Document Type


Publication Date


Publication Citation

22 Cato Journal 33 (2002)


This article addresses health privacy in the broader context of other areas of recent privacy activity, in an effort to discover what people should have learned in trying to identify those principles that should undergrid regulatory efforts to protect privacy. Increasingly, the dominant trend in recent and pending privacy legislation is to invest consumers with near absolute control over information in the marketplace. - irrespective of whether the information is, or could be, used to cause harm. The Health Insurance Portability and Accountability Act privacy rules wholly ignore the concept of harm and the constitutional requirement of targeting restriction on information flows to specific harms. Five principles that regulators should consider are: 1. focus on harm, not control, 2. Use narrow, precise definitions that focus on reasonable expectations of privacy, 3. employ appropriate consent requirements, 4. behave consistently with legal requirements imposed on others, and 5. evaluate the consistency of rules.