Medical Whistleblower Advocacy Network

Human Rights Defenders

“All human beings are born free and equal in dignity and rights. They are endowed with reason and conscience and should act towards one another in a spirit of brotherhood.”

 Universal Declaration of Human Rights

Article 1



Personal Medical Health Records & Privacy

The Personal Health Record and Privacy Issues

The United States Congress is currently deciding who will have the ability to see, share and sell patients sensitive health record information.  Patients deserve privacy and a right to be a part of the process in determining protocols considered in current Health Care IT legislation.  Read more about Patient Privacy Legislation at

A personal health record or PHR is a written or digital record of your health care history and includes official records, laboratory results, DNA testing, billing and medical claims data.  The health related information in the Personal Health Record, includes basic health information such as allergies, exercise habits, lifestyle, sexual history, medications, glucose levels, heart rate, and other medical data.  Official governmental policies that involve sharing of personal medical data which includes  personal health records should allow the patient to see the information, so that patient’s can use and control their most sensitive personal health records.  

The US Federal government under the Office of Health and Human Services is currently reviewing standards for the sharing of personal medical information.    Section 3003(b)(3) of the American Recovery and Reinvestment Act of 2009 mandates that the Health IT Standards Committee develop and publish a schedule for the assessment of policy recommendations developed by the Health IT Policy Committee.

The Office of the National Coordinator for Health Information Technology (ONC) is organizationally located within the Office of the Secretary for the U.S. Department of Health and Human Services (HHS).

This link will take you to  a summary of key elements of the Privacy Rule including who is covered, what information is protected, and how protected health information can be used and disclosed.


History of Legislative Action regarding Personal Health Information

In 1996 Congress passed HIPAA, and instructed the Dept. of Health and Human Services (HHS) to address the rights of patients to privacy.

“Not later than the date that is 12 months after the date of the enactment of this Act, the Secretary of Health and Human Services shall submit to [Congress]…detailed recommendations on standards with respect to the privacy of individually identifiable health information.”

In 2001 President Bush implemented the original HIPAA “Privacy Rule” recognizing the “right of consent”.

“….a covered health care provider must obtain the individual’s consent, in accordance with this section, prior to using or disclosing protected health information to carry out treatment, payment, or health care operations.”

In 2002 During President Bush’s term there were amendments to the “Privacy Rule” became effective eliminating “right of consent”.


“The consent provisions…are replaced with a new provision…that provides regulatory permission for covered entities to use and disclose protected health information for treatment, payment, healthcare operations.”

The Privacy Rule

The Privacy Rule protects the privacy of a patient’s health information; it determines who can look at and receive a patient’s health information, and also gives the patient specific rights over that information.  In addition, the Patient Safety Act and Rule establish a voluntary reporting system to enhance the data available to assess and resolve patient safety and health care quality issues and provides confidentiality protections for patient safety concerns.

The Health and Human Services Office of Civil Rights (OCR) helps to protect you from discrimination in certain health care and social service programs. Some of these programs may include:

  • Hospitals, health clinics, nursing homes
  • Medicaid and Medicare agencies
  • Welfare programs
  • Day care centers
  • Doctors’ offices and pharmacies
  • Children’s health programs
  • Alcohol and drug treatment centers
  • Adoption agencies
  • Mental health and developmental disabilities agencies

Health Care providers and insurers that are accountable to the OCR on privacy issues may include:

  • Doctors and nurses
  • Pharmacies
  • Hospitals, clinics, and nursing homes
  • Health insurance companies
  • Health maintenance organizations (HMOs)
  • Employer group health plans
  • Certain government programs that pay for health care, such as Medicare and Medicaid

OCR also enforces the confidentiality provisions of the Patient Safety Act and Rule.


These are principles important in a electronic health system (from

  • ACCOUNTABILITY – Hold every entity with access to health information accountable.
  • CONTROL – Ensure individuals control the use of their personal health information.
  • TRANSPARENCY – Protect consumers from abusive practices.


The following Patient Privacy Principles should be included in all Health IT legislation (Recommended by Patient Privacy Rights):

  • Recognize that patients own their health data
  • Give patients control over who can access their electronic health records
  • Give patients the right to opt-in and opt-out of electronic systems
  • Give patients the right to segment sensitive information
  • Require audit trails of every disclosure of patient information
  • Require that patients be notified of suspected or actual privacy breaches
  • Provide meaningful penalties and enforcement for privacy violations
  • Require that health information disclosed for one purpose may not be used for another purpose without informed consent
  • Insure that consumers can not be compelled to share electronic health records to obtain employment, insurance, credit, or admission to schools
  • Deny employers access to employees’ medical records
  • Preserve stronger privacy protections in state laws
“Too often we underestimate the power of a touch, a smile, a kind word, a listening ear, an honest compliment, or the smallest act of caring, all of which have the potential to turn a life around.”
― Leo Buscaglia

Medical Whistleblower Advocacy Network


P.O. 42700 

Washington, DC 20015

MedicalWhistleblowers (at)


"Never impose on others what you would not choose for yourself."  Confucius

"It is not the critic who counts; not the man who points out how the strong man stumbles, or where the doer of deeds could have done them better. The credit belongs to the man who is actually in the arena, whose face is marred by dust and sweat and blood; who strives valiantly; who errs, who comes short again and again, because there is no effort without error and shortcoming; but who does actually strive to do the deeds; who knows great enthusiasms, the great devotions; who spends himself in a worthy cause; who at the best knows in the end the triumph of high achievement, and who at the worst, if he fails, at least fails while daring greatly, so that his place shall never be with those cold and timid souls who neither know victory nor defeat."

Theodore Roosevelt- Excerpt from the speech "Citizenship In A Republic", delivered at the Sorbonne, in Paris, France on 23 April, 1910