HIPAA Blog

[ Tuesday, September 03, 2002 ]

 

I heard the news today: both the South Carolina and Texas cases have been appealed.

The South Carolina case was the more interesting, in my opinion, because they made the more interesting legal argument: that Congress exceeded its authority and delegated law-making authority to HHS. Remember your high school civics class: Congress (the legislative branch) makes laws, and the President and the administration (the executive branch) enforces the law. Congress can write laws and require the administrative agencies to draft regulations, but the law part should be pretty specific and the regulation part should only be enough to round off the rough edges the law part can't get exactly right. In other words, Congress should write laws that are pretty specific about what actions are allowed, and the regulations drafted by the agencies should just be tweaking of those laws to fix minor problems or lay out how the laws will be enforced in specific circumstances. You can't expect Congress to think of everything, so you need the administrative agencies to clean up ambiguities and tie up the loose ends.

Well, the South Carolina plaintiffs thought the HIPAA regs were too much like law and not enough like, well, regulations. The HIPAA regs are very specific, very broad, and are much more like "law" than like "regulations." They complained that in writing such broad regulations, without more specific guidance from Congress, HHS stepped beyond its powers and became an unelected legislative body, drafting laws without being responsible to the voters (i.e., without being able to be unelected). Interesting argument, one that a certain Assistant US Attorney and fellow HIPAAcrat pointed out soon after the regs came out. The Federal District court threw the argument out, but it's on appeal now.

The Houston case is different in its target. That case has a US congressman, who also happens to be a physician (Ron Paul), as one of the plaintiffs. The most interesting argument made by the plaintiffs in that case is that the HIPAA privacy regs themselves are the worst possible breach of medical record privacy, because they give the government free rein to access any person's medical records. Since any covered entity must provide to HHS any medical records HHS asks for, the HIPAA privacy regs effectively give the government the right to snoop wherever it wants. The Federal District court in Texas also threw that one out, but it will be interesting to watch these 2 cases go through the appeals process.

Jeff [10:02 AM]

Comments: Post a Comment
http://www.blogger.com/template-edit.g?blogID=3380636 Blogger: HIPAA Blog - Edit your Template