Privacy rule has opt-out loophole

A federal regulation protecting the privacy of medical records has a major loophole that would allow marketers to get the names of patients and target them for unsolicited ads, witnesses told Congress on Thursday.

That means a woman whose pregnancy test from a medical lab is positive could be the recipient of ads about prenatal vitamins. Or a person filling a prescription for a diabetes drug could get a mailbox full of ads about a new product from a drug maker.

Under the rule, a person can opt out of receiving unsolicited information only after getting the first one.

The new regulation, one of the last actions of the Clinton administration, goes into effect Feb. 26, 2003. It covers medical data, most of which is stored in electronic form, from private and governmental providers.

But at a hearing on the new regulation, some lawmakers and public-interest groups said the rule does not go far enough.

"There is a growing fear that technology is being used not to improve our lives but to make it easier for others to rifle through our medicine cabinets and peer into our checkbooks," said Sen. Chris Dodd (D-Conn.), a member of the Senate Health, Education, Labor and Pensions Committee, which held the hearing.

Nevertheless, Dodd guaranteed that firewalls will be placed in the workplace between the people who run an employer's health insurance program and those who make the hiring and firing decisions.

"As we all know, the dot-com era enables personal health information to be transmitted with the click of a mouse, and we cannot ignore the profound consequences that can occur if such information is abused," said Sen. Edward Kennedy (D-Mass.), ranking member of the committee.

A General Accounting Office report released at the hearing said that the regulation marks the first standards regarding the use and disclosure of personal health records, and it would cost the health industry $17.6 billion to adhere to the rule over the first 10 years. Nevertheless, the GAO said the rule is an important first step.

The debate may be too early, however. GAO official Leslie Aronovitz told the panel that it was unclear whether privacy rule would be affected by the Bush administration's order freezing all regulations until they are reviewed.


  • People
    Federal CIO Suzette Kent

    Federal CIO Kent to exit in July

    During her tenure, Suzette Kent pushed on policies including Trusted Internet Connection, identity management and the creation of the Chief Data Officers Council

  • Defense
    Essye Miller, Director at Defense Information Management, speaks during the Breaking the Gender Barrier panel at the Air Space, Cyber Conference in National Harbor, Md., Sept. 19, 2017. (U.S. Air Force photo/Staff Sgt. Chad Trujillo)

    Essye Miller: The exit interview

    Essye Miller, DOD's outgoing principal deputy CIO, talks about COVID, the state of the tech workforce and the hard conversations DOD has to have to prepare personnel for the future.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.