Privacy rule has opt-out loophole

A federal regulation protecting the privacy of medical records has a major loophole that would allow marketers to get the names of patients and target them for unsolicited ads, witnesses told Congress on Thursday.

That means a woman whose pregnancy test from a medical lab is positive could be the recipient of ads about prenatal vitamins. Or a person filling a prescription for a diabetes drug could get a mailbox full of ads about a new product from a drug maker.

Under the rule, a person can opt out of receiving unsolicited information only after getting the first one.

The new regulation, one of the last actions of the Clinton administration, goes into effect Feb. 26, 2003. It covers medical data, most of which is stored in electronic form, from private and governmental providers.

But at a hearing on the new regulation, some lawmakers and public-interest groups said the rule does not go far enough.

"There is a growing fear that technology is being used not to improve our lives but to make it easier for others to rifle through our medicine cabinets and peer into our checkbooks," said Sen. Chris Dodd (D-Conn.), a member of the Senate Health, Education, Labor and Pensions Committee, which held the hearing.

Nevertheless, Dodd guaranteed that firewalls will be placed in the workplace between the people who run an employer's health insurance program and those who make the hiring and firing decisions.

"As we all know, the dot-com era enables personal health information to be transmitted with the click of a mouse, and we cannot ignore the profound consequences that can occur if such information is abused," said Sen. Edward Kennedy (D-Mass.), ranking member of the committee.

A General Accounting Office report released at the hearing said that the regulation marks the first standards regarding the use and disclosure of personal health records, and it would cost the health industry $17.6 billion to adhere to the rule over the first 10 years. Nevertheless, the GAO said the rule is an important first step.

The debate may be too early, however. GAO official Leslie Aronovitz told the panel that it was unclear whether privacy rule would be affected by the Bush administration's order freezing all regulations until they are reviewed.


  • Defense
    Soldiers from the Old Guard test the second iteration of the Integrated Visual Augmentation System (IVAS) capability set during an exercise at Fort Belvoir, VA in Fall 2019. Photo by Courtney Bacon

    IVAS and the future of defense acquisition

    The Army’s Integrated Visual Augmentation System has been in the works for years, but the potentially multibillion deal could mark a paradigm shift in how the Defense Department buys and leverages technology.

  • Cybersecurity
    Deputy Secretary of Homeland Security Alejandro Mayorkas  (U.S. Coast Guard photo by Petty Officer 3rd Class Lora Ratliff)

    Mayorkas announces cyber 'sprints' on ransomware, ICS, workforce

    The Homeland Security secretary announced a series of focused efforts to address issues around ransomware, critical infrastructure and the agency's workforce that will all be launched in the coming weeks.

Stay Connected