It is a sad reality that many federal laws result in unintended consequences for the public which must abide by them. Such has been the fate of the much touted Health Insurance Portability and Accountability Act (HIPPA), a law so cumbersome it took the Department of Health and Human Services almost seven years to figure out how to implement it.
The most significant unintended results of HIPPA have occurred in the area of medical privacy. HIPPA made it a crime for a physician, hospital or anyone else knowingly to give out personal information about a patient. It was originally intended to be a small part of the Act, just a few hundred words inserted into the text. Unfortunately, the subject of privacy ended up as nearly fifty confusing pages, which have been widely quoted and just as widely misinterpreted.
In many instances, serious over-enforcement of HIPPA has been the result. As Senator Larry Craig (R-ID) stated on the subject in 2003:
"A kernel of congressional intent has grown into a towering tree of regulatory complexity."
Erring on the side of caution, hospitals have refused to share patient records with law-enforcement agencies and even family members though this was clearly not the intent of the law. And there is worse fallout: Even allowing for the usual miscalculations and trouble implementing the laws it passes, Congress did not adequately address the serious conflicts we will soon see between 21st Century technologies and medical privacy. So once again Congress will need to return to the drawing board and "fix" a problem it has helped create through negligence.
And what is the biggest threat to patient privacy today? It is in the form of a tiny microchip that can be embedded in a band, a card or in the arm of a human being. Lest you think this is the stuff of science fiction or a bad movie script, the Federal Drug Agency (FDA) approved an imbedded microchip and chip "reader" made by a company called VeriChip in 2004 and the system is already in use in select hospitals throughout the US.
The chip system allows an employee to scan the arm of a patient with a microchip embedded in a hospital band or under his skin and view a unique patient number. The number is then placed into a database, enabling an instant reading of the patient's medical history and any other pertinent data.
And someday this tiny chip could contain the information itself. It already is possible to put every bit of medical information about a citizen on to an embedded chip, from the day he is born to the day he dies.
The current system, with a number and a database, has been deployed in several countries and in various U.S. hospitals, particularly in emergency rooms. Both implantable and wearable microchips are a reality. In fact, the largest VeriChip security system in the country was recently installed in the Washington Hospital Center in Washington D.C.
The goals of such technology certainly are laudable. They seek to prevent medical mistakes, to protect Alzheimer's patients and others who are often unable to speak for themselves. But once again, how this system is implemented and how quickly it is being accepted is a problem that will undoubtedly lead to unintended consequences.
To date, there either has been no risk assessment study as to whether the database used in the VeriChip systems or the microchips themselves are corruptible or if there have been studies they apparently have not been made available to the healthcare professionals who have requested them. Let me repeat that: the FDA approved this program, which is now going along at great speed, and there has been no study about whether this sensitive data is safe from intrusion and/or theft. And if there is anything we have learned in the computer era it is that where there is a will there is a way. The criminals who invent malicious viruses or steal information always seem to find a way in to a database, especially when there is money to be made.
I suppose it is too much to expect that Congress anticipate new technology, but at least Congress might try to keep up with what already is available when drafting legislation. Plans were under way for micro-chipping medical records when the original HIPPA laws were passed and their existence certainly might have been considered in the seven years it took HIPPA to be enforced. Now the law must once again try and catch up with what already is happening around us.