The Health Information Privacy Act of 1999
(The Condit-Waxman-Markey-Dingell Bill)

Read the entire bill in Portable Document Format
(PDF- Readable with Adobe´s Acrobat Reader, available here, free)

Summary of Major Provisions

Protection of Reasonable Expectations of Privacy.  The bill provides that holders of health information (referred to as "health information custodians") must protect the reasonable expectations of privacy of individuals regarding the confidentiality of their health information.

Restrictions on Uses and Disclosures.  The bill prohibits health information custodians from using or disclosing an individual's health information unless the use or disclosure is authorized by the individual or allowed under the provisions of title III.

Individual Authorizations.  The bill provides that a health information custodian may not condition the provision or payment of health care on an individual's authorization to use or disclose health information.  The bill also requires that the content of such an authorization be clear and specific such that the individual understands the intended recipients and uses of the information before consenting to the authorization.

Safeguards Against Misuse and Prohibited Disclosure.  The bill requires health information custodians to implement reasonable and appropriate administrative, technical, and physical safeguards to ensure the confidentiality of health information and to protect against security threats and unauthorized disclosures and uses of the information, and to consider whether additional limitations are appropriate for mental health and other especially sensitive protected health information.

Rights of Individuals (Title II)

To ensure that individuals are fully informed about how their health information is being maintained and used and have appropriate control over their own health information, the bill provides that:

Individuals have the right to inspect and copy their health information.

Health information custodians must provide individuals with a reasonable opportunity to correct their health information.

Health information custodians must maintain a record of how an individual's health information is disclosed and provide the individual with the opportunity to review that record.

Before obtaining health information from individuals, health information custodians must give individuals clear and conspicuous notice of their health information practices and provide the individuals with a reasonable opportunity to seek additional limitations on the use and disclosure of the information. 

Health information custodians must obtain a signed acknowledgment from the individual acknowledging that the individual has received the notice of information practices and has been informed of the opportunity to seek additional limitations.

Permissible Uses and Disclosures (Title III)

Health Care Payment and Treatment.  Health information custodians that have provided notice of their information practices and allowed individuals an opportunity to seek additional limitations may use or disclose health information for treatment or payment purposes.

Prohibited Uses and Disclosures.  Under the legislation, health information obtained for the provision or payment of health care cannot be used or disclosed for marketing, insurance underwriting, or employment purposes without authorization by the individual.

Disclosures for Public-Interest Purposes.  The bill permits health information disclosures under certain circumstances for public-interest purposes, including the following:

Public Health.  The bill permits disclosure to a public health authority for public health activities such as legally authorized disease or injury reporting, public health surveillance, and public health investigations or interventions.

Health Oversight.  The bill permits disclosure of health information to public agencies for oversight activities, such as the investigation of health care fraud.

Health Research.  The bill permits disclosure of health information for health research where an entity certified by the Secretary of Health and Human Services (the "Secretary") has determined that the use of the information is of sufficient importance as to outweigh the intrusion into the privacy of protected individuals, and that such use meets other requirements that ensure appropriate protection of the information.

Law Enforcement.  The bill permits disclosure of an individual's health information to law enforcement authorities if they follow the procedures required by the Constitution and treat the information as if it were located in the individual's home.

Civil Administrative or Judicial Adjudications.  The bill permits disclosure pursuant to a judicial or administrative subpoena for the purpose of civil proceedings or to a defendant in a criminal proceeding if the individual is provided a reasonable opportunity to object.

Other Activities.  The bill also permits disclosure where necessary to prevent or lessen a serious threat to the health or safety of an individual; to next of kin or individuals with close personal relationships with the protected individual; for directory information purposes; and for state data systems.

Mental Health and Other Especially Sensitive Information (Title IV)

To ensure appropriate protection of mental health and other especially sensitive health information, the bill provides:

The Secretary must establish additional limitations relating to access to and use and disclosure of mental health and other especially sensitive health information if  appropriate.

The bill does not modify the operation of the psychotherapist-patient privilege recognized recently by the Supreme Court.

Enforcement (Title V)

Equitable relief.  The bill authorizes the Secretary to bring an action to enjoin violations of the Act and to obtain other appropriate equitable relief.

Civil and Criminal Penalties.  The bill provides for civil penalties of not more than $10,000 for each violation of the Act, and criminal penalties of fines and/or imprisonment for up to five years for knowing violations of the Act.

Civil Actions.  The bill provides a right of action to individuals to pursue violations of the Act that relate to that individual.

Relationship to Other Laws (Title V)

Federal Floor.  The bill provides that the Act shall not preempt federal, state, or local laws that provide greater protection of health information or more rights to individuals regarding their health information.

Petition Process.  To ensure clarity regarding whether a particular state or local law falls above or below the federal floor, the bill provides that any person may petition the Secretary for an advisory determination on such matters, and may thereafter rely on such a determination unless a federal or state court makes a different determination.

Implementing Regulations.  The bill directs the Secretary to promulgate regulations within one year to implement the Act.  These regulations may provide greater protection or more rights to individuals than the minimum protections specified in the bill.

Read the entire bill (PDF)

Review Rep. Waxman´s statements and letters on Medical Privacy
Read a shorter summary of the bill

Return to Waxman Home

Waxman Home  Welcome  About the 29th District  Biography/Profiles
In The News  Legislation and Issues  Contact Rep. Waxman  Links

.