Patient Privacy Protections Pending
On the other hand, consumer advocacy groups and other experts say the rules are too limited.
"By virtue of the limited authority delegated by Congress, the rules have limited applicability and cover only health plans, health clearinghouses, and health care providers who transmit health information in electronic form," pointed out Janlori Goldman, director of the Health Privacy Project Institute at Georgetown University. Employers, researchers, and others who receive and retransmit information -- such as law enforcement officials -- are not covered.
Ultimately, these issues will have to be addressed by Congress, they both agreed. A national law is needed to address these discrepancies in a manner that would be agreeable to all parties, they told the Senate panel. A national law is also needed to address the discrepancies now emerging between different state laws, they added.
But that may have to wait until next year. A large part of Congress' health care efforts currently is centered on passing a patients' bill of rights and forming a Medicare prescription drug benefit.
In the meantime, patients may still have reason to take heart. The HHS rules are a good starting point, Goldman tells WebMD. "What we have to rely on right now is the goodwill of companies, for whom marketing is a greater driving force," she says.
Businesses have some legitimate complaints, she says, noting that the rules may unfairly hold health care providers such as hospitals responsible for the actions of their partners. But there is some urgency to get at least something done, she tells WebMD.
"The current system is not only shameful. It's undermining the quality of care," Goldman says, while stressing that about one out of six patients presently withholds information from health care providers due to the perceived lack of privacy protection.
Once finalized, those entities covered by the rules will have two years to comply.