellPoint Health Networks, the California HealthCare Foundation was established in May 1996. See The Foundation (visited Mar. 11, 1999) <>. This organization is one of two philanthropies created when Blue Cross of California was converted. See id.

(88.) The Foundation (visited Mar.11, 1999) <>. For this survey, Princeton Survey Research Associates conducted a national telephone interview of 1,000 adults, at least 18 years old, in the continental U.S. during November and December 1998. See id.

(89.) See id.

(90.) Id.

(91.) Id.

(92.) See id.

(93.) See id.

(94.) See id.

(95.) Id.

(96.) 42 U.S.C. [sections] 1320d (Supp. III 1997). President Clinton, upon signing H.R. 3103 into law, proclaimed that "this Act will ensure the portability of health benefits when workers change or lose their jobs and will protect workers against discrimination by health plans based on their health status." Statement by President William J. Clinton Upon Signing H.R. 3103, 32 WEEKLY COMP. PRES. DOC. 1480 (Aug. 26, 1996).

(97.) See 42 U.S.C. [sections] 1320d-2(b).

(98.) See Americans Worry About the Privacy of Their Computerized Medical Records, supra note 87. Thirty-nine percent of the Americans surveyed favored the use of health identifiers, while fifty-two percent were in opposition. See id.

(99.) See Roger N. Morris & Barry D. Mitchell, How Health Insurance Reforms Will Affect Law Firms and Lawyers, ARIZ. ATTORNEY, May 1997, at 33.

(100.) See id.

(101.) See id.

(102.) See id.

(103.) See 42 U.S.C. [sections] 1320d-4

(104.) See id. at [sections] 1320d-2(b).

(105.) See Roe v. Wade, 410 U.S. 113, 219 (1973); Doe v. Bolton, 410 U.S. 179 (1973) (holding right of privacy to be broad enough to encompass one's decision to abort a pregnancy); Eisenstadt v. Baird, 405 U.S. 438 (1972) (right to privacy includes contraceptive use); Griswold v. Connecticut, 381 U.S. 479 (1965) (recognizing choice of contraceptive use within the marital privacy right); Loving v. Virginia, 388 U.S. 1 (1967) (right to privacy includes marriage).

(106.) See Whalen v. Roe, 429 U.S. 589, 599 (1977) (holding constitutional a New York statute requiting that prescriptions for the most dangerous legitimate drugs include a copy for the state, but recognizing the individual's interest in not disclosing personal information).

(107.) See id. at 599-600.

(108.) See Terri Finkbine Arnold, Note, Let Technology Counteract Technology: Protecting the Medical Record in the Computer Age, 15 HASTINGS COMM. & ENT. L.J. 455, 472 (1993).

(109.) "The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, ..." U.S. CONST. amend. IV.

(110.) See Katz, 389 U.S. at 352-53 (finding that Constitutional protection must be given to an individual who has a legitimate expectation of privacy in the particular place).

(111.) Physicians highly regard the principle of confidentiality that can increase trust between patient and doctor, thus enhancing diagnosis and treatment. See Arnold, supra note 108, at 473; see also, ROBERT D. MILLER, PROBLEMS IN HOSPITAL LAW 295-96 (4th ed. 1986). All physicians take the Hippocratic Oath, "[w]hatever I see or hear, professionally or privately, which ought not to be divulged, I will keep secret and tell no one." ROY PORTER, THE GREATEST BENEFIT TO MANKIND: A MEDICAL HISTORY OF HUMANITY 63 (1997).

(112.) See Whalen, 429 U.S. at 600 (stating that the right to privacy protects the individual's interest in avoiding disclosure of personal matters).

(113.) United States v. Acklen, 690 F.2d 70, 75 (1982); see also United States v. Jamieson-McKames Pharm., 651 F.2d 532 (8th Cir. 1981) (holding that pharmacist had no reasonable expectation of privacy in items subject to administrative inspection under the Food, Drug and Cosmetic Act).

(114.) See generally Arnold, supra note 108, at 474.

(115.) See id.

(116.) See NPR Morning Edition, supra note 49.

(117.) See Whalen, 429 U.S. at 605.

(118.) See generally, 5 U.S.C. [sections] 552a (1994).

(119.) See generally, 5 U.S.C. [sections] 552 (1994).


(121.) See Arnold, supra note 108, at 475.

(122.) See 5 U.S.C. [sections] 551; see also Susan E. Gindin, Lost and Found in Cyberspace: Informational Privacy in the Age of the Internet, 34 SAN DIEGO L. REV. 1153, 1204 (1997).

(123.) See Gindlin, supra note 122, at 1204.

(124.) See id.

(125.) See id. at 1205.

(126.) See id.

(127.) See 5 U.S.C. [sections] 552(b)(6).

(128.) See Arnold, supra note 108, at 476.

(129.) See, e.g., Ditlow v. Shultz, 517 F.2d 166, 169 (D.C. Cir. 1975).

(130.) See Minnis v. United States Dept. of Agric., 737 F.2d 784, 787 (9th Cir. 1984) (holding that under the FOIA, a lodge owner cannot obtain a list of names and addresses from the Forest Service to use to send mail solicitations); HMG Mktg. Assocs. v. Freeman, 523 F. Supp. 11, 14 (S.D.N.Y. 1980) (holding that, under the FOIA, a government agency does not have to disclose the information on individuals who ordered historic coins to a business for the sole purpose of business use).

(131.) See 5 U.S.C. [sections] 552a(m)(1).

(132.) See Grace-Marie Mowery, Comment, A Patient's Right of Privacy in Computerized Pharmacy Records, 66 U. CIN. L. REV. 697, 711 (1998).

(133.) See 42 U.S.C. [sections] 1320d-2; see also Francoise Gilbert, Privacy of Medical Records? The Health Insurance Portability and Accountability Act of 1996 Creates a Framework for the Establishment of Security Standards and the Protection of Individually Identifiable Health Information, 73 N.D.L. REV. 93, 95 (1997).

(134.) Due to debates over this identifier, the Clinton administration announced that it would like to wait for legislation on privacy before implementing the identifier. See Plans for Health-Care ID Number Put on Hold; Gore Says Privacy Protections Needed, CHI. TRIB., Aug. 1, 1998, at 4; see also Editorial, One-Stop Snooping, WASH. POST, Sept. 19, 1998, at A14 (praising the White House for "sensibly put[ting] the brakes on a plan to institute ... [a unique health identifier], which would make the entire history of a person's medical treatments accessible at the touch of a button").

(135.) 42 U.S.C. [sections] 1320d-2(b)(1).

(136.) See Tiffany Danitz, Deceit, Denial and the Fate of Privacy, INSIGHT ON THE NEWS, Aug. 24, 1998, at 14.

(137.) See id. Rep. Hobson claimed that the amendment was to help simplify and modernize the way medical bills are paid. Id.

(138.) See id.

(139.) See discussion infra Part II.

(140.) See Lawrence O. Gostin, Health Information Privacy, 80 CORNELL L. REV. 451,459 (1995).

(141.) See id.; see also 42 U.S.C. [sections] 1320d-2(b)(1).

(142.) See Gostin, supra note 140, at 459.

(143.) See Plans for Health-Care ID Number Put on Hold, supra note 134, at 4.

(144.) See id.

(145.) See Editorial, One-Stop Snooping, supra note 134.

(146.) See BRANSCOMB, supra note 8, at 68.

(147.) See id.

(148.) See Plans for Health-Care ID Number Put on Hold, supra note 134, at 4; see also Testimony of H. Alexander Robinson American Civil Liberties Union Regarding S. 1360: Medical Confidentiality Act of 1995 (visited Nov. 21, 1998) <> (testifying to the need for federal protection of medical records privacy).

(149.) See Statement by President William J. Clinton Upon Signing H.R. 3103, supra note 96.

(150.) See Plans for Health-Care ID Number Put on Hold, supra note 134, at 4.

(151.) See id.; see also Gore Paper on Information Technology for the 21st Century: A Bold Investment in America's Future, U.S. NEWSWIRE, Jan. 24, 1999 [hereinafter Gore Paper on Information Technology].

(152.) See Electronic Threats to Medical Privacy, N.Y. TIMES, Mar. 11, 1997, at A22.

(153.) See A National ID Card, National ID Systems and Their Impact on Civil Liberties (visited Feb. 8, 1999) <>.

(154.) See Gilbert, supra note 133, at 101.

(155.) See Mowery, supra note 132, at 698.

(156.) See id.

(157.) See id.

(158.) See id.

(159.) See id. at 699.

(160.) Mowery, supra note 132, at 701.

(161.) See American Pharmaceutical Association, Code of Ethics for Pharmacists (visited Mar. 8, 2000) < pharmcare/ethics.html>. The relevant portion of the Code of Ethics states: "A pharmacist should respect the confidential and personal nature of professional records; except where the best interest of the patient requires or the law demands, a pharmacist should not disclose such information to anyone without proper patient authorization." Id.

(162.) See Mowery, supra note 132, at 701.

(163.) See Gostin, supra note 140, at 486-87. The Institute of Medicine performed a study and found thirty-three representative individual users of patient records and thirty-four representative institutional users. See id. at 486. These are all authorized users who make up the patient management team and entities concerned with review of care, research and health care delivery. See id.

(164.) See 42 U.S.C. [sections] 1320d-2. The statute provides that there should be:
 standards for transactions, and data elements for such transactions, to
 enable health information to be exchanged electronically, that are
 appropriate for (A) the financial and administrative transactions ...; and
 (B) other financial and administrative transactions determined appropriate
 by the Secretary, consistent with the goals of improving the operation of
 the health care system and reducing administrative costs.


(165.) See Gilbert, supra note 133, at 95.

(166.) See 42 U.S.C. [subsections] 1320d-2(d), 1320d-5.

(167.) See 42 U.S.C. [sections] 1320d-6.

(168.) See Gilbert, supra note 133, at 102.

(169.) See id. at 101-02.

(170.) See id.

(171.) See Judy Foreman, Your Health History-Up for Grabs?, BOSTON GLOBE, July 20, 1998, at C1. The Health and Human Resources White Paper notes that the identifier need not be a number at all. See id. It can be a DNA sample. See id.

(172.) Gore Paper on Information Technology, supra note 151.

(173.) See id.

(174.) See Foreman, supra note 171, at C1.

(175.) See id.

(176.) See id.

(177.) Id.

(178.) See Electronic Privacy Information Center Medical Record Privacy (visited Nov. 21, 1998) <>.

(179.) See id.

(180.) See ACLU Endorses Medical Records Privacy Legislation (visited Feb. 8, 1999) <>.

(181.) See Privacy Legislation Now (visited Feb. 8, 1999) <>.

(182.) See id. This bill was introduced to make it illegal for credit bureaus to distribute private information, such as SSNs and unlisted telephone numbers. See id. It also seeks to prohibit commercial use of SSNs. See id.

(183.) See id. This bill provides privacy protection for individuals and businesses in the United States by easing export controls that currently prevent development of effective encryption technology. See id.

(184.) The Text of President Clinton's State of the Union Address to Congress, N.Y. TIMES, Jan. 28, 2000, at A17.

Betty M. Ng(*)

(*) J.D. Candidate, 2000, Rutgers School of Law-Newark; B.A., 1995, Wellesley College. The author wishes to thank her parents for their unwavering love and belief in her abilities, and her brother James for his support and friendship.
COPYRIGHT 2000 Rutgers University School of Law - Newark
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 2000 Gale, Cengage Learning. All rights reserved.

Article Details
Printer friendly Cite/link Email Feedback
Author:Ng, Betty M.
Publication:Rutgers Computer & Technology Law Journal
Geographic Code:1USA
Date:Mar 22, 2000
Previous Article:Cyberbanking: a new frontier for discrimination?
Next Article:Mainstream Loudoun and the future of internet filtering for America's public libraries.

Related Articles
Privacy's price tag.
Privacy of Health Information: The New Y2K Challenge.
The Digital Age and Data Privacy.
HIPAA Privacy Rules Challenge Long-Term Care Providers. (Computer Quarterly Update).
Meeting the April deadline for the HIPAA privacy rule. (Computer Technology Update).
Public employee's personnel record is also public, court holds.
Australian patient records exempt from privacy law.

Terms of use | Privacy policy | Copyright © 2022 Farlex, Inc. | Feedback | For webmasters |