Privacy Protection by Contract
Electronic Medical RecordSome fear the law will not accord adequate privacy to healthcare records managed by non-healthcare companies like Google. I have argued that legal terms posted by a patient in (or in relation to) the patient's healthcare record can enhance legal privacy.
For the sake of public discussion, here is a humble example of what the terms might provide:
Healthcare Record Terms of Access
Declared and Agreed by Patient
1. I, the patient, have granted one or more third parties (the "Record Manager") power over this record. I have done so because I believe it is beneficial to me relative to my health.
2. These Terms of Access are communicated to anyone, including the Record Manager, accessing or possessing power to access my information in this record.
3. This record may contain my personal healthcare information.
4. These Terms of Access apply to you ("You") unless you are a "covered entity" under the Healthcare Insurance Portability and Accountability Act (HIPAA). You could include the Record Manager.
5. You agree to these Terms of Access, and You agree to abide by them, by doing either of the following:
(a) accessing this record, or
(b) availing Yourself to the conveniences afforded by the Record Manager’s power over this record.
6. I am entitled to privacy for my information in or discerned from this record ("My Information").
7. You agree to keep My Information private and confidential, consistent with norms for covered entities under HIPAA.
9. You agree to give me notice (delivered via priority US mail, postage-prepaid) before You comply with a subpoena (or similar order) seeking access to My Information.
10. The fact that the Record Manager possesses power over this record does not undermine the legal privileges accorded communications between me and my healthcare providers.
11. You may deviate from these Terms of Access only if:
(a) I agree in a document – printed on paper – and signed by me in ink or by voice signature;
(b) The document clearly explains the deviation to me in plain English; and
(c) From all the circumstances, including the signed document, compelling evidence exists that I knowledgeably and voluntarily approved the deviation.
Again, I post this form language just for the purpose of public discussion. These terms are not necessarily complete. Before relying on terms like the above, you may want to seek legal advice. What I say here is not a substitute for legal advice. If you need advice, you should consult a lawyer.
As I learn more about this topic, and hear comments, I may revise what I've posted above. So check back.
--Benjamin Wright, advisor to Messaging Architects