Patients will have the right to view and in certain cases restrict the sharing of their personal health information under new safeguards for medical records that took effect in the United States last week.
The rules require providers to give patients a notice detailing how their information will be used. Patients will have rights to view and copy their records and request corrections to errors. Most "non-routine" disclosures, such as giving information about an employee to an employer, will be forbidden without the patient's permission.
The rules are designed to cut insurers' and employers' costs by electronically processing billing, claims, and benefits transactions. They also standardise health insurance information to make the industry more efficient, officials said. The federal government estimates that the new procedures will save the industry $30bn (£19bn; €27bn) over 10 years.
The Health Insurance Portability and Accountability Act, passed by Congress in 1996 but which has taken until now to be implemented fully, is also designed to ensure that only healthcare workers directly involved in patient care will have access to records.
For the first time, the confidentiality of medical files will be protected by a federal law, rather than a patchwork of state regulations. Consumers will have the right to limit access to confidential information about them and to discover who has perused their records. The new law also bars marketing companies from using personal information without consent, although the definition of what constitutes marketing has been narrowed substantially.
The new law has been hailed by some medical consumer groups as a significant advance in protecting the cavalier or malicious disclosure of medical information. However, the law is being met with trepidation by many doctors and hospitals. Their chief complaints are that the rules are onerous, expensive, and unnecessary.
"I'd say fear and loathing is a pretty good description," said Melinda Hatton, vice president of the American Hospital Association.
Officials at the trade association, which represents most of the nation's 6000 hospitals, said some of its members had scrambled to meet the deadline for the implementation of the new law, 14 April. The law was first imposed two years ago by the Department of Health and Human Services.
"The act affects almost every aspect of a hospital's operation," Ms Hatton added. "I think the public has no idea how complicated and burdensome these rules are."
Among the changes, doctors' offices may no longer ask the reason for the patient's visit on sign-in sheets. Names and clinical information must be removed from the cover of charts, which are not supposed to be left on physicians' desks and other places where they can be seen by other patients. Computer systems must be password-protected, the data encrypted, and screens should not be visible to outsiders. And all healthcare workers are supposed to disclose the "minimum necessary" information about patients.
Employees who violate the policies may be fined up to $25 000 for multiple violations within a year or up to $250 000 and/or imprisonment of up to 10 years for misusing identifiable health information.