The HIPAA Privacy Act of 1974
The Privacy Act of 1974, which limited U.S. government control of personal information, helped pave the way for other statutes that protect privacy. The act established procedures for government offices to follow when gathering and maintaining a citizen's identifiable information. Years later, the Health Insurance Portablility and Accountability Act (HIPAA) of 1996 applied these same laws to private organizations. The cumulative effect of these federal statutes in a technology-based society is that government and private agencies can be found liable if they allow personal information to get into the wrong hands.
Other People Are Reading
-
Function
-
The Privacy Act of 1974 required all federal agencies to follow "fair information practices" in storing and providing access to a citizen's personal information. Third parties requesting to see such records must complete formal requests. Before releasing the data, officials must comply with the act's disclosure provisions.
Significance
-
Without the Privacy Act, third parties could view and distribute personal records at will. Employers, attorneys and insurers not bound by codes of ethics would have access to deeply sensitive information they could use to terminate employees, instigate lawsuits and deny insurance coverage. The act applied not only to medical information but other kinds of personal data collected by federal offices. For example, under the act, the U.S. Department of Education was forced to revise its system for maintaining test scores and student grades. Privacy protections are especially significant in a society where the widespread use of computers makes access to confidential data easier than it would be otherwise.
-
History
-
By the early 1970s, some Americans became concerned that computer technology would make it more difficult to limit access to personal information. In 1973, the U.S. Department of Health, Education and Welfare recommended the federal government implement a code requiring federal agencies to follow standard practices to guarantee the safekeeping of individual records. After reconciling separate bills proposed by the House and Senate, Congress passed the act on Dec. 17, 1974. The law took effect on Sept. 27, 1975.
Misconceptions
-
Confusion over the Privacy Act stemmed from misconceptions about its application. For example, the original act applied only to federal agencies. Even if it received federal funds, a private organization was exempt. Also, while some people believed the act protected only medical records, it actually applied to all personal information, such as military service, veterans' data and Medicare eligibility.
Provisions
-
Under the act, federal agencies have only 10 days to respond to a request by a citizen or permanent resident for access to his records. Organizations that gather but do not distribute information are exempt. Federal agencies must identify personal information they hold on government databases, and every two years the U.S. president must report on his office's compliance with the act.
-
References
- EPIC.org: The Privacy Act of 1974
- U.S. Department of Justice: Overview of the Privacy Act of 1974
- "Federal Register;" Department of Education, Privacy Act of 1974; Vol. 69, No. 50; March 15, 2004
- Federal Register: Privacy Act of 1974, as Amended; New System of Records
- California Department of Veterans Affairs: The Federal Privacy Act of 1974 and HIPAA Privacy Rule of 1996: A Comparison; September 2007
- U.S. Department of Health and Human Services: The Privacy Act
Resources
- Photo Credit Jumper/Photodisc/Getty Images
