Last month, we blogged about how Humana (and maybe some other health plans) sent warnings through letters to its Medicare beneficiaries that they could lose their health care benefits and services due to health care reform legislation pending in Congress. In response, the Centers for Medicare and Medicaid Services (CMS) issued an order to all health plans serving Medicare beneficiaries to stop sending letters. Some reacted to this order by accusing CMS of attempting to censor "free speech." Free speech, however, is not the only issue implicated by Humana's activity. Humana arguably violated the HIPAA Privacy Rule (the federal health privacy Rule that limits how health plans (and other covered entities) can use and disclose personal health data (including mere demographic information)) when it used beneficiaries' names and addresses to send the letters. Yet, everyone continues to ignore the privacy issue! Health care entities do not have unfettered use of individuals' health data. Should health plans like Humana be able to use this data for whatever reason they find important? The answer is no -- and the HIPAA Privacy Rule makes this clear. The Privacy Rule requires Humana and other health plans in general to be good stewards of personal data -- the same data that individuals entrust to them to manage their health care. After they share their data, individuals expect the data will be protected, kept confidential, and only used for legitimate purposes -- not misused as Humana (and potentially others) have in this case.
Read more »