[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Policy Post 2.11 - CDT Proposes Changes to Improve Med-Privacy Bill

     _____ _____ _______
    / ____|  __ \__   __|   ____        ___               ____             __
   | |    | |  | | | |     / __ \____  / (_)______  __   / __ \____  _____/ /_
   | |    | |  | | | |    / /_/ / __ \/ / / ___/ / / /  / /_/ / __ \/ ___/ __/
   | |____| |__| | | |   / ____/ /_/ / / / /__/ /_/ /  / ____/ /_/ (__  ) /_
    \_____|_____/  |_|  /_/    \____/_/_/\___/\__, /  /_/    \____/____/\__/
    The Center for Democracy and Technology  /____/     Volume 2, Number 11
       A briefing on public policy issues affecting civil liberties online
   CDT POLICY POST Volume 2, Number 11                       March 19, 1996
   CONTENTS: (1) CDT Recommends Changes to Bolster Medical Records Privacy Bill
             (2) Specific Recommendations to S. 1360
             (3) Subscription Information
             (4) About CDT, contacting us
  This document may be redistributed freely provided it remains in its entirety
         ** Excerpts may be re-posted by permission (editor@cdt.org) **
      ACT" (S. 1360)
  This coming May, the Senate Labor and Human Resources Committee will
  consider important privacy legislation designed to protect the
  confidentiality of medical records. Introduced last fall by Senators Robert
  Bennett (R-Utah) and Patrick Leahy (D-Vermont), and co-sponsored by
  Senators Kassebaum, Kennedy, Dole, Daschle, and others, the "Medical
  Records Confidentiality Act" (S. 1360) seeks to create strong,
  comprehensive privacy safeguards for the health data of all Americans.
  Among provisions, the "Medical Records Confidentiality Act" would:
  *  Give people the right to get a copy of their own medical record;
  *  Limit disclosure of personal health information by doctors,
     employers, insurance companies and others in the health care
     arena; and,
  *  Would establish stiff civil and criminal penalties for
     unauthorized disclosures of information.
  For a summary of S.1360, CDT's testimony on the need for medical records
  privacy protections, and other information please visit CDT's Health
  Information Privacy Web Page at http://www.cdt.org/health_priv.html
  CDT supports the Bennett-Leahy bill and believes that its enactment would
  be an important first step in creating strong, enforceable privacy
  protections where few currently exist. (See CDT Policy Post No. 27).
  When S. 1360 was first introduced last fall, some in the privacy community
  argued that the bill did not go far enough.  Over the past several months,
  CDT, along with other public interest advocates and consumer groups, has
  developed the following proposed changes to the bill which we believe are
  necessary in order to strengthen the proposal and ensure that individuals
  are better able to control access to and disclosure of their private health
  records.  Among the proposed changes, CDT recommends the committee:
  1. Eliminate current exemptions which allow health information to be
     disclosed to researchers without an individual's consent.
  2. Eliminate current exemptions which allow doctors, insurance
     companies, and other health information trustees to disclose health
     information to government officials involved in health oversight
     activities without an individual's consent.
  3. Raise the standard for law enforcement access to health records
  4. Place tighter controls on access to health information inside health
     care institutions.
  S.1360 will be before the Senate Labor and Human Resources Committee in
  early May.  The House is expected to hold hearings on the companion bill,
  H.R.435, in the Spring. CDT urges the committee to adopt these changes when
  it considers S. 1360 in early May, and looks forward to working with
  Committee members to ensure that S. 1360 contains strong privacy
  Our nation is rapidly developing a health information infrastructure that
  will make it possible to quickly transmit and access health information for
  treatment and payment purposes. This brings obvious public health benefits,
  such as improving patient care, increasing patient access to treatment and
  lowering costs. However, the risk of abuse is magnified when health records
  are transmitted and stored
  electronically. CDT believes that S. 1360 will help to bring the benefits
  of the health information infrastructure while ensuring privacy and
  confedentiality of sensitive medical information.
  CDT is pleased that other privacy and consumer groups are actively working
  to ensure that S.1360 is strengthened.  The Consumer Project on Technology,
  the Coalition for Patient's Rights, and many others have voiced similar
  concerns to the Committee.  As a result of the collective comments
  submitted by privacy and consumer organizations, we believe that the final
  bill will contain stronger, more comprehensive protections for personal
  health information.
  For more information on the Medical Records Privacy legislation, including
  the text of the bill, analysis, CDT's testimony before the Senate Labor and
  Human Resources Committee, and other relevant information, visit CDT's
  Health Information Web Page at:
  For Additional Information Contact
  The Center for Democracy and Technology   +1.202.637.9800
   Janlori Goldman, Deputy Director <jlg@cdt.org>
   Deirdre Mulligan, Staff Counsel  <deirdre@cdt.org>
  As drafted, S. 1360 would allow protected health information to be
  disclosed without an individual's consent to certified health information
  services, for the sole purpose of creating non-identifiable information.
  CDT recommends that this provision be stricken from the bill.  Trustees
  (such as doctors, hospitals, or insurance companies) should be prohibited
  from disclosing personal health information without individual consent in
  all but the most compelling circumstances.  If a trustee chooses to
  de-identify, or strip data, they may do so.  CDT believes that a health
  information service should only handle personal information when they are
  acting as an employee, agent, or contractor of a health care provider or
  health plan.
  S.1360 currently allows protected health information to be disclosed to
  researchers without an individual's consent.  CDT urges the Committee to
  affirm the individual's right to control disclosure of personal health
  information by requiring that the individual's consent be obtained by the
  provider or health plan prior to disclosing personal health information to
  a researcher, unless exceptional circumstances are presented that justify a
  We recommend that federal regulations requiring federally-funded
  researchers to obtain the individual's consent be adapted to govern all
  researcher access to personally identifiable records.  Through adoption of
  a consent mechanism, the bill would provide a strong incentive for
  researchers to use non-identifiable data where possible.
  S.1360 currently allows health information trustees (such as doctors,
  insurance companies) to disclose protected health information without an
  individual's consent to government officials involved in health oversight
  activities, such as reducing fraud and abuse.  As drafted, the bill
  prohibits information obtained during an oversight activity from being used
  in an action against an individual (if not related to health fraud or
  CDT believes that the legislation be amended to require oversight officials
  to obtain a subpoena prior to seeking access to records. By requiring legal
  process, government officials would have to justify their requests for
  information, providing a much needed method of ensuring public
  accountability.  In conjunction with the substantial protection for
  individuals afforded by the current limitation on using the information
  against the individual in an unrelated action.  This amendment would hinder
  any government effort to use oversight activities as fishing expeditions.
  These recommended changes to the bill would give individuals the greatest
  degree of control over the use and disclosure of personal health
  information by restricting unauthorized disclosures of personal health
  As drafted S.1360 requires law enforcement personnel to present a warrant
  to health information trustees when seeking access to personal health
  information -- the bill does not require trustees to disclose the
  information.  However, the warrant requirement in the Bennett-Leahy bill
  contains a standard that is weaker than the standard governing access to
  subscriber records under the Cable Communications Act.
  CDT urges the Committee to strengthen the standard governing law
  enforcement access to personal health information.   The bill should be
  amended to provide a heightened standard governing access that is as strong
  as, if not stronger, than the standard found in the Cable Communications
  Act.  It would be absurd to have weaker privacy protections for peoples'
  medical records than for their cable records.
  CDT believes that personal health information is some of the most sensitive
  and revealing information about individuals and is therefore entitled to
  the strongest legal safeguards.  Law enforcement personnel should be forced
  to make a very compelling showing of evidence and need before they are
  given access to peoples' medical records.
  CDT is concerned that the bill as drafted does not clearly convey that
  access to information within an institution must be limited and regulated
  as closely as disclosure of information outside the institution.
  CDT urges the Committee to clarify the language restricting internal uses
  of protected health information.  Internal uses of information must be
  limited to those that are both compatible with and directly related to the
  purpose of collection.  In addition, the minimization requirement governing
  all disclosures of information must also govern internal use of
  information.  For instance, while within health care institutions a number
  of health care professionals may be involved in a patient's care and need
  access to information in the patient's record, there must be limits on who
  has access and the amount of information they are provided.
  Although some groups have raised concerns about the preemption language of
  S.1360, after a review of state laws regarding confidentiality of and
  access to medical information, CDT is confident that the protections and
  penalties provided by S.1360 are more comprehensive and stronger than those
  provided under existing law.  Moreover, the preemption provision is not
  absolute.  S.1360 leaves states free to craft stronger privacy laws in the
  areas of mental health, public health (communicable disease), and
  doctor-patient privilege.  In addition, where more protective court
  decisions exist in the area of doctor-patient confidentiality, they too
  would remain undisturbed.  Lastly, S.1360 would not preempt state laws that
  prohibit discrimination based on health information -- such as laws that
  prohibit discrimination based on an individual's genetic information.
  Be sure you are up to date on the latest public policy issues affecting
  civil liberties online and how they will affect you! Subscribe to the CDT
  Policy Post news distribution list.  CDT Policy Posts, the regular news
  publication of the Center For Democracy and Technology, are received by
  more than 9,000 Internet users, industry leaders, policy makers and
  activists, and have become the leading source for information about
  critical free speech and privacy issues affecting the Internet and other
  interactive communications media.
  To subscribe to CDT's Policy Post list, send mail to
  with a subject:
       subscribe policy-posts
  If you ever wish to remove yourself from the list, send mail to the
  above address with a subject of:
       unsubscribe policy-posts
  The Center for Democracy and Technology is a non-profit public interest
  organization based in Washington, DC. The Center's mission is to develop
  and advocate public policies that advance democratic values and
  constitutional civil liberties in new computer and communications
  Contacting us:
  General information:  info@cdt.org
  World Wide Web:       URL:http://www.cdt.org/
  FTP                   URL:ftp://ftp.cdt.org/pub/cdt/
  Snail Mail:  The Center for Democracy and Technology
               1634 Eye Street NW * Suite 1100 * Washington, DC 20006
               (v) +1.202.637.9800 * (f) +1.202.637.0968
  End Policy Post 2.11                                           3/19/96