个人隐私与共同利益:国家卫生信息隐私规则下的平衡框架。

IF 3 3区 社会学 Q1 LAW
L. Gostin, J. Hodge
{"title":"个人隐私与共同利益:国家卫生信息隐私规则下的平衡框架。","authors":"L. Gostin, J. Hodge","doi":"10.2139/SSRN.346506","DOIUrl":null,"url":null,"abstract":"The newly-introduced Standards for Privacy of Individually Identifiable Health Information represent the first systematic national privacy protections of health information. Flowing from a Congressional mandate in the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the regulations protect the privacy of individually-identifiable health records in any form (including electronic, paper and oral) through disclosure and use limitations, fair information practices, and privacy and security policies that apply to \"covered entities\" (health providers, health insurance plans and health care clearinghouses) and their business associates. Privacy safeguards are needed because of the personal nature of health data, the rapid shift from paper to electronic records, and actual and perceived risks of unwarranted disclosures. Existing health information privacy legal protections at the federal and state levels are fragmented, inconsistent, and variable. The new standards endeavor to protect patient privacy by limiting disclosures of individually-identifiable medical information (or \"protected health information\" (PHI)). Disclosure and use of PHI can only occur upon patient consent, subject to several exceptions outside the health care transaction setting. The regulations also implement fair information practices, which have long been a feature of existing federal laws. Fair information practices allow patients to (1) inspect and amend their records, (2) receive notice of covered entities' privacy practices and potential uses and disclosures of health information, and (3) request confidential communications and an accounting of actual disclosure. Through the regulations, HHS attempts to set a \"floor\" for protections that, it suggests, \"balance[s] the needs of the individual with the needs of society.\" Reaching this balance, however, is precarious. The national privacy rule does not always achieve a fair and reasonable allocation of benefits and burdens for patients and the community. We suggest a framework for balancing that values privacy and common goods, without a priori favoring either. We instead seek to maximize privacy interests where they matter most to the individual and maximize communal interests where they are likely to achieve the greatest public good. Thus, where the potential for public benefit is high and the risk of harm to individuals is low, we suggest that public entities should have discretion to use data for important public purposes. Provided that the data are used only for the public good (e.g., research or public health), and the potential for harmful disclosures are negligible, there are good reasons for permitting data sharing. Conversely, if data are disclosed in ways that are unlikely to achieve a strong public benefit, and the personal risks are high, individual interests in autonomy should prevail. Consequently, for these kinds of disclosures, the law should strictly prohibit the release of information without the patient's consent. Through this framework we attempt to maximize individual and communal interests in the handling of identifiable health data.","PeriodicalId":47393,"journal":{"name":"Minnesota Law Review","volume":"86 6 1","pages":"1439-79"},"PeriodicalIF":3.0000,"publicationDate":"2002-11-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"46","resultStr":"{\"title\":\"Personal privacy and common goods: a framework for balancing under the national health information privacy rule.\",\"authors\":\"L. Gostin, J. Hodge\",\"doi\":\"10.2139/SSRN.346506\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The newly-introduced Standards for Privacy of Individually Identifiable Health Information represent the first systematic national privacy protections of health information. Flowing from a Congressional mandate in the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the regulations protect the privacy of individually-identifiable health records in any form (including electronic, paper and oral) through disclosure and use limitations, fair information practices, and privacy and security policies that apply to \\\"covered entities\\\" (health providers, health insurance plans and health care clearinghouses) and their business associates. Privacy safeguards are needed because of the personal nature of health data, the rapid shift from paper to electronic records, and actual and perceived risks of unwarranted disclosures. Existing health information privacy legal protections at the federal and state levels are fragmented, inconsistent, and variable. The new standards endeavor to protect patient privacy by limiting disclosures of individually-identifiable medical information (or \\\"protected health information\\\" (PHI)). Disclosure and use of PHI can only occur upon patient consent, subject to several exceptions outside the health care transaction setting. The regulations also implement fair information practices, which have long been a feature of existing federal laws. Fair information practices allow patients to (1) inspect and amend their records, (2) receive notice of covered entities' privacy practices and potential uses and disclosures of health information, and (3) request confidential communications and an accounting of actual disclosure. Through the regulations, HHS attempts to set a \\\"floor\\\" for protections that, it suggests, \\\"balance[s] the needs of the individual with the needs of society.\\\" Reaching this balance, however, is precarious. The national privacy rule does not always achieve a fair and reasonable allocation of benefits and burdens for patients and the community. We suggest a framework for balancing that values privacy and common goods, without a priori favoring either. We instead seek to maximize privacy interests where they matter most to the individual and maximize communal interests where they are likely to achieve the greatest public good. Thus, where the potential for public benefit is high and the risk of harm to individuals is low, we suggest that public entities should have discretion to use data for important public purposes. Provided that the data are used only for the public good (e.g., research or public health), and the potential for harmful disclosures are negligible, there are good reasons for permitting data sharing. Conversely, if data are disclosed in ways that are unlikely to achieve a strong public benefit, and the personal risks are high, individual interests in autonomy should prevail. Consequently, for these kinds of disclosures, the law should strictly prohibit the release of information without the patient's consent. Through this framework we attempt to maximize individual and communal interests in the handling of identifiable health data.\",\"PeriodicalId\":47393,\"journal\":{\"name\":\"Minnesota Law Review\",\"volume\":\"86 6 1\",\"pages\":\"1439-79\"},\"PeriodicalIF\":3.0000,\"publicationDate\":\"2002-11-04\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"46\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Minnesota Law Review\",\"FirstCategoryId\":\"90\",\"ListUrlMain\":\"https://doi.org/10.2139/SSRN.346506\",\"RegionNum\":3,\"RegionCategory\":\"社会学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"LAW\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Minnesota Law Review","FirstCategoryId":"90","ListUrlMain":"https://doi.org/10.2139/SSRN.346506","RegionNum":3,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"LAW","Score":null,"Total":0}
引用次数: 46

摘要

新出台的《个人可识别健康信息隐私标准》代表了第一个系统的国家健康信息隐私保护。根据1996年《健康保险流通与责任法案》(HIPAA)的国会授权,该条例通过披露和使用限制、公平的信息实践以及适用于“承保实体”(健康提供者、健康保险计划和健康保健结算所)及其商业伙伴的隐私和安全政策,保护任何形式(包括电子、纸质和口头)的个人可识别健康记录的隐私。由于健康数据的个人性质,从纸质记录到电子记录的快速转变,以及实际和感知到的未经授权披露的风险,隐私保护措施是必要的。联邦和州一级现有的健康信息隐私法律保护是分散的、不一致的和可变的。新标准努力通过限制个人可识别的医疗信息(或“受保护的健康信息”(PHI))的披露来保护患者隐私。PHI的披露和使用只能在患者同意的情况下进行,但医疗保健交易环境之外的一些例外情况除外。这些法规还实施了公平的信息做法,这一直是现有联邦法律的一个特点。公平的信息做法允许患者(1)检查和修改他们的记录,(2)收到有关受保实体的隐私做法和健康信息的潜在使用和披露的通知,以及(3)要求保密通信和对实际披露的核算。通过这些规定,卫生与公众服务部试图为保护措施设定一个“底线”,即“平衡个人需求与社会需求”。然而,达到这种平衡是不稳定的。国家隐私规则并不总是为患者和社区实现公平合理的利益和负担分配。我们提出了一个平衡框架,重视隐私和共同利益,而不是先验地偏袒任何一方。相反,我们寻求在对个人最重要的地方最大化隐私利益,在可能实现最大公共利益的地方最大化公共利益。因此,在公共利益潜力高而个人伤害风险低的情况下,我们建议公共实体应该有自由裁量权,将数据用于重要的公共目的。如果数据仅用于公共利益(例如,研究或公共卫生),并且泄露有害信息的可能性可以忽略不计,则有充分理由允许共享数据。相反,如果数据的披露方式不太可能实现强大的公共利益,并且个人风险很高,则个人的自治利益应该优先考虑。因此,对于这些类型的披露,法律应严格禁止未经患者同意的信息发布。通过这一框架,我们试图最大限度地提高个人和社区在处理可识别健康数据方面的利益。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
Personal privacy and common goods: a framework for balancing under the national health information privacy rule.
The newly-introduced Standards for Privacy of Individually Identifiable Health Information represent the first systematic national privacy protections of health information. Flowing from a Congressional mandate in the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the regulations protect the privacy of individually-identifiable health records in any form (including electronic, paper and oral) through disclosure and use limitations, fair information practices, and privacy and security policies that apply to "covered entities" (health providers, health insurance plans and health care clearinghouses) and their business associates. Privacy safeguards are needed because of the personal nature of health data, the rapid shift from paper to electronic records, and actual and perceived risks of unwarranted disclosures. Existing health information privacy legal protections at the federal and state levels are fragmented, inconsistent, and variable. The new standards endeavor to protect patient privacy by limiting disclosures of individually-identifiable medical information (or "protected health information" (PHI)). Disclosure and use of PHI can only occur upon patient consent, subject to several exceptions outside the health care transaction setting. The regulations also implement fair information practices, which have long been a feature of existing federal laws. Fair information practices allow patients to (1) inspect and amend their records, (2) receive notice of covered entities' privacy practices and potential uses and disclosures of health information, and (3) request confidential communications and an accounting of actual disclosure. Through the regulations, HHS attempts to set a "floor" for protections that, it suggests, "balance[s] the needs of the individual with the needs of society." Reaching this balance, however, is precarious. The national privacy rule does not always achieve a fair and reasonable allocation of benefits and burdens for patients and the community. We suggest a framework for balancing that values privacy and common goods, without a priori favoring either. We instead seek to maximize privacy interests where they matter most to the individual and maximize communal interests where they are likely to achieve the greatest public good. Thus, where the potential for public benefit is high and the risk of harm to individuals is low, we suggest that public entities should have discretion to use data for important public purposes. Provided that the data are used only for the public good (e.g., research or public health), and the potential for harmful disclosures are negligible, there are good reasons for permitting data sharing. Conversely, if data are disclosed in ways that are unlikely to achieve a strong public benefit, and the personal risks are high, individual interests in autonomy should prevail. Consequently, for these kinds of disclosures, the law should strictly prohibit the release of information without the patient's consent. Through this framework we attempt to maximize individual and communal interests in the handling of identifiable health data.
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
CiteScore
1.40
自引率
0.00%
发文量
1
期刊介绍: In January 1917, Professor Henry J. Fletcher launched the Minnesota Law Review with lofty aspirations: “A well-conducted law review . . . ought to do something to develop the spirit of statesmanship as distinguished from a dry professionalism. It ought at the same time contribute a little something to the systematic growth of the whole law.” For the next forty years, in conjunction with the Minnesota State Bar Association, the faculty of the University of Minnesota Law School directed the work of student editors of the Law Review. Despite their initial oversight and vision, however, the faculty gradually handed the editorial mantle over to law students.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信