Citizens for Health, a coalition of organizations and individual health care providers and/or patients, had challenged HIPAA’s privacy rules, as amended in 2002. Thompson reports that the group’s members claimed that, by allowing “routine uses” of protected health information (PHI) without consent, HHS violated their constitutional rights to privacy and free speech. They also claimed that this rule change was outside the scope of the authority granted HHS by HIPAA, and that the agency did not allow adequate public notice and comment on it, according to Thompson.
In April 2004, a district court ruled that the amended HIPAA rules do not violate constitutional rights to medical privacy or private physician-patient communications because they do not actually require PHI disclosure without consent. In its agreement with the district court decision, the appellate court added that the unconsented PHI disclosures complained of are not subject to the Constitution at all because they are not “state action.”
The appellate court also agreed with the lower court that HHS had reasonably balanced HIPAA’s goals of health care efficiency and privacy and that the agency’s explanation of its change from the original 2000 rules was adequate and provided a reasoned analysis.
The case is Citizens for Health v. Leavitt, 2005 WL 2839824 (3rd Cir., Oct. 31, 2005).
« IMHO: "Broken" Record