Armey: Records open to prying feds

Newly approved privacy regulations meant to prevent the disclosure of personal medical records are not tough enough to shield the records from prying government personnel, Rep. Dick Armey (R-Texas) contends.

Electronic records kept by the Department of Health and Human Services may be among those at greatest risk, Armey said May 2 in a letter to HHS Secretary Tommy Thompson, who approved the privacy rules last month.

Armey, the House majority leader, complained that privacy provisions in the Health Insurance Portability and Accountability Act (HIPAA) include a "startling provision" that "grants federal agents the power to look into citizens' medical records without a warrant at any time and without notice."

He also noted that "federal agencies have a terrible track record when it comes to protecting sensitive information."

HHS, for example, earned an F last year when Rep. Stephen Horn (R-Calif.) conducted a survey of agency computer security capabilities. And as recently as April 28, hackers vandalized an HHS Web site, Armey said.

Federal computer databases contain "intimate details of the medical histories of millions of Americans," he said, citing Medicare, Medicaid and the Department of Veterans Affairs as federal entities that stockpile personal medical information. Armey said the privacy regulations should be strengthened, otherwise they may actually decrease the privacy of medical records.

"We demand that federal agents obtain a search warrant before going through our other personal papers. Why not our medical records?" Armey wrote to Thompson. He urged the HHS secretary to use his authority to change the regulations to require search warrants.

The rules, proposed by President Clinton before he left office, would require approval from patients in many instances before medical records could be disclosed.

Armey is not the lone critic to complain about privacy holes in the rules. The American Medical Association said the privacy rules "do not go far enough to protect patients."

According to the AMA, under the new privacy rules, medical records are also available to employers, life insurance companies and law enforcement officials.

The HIPAA regulations are flawed, agreed Ari Schwartz of the Center for Democracy and Technology, "but they are better than nothing." Efforts to win privacy protection for medical records were stalled for years by opposition from the medical industry, he said.