Print this page    •   Back to Web version of article

AIDS Project Director's Report
Warning: Your Medical Privacy Is at Risk

By Catherine A. Hanssens

March 1, 2000

In Washington, D.C., a man leaving the hospital after treatment for an AIDS-related illness, stops to chat with the receptionist who happens to work a second job at the same place where the man himself is employed. The receptionist gets access to the man’s medical records, learns he has HIV, and tells everyone at their shared workplace.

In Atlanta, a dental hygienist loses his job after the physician treating him for HIV takes it upon himself to inform the hygienist’s employer.

Outside of Baltimore, a gay father who lives with his lover has his visitation rights with his child challenged by his ex-wife, who asks that the judge order the child’s father to take an HIV test.

The scenarios above are not hypotheticals from the early, "bad" days of AIDS, but real and recent incidents. As these examples make plain, for those living with HIV, the right to medical confidentiality has a continuing importance and immediacy.

Last year, Lambda’s AIDS Project pushed hard for improved protections in a Model State Privacy Law, developed under the Centers for Disease Control and Prevention and used in tandem with the CDC’s new guidelines for HIV test reporting.

We now are assessing the Department of Health and Human Services’ proposed national standards for the privacy of all medical records. While the proposed standards lauded by President Clinton last fall do provide some important protections, less publicized provisions allowing disclosures without individual consent raise major privacy concerns, particularly for those whose medical and insurance records contain sensitive information such as HIV status. An initial problem is the limited scope of HHS’s proposed rules. They would not apply to many of those who receive information from health insurers and care providers, like researchers, life insurers and marketing firms.

A second, equally serious shortcoming is the standards’ explicit exclusion of inmates and detainees. HHS asserts incorrectly that existing federal laws protect inmate records. Citing the unique circumstances involved in overseeing prisoners and detainees, the rules exempt correctional officials from the confidentiality requirements entirely. One remedy would be to tailor the rules to accommodate the peculiarities of prison health care services while limiting non-medical staff’s access to sensitive medical information.

Finally, the proposed rules permit inappropriately broad use and disclosure of personal medical information without consent or even notice to the affected person, for example, in court proceedings (without a court order in many circumstances); and in connection with law enforcement activities. Despite the well-documented misuse of information about individuals’ HIV status by criminal justice personnel, the rules actually propose relaxing some current restrictions on law enforcement authorities’ access to this information.

The HHS rules will not be finalized before late spring. In the meantime, we will be working collaboratively with national privacy and HIV advocacy organizations to develop comments on these rules and to urge alternative provisions which better protect the important privacy interests of gay and HIV-positive people.

This article was provided by Lambda Legal. You can find this article online by typing this address into your Web browser:

General Disclaimer: is designed for educational purposes only and is not engaged in rendering medical advice or professional services. The information provided through should not be used for diagnosing or treating a health problem or a disease. It is not a substitute for professional care. If you have or suspect you may have a health problem, consult your health care provider.