We thus conclude that Federal legislation, establishing a basic national standard of confidentiality, is necessary to provide rights for patients and define responsibilities for record keepers. Such legislation should provide clear guidance and significant incentives for the confidential, fair, and respectful treatment of personal information that the public expects. It should encourage administrative, technological, and management choices in design of health information systems to these ends. And it should provide redress to those adversely affected by misuse of information.
We are aware that our recommendations come at a time of continuing, rapid change in the health care system and its information components. The standards for administrative simplification that the Department will soon publish, under the Health Insurance Portability and Accountability Act of 1996, will in themselves lead to new developments in the transfer and use of information. In addition, the boundaries between health information and other information are blurring. Marketing uses of health information and health uses of marketing information may ultimately make this activity a subject for legislation. New technologies and new uses, unthought of before now, will present new issues and new concerns. These possibilities may well warrant legislative attention in the future, and bear careful watching.
Aware of these contingencies, and of the need they may present for further legislative attention, we nevertheless recommend that the Congress enact legislation now, based on what we know now. Today, we should move forward with legislation that protects the heart of the health care system -- those who provide and pay for health care, and those who get information from them. Delay will leave the public unprotected as more information flows to more places.