Paul Weyrich
Thursday, Feb. 8, 2007

Reprint Information

Book on Katie Couric Makes Waves White House: We're Not Subject to FOIA FBI Seeks 2 Mysterious Men on Ferry Publisher: Conservatives Do Read As Much As Liberals Romney Shrugs Off Mormon History Film

It is a sad reality that many federal laws result in unintended consequences for the public which must abide by them.

Such has been the fate of the much-touted Health Insurance Portability and Accountability Act (HIPAA), a law so cumbersome it took the Department of Health and Human Services almost seven years to figure out how to implement it.

The most significant unintended results of HIPAA have occurred in the area of medical privacy. HIPAA made it a crime for a physician, hospital, or anyone else knowingly to give out personal information about a patient. It was originally intended to be a small part of the Act, just a few hundred words inserted into the text.

Unfortunately, the subject of privacy ended up as nearly 50 confusing pages, which have been widely quoted and just as widely misinterpreted.

In many instances, serious over-enforcement of HIPPA has been the result. As Sen. Larry Craig, R-Ind., stated on the subject in 2003: "A kernel of congressional intent has grown into a towering tree of regulatory complexity."

Erring on the side of caution, hospitals have refused to share patient records with law-enforcement agencies, and even family members, though this was clearly not the intent of the law. And there is worse fallout: Even allowing for the usual miscalculations and trouble implementing the laws it passes, Congress did not adequately address the serious conflicts we will soon see between 21st century technologies and medical privacy.

So once again, Congress will need to return to the drawing board and "fix" a problem it has helped create through negligence. And what is the biggest threat to patient privacy today?

Story Continues Below

It is in the form of a tiny microchip that can be embedded in a band, a card or in the arm of a human being. Lest you think this is the stuff of science fiction or a bad movie script, the Food and Drug Administration (FDA) approved this imbedded microchip, and chip "reader," made by a company called VeriChip in 2004 — and the system is already in use in select hospitals throughout the United States.

The chip system allows an employee to scan the arm of a patient with a microchip embedded in a hospital band or under the skin and view a unique patient number. The number is then placed into a database, enabling an instant reading of the patient's medical history and any other pertinent data. And someday this tiny chip could contain the information itself.

It already is possible to put every bit of medical information about a citizen on to an embedded chip, from the day he is born to the day he dies.

The current system, with a number and a database, has been deployed in several countries and in various U.S. hospitals, particularly in emergency rooms.

Both implantable and wearable microchips are a reality. In fact, the largest VeriChip security system in the country was recently installed in the Washington Hospital Center in Washington D.C.

The goals of such technology certainly are laudable.

They seek to prevent medical mistakes, to protect Alzheimer's patients and others who are often unable to speak for themselves. But once again, how this system is implemented and how quickly it is being accepted is a problem that will undoubtedly lead to unintended consequences.

To date, there either has been no risk assessment study as to whether the database used in the VeriChip systems or the microchips themselves are corruptible or if there have been studies they apparently have not been made available to the health-care professionals who have requested them.

Let me repeat that: The FDA approved this program, which is now going long at great speed, and there has been no study about whether this sensitive data is safe from intrusion and/or theft. And if there is anything we have learned in the computer era, it is that where there is a will there is a way.

The criminals who invent malicious viruses or steal information always seem to find a way in to a database, especially when there is money to be made.

I suppose it is too much to expect that Congress anticipate new technology, but at least Congress might try to keep up with what already is available when drafting legislation.

Plans were under way for micro-chipping medical records when the original HIPAA laws were passed and their existence certainly might have been considered in the seven years it took HIPAA to be enforced.

Now the law must once again try and catch up with what already is happening around us.

Paul M. Weyrich is Chairman and CEO of the Free Congress Foundation

Editor's note:
Is Your Doctor One of America`s `Top Doctors`? Find out here
The Baby Boomers will wreak havoc – protect your wealth! Click Here Now
Doctor Reveals Cause of Brain Disease Explosion