Skip to content
My WebMD Sign In, Sign Up

Information and Resources

Electronic Records, Private Lives

Data for Sale?


If you are one of those people who worry that health-care providers will be tempted to sell your private medical information to the highest bidder, you should know that hospitals have an even more powerful incentive to keep that information under electronic lockdown. That incentive is called HIPAA, for the bipartisan Health Insurance Portability and Accountability Act, also known as the Kennedy-Kassebaum Act of 1996.

The act is designed to encourage the use of electronic transactions in health-care while safeguarding the security and confidentially of health information. According to the U.S. Department of Health and Human Services, most health insurers, pharmacies, doctors, and other health-care providers are required to comply with the standards.

Among other things the HIPAA rules are supposed to guarantee:

  • Patient access to copies of their medical records within 30 days of request for identification of errors and mistakes the records.
  • Notification of how personal health information may be used, and the right to restrict how that information is used, as well as limits imposed on providers. Under the rules, patients need to grant specific authorization for release of records to outside entities such as life insurers, banks, marketing firms, or other businesses.
  • Prohibition on sharing of patient information by pharmacies, health plans, and others with marketing firms without the express consent of the patient.

To put some teeth into the measure, Congress provided civil and criminal penalties for individuals or groups that misuse personal health information. Violations of patient civil rights are subject to penalties of up to $100 per violation for a maximum of $25,000 per year.

"Criminal penalties apply for certain actions such as knowingly obtaining protected health information in violation of the law. Criminal penalties can range up to $50,000 and one year in prison for certain offenses; up to $100,000 and up to five years in prison if the offenses are committed under 'false pretenses'; and up to $250,000 and up to 10 years in prison if the offenses are committed with the intent to sell, transfer or use protected health information for commercial advantage, personal gain or malicious harm," according to a fact sheet published by the HHS Office of Civil Rights.

Will all of these measures protect patient privacy? Maybe. But in any case, privacy has long been an uncertain commodity in American life. As Irish playwright and author George Bernard Shaw told a New York audience in 1933, long before the Internet was even dreamed of, "an American has no sense of privacy. He does not know what it means to. There is no such thing in the country."


Originally Published: September 2003

Reviewed on September 01, 2003

Hot Topics

WebMD Video: Now Playing

Click here to wach video: Dirty Truth About Hand Washing

Which sex is the worst about washing up? Why is it so important? We’ve got the dirty truth on how and when to wash your hands.

Click here to watch video: Dirty Truth About Hand Washing

Popular Slideshows & Tools on WebMD

Solutions for 19 types.
row of colored highlighter pens
Tips for living better.
build a better butt
How to build a better butt.
man with indigestion
How to keep yours at bay.
MS Overview
Recognizing symptoms.
stressed working woman
And how to fix them?
brain scan with soda
Tips to kick the habit.
richly colored hair
What your hair says about your health?
Woman running
10 ways to boost your metabolism.
lone star tick
How to identify that bite.
young woman in sun
What to watch for.
Girl drinking orange juice
What's in your glass?

Pollen counts, treatment tips, and more.

It's nothing to sneeze at.

Loading ...

Sending your email...

This feature is temporarily unavailable. Please try again later.


Now check your email account on your mobile phone to download your new app.

Women's Health Newsletter

Find out what women really need.