Presidential DocumentExecutive Order 1318100-33004
To Protect the Privacy of Protected Health Information in Oversight Investigations
Primary source
Metadata and text below are from the Federal Register, a public-domain U.S. government work. Always verify the official published version before relying on it for any legal matter.
Published
December 26, 2000
Signed
December 20, 2000
Issuing agencies
Executive Office of the President
Full Text
<html>
<head>
<title>Federal Register, Volume 65 Issue 248 (Tuesday, December 26, 2000)</title>
</head>
<body><pre>
[Federal Register Volume 65, Number 248 (Tuesday, December 26, 2000)]
[Presidential Documents]
[Pages 81321-81323]
From the Federal Register Online via the Government Publishing Office [<a href="http://www.gpo.gov">www.gpo.gov</a>]
[FR Doc No: 00-33004]
Presidential Documents
Federal Register / Vol. 65, No. 248 / Tuesday, December 26, 2000 /
Presidential Documents
___________________________________________________________________
Title 3--
The President
[[Page 81321]]
Executive Order 13181 of December 20, 2000
To Protect the Privacy of Protected Health
Information in Oversight Investigations
By the authority vested in me as President of the
United States by the Constitution and the laws of the
United States of America, it is ordered as follows:
Section 1. Policy.
It shall be the policy of the Government of the United
States that law enforcement may not use protected
health information concerning an individual that is
discovered during the course of health oversight
activities for unrelated civil, administrative, or
criminal investigations of a non-health oversight
matter, except when the balance of relevant factors
weighs clearly in favor of its use. That is, protected
health information may not be so used unless the public
interest and the need for disclosure clearly outweigh
the potential for injury to the patient, to the
physician-patient relationship, and to the treatment
services. Protecting the privacy of patients' protected
health information promotes trust in the health care
system. It improves the quality of health care by
fostering an environment in which patients can feel
more comfortable in providing health care professionals
with accurate and detailed information about their
personal health. In order to provide greater
protections to patients' privacy, the Department of
Health and Human Services is issuing final regulations
concerning the confidentiality of individually
identifiable health information under the Health
Insurance Portability and Accountability Act of 1996
(HIPAA). HIPAA applies only to ``covered entities,''
such as health care plans, providers, and
clearinghouses. HIPAA regulations therefore do not
apply to other organizations and individuals that gain
access to protected health information, including
Federal officials who gain access to health records
during health oversight activities.
Under the new HIPAA regulations, health oversight
investigators will appropriately have ready access to
medical records for oversight purposes. Health
oversight investigators generally do not seek access to
the medical records of a particular patient, but
instead review large numbers of records to determine
whether a health care provider or organization is
violating the law, such as through fraud against the
Medicare system. Access to many health records is often
necessary in order to gain enough evidence to detect
and bring enforcement actions against fraud in the
health care system. Stricter rules apply under the
HIPAA regulations, however, when law enforcement
officials seek protected health information in order to
investigate criminal activity outside of the health
oversight realm.
In the course of their efforts to protect the health
care system, health oversight investigators may also
uncover evidence of wrongdoing unrelated to the health
care system, such as evidence of criminal conduct by an
individual who has sought health care. For records
containing that evidence, the issue thus arises whether
the information should be available for law enforcement
purposes under the less restrictive oversight rules or
the more restrictive rules that apply to non-oversight
criminal investigations.
A similar issue has arisen in other circumstances.
Under 18 U.S.C. 3486, an individual's health records
obtained for health oversight purposes pursuant to an
administrative subpoena may not be used against that
individual patient in an unrelated investigation by law
enforcement unless a judicial officer finds good cause.
Under that statute, a judicial officer determines
[[Page 81322]]
whether there is good cause by weighing the public
interest and the need for disclosure against the
potential for injury to the patient, to the physician-
patient relationship, and to the treatment services. It
is appropriate to extend limitations on the use of
health information to all situations in which the
government obtains medical records for a health
oversight purpose. In recognition of the increasing
importance of protecting health information as shown in
the medical privacy rule, a higher standard than exists
in 18 U.S.C. 3486 is necessary. It is, therefore, the
policy of the Government of the United States that law
enforcement may not use protected health information
concerning an individual, discovered during the course
of health oversight activities for unrelated civil,
administrative, or criminal investigations, against
that indi vidual except when the balance of relevant
factors weighs clearly in favor of its use. That is,
protected health information may not be so used unless
the public interest and the need for disclosure clearly
outweigh the potential for injury to the patient, to
the physician-patient relationship, and to the
treatment services.
Sec. 2. Definitions.
(a) ``Health oversight activities'' shall include
the oversight activities enumerated in the regulations
concerning the confidentiality of individually
identifiable health information promulgated by the
Secretary of Health and Human Services pursuant to the
``Health Insurance Portability and Accountability Act
of 1996,'' as amended.
(b) ``Protected health information'' shall have the
meaning ascribed to it in the regulations concerning
the confidentiality of individually identifiable health
information promulgated by the Secretary of Health and
Human Services pursuant to the ``Health Insurance
Portability and Accountability Act of 1996,'' as
amended.
(c) ``Injury to the patient'' includes injury to
the privacy interests of the patient.
Sec. 3. Implementation.
(a) Protected health information concerning an
individual patient discovered during the course of
health oversight activities shall not be used against
that individual patient in an unrelated civil,
administrative, or criminal investigation of a non-
health oversight matter unless the Deputy Attorney
General of the U.S Department of Justice, or insofar as
the protected health information involves members of
the Armed Forces, the General Counsel of the U.S.
Department of Defense, has authorized such use.
(b) In assessing whether protected health
information should be used under subparagraph (a) of
this section, the Deputy Attorney General shall permit
such use upon concluding that the balance of relevant
factors weighs clearly in favor of its use. That is,
the Deputy Attorney General shall permit disclosure if
the public interest and the need for disclosure clearly
outweigh the potential for injury to the patient, to
the physician-patient relationship, and to the
treatment services.
(c) Upon the decision to use protected health
information under subparagraph (a) of this section, the
Deputy Attorney General, in determining the extent to
which this information should be used, shall impose
appropriate safeguards against unauthorized use.
(d) On an annual basis, the Department of Justice,
in consul tation with the Department of Health and
Human Services, shall provide to the President of the
United States a report that includes the following
information:
(i) the number of requests made to the Deputy
Attorney General for authorization to use protected
health information discovered during health oversight
activities in a non-health oversight, unrelated
investigation;
(ii) the number of requests that were granted as
applied for, granted as modified, or denied;
(iii) the agencies that made the applications, and
the number of requests made by each agency; and
[[Page 81323]]
(iv) the uses for which the protected health
information was authorized.
(e) The General Counsel of the U.S. Department of
Defense will comply with the requirements of
subparagraphs (b), (c), and (d), above. The General
Counsel also will prepare a report, consistent with the
requirements of subparagraphs (d)(i) through (d)(iv),
above, and will forward it to the Department of Justice
where it will be incorporated into the Department's
annual report to the President.
Sec. 4. Exceptions.
(a) Nothing in this Executive Order shall place a
restriction on the derivative use of protected health
information that was obtained by a law enforcement
agency in a non-health oversight investigation.
(b) Nothing in this Executive Order shall be
interpreted to place a restriction on a duty imposed by
statute.
(c) Nothing in this Executive Order shall place any
additional limitation on the derivative use of health
information obtained by the Attorney General pursuant
to the provisions of 18 U.S.C. 3486.
(d) This order does not create any right or
benefit, substantive or procedural, enforceable at law
by a party against the United States, the officers and
employees, or any other person.
(Presidential Sig.)<Clinton1><Clinton2>
THE WHITE HOUSE,
December 20, 2000.
[FR Doc. 00-33004
Filed 12-22-00; 8:45 am]
Billing code 3195-01-P
</pre></body>
</html>Indexed from Federal Register on December 26, 2000.
This is legal information, not legal advice. Laws vary by jurisdiction and change frequently. Always verify current law with official sources and consult a licensed attorney in your jurisdiction for advice on your specific situation.