[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
CPT's March 1 Recommendations on S. 1360 Changes

To: med-privacy@tap.org
Subject: CPT's March 1 Recommendations on S. 1360 Changes
From: James Love <love@tap.org>
Date: Sun, 3 Mar 1996 13:06:59 -0500 (EST)
  This was the attached memo on our recommeded changes in S. 1360.  (same 
  as at the end of the letter to Kassebaum).  jamie
  
               CPT Suggestions for Changes in S. 1360
                                  
                           March 1, 1996
  
  1.   Section 202.  Authorizations for Disclosures of Protected
       Health Information for Treatment or Payment.
  
       We believe that this is the most important section of the
  legislation, because it is the point at which the patient has the
  least bargaining power in terms of exercising control over
  records.  It is essential, in our view, that there be limits on
  what the insurer can do with data which they obtain for purposes
  of authorizing payment for services.  As you know, insurance
  companies routinely ask for very detailed records from doctors,
  including such items as daily treatment notes and treatment plans
  for psychiatric patients.  This is our suggested modification to
  limit access to these records.
  
       Sec. 202 (e) Disclosure for Payment.-- A health information
       trustee that receives protected health care information for
       purposes of authorization of payment may only use
       information for this purpose, and 
  
       (1) may not redisseminate the information to any third
       parties, including persons who seek information under
       sections 204, 205, 206, 207, 208, 209, 210, 211 or 212 of
       this act, unless it can be determined that the records are
       not available from the health care provider, or that the
       patient has authorized such disclosures under Sec 203.
  
       (2) Protected information received for purposes of payment
       authorization shall be removed or destroyed at the earliest
       opportunity if it is no longer needed for payment
       authorization.
  
  
  2.   Sec. 203, Authorizations for Disclosure of Protected
       Information.
  
  
       We believe that it is important to protect persons from
  request for consent to disclose records when coercion is present. 
  Even information industry and privacy consultant Bob Gellman, who
  is generally considered a proponent of a bill which provides
  broad industry and governmental access to medical records, has
  indicated that under S. 1360, consent will often be obtained
  under such coercive conditions that the patients will have "real"
  choices.  For example, in discussing consent obtained by life
  insurance companies, who subsequently share information with  the
  Medical Information Bureau, Mr. Gellman said:
  
       This all happens with your consent.  You may not have a real
       choice, but you have agreed to this process.  In its own
       way, it is just like the consent you sign to authorize
       payment of your health bill.  When you sign a consent, you
       basically lose any rights that you had.  This is the problem
       with relying on consent.  I don't like consent for basic
       disclosures, including for payment. [Nov 16, 1995 post to
       MED-PRIVACY.]
  
       In the AHIMA meetings it was pretty clear that good lawyers
  will devise clever consent forms that will undermine a patients
  right to privacy.  To address this, we propose a new subsection
  (e), which reads:
  
       e) The Secretary, after notice and opportunity for public
       comment, shall adopt rules which prohibit or limit requests
       for consent for access to protected health care information
       for purposes of employment, acceptance to a school or
       university, or for other purposes for which a request for
       consent may involve undue coercion. 
  
  
  3.   Sec 112. Accounting for Disclosures.
  
       We have raised several problems with this section in our
  earlier November 14, 1995 comments for the record on S. 1360,
  where we recommended two new subsections to Sec. 112, which would
  provide for a better audit trail for the consumer, and also
  provide for statistical reporting of how records are
  disseminated.  In the AHIMA discussions, a new problem with Sec.
  112 was identified, which we believe is quite important.  A
  number of parties will obtain medical records with consent or
  notice under S. 1360, and these parties in turn will be permitted
  to redisseminate records to others, again often without consent
  or notice.  However, some of these entities will obtain records
  in identified formats, and then "scrub" the records, to remove
  identifiers, or even purge the records once they are no longer
  needed.  It does not serve anyone's interest to require someone
  who has de-identified or purged records to be required to keep
  the 112 record of disclosures, if the record of disclosure itself
  will result in an unnecessary  loss of privacy.  That is, the
  accounting for the disclosure will itself be an identified record
  that will not have been purged or scrubbed.  We are quite
  concerned about this, because we want persons to be encouraged to
  purge identified records when they are no longer needed. 
  However, if the person who purges the identified records then
  also purges the accounting for disclosure, there will be a break
  in the audit trail, making it impossible for the patient to
  determine who had access to the records, thus defeating the
  intent of Section 112.
  
       This is a difficult problem, because the accounting for
  disclosure itself will reveal information about the patient which
  should not be widely disseminated.  We suggest the following
  approach, which would be embodied in a new subsection 112 (c):
  
       Sec. 112 (c).  If a health care trustee purges identified
       records, the following procedure shall be followed to
       determined who will maintain the accounting for disclosure
       records:
  
       (1)  If the original record proscribes a patient authorized
            custodian of the record, the accounting of disclosures
            of the record shall be sent to the custodian of the
            record,
  
       (2)  If the record does not proscribe a patient authorized
            custodian of the record, the person who purges the
            record shall send the accounting for disclosure to the
            patient or to the person from whom the record was
            previously obtained.
  
  We also want a subsection (d) for statistical reports:
    
       Sec. 112 (d).  The Secretary shall proscribe for certain
       health information trustees annual  statistical reports on
       disclosures, which report the number of records that are
       accessed, the types of persons or entities who obtain
       access, the sections of the law under which access was
       obtained, and the purposes for which the information was
       used. The Secretary shall make  these reports available to
       the public.
  
       Without these reports, the public will be largely in the
  dark about the extent of non-consensual access to their medical
  records by third parties.  The proposed language will help
  further policy makers identify the major players who use medical
  records.
  
  
       
  4.   The Sec. 210, 211 and 212 Provisions for Access to Records
       by litigants, law enforcement officials and other government
       agencies.
  
  
       We strongly support the alternative language for these
  sections which was drafted by the Medical Privacy Coalition.
  
  5.   Section 401 and 402 Preemptions of State and Common Law.
  
       We do not support the current language for the Section 401
  and 402 preemptions of state and common law.  We recognize that
  some proponents of S. 1360 see the preemption sections of the
  bill as the most important provision of the legislation.  We
  recommend the following:
  
  a)   States should be permitted to adopt rules which provide
       special protections for genetic information, an important
       area of state action which was ignored in S. 1360.
  
  b)   States should be permitted to adopt rules which provide
       protections against coercive consent, another area which was
       largely ignored in S. 1360.
  
  c)   The Medical Privacy Coalition's recommendation that states
       have general authority to adopt rules or laws which "more
       completely protects protected health information and the
       confidentiality and privacy rights of an individual," should
       be included in the legislation. 
  
  d)   If the Congress isn't willing to accept (c) as a state
       right, then it should at least give states the right to
       petition the Secretary to adopt such rules, so states will
       be given more authority to experiment in areas where the
       federal legislation has failed to protect the privacy rights
       of patients (and there are many such areas in S. 1360).
  
       We believe these are very modest and reasonable amendments
  to the current Sec. 401, that should be adopted in some form, if
  the Congress intends to enhance privacy, rather that to promote
  the broader use of medical records by third parties.
  
  
  ----------------------------------------------------------------------
  James Love, love@tap.org
  P.O. Box 19367, Washington, DC 20036; v. 202/387-8030; f. 202/234-5176
  Consumer Project on Technology; http://www.essential.org/cpt/cpt.html
  Taxpayer Assets Project; http://www.essential.org/tap/tap.html
Prev by Date: CPT's March 1 Letter to Senator Kassebaum
Next by Date: Re: CPT's March 1 Letter to Senator Kassebaum
Prev by thread: Re: CPT's March 1 Letter to Senator Kassebaum
Next by thread: Re: CPT's March 1 Recommendations on S. 1360 Changes
Index(es):
- Date
- Thread