Patient advocacy groups and a psychiatrists' organization have filed a lawsuit challenging implementation of the privacy rule under the Health Insurance Portability and Accountability Act, which takes place Monday.
The lawsuit, filed Thursday in U.S. District Court in Philadelphia, asks the court to invalidate provisions that would allow health plans and contracted businesses to share patient information without the patient's consent.
The plaintiffs, organized under the Medical Privacy Coalition, charge that changes in the final HIPAA privacy rules, published by HHS last August, breach the security of patients' records, according to a release from the coalition.
Under the final privacy regulation, providers must obtain consent from patients before they can disclose medical records in "nonroutine" cases. But providers do not have to obtain written consent before they disclose medical records. They only have to inform patients of their rights and make a "good faith effort" to obtain written acknowledgment from patients that they have received the information.
While HIPAA is supposed to ensure patient privacy, it actually amounts to a loss of privacy, Newell Fischer, M.D., president of the American Psychoanalytic Association, a plaintiff in the lawsuit, says in the coalition release.
"It is regrettable that we and other citizens must resort to courts to preserve rights that the reason and experience of the country demonstrate are necessary for quality health care," he says.
HIPAA is, in fact, a "health information disclosure rule," says Jim Turner, president of Citizens for Health, another plaintiff, in the release.