The right to privacy refers to the concept that personal information should be protected from public scrutiny. While not explicitly stated in the Constitution, the Fourth Amendment alludes to individual privacy rights in granting the people’s right “to be secure in their persons, houses, papers, and effects.” In addition, the Ninth Amendment states that the enumeration of certain rights “shall not be construed to deny or disparage others retained by the people.”
With regards to medical records, often deemed highly personal and sensitive information, these other privacy rights are covered by the Health Insurance Portability and Accountability Act (HIPAA), as well as the Privacy Act of 1974, which generally restrict agencies and covered entities from disclosing protected health information to another agency or person without express authorization from the individual (45 CFR §164.524; 5 USC § 552a). This right to privacy must be waived, however, to receive certain benefits from other federal programs.
To qualify for disability benefits under the Social Security Act, the burden of proof is on the claimant to establish the existence of a severe impairment with treatment records from an approved medical source. This means releasing your confidential medical information to a federal agency, namely Social Security Administration (SSA), with the expectation that the SSA will not disclose your personal information to any other agency, barring few exceptions.
In December, for example, SSA issued a final rule that they will share certain information with the Department of Justice to comply with the National Instant Criminal Background Check System of 2007 (NICS). Such information would include basic data such as name, social security number, and date of birth, but not specific medical information (20 CFR § 421.110). While the regulation was rolled back last month, SSA continues to apply protections against unauthorized disclosures of confidential information under HIPAA and the Privacy Act.