As the nation braces for possibly more Ebola cases, civil liberties should be considered, including patient privacy. As news media feature headline-grabbing stories about quarantines, let’s think about the laws governing privacy in healthcare. Despite federal laws enacted to protect patient privacy, the Ebola scare brings the vulnerability of individuals and the regulations intended to help them into sharp relief.
In 1996, Congress enacted the Health Insurance Portability and Accountability Act (HIPAA) to protect patient privacy. Specifically, HIPAA’s Privacy Rule requires that healthcare providers and their business associates restrict access to patients’ health care information. For many years, the law has been regarded as the strongest federal statement regarding patient privacy. But it may be tested in the wake of the Ebola scare with patients’ names, photographs, and even family information entering the public sphere.
Ebola hysteria raises questions not only about how to contain the disease, but also to what extent Americans value their healthcare privacy. What liberties are Americans willing to sacrifice to calm their fears? How to balance the concern for public welfare with legal and ethical privacy principles? For example, will Americans tolerate profiling travelers based on their race or national origin as precautionary measures? What type of reporting norms should govern Ebola cases? Should reporting the existence of an Ebola case also include disclosing the name of the patient? I don’t think so, but the jury appears out for many.