Abstract
The use of medical records in research can yield information that is difficult to obtain by other means. When such records are released to investigators in identifiable form, however, substantial privacy and confidentiality risks may be created. These risks become more common and more serious as medical records move to an electronic format. In 1996, the state of Minnesota enacted legislation with respect to consent requirements for the use of medical records in research. This legislation has been widely criticized because—it is claimed—it creates an unnecessary impediment to research. In this article, we show that these arguments rest upon misinterpretation and/or misrepresentation of the 1996 legislation. A consent requirement had actually been present in Minnesota since 1976 (though codified in a patient rights statute rather than a privacy statute). The 1996 law does not require specific consent, as often claimed, but rather only a general authorization. The campaign against the Minnesota legislation appears to have been motivated by concern with respect to the then impending federal privacy rule. The HIPAA rule, as enacted, is in fact less stringent with respect to consent than the Minnesota consent law. On the other hand, the Minnesota consent law has not been effectively applied or enforced. As we change the way we manage sensitive medical information, new efforts are needed to provide protection against the confidentiality risks in research. Patient consent is an important tool in this regard. New instrumentalities are needed to solicit and document consent.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Brase, T. (1998) Letter. New England Journal of Medicine 338(15), 1076.
Gostin, L.O. and Hadley, J. (1998) Health services research: Public benefits, personal privacy, and proprietary interest. Annals of Internal Medicine 129(10), 834.
Kilbridge, P. (2003) The cost of HIPAA compliance. New England Journal of Medicine 348(15), 1423–1424.
Manning, D. (2002) Commentary: Don't waive consent lightly—Involve the public. BMJ 324, 1213.
McCarthy, D.B., Shatin, D., Drinkard, C.R., Kleiman, J.H. and Gardner, J.S. (1999) Medical records and privacy: Empirical effects of legislation. Health Services Research 34(1), 417–425.
Melton, L.J. (1997) The threat to medical records research New England Journal of Medicine 337(20), 1466–1470.
Melton, L.J. (1998) Letter. New England Journal of Medicine 338(15), 1077.
Pritts, J. (2002) Altered states: State health privacy laws and the impact of the Federal Health Privacy Rule. Yale Journal of Health Policy, Law, and Ethics II(2), 327–364.
Starr, P. (1999) Health and the right to privacy. American Journal of Law & Medicine 25(2/3), 193–201.
Willison, D.J., Keshavjee, K., Nair, K., Goldsmith, C. and Holbrook, A.M. (2002) Patients' consent preferences for research uses of information in electronic medical records: Interview and survey data. BMJ 326, 373–376.
Author information
Authors and Affiliations
Rights and permissions
About this article
Cite this article
Woodward, B., Hammerschmidt, D. Requiring Consent vs. Waiving Consent for Medical Records Research: A Minnesota Law vs. the U.S. (HIPAA) Privacy Rule. Health Care Analysis 11, 207–218 (2003). https://doi.org/10.1023/B:HCAN.0000005493.21521.42
Issue Date:
DOI: https://doi.org/10.1023/B:HCAN.0000005493.21521.42