Psychiatric News June 18, 2004
Volume 39 Number 12
© 2004 American Psychiatric Association
p. 12
Concern About Privacy Violations Prompts Congressional Action
Christine Lehmann
A new bill in Congress would require companies in the United States to
notify customers that their private health information is being sent overseas
and provide them the option to refuse.
Imagine surfing the Internet and seeing your personal medical records or
financial information online.
A few Indian and Pakistani workers last year threatened to post on the
Internet medical records of U.S. citizens they had transcribed for U.S.-based
organizations unless their demands for payment were met, according to news
reports.
Although the workers never followed through on their threats, the incidents
underscored the potential for information identifying U.S. citizens to be
misused in other countries.
Rep. Edward Markey (D-Mass.) introduced a bill last month in the House of
Representatives to provide U.S. citizens a layer of protection against these
worst-case scenarios. The Personal Data Offshoring Protection Act of 2004 (HR
4366) would prohibit the transfer of information identifying U.S. citizens to
anyone outside the United States without citizens being notified first.
Personally identifiable information covered by the new bill includes
medical records, financial information, Social Security numbers, names, and
addresses.
The transmitting organizations would also have to notify U.S. citizens that
they can object to the transmission of their personal information to foreign
countries, the legislation states.
The notification requirements apply to countries outside the United States
that have adequate privacy protections.
Within six months of the date the bill is enacted, the Federal Trade
Commission would develop regulations to certify countries with legal systems
that adequately protect personally identifiable information, the legislation
states.
The bill defines adequate protections as equal to or greater than those
provided by U.S. federal or state laws. The list of countries would be made
available to the general public.
If the foreign country doesn't meet this standard, the U.S. organization
would be barred from transmitting personal information identifying U.S.
citizens, unless these conditions are met:
- The organization discloses to the citizen that the country receiving the
personal information lacks adequate privacy protections.
- The organization already has the citizen's consent to transmit personal
information to foreign workers.
- The consent is renewed by the citizen within one year before such personal
information is transmitted.
If violations of the act or federal regulations occurred, citizens would be
able to file suit in state court for the actual monetary loss from such a
violation or receive $10,000 per violation in damages, whichever is
greater.
The Personal Data Offshoring Protection Act of 2004 (HR 4366) was referred
to the House Committee on Energy and Commerce last month. A similar amendment
to a Senate finance bill by Sen. Hillary Rodham Clinton (D-N.Y.) in March was
not approved by the Senate.
The House bill can be accessed online at
<http://thomas.locgov>
by searching on the bill number, HR 4366. 
Get information about faster international access.
Privacy Policy
Copyright © 2004
American Psychiatric Association.
All rights reserved.
Home
| Search
| Current Issue
| Past Issues
| Subscribe
| All APPI Journals
| Help
| Contact Us
| 
