EPIC logo

Selected Health Confidentiality Bibliography

Prepared by Robert Gellman

Last Updated February 2003

 

Supreme Court Cases

United States v. Miller, 425 U.S. 435 (1976).

Whalen v. Roe, 429 U.S. 589 (1977).

Reporters Committee for Freedom of the Press v. Department of Justice, 489 U.S. 749 (1989).

U.S. Department of Defense v. F.L.R.A., 510 U.S. 487 (1994).

Jaffe v. Redmond, 116 S. Ct. 1923 (1996).

Congressional Materials

Privacy of Medical Records, Hearings before a Subcommittee of the House Committee on Government Operations, 96th Congress (1979).

Legislation to Protect the Privacy of Medical Records, Hearings before the Senate Committee on Governmental Affairs, 96th Congress (1979).

Federal Privacy of Medical Information Act, House Committee on Government Operations, H.R. Rep. No 96-832 Part 1, 96th Congress (1980).

Data Protection, Computers, and Changing Information Practices, Hearing before the Subcommittee on Government Information, Justice, and Agriculture, House Committee on Government Operations, 101st Congress (1990). 

Health Reform, Health Records, Computers and Confidentiality, Hearing before the Information, Justice, Transportation, and Agriculture Subcommittee of the House Committee on Government Operations, 103rd Congress (1993).

Fair Health Information Practices Act of 1994, Hearings before the Information, Justice, Transportation, and Agriculture Subcommittee of the House Committee on Government Operations, 103rd Congress (1994).

Health Security Act, House Committee on Government Operations, H.R. Rep. No 103-601 Part 5, 103rd Congress (1994).

HIV Testing of Women and Infants, Hearing Before the Subcommittee on Health and the Environment of the House Committee on Commerce, 104th Congress (1995).

Medical Records Confidentiality Act of 1995, Senate Committee on Labor and Human Resources, , 104th Congress (1995) (S. Hrg. 104-320).

Health Information Privacy Protection Act, Hearing before the Subcommittee on Government Management, Information, and Technology of the House Committee on Government Reform and Oversight, 104th Congress (1996).

The Fair Health Information Practices Act of 1997, Hearing on H.R. 52 Before the Subcommittee on Government Management, Information and Technology of the House Committee on Government Reform and Oversight, 105th Congress (1997).

Protecting Our Personal Health Information:  Privacy in the Electronic Age, Hearing before the Senate Labor and Human Resources Committee, 105th Congress (1997) (S. Hrg. 105-356).

Health Care Information Confidentiality, Hearing before the Senate Labor and Human Resources Committee, 105th Congress (1998) (S. Hrg. 105-455).

Genetic Information and Health Care, Hearing before the Senate Labor and Human Resources Committee, 105th Congress (1998) (S. Hrg. 105-580).

Protecting Health Information: Legislative Options for Medical Privacy, Hearing Before the Subcomm. on Government Management, Information, and Technology. of the House Committee on Government Reform and Oversight, 105th Congress (1998).

Patient Confidentiality, Hearing Before the Subcommittee on Health of the House Committee on Ways and Means, 105th Congress (1998), <http://frwebgate.access.gpo.gov/cgi-bin/getdoc.cgi?dbname=105_house_hearings&docid=f:49195>.

Key Patients' Protections:  Lessons from the Field, Hearing before the Senate Committee on Health, Education, Labor, and Pensions, 106th Congress (1999) (S. Hrg. 106-10).

Privacy Under a Microscope:  Balancing the Needs on Research and Confidentiality, Hearing before the Senate Committee on Health, Education, Labor, and Pensions, 106th Congress (1999) (S. Hrg. 106-16).

Medical Records Confidentiality in a Changing Health Care Environment, Hearings Before the Senate Committee. on Health, Education, Labor and Pensions, 106th Congress (1999).

Medical Records Privacy, Hearing before the Senate Committee on Health, Education, Labor, and Pensions, 106th Congress (1999) (S. Hrg. 106-49).

Medical Records Privacy, Hearings Before the Subcommittee on Labor, Health, and Human Services and Education of the Senate Committee on Appropriations, 106th Congress (1999).

Medical Records Confidentiality in the Modern Delivery of Health Care, Hearing before the Subcommittee on Health & Environment, House Committee on Commerce (1999) (Printed Hrg. 106-34) <http://frwebgate.access.gpo.gov/cgi-bin/getdoc.cgi?dbname=106_ house_hearings &docid=f:57441.pdf>.

H.R. 2470 - Medical Information Protection and Research Enhancement Act of 1999, Hearing before the Subcommittee on Health & Environment, House Committee on Commerce (1999) (Printed Hrg. 106-53) <http://www.house.gov/commerce/publications.htm>.

Medical Information Protection and Research Enhancement Act of 1999, Hearing Before the Subcommittee on Health and Environment of the House Committee, 106th Congress (1999), <http://frwebgate.access.gpo.gov/cgi-bin/getdoc.cgi?dbname=106 _house_hearings &docid=f:58501.pdf>.

Too Much Information? The Impact of OASIS on Access to Home Health Care, Hearing Before the Senate Committee on Aging, 106th Congress (1999).

Confidentiality of Health Information, Hearing Before the Subcommittee on Health of the House Committee. on Ways and Means, 106th Congress (1999), <http://frwebgate.access.gpo.gov/cgi-bin/getdoc.cgi?dbname=106_house_hearings&docid =f:64128.pdf>.

Genetics Testing in the New Millennium: Advances, Standards, and Implication, Hearing Before the Subcommittee. on Technology of the House Committee on Science, 106th Congress (1999).

Confidentiality of Patient Records, Hearing Before the Subcommittee on Health of the House Committee on Ways and Means, 106th Congress (2000), <http://frwebgate.access.gpo.gov/cgi-bin/getdoc.cgi?dbname=106_house _hearings& docid=f:66897.pdf>.

The Medical Financial Privacy Protection Act, Hearing on H.R. 4585 Before the House Committee on Banking and Financial Services, 106th Congress (2000).

Proposed Rule on the Privacy of Individually Identifiable Health Information, Hearing Before the Senate Committee on Health, Education, Labor, and Pensions, 106th Congress (2000).

Assessing HIPAA: How Federal Medical Record Privacy Regulations Can Be Improved, Hearing Before the Subcommittee on Health of the House Committee on Energy and Commerce,  <http://frwebgate.access.gpo.gov/cgi-bin/getdoc.cgi?dbname=107_house_hearings&docid=f:71494.pdf>.

Making Patient Privacy a Reality: Does the Final HHS Regulation Get the Job Done,  Hearing Before the Senate Committee. on Health, Education, Labor and Pensions, 107th Congress (2001).

Regulations and Executive Orders

Confidentiality of Alcohol and Drug Abuse Patient Records, 42 CFR Part 2, 52 Federal Register 21796 (1987).

Protection of Human Subjects, 45 CFR Part 46 (1994).

Certificates of Confidentiality for Health Research Projects, 42 CFR Part 2a (1996);  see also 42 U.S.C. §241(d) (1994).

Medicare+Choice Interim Final Rules on Confidentiality and Accuracy of Enrollee Records, 42 CFR §422.118 (Federal Register, June 26, 1998).

Standards for Privacy of Individually IdentifiableHealth Information:  Proposed Rule, 64 Federal Register 59918-60065 (Nov. 3, 1999).

Executive Order 13145, To Prohibit Discrimination in Federal Employment Based on Genetic Information, 65 Federal Register 6875-6880 (Feb. 10, 2000).

Executive Order 13181, To Protect the Privacy of Protected Health Information in Oversight Investigations, 65 Federal Register 81321-23 (Dec. 26, 2000).

Standards for Privacy of Individually Identifiable Health Information:  Final Rule, 65 Federal Register 82462-82829 (Dec. 28, 2000).

Office of Civil Rights, Department of Health and Human Services, Guidance and Frequently Asked Questions (July 6, 2001) <http://www.hhs.gov/ocr/hipaa/finalmaster.html>.

Standards for Privacy of Individually Identifiable Health Information; Proposed Rule, 67 Federal Register 14775-815 (Mar. 2, 2002).

Final Modifications to the Privacy Rule, 67 Federal Register 53181-273 (Aug. 14, 2002) <http://www.hhs.gov/ocr/hipaa/finalreg.html>.

Health Insurance Reform: Security Standards, Final Rule, 68 Federal Register 8333-81 (Feb. 20, 2003).

Books, Articles, and Studies

Department of Health Education, & Welfare, Secretary's Advisory Committee on Automated Personal Data Systems, Records, Computers, and the Rights of Citizens (1973).

Alan F. Westin, Computers, Health Records, and Citizen's Rights (U.S. Department of Commerce) (1976).

Privacy Protection Study Commission, Personal Privacy in an Information Society (1977).

Robert Gellman, Prescribing Privacy:  The Uncertain Role of the Physician in the Protection of Patient Privacy, 62 North Carolina Law Review 255 (1984).

National Conference of Commissioners on Uniform State Laws, Uniform Health Care Information Act 9 (Part I) U.L.A. 475 (1985 & Supp. 1994).

David Flaherty, Protecting Privacy in Surveillance Societies (1989).

Institute of Medicine, The Computer-Based Patient Record (1991).

Colin J. Bennett, Regulating Privacy:  Data Protection and Public Policy in Europe and the United States (1992).

Jeffrey Rothfeder, Privacy For Sale (1992).

Workgroup for Electronic Data Interchange, Report to Secretary of U.S. Department of Health and Human Services (1992).

Robert Gellman, Fragmented, Incomplete, and Discontinuous:   The Failure of Federal Privacy Regulatory Proposals and Institutions, VI Software Law Journal 199 (1993).

Office of Technology Assessment, Protecting Privacy in Computerized Medical Information (1993).

Louis Harris & Associates, Health Information Privacy Survey 1993 (1993).

L. Gostin, J. Turek-Brezina, & M. Powers, Privacy and Security of Personal Information in a New Health Care System, 270 Journal of the American Medical Association 2487-2493 (1993).

Institute of Medicine, Health Data in the Information Age:   Use, Disclosure, and Privacy (1994).

H. Jeff Smith, Managing Privacy:  Information Technology and Corporate America (1994).

Robert Gellman, Fair Health Information Practices, 4 Behavioral Healthcare Tomorrow 65 (1995).

George Annas et al, The Genetic Privacy Act and Commentary (1995).

Paul Schwartz, The Protection of Privacy in Health Care Reform, 48 Vanderbilt Law Review 295 (1995).

Priscilla Regan, Legislating Privacy:  Technology, Social Values, and Public Policy (1995).

Robert Gellman, Confidentiality and Telemedicine:  The Need for a Federal Legislative Solution, 1 Telemedicine Journal 189 (1995).

Marc Rotenberg, Health Data in the Information Age: Use, Disclosure, and Privacy,

20 Journal of Health Politics, Policy and Law 235 (1995).

L. Gostin, Z. Lazzarini, K. Flaherty, Legislative Survey of State Confidentiality Laws, with Specific Emphasis on HIV and Immunization (1996) (report to Centers for Disease Control and Prevention).

Paul Schwartz & Joel Reidenberg, Data Privacy Law (1996).

Center for Democracy & Technology, Privacy and Health Information Systems:  A Guide to Protecting Patient Confidentiality (1996).

Richard C. Turkington, Medical Record Confidentiality Law, Scientific Research, and Data Collection in the Information Age, 25 Journal of Law, Medicine & Ethics 113-29 (1997).

National Research Council, For the Record:  Protecting Electronic Health Information (1997) <www.nap.edu/readingroom/books/ftr>.

William Lowrance, Privacy and Health Research (1997) (report to the Secretary of Health and Human Services) <http:/aspe.os.dhhs.gov/datacncl/PHR.htm>.

National Committee on Vital and Health Statistics (Advisory Committee, Department of Health and Human Services), Privacy and Confidentiality Recommendations to the Secretary (1997) <http://aspe.os.dhhs.gov/ncvhs/privrecs.htm>. 

Department of Health and Human Services, Confidentiality of Individually-Identifiable Health Information (1997) <http://aspe.os.dhhs.gov/admnsimp/pvcrec0.htm>.

Michael Yesley, Genetic Privacy, Discrimination, and Social Policy:  Challenges and Dilemmas, 2 Microbial & Comparative Genomics 19-35 (1997).

Institute of Medicine, The Computer-Based Patient Record (Revised Edition 1997).

Beth Givens, The Privacy Rights Handbook (1997).

Department of Health and Human Services, Unique Health Identifier for Individuals:  A White Paper, <http://aspe.os.dhhs.gov/admnsimp/nprm/noiwp1.htm> (1998).

Mark Rothstein, Genetic Privacy and Confidentiality:  Why They Are So Hard to Protect, 26 Journal of Law, Medicine, and Ethics 198 (1998).

ACLU of Wisconsin, In the Balance:  State Government and Medical Records Privacy (1998).

Marc Rotenberg, The Privacy Law Sourcebook (1999).

Joint Commission on Accreditation of Healthcare Organizations & National Committee for Quality Assurance, Protecting Personal Health Information:  A Framework for Meeting the Challenges in a Managed Care Environment (1998) <http://www.ncqa.org/confide/tablecont.htm>.

General Accounting Office, MEDICAL RECORDS PRIVACY:  Access Needed for Health Research, but Oversight of Privacy Protections Is Limited, GAO/HEHS-99-55 (1999).

Institute for Health Care Research and Policy, The State of Health Privacy:  An Uneven Terrain (1999) <http://www.healthprivacy.org/info-url_nocat2304/info-url_nocat.htm>.

Clarisa Long ed., Genetic Testing and the Use of Information (1999).

Institute of Medicine, Protecting Data Privacy in Health Services Research (2000).

National Bioethics Advisory Commission, Ethical and Policy Issues in Research Involving Human Participants (2001).

General Accounting Office, Medicare Home Health Care: OASIS Data Use, Cost, and Privacy Implications (Jan. 30, 2001) (GAO-01-205).

General Accounting Office, Medical Privacy Regulation: Questions Remain About Implementing the New Consent Requirement (April 6, 2001) (GAO-01-584).

International Materials

Royal Commission of Inquiry into the Confidentiality of Health Records in Ontario (Canada), Report of the Commission of Inquiry into the Confidentiality of Health Information (1980) (3 vols.).

Organization for Economic Cooperation and Development, Guidelines on the Protection of Privacy and Transborder Flows of Personal Data, 20 I.L.M. 422 (1981), O.E.C.D. Doc. C (80) 58 (Final) (Oct. 1, 1980).

Council of Europe, Convention for the Protection of Individuals With Regard to Automatic Processing of Personal Data 20 I.L.M. 317 (1981).

Privacy Commissioner of Canada, AIDS and the Privacy Act (1989).

Privacy Commissioner of Canada, Genetic Testing and Privacy (1992).

New Zealand Privacy Commissioner, Health Information Privacy Code 1994 <http://www.knowledge-basket.co.nz/privacy/health/hipcnc.htm>.

European Union, Council Directive 95/46/EC on the Protection of Individuals With Regard to the Processing of Personal Data and on the Free Movement of Such Data, 1995 O.J. (L 281) 31.

Council of Europe, Recommendation No. R (97) 5 of the Committee of Ministers to Member States on the Protection of Medical Data (1997)  <http://www.cm.coe.int/ta/rec/1997/word/97r5.doc>; Explanatory Memorandum to Recommendation No. R (97) 5 of the Committee of Ministers to Member States on the Protection of Medical Data (1997) <http://www.cm.coe.int/ta/rec/1997/ExpRec(97)5.htm>.

Personal Health Information Act, Manitoba, Canada, chapter P33.5, Continuing Consolidation of the Statutes of Manitoba (Assented to June 18, 1997).

Canadian Medical Association, Health Information Privacy Code <http://www.cma.ca/inside/policybase/1998/09-16.htm> (August 1998).

Report to the European Commission (DG XV) on Application of a Methodology Designed to Assess the Adequacy of the Level of Protection of Individuals with Regard to Processing Personal Data (Sep. 1998) (Charles Raab, Colin Bennett, Robert Gellman & Nigel Waters)  <http://europa.eu.int/comm/dg15/en/media/dataprot/studies/adequat.htm>.

Alberta Health Information Act (1999) <http://www.qp.gov.ab.ca/Documents/acts/H05.CFM>.

Canadian Institutes of Health Research, Recommendations for the Interpretation and Application of the Personal Information Protection and Electronic Documents Act (S.C.2000, c.5) in the Health Research Context 6 (Nov. 30, 2001) <http://www.cihr.ca/about_cihr/ethics/recommendations_e.pdf>.

Privacy Commissioner of Australia, Guidelines on Privacy in the Private Health Sector (Nov. 2001) <http://www.privacy.gov.au/health/guidelines/index.html#1>.

National Health Privacy Working Group of the Australian Health Ministers' Advisory Council, Draft National Health Privacy Code; Draft National Health Privacy Code Consultation Paper (Dec. 2002) <http://www.health.gov.au/pubs/nhpcode.htm>.

Research Issues

Certificates of Confidentiality for Health Research Projects, 42 CFR Part 2a; 42 U.S.C. §241(d) (1994).  See Assistant Secretary for Health, Interim Policy Statement on Section 301(d) of the Public Health Service Act (June 8, 1989), found in Office of Protection of Human Subjects Institutional Review Board Guidebook at A5-30 (1993).  See also People v. Newman, 298 N.E. 2d 651 (1973).

Protection of Human Subjects, 45 CFR Part 46.

Statutory Protection For Research Records, 42 U.S.C. §299a-1(c) (Agency for Health Care Policy and Research); 42 USC §242m (National Center for Health Statistics); 13 USC § 9 (Census Bureau).

Charles L. Earley & Louise C. Strong, Certificates of Confidentiality:  A Valuable Tool for Protecting Genetic Data, 57 American Journal of Human Genetics 727-733 (1995).

Richard C. Turkington, Medical Record Confidentiality Law, Scientific Research, and Data Collection in the Information Age, 25 Journal of Law, Medicine & Ethics 113-29 (1997).

Farnsworth v. Proctor & Gamble Co., 758 F.2d 1545 (11th Cir. 1985) (discovery rules).

Dow Chemical v. Allen, 672 F.2d 1267 (7th Cir. 1982) (First Amendment and academic freedom).

United States v. Westinghouse Electric Corp., 638 F.2d 570 (3rd Cir. 1980).

Deitchman v. E.R. Squibb & Sons, Inc., 740 F.2d 556 (7th Cir. 1984) (access to registry of DES mothers and daughters).

Court Ordered Disclosure of Academic Research:  A Clash of Values of Science and the Law, 59 Law and Contemporary Problems 1-191 (1996) (Joe S. Cecil & Gerald T. Wetherington, eds.).

General Accounting Office, MEDICAL RECORDS PRIVACY:  Access Needed for Health Research, but Oversight of Privacy Protections Is Limited, GAO/HEHS-99-55 (1999).

Sheri Alpert, Privacy and the Analysis of Stored Tissues in Research Involving Human Biological Materials: Ethical Issues and Policy Guidance (2000) (Volume II Commissioned Papers) (National Bioethics Advisory Commission) <http://bioethics.georgetown.edu/nbac/hbmII.pdf>.

Institute of Medicine, Protecting Data Privacy in Health Services Research (2000).

Janlori Goldman & Angela Choy, Privacy and Confidentiality in Health Research (2000) (commissioned paper for the National Bioethics Advisory Commission).

Joan E. Sieber, Privacy and Confidentiality:  As Related to Human Research in Social & Behavioral Science (2000) (commissioned paper for the National Bioethics Advisory Commission).

P. Doyle et al, Confidentiality, Disclosure, and Data Access:  Theory and Practical Applications for Statistical Agencies (2001).

Note:  This is not intended to be a complete bibliography, but it identifies many basic medical confidentiality documents and some related privacy materials.  For a comprehensive bibliography that focuses more broadly on the ethical, legal and social implications of the Human Genome Project, see Michael Yesley, ELSI Bibliography (1993) (U.S. Department of Energy).  A supplement was issued in 1994.

Another bibliography with useful references is at the National Library of Medicine's website: <http://www.nlm.nih.gov:70/00/bibs/cbm/confiden.txt> and <http://www.nlm.nih.gov/pubs/cbm/confiden.html>.