Doctors Sue to Stop HIPAA Privacy Regulations

Published October 1, 2001

On July 31, the Association of American Physicians and Surgeons (AAPS) announced it had filed suit against the U.S. Department of Health and Human Services to halt implementation of new medical privacy regulations.

The AAPS lawsuit challenges the constitutionality of the regulations based on their content and likely outcomes. The suit further claims the regulations violate the Paperwork Reduction Act.

Specifically, the lawsuit contends the regulations:

  • violate the Fourth Amendment, because they require physicians to allow government access to personal medical records without a warrant and authorize the government to develop a centralized database of personal medical records with personal health identifiers;
  • are unconstitutional to the extent they govern purely intrastate activities by physicians using and maintaining medical records for patients, and disrupt state laws;
  • violate the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and lack statutory authorization to the extent they regulate medical records other than electronic transmissions; and
  • violate the Paperwork Reduction Act and Paperwork Flexibility Act and are unenforceable and incomplete.

Kathryn Serkes, public affairs counsel for AAPS, explained at a news conference at the Cato Institute in Washington, DC, “Physicians swear to do no harm. It’s time we held politicians to the same standard.” She called “heavy-handed” the unprecedented government access to private medical records that is provided for by the new rules.

“While masquerading as patient protection, the rules would actually eliminate any last shred of patient confidentiality,” she said. “When it comes to government prying, these rules obliterate any remote notion of patients’ rights.”

She noted the rules require doctors to disclose all patient records–including handwritten notes and psychiatric records–to thousands of federal government bureaucrats . . . regardless of whether a patient consents to that disclosure.

Moreover, “law enforcement agencies will have unrestricted access to all records–including notes about drug use, family interactions, and other confessions.”

Serkes warned, “Doctors can not only be fined for withholding records, but the feds can order them to refuse treatment to patients who won’t consent to government disclosure.

“If patients expect the government to protect them from marketing efforts, they’re in for a rude surprise. It was government employees who sold patients medical records from government databases to HMO recruiters in Maryland a few years ago.”

Serkes cited a survey of physicians that found “a whopping 96 percent of doctors” worry the proposed rules will compromise patient privacy.

“While some of the rule’s specifics could be ironed out down the road, no amount of fine-tuning can fix a flawed approach,” said Serkes. “Only a fresh start will head off irreparable damage to patients and their trust in the system.”

AAPS is a national association of physicians founded in 1943 to protect the sanctity of the patient-physician relationship from intrusion of third parties. The organization is dues-supported and accepts no government funds. It notes no for-profit entities have helped fund its litigation.

Second Lawsuit Filed

The new privacy regulations have also come under fire from the South Carolina Medical Association (SCMA), which has filed its own lawsuit against HHS. The physicians’ group contends the privacy regulations represent an unconstitutional delegation of Congress’ legislative authority because they were drafted “with little congressional input.”

The association, which represents 6,000 physicians, says the privacy rules are burdensome and will increase costs, “create more paperwork, and impede hospital pre-admission procedures.”

SCMA President J. Capers Hiott told the Washington Post, “What we are filing is based on a constitutional flaw. We’re not filing this because we are against anything that has to do with patient privacy. Physicians are one of the staunch supporters of patient privacy.”

By filing the lawsuit, SCMA hopes to prevent the rules from taking effect and to “send them back to Congress” so new rules can be drafted with input from health care providers.

HHS spokespersons would not comment on either lawsuit when called by Health Care News.

The new privacy rules, required under HIPAA, were first issued by the Clinton administration. The Bush administration took no action to prevent them from taking effect in April.

AAPS successfully sued the Clinton administration in several years ago to force disclosure of hundred of thousands of pages of secret documents from the President’s Health Care Task Force. The decision in AAPS vs. Hillary Clinton was issued in August 1999.

For more information . . .

The full text of the AAPS lawsuit is available in Microsoft Word at the group’s Web site at

Kathryn Serkes, public affairs counsel for AAPS, can be reached by email at [email protected].