[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Public Citizen on Medical Privacy Legislation

To: tap-info@tap.org
Subject: Public Citizen on Medical Privacy Legislation
From: James Love <love@tap.org>
Date: Thu, 30 Nov 1995 15:12:57 -0500 (EST)
-----------------------------------------------------------------
TAP-INFO - An Internet newsletter available from listproc@tap.org
-----------------------------------------------------------------
INFORMATION POLICY NOTE
November 30, 1995

 - Public Citizen comments in opposition to S. 1360 

---------------------

                     Comments on S. 1360, 
       "The Medical Records Confidentiality Act of 1995"

              PUBLIC CITIZEN'S HEALTH RESEARCH GROUP
                 Sidney M. Wolfe, M.D., Director 
                and Lauren Dame, Staff Attorney
                        November 28, 1995

     We are submitting these comments to voice our opposition to
S. 1360, the "Medical Confidentiality Act of 1995."  Under the
guise of protecting the confidentiality of medical records, this
bill would promote widespread dissemination of personal, private
medical information through the establishment and growth of
computerized medical records data banks, and broad access to such
data banks by a variety users. 

     Public Citizen's Health Research Group is a non-profit
organization funded by small individual contributions.  It was
founded in 1971 to fight for the public's health, and to give
consumers more control over decisions that affect their health. 
Among other things, we conduct research and analyses of data
obtained from the government and other sources to produce reports
to educate the public about important health care issues.  In
July 1995, we published the fifth edition of Medical Records: 
Getting Yours, a consumer handbook providing consumers with
information on their rights concerning their medical records: 
how to get copies of records, how to read and understand the
records, and how to get mistakes in the records corrected.  In
the book, we discuss the various state laws governing medical
records, and, given the different levels of protection in
different states, we agree that a federal law to protect the
confidentiality of medical records and to guarantee patients the
right to obtain and correct their records, would be an important
step in patient protection.  This Act, however, does not provide
that needed patient protection.  While offering some new
confidentiality protection, and providing patients nationwide the
right to inspect and copy their medical records, the Act as a
whole threatens confidentiality more than it protects it.

     The stated purposes of this Act are (1) to establish strong
and effective mechanisms to protect the privacy of persons with
respect to personally identifiable health care information and
(2) to promote the efficiency and security of the health
information infrastructure so that members of the health
community may more effectively exchange and transfer health
information.  While the bill is entitled the "Medical Records
Confidentiality Act," the overall thrust of the bill is to
enhance the establishment of medical records data banks and to
facilitate the exchange of medical records data among a wide
group of users, to the detriment of patient confidentiality, and
often without patient consent.  

     A basic flaw in this bill is its failure to deal directly
with one of the most important issues relating to medical records
today -- the effect of technological advances -- both in
medicine, and in information technology.

     Technological advances in medicine, such as new genetic
tests, have expanded the range of information to be found in
patients' medical records.  With some genetic tests, a person's
medical records may contain not only information about their past
and current health, but also may contain information about their
future health potential -- sensitive information that may be used
by employers, insurance companies and others to discriminate
against the patient based on something that has not yet even
occurred.

     Advances in information technology, particularly the
computerization of medical records, and the ease with which
computerized records may be accumulated, analyzed, searched and
shared among widely dispersed users, raise critical
confidentiality concerns.  Today's changes in the manner of
medical record storage from an old, paper-based system, located
in a physician's office, to a modern computerized, "medical
records data bank" kept by managed care organizations, insurers,
and third parties, means that more privacy protection for medical
records is needed than ever before.  In spite of the fact that
the computerization of medical records is a key threat to
confidentiality, the bill does not even mention computers, and
only obliquely refers to medical records databanks -- a large
threat to patient privacy and confidentiality -- by using the
term "Health Information Service." 

     In addition to the Act's failure to provide sufficient
privacy protection for medical records in the age of computers,
the Act also legalizes the widespread use of individually-identifiable 
patient information, without consent, by a variety
of users, including health authorities, health researchers, law
enforcement officials, and courts or other parties in lawsuits in
which a party's health has been placed in issue.  It is difficult
to imagine the reasons that such broad access to private patient
data is required.  Indeed, for much research and analysis of
health care issues, aggregate data from which patient identifiers
have been removed can provide more than adequate information. 
Yet, for purposes unexplained except by the most general of
terms, such as "public health surveillance" or "public health
investigation" or health "research project" by a health
researcher, this Act would make available patient medical records
without obtaining the consent of the patients involved.

     Provisions of the bill that are particularly problematic
include:

-    Section 207, which provides for disclosure of protected
     health information with personal identifiers to "health
     oversight agencies," without limitation on the scope of
     information disclosed, and with "health oversight agency"
     being broadly defined as to include agencies engaged in
     licensing, accreditation or certification of health care
     providers, or public agencies dealing with compliance with
     legal, fiscal, medical, or scientific standards relating to
     the delivery of health care or health care fraud.

-    Section 208, which provides for disclosure of protected
     health information to public health authorities for use in
     legally authorized public health surveillance or
     investigation, without any requirement that the public
     health authorities demonstrate that personal identifiers are
     necessary. 

-    Section 209, which provides for disclosure of protected
     health information, containing personal identifiers, to a
     health care researcher if a certified institutional review
     board determines that the information is required for the
     project, and of sufficient importance to outweigh the
     intrusion into the privacy of the individual.  Thus,
     personal medical information may be disclosed to thousands
     of researchers, graduate students, and others, without the
     patient's consent or desire to participate in the research,
     and with the only protection offered being the judgment of
     an institutional review board -- one located in the same
     institution as the would-be researchers, and likely to share
     the researchers' values concerning the importance of
     research at the expense of personal privacy.

-    Section 212, which provides for the disclosure of protected
     health information containing personal identifiers to
     government authorities for a "law enforcement inquiry," --
     broadly defined as a violation of, or failure to comply
     with, any criminal or civil statute, regulation, rule or
     order issued pursuant to such a statute.  

     These provisions are but a few examples of the broad
disclosure of personal medical information permitted by this Act. 

     In conclusion, we wish to reiterate our opposition to the
Medical Confidentiality Act of 1995.  While we support the idea
of a federal law to protect medical records, and applaud the
sponsors of this bill for raising the issue of medical records
confidentiality at a time when it is increasingly threatened by
advances in computer technology, this bill fails to live up to
its name, and fails to adequately protect the sensitive
information contained in all of our medical records.

---------------------------------------------------------------------
TAP-INFO is an Internet Distribution List provided by the Taxpayer
Assets Project (TAP).  TAP was founded by Ralph Nader to monitor the
management of government property, including information systems and
data, government funded R&D, spectrum allocation and other government
assets.  TAP-INFO reports on TAP activities relating to federal
information policy.

TAP-INFO is archived at gopher.essential.org in the Taxpayer Assets 
Project directory, and at http://www.essential.org/tap/tap.html

Subscription requests to tap-info to listproc@tap.org with
the message:  subscribe tap-info your name
---------------------------------------------------------------------
Taxpayer Assets Project; P.O. Box 19367, Washington, DC  20036
v. 202/387-8030; f. 202/234-5176; internet:  tap@tap.org
---------------------------------------------------------------------
Prev by Date: Medical Privacy News Clips... S. 1360
Next by Date: GPO Access: really free at last
Prev by thread: Medical Privacy News Clips... S. 1360
Next by thread: GPO Access: really free at last
Index(es):
- Date
- Thread