through self-insurance.26 Due to weak federal protection, ERISA creates a considerable loophole for self-insured companies, which are not restricted from gaining access to personally identifiable health information pertaining to their employees. Over 60 million Americans held health insurance through a self-insured employer in 1993.27

Nongovernmental Initiatives

Outside of government, a number of initiatives are under way to develop industry-wide standards for the security and confidentiality of health information. These efforts span a wide range of topics, from attempts to develop technical standards for security, to models for evaluating existing practices, to educational initiatives. They are being conducted by a large number of organizations, including the American National Standards Institute, the Computer-based Patient Record Institute, and the Joint Commission on Accreditation of Healthcare Organizations. While moving in the right direction, these efforts have not yet resulted in a set of enforceable standards that have been broadly adopted by industry.

American National Standards Institute

To facilitate the development of standards for health care information systems, the American National Standards Institute (ANSI) has established the Health Informatics Standards Board (HISB). Its charter is to promulgate standards for (1) health care models and electronic health records; (2) the interchange of health data, images, sounds, and signals within and among health care organizations; (3) health care codes and terminology; (4) communication with diagnostic instruments and health care devices; (5) representation and communication of health care protocols, knowledge, and statistical databases; (6) privacy, confidentiality, and security of medical information; and (7) other areas of concern or interest regarding health information.28HISB coordinates the work of standards groups for health care data interchange, such as the Institute of Electrical and Electronics Engineers, the American Society for Testing and Materi-


ERISA, §502(a), codified at 29 U.S.C. §1132. See Bobinski, Mary Anne. 1990. "Unhealthy Federalism," U.C. Davis Law Review 24(255). See also Rothstein, Mark A. 1992. "Genetic Discrimination in Employment and the Americans with Disabilities Act," Houston Law Review 29(23):80-81.


Health Insurance Association of America. 1996. Source Book of Health Insurance Data. Health Insurance Association of America, Washington, D.C., Table 2.5.


American National Standards Institute (ANSI), Healthcare Informatics Standards Planning Panel. 1992. "Charter Statement," ANSI, September.

The National Academies of Sciences, Engineering, and Medicine
500 Fifth St. N.W. | Washington, D.C. 20001

Copyright © National Academy of Sciences. All rights reserved.
Terms of Use and Privacy Statement