VII.  Individual Rights of PKI End-Users and "Consumers"
B.  Privacy - Personal Health Information

There are few issues thornier than the conflict between an individual's rights to maintain the privacy of his or her personal medical information, and the need for secure disclosure of that information to those with a legitimate and authorized need for access to it.  PKI is considered by many to be the most promising technology for achieving a proper balance between these conflicting objectives.

11/3/99 - Department of Health and Human Services, Part IV, Standards for Privacy of Individually Identifiable Health Information; Proposed Rule, 45 CFR Parts 160-164, 64 F.R. 59917-60065 (November 3, 1999), adopted under the Health Insurance Portability and Accountability Act (HIPAA), Public Law 104-91, 42 U.S. C. 264 and 1320-d-1320d-8, at 110 Statutes 1936 (1996). Under HIPAA Congress was required to pass comprehensive privacy legislation by August 21, 1999.  As Congress did not meet the deadline, the Secretary of Health and Human Services published the Proposed Rule 11/3/99, to become Privacy Regulations implementing HIPAA effective February 21, 2000.

Slides, "Privacy Issues in Healthcare,"  (5/8/99) for Presentation by Bob Burger, Esq. of McCarter & English, at Health and Hospital Law Symposium 5/8/99, sponsored by NJ State Bar Association and Institute for Continuing Legal Education.  63 Slides by Bob Burger, Esq., Myrna Wigod, Esq., and Charles R. Merrill, Esq. of the Computer and High Tech Law Practice Group of McCarter & English.   Comprehensive treatment of legal issues, including PKI.

  1998 - Article by John Christiansen, Esq., of  the Seattle firm of Miller, Nash, Wiener, Hager & Carlsen LLP,   "When Networks Collide: Managing the Risks Arising from the Interaction of Healthcare and Information Systems."

8/12/98 - Health and Human Services (HHS) Proposed Regs under HIPAA
On August 12, 1998, the U.S. Dept of Health and Human Services published proposed regulations under the Health Insurance Portability and Accountability Act (Public Law 104-91, 110 Statutes 1936 (1996) as 45 CPR Part 142 at 63 Federal Register 43241 (Aug 12, 1998),  implementing Security and Electronic Signature Standards to protect the privacy of health information.  The Proposed Regs strongly endorse PKI digital signatures as the approved electronic signature technology for these purposes:

"Currently there are no technically mature techniques that provide
the security service of nonrepudiation in an open network environment,
in the absence of trusted third parties, other than digital signature-
based techniques. Therefore, if electronic signatures are employed, we
would require that digital signature technology be used." 63 F.R. 43241 at 43257 (Aug 12, 1998)
Attached is an excellent six-page summary of the Proposed Regs, prepared and e-mailed to us by John Christiansen of the Seattle office of Miller Nash Wiener Hager & Carlsen LLP.  Here is a link to the full text of the proposed regulations. You can download a PDF copy by browsing the  National Archives and Records Administration's online database of the federal register at  http://www.access.gpo.gov/su_docs/aces/aces140.html