[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Policy Post 2.11 - CDT Proposes Changes to Improve Med-Privacy Bill
-----------------------------------------------------------------------------
_____ _____ _______
/ ____| __ \__ __| ____ ___ ____ __
| | | | | | | | / __ \____ / (_)______ __ / __ \____ _____/ /_
| | | | | | | | / /_/ / __ \/ / / ___/ / / / / /_/ / __ \/ ___/ __/
| |____| |__| | | | / ____/ /_/ / / / /__/ /_/ / / ____/ /_/ (__ ) /_
\_____|_____/ |_| /_/ \____/_/_/\___/\__, / /_/ \____/____/\__/
The Center for Democracy and Technology /____/ Volume 2, Number 11
----------------------------------------------------------------------------
A briefing on public policy issues affecting civil liberties online
----------------------------------------------------------------------------
CDT POLICY POST Volume 2, Number 11 March 19, 1996
CONTENTS: (1) CDT Recommends Changes to Bolster Medical Records Privacy Bill
(2) Specific Recommendations to S. 1360
(3) Subscription Information
(4) About CDT, contacting us
This document may be redistributed freely provided it remains in its entirety
** Excerpts may be re-posted by permission (editor@cdt.org) **
-----------------------------------------------------------------------------
(1) CDT RECOMMENDS AMENDMENTS TO BOLSTER "MEDICAL RECORDS CONFIDENTIALITY
ACT" (S. 1360)
This coming May, the Senate Labor and Human Resources Committee will
consider important privacy legislation designed to protect the
confidentiality of medical records. Introduced last fall by Senators Robert
Bennett (R-Utah) and Patrick Leahy (D-Vermont), and co-sponsored by
Senators Kassebaum, Kennedy, Dole, Daschle, and others, the "Medical
Records Confidentiality Act" (S. 1360) seeks to create strong,
comprehensive privacy safeguards for the health data of all Americans.
Among provisions, the "Medical Records Confidentiality Act" would:
* Give people the right to get a copy of their own medical record;
* Limit disclosure of personal health information by doctors,
employers, insurance companies and others in the health care
arena; and,
* Would establish stiff civil and criminal penalties for
unauthorized disclosures of information.
For a summary of S.1360, CDT's testimony on the need for medical records
privacy protections, and other information please visit CDT's Health
Information Privacy Web Page at http://www.cdt.org/health_priv.html
CDT supports the Bennett-Leahy bill and believes that its enactment would
be an important first step in creating strong, enforceable privacy
protections where few currently exist. (See CDT Policy Post No. 27).
When S. 1360 was first introduced last fall, some in the privacy community
argued that the bill did not go far enough. Over the past several months,
CDT, along with other public interest advocates and consumer groups, has
developed the following proposed changes to the bill which we believe are
necessary in order to strengthen the proposal and ensure that individuals
are better able to control access to and disclosure of their private health
records. Among the proposed changes, CDT recommends the committee:
1. Eliminate current exemptions which allow health information to be
disclosed to researchers without an individual's consent.
2. Eliminate current exemptions which allow doctors, insurance
companies, and other health information trustees to disclose health
information to government officials involved in health oversight
activities without an individual's consent.
3. Raise the standard for law enforcement access to health records
4. Place tighter controls on access to health information inside health
care institutions.
S.1360 will be before the Senate Labor and Human Resources Committee in
early May. The House is expected to hold hearings on the companion bill,
H.R.435, in the Spring. CDT urges the committee to adopt these changes when
it considers S. 1360 in early May, and looks forward to working with
Committee members to ensure that S. 1360 contains strong privacy
safeguards.
Our nation is rapidly developing a health information infrastructure that
will make it possible to quickly transmit and access health information for
treatment and payment purposes. This brings obvious public health benefits,
such as improving patient care, increasing patient access to treatment and
lowering costs. However, the risk of abuse is magnified when health records
are transmitted and stored
electronically. CDT believes that S. 1360 will help to bring the benefits
of the health information infrastructure while ensuring privacy and
confedentiality of sensitive medical information.
CDT is pleased that other privacy and consumer groups are actively working
to ensure that S.1360 is strengthened. The Consumer Project on Technology,
the Coalition for Patient's Rights, and many others have voiced similar
concerns to the Committee. As a result of the collective comments
submitted by privacy and consumer organizations, we believe that the final
bill will contain stronger, more comprehensive protections for personal
health information.
For more information on the Medical Records Privacy legislation, including
the text of the bill, analysis, CDT's testimony before the Senate Labor and
Human Resources Committee, and other relevant information, visit CDT's
Health Information Web Page at:
http://www.cdt.org/health_priv.html
For Additional Information Contact
The Center for Democracy and Technology +1.202.637.9800
Janlori Goldman, Deputy Director <jlg@cdt.org>
Deirdre Mulligan, Staff Counsel <deirdre@cdt.org>
------------------------------------------------------------------------
(2) CDT RECOMMENDATIONS TO THE COMMITTEE
* ELIMINATE CURRENT EXCEPTION TO CONSENT FOR CREATION OF NON-
IDENTIFIABLE INFORMATION.
As drafted, S. 1360 would allow protected health information to be
disclosed without an individual's consent to certified health information
services, for the sole purpose of creating non-identifiable information.
CDT recommends that this provision be stricken from the bill. Trustees
(such as doctors, hospitals, or insurance companies) should be prohibited
from disclosing personal health information without individual consent in
all but the most compelling circumstances. If a trustee chooses to
de-identify, or strip data, they may do so. CDT believes that a health
information service should only handle personal information when they are
acting as an employee, agent, or contractor of a health care provider or
health plan.
* ELIMINATE CURRENT EXCEPTION TO CONSENT FOR RESEARCH PURPOSES.
S.1360 currently allows protected health information to be disclosed to
researchers without an individual's consent. CDT urges the Committee to
affirm the individual's right to control disclosure of personal health
information by requiring that the individual's consent be obtained by the
provider or health plan prior to disclosing personal health information to
a researcher, unless exceptional circumstances are presented that justify a
waiver.
We recommend that federal regulations requiring federally-funded
researchers to obtain the individual's consent be adapted to govern all
researcher access to personally identifiable records. Through adoption of
a consent mechanism, the bill would provide a strong incentive for
researchers to use non-identifiable data where possible.
* ELIMINATE CURRENT EXCEPTION TO CONSENT FOR OVERSIGHT PURPOSES.
S.1360 currently allows health information trustees (such as doctors,
insurance companies) to disclose protected health information without an
individual's consent to government officials involved in health oversight
activities, such as reducing fraud and abuse. As drafted, the bill
prohibits information obtained during an oversight activity from being used
in an action against an individual (if not related to health fraud or
abuse).
CDT believes that the legislation be amended to require oversight officials
to obtain a subpoena prior to seeking access to records. By requiring legal
process, government officials would have to justify their requests for
information, providing a much needed method of ensuring public
accountability. In conjunction with the substantial protection for
individuals afforded by the current limitation on using the information
against the individual in an unrelated action. This amendment would hinder
any government effort to use oversight activities as fishing expeditions.
These recommended changes to the bill would give individuals the greatest
degree of control over the use and disclosure of personal health
information by restricting unauthorized disclosures of personal health
information.
* HEIGHTEN STANDARD CONTROLLING LAW ENFORCEMENT ACCESS.
As drafted S.1360 requires law enforcement personnel to present a warrant
to health information trustees when seeking access to personal health
information -- the bill does not require trustees to disclose the
information. However, the warrant requirement in the Bennett-Leahy bill
contains a standard that is weaker than the standard governing access to
subscriber records under the Cable Communications Act.
CDT urges the Committee to strengthen the standard governing law
enforcement access to personal health information. The bill should be
amended to provide a heightened standard governing access that is as strong
as, if not stronger, than the standard found in the Cable Communications
Act. It would be absurd to have weaker privacy protections for peoples'
medical records than for their cable records.
CDT believes that personal health information is some of the most sensitive
and revealing information about individuals and is therefore entitled to
the strongest legal safeguards. Law enforcement personnel should be forced
to make a very compelling showing of evidence and need before they are
given access to peoples' medical records.
* LIMIT INSIDER ACCESS.
CDT is concerned that the bill as drafted does not clearly convey that
access to information within an institution must be limited and regulated
as closely as disclosure of information outside the institution.
CDT urges the Committee to clarify the language restricting internal uses
of protected health information. Internal uses of information must be
limited to those that are both compatible with and directly related to the
purpose of collection. In addition, the minimization requirement governing
all disclosures of information must also govern internal use of
information. For instance, while within health care institutions a number
of health care professionals may be involved in a patient's care and need
access to information in the patient's record, there must be limits on who
has access and the amount of information they are provided.
Although some groups have raised concerns about the preemption language of
S.1360, after a review of state laws regarding confidentiality of and
access to medical information, CDT is confident that the protections and
penalties provided by S.1360 are more comprehensive and stronger than those
provided under existing law. Moreover, the preemption provision is not
absolute. S.1360 leaves states free to craft stronger privacy laws in the
areas of mental health, public health (communicable disease), and
doctor-patient privilege. In addition, where more protective court
decisions exist in the area of doctor-patient confidentiality, they too
would remain undisturbed. Lastly, S.1360 would not preempt state laws that
prohibit discrimination based on health information -- such as laws that
prohibit discrimination based on an individual's genetic information.
-----------------------------------------------------------------------
(3) SUBSCRIPTION INFORMATION
Be sure you are up to date on the latest public policy issues affecting
civil liberties online and how they will affect you! Subscribe to the CDT
Policy Post news distribution list. CDT Policy Posts, the regular news
publication of the Center For Democracy and Technology, are received by
more than 9,000 Internet users, industry leaders, policy makers and
activists, and have become the leading source for information about
critical free speech and privacy issues affecting the Internet and other
interactive communications media.
To subscribe to CDT's Policy Post list, send mail to
policy-posts-request@cdt.org
with a subject:
subscribe policy-posts
If you ever wish to remove yourself from the list, send mail to the
above address with a subject of:
unsubscribe policy-posts
-----------------------------------------------------------------------
(4) ABOUT THE CENTER FOR DEMOCRACY AND TECHNOLOGY/CONTACTING US
The Center for Democracy and Technology is a non-profit public interest
organization based in Washington, DC. The Center's mission is to develop
and advocate public policies that advance democratic values and
constitutional civil liberties in new computer and communications
technologies.
Contacting us:
General information: info@cdt.org
World Wide Web: URL:http://www.cdt.org/
FTP URL:ftp://ftp.cdt.org/pub/cdt/
Snail Mail: The Center for Democracy and Technology
1634 Eye Street NW * Suite 1100 * Washington, DC 20006
(v) +1.202.637.9800 * (f) +1.202.637.0968
-----------------------------------------------------------------------
End Policy Post 2.11 3/19/96
-----------------------------------------------------------------------