{"id":97396,"date":"2001-11-19T00:00:00","date_gmt":"2001-11-19T05:00:00","guid":{"rendered":"https:\/\/alpha.pewresearch.org\/pewresearch-org\/2001\/11\/19\/exposed-online-the-federal-health-privacy-regulation-and-internet-user-impacts\/"},"modified":"2024-04-14T04:17:51","modified_gmt":"2024-04-14T09:17:51","slug":"exposed-online-the-federal-health-privacy-regulation-and-internet-user-impacts","status":"publish","type":"post","link":"https:\/\/alpha.pewresearch.org\/pewresearch-org\/internet\/2001\/11\/19\/exposed-online-the-federal-health-privacy-regulation-and-internet-user-impacts\/","title":{"rendered":"Exposed Online: The federal health privacy regulation and Internet user impacts"},"content":{"rendered":"<h3 data-is-section=\"true\" data-wp-context=\"{&quot;id&quot;:&quot;key-findings-and-overview&quot;}\" data-wp-interactive=\"{&quot;namespace&quot;:&quot;prc-block\\\/table-of-contents&quot;}\" id=\"key-findings-and-overview\" class=\"wp-block-heading\">Key Findings and Overview<\/h3>\n\n<p class=\"wp-block-paragraph\"><strong>The new federal health privacy regulation does not apply to most health Web sites. <\/strong><\/p>\n\n<p class=\"wp-block-paragraph\">As part of the Health Insurance Portability and Accountability Act of 1996, Congress included provisions, known as Administrative Simplification, that are intended to facilitate the development of a uniform, computer-based health information system.\u00a0 Recognizing that privacy is an essential component of that system, Congress included a requirement that if it failed to enact health privacy legislation by a legislative deadline, then the Department of Health and Human Services would be required to issue health privacy regulations.\u00a0 However, it imposed constraints on the Department\u2019s rulemaking authority, so the federal regulation only applies to three health care entities: health care providers, health plans and health care clearinghouses.\u00a0 Many health Web sites are not owned or operated by one of these three entities.\u00a0 Therefore, while online health care activities that are already conducted offline by a \u201ccovered\u201d health care provider or plan will likely be covered by the privacy rule, many other types of health Web sites will fall outside the scope of the rule.<\/p>\n\n<p class=\"wp-block-paragraph\"><strong>Different rules may apply to different Web sites offering the same services. <\/strong><\/p>\n\n<p class=\"wp-block-paragraph\">Because only Web sites that fit within the definition of a \u201ccovered entity\u201d are required to comply with the privacy regulation, specific activities like filling a prescription, receiving e-mail alerts or getting a second opinion may be covered by the new regulation at one site and unregulated at another.<\/p>\n\n<p class=\"wp-block-paragraph\"><strong>Even at Web sites that are owned or operated by organizations covered by the privacy regulation, it is ambiguous which activities at those sites are subject to the privacy rule.\u00a0\u00a0 <\/strong><\/p>\n\n<p class=\"wp-block-paragraph\">Many Web sites provide a variety of services, some of which are not considered \u201chealth care\u201d functions under the regulation.\u00a0 It is not clear in many cases what activities, even at \u201ccovered\u201d sites, may fall outside the scope of the regulation.\u00a0 Consumers may engage in online health activities with the expectation that the personal information they provide to specific health Web sites is protected when, in fact, there are no privacy protections afforded by the federal regulation.\u00a0 The burden will be on consumers and Web site operators to determine which Web sites must comply with the regulation.<\/p>\n\n<hr>\n\n<p class=\"wp-block-paragraph\"><strong>Overview<\/strong><\/p>\n\n<p class=\"wp-block-paragraph\">Individuals share a great deal of personal and sensitive health information in the course of obtaining health care, yet there<b> <\/b>is<b> <\/b>little legal protection for health information \u2013 online or offline.\u00a0 A substantial barrier to improving the quality of care and access to care is the lack of enforceable privacy rules.\u00a0 In the absence of federal health privacy laws, people have suffered job loss, loss of dignity, discrimination, and stigma.\u00a0 To shield themselves from what they consider harmful and intrusive uses of their health information, individuals have engaged in privacy-protective behaviors, such as providing incomplete information, thereby putting themselves at risk from undiagnosed, untreated conditions.\u00a0 The lack of complete and accurate health information on patients impacts the community as well.\u00a0 Health care information used for important research and public health initiatives downstream becomes unreliable and incomplete.<\/p>\n\n<p class=\"wp-block-paragraph\">Congress recognized the importance of protecting people\u2019s medical records when it passed the Health Insurance Portability and Accountability Act of 1996 (HIPAA).\u00a0 HIPAA requires the Secretary of the U.S. Department of Health and Human Services (HHS) to issue regulations if Congress failed to enact comprehensive privacy legislation.\u00a0 HHS issued a landmark federal health privacy regulation in December 2000.\u00a0 Health care entities have until April 2003 to implement the new rule.\u00a0 While this regulation is an important step toward boosting the public trust and confidence in our nation\u2019s health care system, its application is limited.\u00a0 Due to constraints on the Department\u2019s rulemaking authority, the regulation does not cover a significant portion of the health-related activities that take place online.<\/p>\n\n<p class=\"wp-block-paragraph\">eHealth is touted as the future of health care, promising to transform the way health care entities conduct business and change the way patients relate to their health care providers.\u00a0 More than sixty-five million American Internet users have sought health and medical information online, and a study last fall by the Pew Internet &amp; American Life Project showed that a significant number of them use this information to make important decisions about medical care for themselves and loved ones.[1. <a href=\"https:\/\/alpha.pewresearch.org\/pewresearch-org\/internet\/Reports\/2000\/The-Online-Health-Care-Revolution.aspx\">The Online Health Care Revolution: How the Web helps Americans take better care of themselves<\/a>, Pew Internet &amp; American Life Project (November 2000).]\u00a0The Internet allows for online communication, and the collection, storage and transfer of consumer health information.\u00a0 These are important features particularly during national emergencies, such as the recent terrorist attacks in New York City and Washington, D.C., when physicians require immediate access to medical information.\u00a0 However, while the Internet can be a powerful tool in the delivery of health care, it enables the collection and distribution of highly sensitive information in new ways by online services.\u00a0 It also can leave such information vulnerable to security breaches.<\/p>\n\n<p class=\"wp-block-paragraph\">The HIPAA privacy regulation makes no distinctions between health care online and offline.\u00a0 Hence, some Web sites will be covered by the regulation, and consumers will benefit from the new privacy protections required of these sites.\u00a0 Under the first-ever federal privacy regulation, consumers have a right to inspect and copy their own health information (a right that currently exists only in about half of the states).\u00a0 Consumers will receive notice about how their personal health information will be used and shared with others and what options they have to restrict disclosures.\u00a0 They will have the right to limit disclosures in many circumstances.\u00a0 Furthermore, the regulation creates a new \u201cduty of care\u201d with respect to health information, so in addition to the penalties that can be imposed by HHS, it is possible that violations of the regulation may be grounds for state tort actions.<\/p>\n\n<p class=\"wp-block-paragraph\">Our analysis of the HIPAA regulation\u2019s impact on eHealth, however, shows that many who engage in online health activities will fall outside the scope of the regulation.\u00a0 We believe that the application of the regulation on the Internet will be greatly uneven.\u00a0 Individuals may assume that their health information is protected when it is not.\u00a0 Continued diligence will be required of those online consumers who value their privacy.\u00a0 Consumers will need to be educated about the limits of the new regulation and empowered to safeguard their most sensitive health information online.<\/p>\n\n<p class=\"wp-block-paragraph\">This report is intended to help consumers, health professionals, and policy makers understand how the new federal regulation covers \u2013 and does not cover \u2013 consumer-oriented health Web sites and Internet-based health care.\u00a0 This report also comments on what new standards will be required for those sites covered by the regulation.\u00a0 The examples used in this report will highlight particular aspects of online health care activities; however, it is important to note that many health Web sites perform numerous functions and therefore do not fit neatly into specific categories.<\/p>","protected":false},"excerpt":{"rendered":"<p>This report is intended to give a general overview of how the federal health privacy regulation (&#8220;HIPAA&#8221;\u009d) may or may not apply to health Web sites.<\/p>\n","protected":false},"author":78,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_crdt_document":"","sub_headline":"","sub_title":"","_prc_public_revisions":[],"_ppp_expiration_hours":0,"_ppp_enabled":false,"ai_generated_summary":"","bylines":[],"acknowledgements":[],"displayBylines":true,"prc_watchers":[],"relatedPosts":[],"reportMaterials":[],"multiSectionReport":[{"key":"_migrate_0","postId":97403},{"key":"_migrate_1","postId":97409},{"key":"_migrate_2","postId":97416},{"key":"_migrate_3","postId":97423},{"key":"_migrate_4","postId":97432},{"key":"_migrate_5","postId":97438},{"key":"_migrate_6","postId":97444},{"key":"_migrate_7","postId":97447},{"key":"_migrate_8","postId":97454}],"package_parts__enabled":false,"package_parts":[],"_prc_fork_parent":0,"_prc_fork_status":"","_prc_active_fork":0,"datacite_doi":"","datacite_doi_citation":"","_prc_seo_qr_attachment_id":0,"spoken_article_player_enabled":true,"footnotes":""},"categories":[80,105,278,267,279,38,110],"tags":[2280,2251],"bylines":[],"collection":[],"datasets":[],"level_of_effort":[],"primary_audience":[],"information_type":[],"_post_visibility":[],"formats":[458],"_fund_pool":[],"languages":[],"regions-countries":[],"research-teams":[526],"workflow-status":[],"class_list":["post-97396","post","type-post","status-publish","format-standard","hentry","category-federal-government","category-health-policy","category-healthcare-online","category-medicine-health","category-online-privacy-security","category-political-issues","category-privacy-rights","tag-government","tag-privacy","formats-report","research-teams-internet"],"label":false,"post_parent":0,"word_count":1133,"canonical_url":"https:\/\/alpha.pewresearch.org\/pewresearch-org\/internet\/2001\/11\/19\/exposed-online-the-federal-health-privacy-regulation-and-internet-user-impacts\/","art_direction":false,"_embeds":[],"watchers":[],"table_of_contents":[{"id":97396,"title":"Exposed Online: The federal health privacy regulation and Internet user impacts","slug":"exposed-online-the-federal-health-privacy-regulation-and-internet-user-impacts","link":"https:\/\/alpha.pewresearch.org\/pewresearch-org\/internet\/2001\/11\/19\/exposed-online-the-federal-health-privacy-regulation-and-internet-user-impacts\/","is_active":true},{"id":97403,"title":"About Us","slug":"about-us-4","link":"https:\/\/alpha.pewresearch.org\/pewresearch-org\/internet\/2001\/11\/19\/about-us-4\/","is_active":false},{"id":97409,"title":"The Terrain","slug":"the-terrain","link":"https:\/\/alpha.pewresearch.org\/pewresearch-org\/internet\/2001\/11\/19\/the-terrain\/","is_active":false},{"id":97416,"title":"Part 1: Public Opinion","slug":"part-1-public-opinion","link":"https:\/\/alpha.pewresearch.org\/pewresearch-org\/internet\/2001\/11\/19\/part-1-public-opinion\/","is_active":false},{"id":97423,"title":"Part 2: The New Federal Health Privacy Regulation","slug":"part-2-the-new-federal-health-privacy-regulation","link":"https:\/\/alpha.pewresearch.org\/pewresearch-org\/internet\/2001\/11\/19\/part-2-the-new-federal-health-privacy-regulation\/","is_active":false},{"id":97432,"title":"Part 3: Covered Web Sites","slug":"part-3-covered-web-sites","link":"https:\/\/alpha.pewresearch.org\/pewresearch-org\/internet\/2001\/11\/19\/part-3-covered-web-sites\/","is_active":false},{"id":97438,"title":"Part 4: Partially Covered and Indirectly Covered Web Sites","slug":"part-4-partially-covered-and-indirectly-covered-web-sites","link":"https:\/\/alpha.pewresearch.org\/pewresearch-org\/internet\/2001\/11\/19\/part-4-partially-covered-and-indirectly-covered-web-sites\/","is_active":false},{"id":97444,"title":"Part 5: Web Sites Not Covered","slug":"part-5-web-sites-not-covered","link":"https:\/\/alpha.pewresearch.org\/pewresearch-org\/internet\/2001\/11\/19\/part-5-web-sites-not-covered\/","is_active":false},{"id":97447,"title":"Part 6: Putting It All Together","slug":"part-6-putting-it-all-together","link":"https:\/\/alpha.pewresearch.org\/pewresearch-org\/internet\/2001\/11\/19\/part-6-putting-it-all-together\/","is_active":false},{"id":97454,"title":"Part 7: Conclusion","slug":"part-7-conclusion","link":"https:\/\/alpha.pewresearch.org\/pewresearch-org\/internet\/2001\/11\/19\/part-7-conclusion\/","is_active":false}],"report_materials":"","report_pagination":{"current_post":{"id":97396,"title":"Exposed Online: The federal health privacy regulation and Internet user impacts","slug":"exposed-online-the-federal-health-privacy-regulation-and-internet-user-impacts","link":"https:\/\/alpha.pewresearch.org\/pewresearch-org\/internet\/2001\/11\/19\/exposed-online-the-federal-health-privacy-regulation-and-internet-user-impacts\/","is_active":true,"page_num":1},"next_post":{"id":97403,"title":"About Us","slug":"about-us-4","link":"https:\/\/alpha.pewresearch.org\/pewresearch-org\/internet\/2001\/11\/19\/about-us-4\/","is_active":false,"page_num":2},"previous_post":null,"pagination_items":[{"id":97396,"title":"Exposed Online: The federal health privacy regulation and Internet user impacts","slug":"exposed-online-the-federal-health-privacy-regulation-and-internet-user-impacts","link":"https:\/\/alpha.pewresearch.org\/pewresearch-org\/internet\/2001\/11\/19\/exposed-online-the-federal-health-privacy-regulation-and-internet-user-impacts\/","is_active":true,"page_num":1},{"id":97403,"title":"About Us","slug":"about-us-4","link":"https:\/\/alpha.pewresearch.org\/pewresearch-org\/internet\/2001\/11\/19\/about-us-4\/","is_active":false,"page_num":2},{"id":97409,"title":"The Terrain","slug":"the-terrain","link":"https:\/\/alpha.pewresearch.org\/pewresearch-org\/internet\/2001\/11\/19\/the-terrain\/","is_active":false,"page_num":3},{"id":97416,"title":"Part 1: Public Opinion","slug":"part-1-public-opinion","link":"https:\/\/alpha.pewresearch.org\/pewresearch-org\/internet\/2001\/11\/19\/part-1-public-opinion\/","is_active":false,"page_num":4},{"id":97423,"title":"Part 2: The New Federal Health Privacy Regulation","slug":"part-2-the-new-federal-health-privacy-regulation","link":"https:\/\/alpha.pewresearch.org\/pewresearch-org\/internet\/2001\/11\/19\/part-2-the-new-federal-health-privacy-regulation\/","is_active":false,"page_num":5},{"id":97432,"title":"Part 3: Covered Web Sites","slug":"part-3-covered-web-sites","link":"https:\/\/alpha.pewresearch.org\/pewresearch-org\/internet\/2001\/11\/19\/part-3-covered-web-sites\/","is_active":false,"page_num":6},{"id":97438,"title":"Part 4: Partially Covered and Indirectly Covered Web Sites","slug":"part-4-partially-covered-and-indirectly-covered-web-sites","link":"https:\/\/alpha.pewresearch.org\/pewresearch-org\/internet\/2001\/11\/19\/part-4-partially-covered-and-indirectly-covered-web-sites\/","is_active":false,"page_num":7},{"id":97444,"title":"Part 5: Web Sites Not Covered","slug":"part-5-web-sites-not-covered","link":"https:\/\/alpha.pewresearch.org\/pewresearch-org\/internet\/2001\/11\/19\/part-5-web-sites-not-covered\/","is_active":false,"page_num":8},{"id":97447,"title":"Part 6: Putting It All Together","slug":"part-6-putting-it-all-together","link":"https:\/\/alpha.pewresearch.org\/pewresearch-org\/internet\/2001\/11\/19\/part-6-putting-it-all-together\/","is_active":false,"page_num":9},{"id":97454,"title":"Part 7: Conclusion","slug":"part-7-conclusion","link":"https:\/\/alpha.pewresearch.org\/pewresearch-org\/internet\/2001\/11\/19\/part-7-conclusion\/","is_active":false,"page_num":10}]},"parent_info":{"parent_title":"Exposed Online: The federal health privacy regulation and Internet user impacts","parent_id":97396},"materialsOrdered":[],"chaptersOrdered":[{"key":"_migrate_0","postId":97403},{"key":"_migrate_1","postId":97409},{"key":"_migrate_2","postId":97416},{"key":"_migrate_3","postId":97423},{"key":"_migrate_4","postId":97432},{"key":"_migrate_5","postId":97438},{"key":"_migrate_6","postId":97444},{"key":"_migrate_7","postId":97447},{"key":"_migrate_8","postId":97454}],"partsOrdered":[],"partsEnabled":false,"datacite_doi":"","prc_seo_data":{"title":"Exposed Online: The federal health privacy regulation and Internet user impacts","description":"This report is intended to give a general overview of how the federal health privacy regulation (\"HIPAA\"\u009d) may or may not apply to health Web sites.","og_title":"Exposed Online: The federal health privacy regulation and Internet user impacts","og_description":"This report is intended to give a general overview of how the federal health privacy regulation (\"HIPAA\"\u009d) may or may not apply to health Web sites.","schema_type":"Article","noindex":false,"canonical_url":"","primary_terms":[],"custom_schema":[],"og_image":0,"indexnow_submitted_at":null,"gsc_index_status":null},"prepublish_checks":{"prc-image-alt-text":{"status":"complete","message":"No image blocks in content.","data":null},"prc-about-this-research":{"status":"incomplete","message":"Add an \"About this research\" details block.","data":null},"prc-paragraph-count":{"status":"complete","message":"Found 13 paragraphs.","data":{"count":13}},"prc-internal-link":{"status":"complete","message":"Found 1 internal link.","data":{"count":1}}},"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"relatedPostsOrdered":[],"bylinesOrdered":[],"acknowledgementsOrdered":[],"_links":{"self":[{"href":"https:\/\/alpha.pewresearch.org\/pewresearch-org\/wp-json\/wp\/v2\/posts\/97396","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/alpha.pewresearch.org\/pewresearch-org\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/alpha.pewresearch.org\/pewresearch-org\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/alpha.pewresearch.org\/pewresearch-org\/wp-json\/wp\/v2\/users\/78"}],"replies":[{"embeddable":true,"href":"https:\/\/alpha.pewresearch.org\/pewresearch-org\/wp-json\/wp\/v2\/comments?post=97396"}],"version-history":[{"count":1,"href":"https:\/\/alpha.pewresearch.org\/pewresearch-org\/wp-json\/wp\/v2\/posts\/97396\/revisions"}],"predecessor-version":[{"id":137109,"href":"https:\/\/alpha.pewresearch.org\/pewresearch-org\/wp-json\/wp\/v2\/posts\/97396\/revisions\/137109"}],"wp:attachment":[{"href":"https:\/\/alpha.pewresearch.org\/pewresearch-org\/wp-json\/wp\/v2\/media?parent=97396"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/alpha.pewresearch.org\/pewresearch-org\/wp-json\/wp\/v2\/categories?post=97396"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/alpha.pewresearch.org\/pewresearch-org\/wp-json\/wp\/v2\/tags?post=97396"},{"taxonomy":"bylines","embeddable":true,"href":"https:\/\/alpha.pewresearch.org\/pewresearch-org\/wp-json\/wp\/v2\/bylines?post=97396"},{"taxonomy":"collection","embeddable":true,"href":"https:\/\/alpha.pewresearch.org\/pewresearch-org\/wp-json\/wp\/v2\/collection?post=97396"},{"taxonomy":"datasets","embeddable":true,"href":"https:\/\/alpha.pewresearch.org\/pewresearch-org\/wp-json\/wp\/v2\/datasets?post=97396"},{"taxonomy":"level_of_effort","embeddable":true,"href":"https:\/\/alpha.pewresearch.org\/pewresearch-org\/wp-json\/wp\/v2\/level_of_effort?post=97396"},{"taxonomy":"primary_audience","embeddable":true,"href":"https:\/\/alpha.pewresearch.org\/pewresearch-org\/wp-json\/wp\/v2\/primary_audience?post=97396"},{"taxonomy":"information_type","embeddable":true,"href":"https:\/\/alpha.pewresearch.org\/pewresearch-org\/wp-json\/wp\/v2\/information_type?post=97396"},{"taxonomy":"_post_visibility","embeddable":true,"href":"https:\/\/alpha.pewresearch.org\/pewresearch-org\/wp-json\/wp\/v2\/_post_visibility?post=97396"},{"taxonomy":"formats","embeddable":true,"href":"https:\/\/alpha.pewresearch.org\/pewresearch-org\/wp-json\/wp\/v2\/formats?post=97396"},{"taxonomy":"_fund_pool","embeddable":true,"href":"https:\/\/alpha.pewresearch.org\/pewresearch-org\/wp-json\/wp\/v2\/_fund_pool?post=97396"},{"taxonomy":"languages","embeddable":true,"href":"https:\/\/alpha.pewresearch.org\/pewresearch-org\/wp-json\/wp\/v2\/languages?post=97396"},{"taxonomy":"regions-countries","embeddable":true,"href":"https:\/\/alpha.pewresearch.org\/pewresearch-org\/wp-json\/wp\/v2\/regions-countries?post=97396"},{"taxonomy":"research-teams","embeddable":true,"href":"https:\/\/alpha.pewresearch.org\/pewresearch-org\/wp-json\/wp\/v2\/research-teams?post=97396"},{"taxonomy":"workflow-status","embeddable":true,"href":"https:\/\/alpha.pewresearch.org\/pewresearch-org\/wp-json\/wp\/v2\/workflow-status?post=97396"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}