Does the DHS Laptop-Searching Policy Violate HIPAA?
Thursday, August 14th, 2008 by Harry LewisHIPAA is the very strong privacy policy for medical records to which all doctors and hospitals must adhere. As we blogged recently, the Department of Homeland Security has issued guidelines stating that border agents may seize and examine any laptop — even, presumably, the laptop of a doctor who happens to have carried medical data with him out of and into the U.S. (Here are the actual DHS policies. They are extraordinarily sweeping and worth reading.) ¬†A blogging doctor’s explains the inconsistency.
HIPAA (the Health Insurance Portability and Accountability Act) is the law that governs the privacy of your medical information. It is very, very detailed, and requires quite a bit from your doctor. You’ve signed a form at the office of every provider you’ve visited that notifies you of your privacy rights. I cannot discuss your care in a hospital elevator. I can’t send you an email regarding your health without making it very clear that any information in the email cannot be considered secure. I cannot disclose your health information to anyone else except under very specific and limited circumstances. HIPAA has radically changed the way we do things with health information (sometimes for the better, sometimes not).
Moving on to Homeland Security—DHS agents may, for any reason or none at all, seize my laptop and demand any security or encryption codes. My laptop not infrequently contains information covered by HIPAA (known as PHI, or Protected Health Information). Because of that, my laptop is secured via HIPAA-compliant security measures. Under the new DHS guidelines, I can be required to hand over my laptop and help officers access the information¬†without any suspicion of wrong-doing. We have a little problem here…
Unlimited government authority is always dangerous. I wonder if Chertoff plans to blow off this medical privacy fol-de-rol as a threat to national security.