May 01, 2003


Well. This is pushing the definitions of a book review, but it is about something I've read very carefully twice in the last month. Here's a paragraph from a "Notice of Privacy Practices" from my dentist:

We reserve the right to change our privacy practices and the terms of this Notice at any time, provided such changes are permitted by the applicable law. We reserve the right to make the changes in our privacy practices and the new terms of our Notice effective for all health information that we maintain, including health information we created or received before we made the changes. Before we make a significant change in our privacy practices, we will change this Notice and make the new Notice available upon request.
As I parse it, that comes down to a promise that they won't break the law, whatever that is. I thought I could assume that in any contract or commercial transaction. Maybe the new safe assumption is detailed in some Notice that I haven't been told I ought to request.

I am told by one who knows more that there are teeth to the law which required this Notice; denticles of several thousand dollars a day fine for incorrectly storing a citizen's medical data. Now, if that and the definition of misuse were published in the Notice, we'd see some spontaneous security testing. More than optimal, I'm sure; but what a sporting proposition! So wrote clew in History (21st c.).

And thus wrote others:

Hmmm. EPIC has a page on medical information privacy[1], which has links to PDFs of HIPAA privacy rule summaries and FAQs[2,3]. Both of these are from the Dep't of Health and Human Services, which has a health records privacy webpage at [4].

Pity there isn't a way to attach this information to the notices your dentist has mailed out.


yclept: Wim at May 1, 2003 10:35 PM


How odd that it isn't always a right of a patient to see his or her own medical records.

yclept: clew at May 6, 2003 10:49 AM
TrackBacks turned off...