My Doctor Can Disclose My Medical Records to the NSA Without My Authorization (and so can yours)
You can learn a lot about a person from their medical records– what’s that STD test all about? Mental health issues?
Hiding a health problem from an employer? Terminated pregnancy? Had a medical issue that might expose your sexuality when you don’t wish to do so? Work for the military or government and trying to keep a health issue off their radar by using a private medical provider?
Your Doctor Can Tell On You
I read my healthcare provider’s privacy information, those endless pages you click through signing up. After many, many paragraphs describing how they would not share my Personal Health Information (PHI) even with my spouse without my authorization, I ran straight into this (emphasis added):
We may sometimes use or disclose the PHI of armed forces personnel to the applicable military authorities when they believe it is necessary to properly carry out military missions. We may also disclose your PHI to authorized federal officials as necessary for national security and intelligence activities or for protection of the president and other government officials and dignitaries.
I checked a few other major insurance carriers, including Blue Cross and Blue Shield, and they all have the identical language; check yours.
In other words, your doctor does not need your authorization to share your health information with the government. If the NSA asks for it, they get it. I found no provision requiring your medical provider to tell you the information was passed to the government.
HIPAA is the Reason
I asked about this in person at the Member Services office. They were polite, but referred me to their toll-free Member Services number. After a few rounds of Touch Button 1, a very nice woman at the telephone Member Services referred me to their “Congressional Representative.” On hold for a few minutes, then cut off. Called back and worked through the Press Button 4, say Your Birthdate system. Back to Member Services and another long explanation of what I was looking for. In the (ironic) interest of my privacy, I had to reconfirm my name and date of birth more than once. My call was recorded. The Congressional Representative had no idea what I was talking about, and I had to walk her through her company’s own online document. On hold while she checks with a supervisor.
After quite some time, the person said disclosure to the government without my permission or knowledge was authorized by the Health Information Portability and Accountability Act (HIPAA). I asked her if anyone else had ever asked about this and she said “Not in my personal experience.” Did she know anything more? No. Was there someone else I could speak with? No.
Protecting Your Privacy by Disclosing Your Health Information
The Health Information Portability and Accountability Act (HIPAA) was first passed by Congress in 1996. However, the amended HIPAA, which included the Privacy Rule that permits disclosure for national security purposes, was only added in 2002, post-9/11. Why this amendment? The U.S. Department of Health and Human Services says:
A major goal of the Privacy Rule is to assure that individuals’ health information is properly protected while allowing the flow of health information needed to provide and promote high quality health care and to protect the public’s health and well being. The Rule strikes a balance that permits important uses of information, while protecting the privacy of people who seek care and healing.
A law passed to ensure the privacy of our health information has a long list of disclosures allowed without your authorization, including this:
An authorization is not required to use or disclose protected health information for certain essential government functions. Such functions include: assuring proper execution of a military mission, conducting intelligence and national security activities that are authorized by law, providing protective services to the President, making medical suitability determinations for U.S. State Department employees, protecting the health and safety of inmates or employees in a correctional institution, and determining eligibility for or conducting enrollment in certain government benefit programs.
A reference is made to another law, 45 C.F.R. § 164.512(k), see page 762 at the link, which refers back to “lawful” activities under the National Security Act.
For former State Department colleagues, please note the release of your health information without your authorization to the State Department is specifically included, for use in the security clearance process. So all of you out there who think you’re hiding something from Diplomatic Security by using a private physician, sorry.
So Doc, What Should I Do?
Post-9/11, another law we were told was there to protect our privacy does just the opposite. Right-wing claims that Obamacare will let the government into your health records are way out of date. Your health care provider is now part of the metastasizing national security state. Be very afraid, but for God’s sake don’t discuss your fears with your doctor.
When I requested my own medical records, I was told it takes two weeks and I have to pay a copying charge. I’m thinking it might be easier to just file a Freedom of Information Act request with the NSA for their copy.
Peter Van Buren blew the whistle on State Department waste and mismanagement during Iraqi reconstruction in his first book, We Meant Well, and writes about current events at his blog. Van Buren’s next book, Ghosts of Tom Joad: A Story of the #99Percent, is available now for preorder from Amazon.
Copyright Peter Van Buren, The Dissenter, 2014