[Med-privacy] criticizing the privacy rule
pmarshall
pwm@comcast.net
Tue, 05 Aug 2003 15:28:33 -0700
This is a multi-part message in MIME format.
--------------080801060300090006090808
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html;charset=3DUTF-8"=
>
<title></title>
</head>
<body>
<table border=3D"0" cellspacing=3D"0" cellpadding=3D"0" width=3D"100%">
<tbody>
<tr>
<td valign=3D"top" colspan=3D"2">
<table border=3D"0" cellspacing=3D"0" cellpadding=3D"0" width=3D"51=
0">
<tbody>
<tr>
<td width=3D"510">
<p class=3D"sublink"> </p>
<h1>AIDS and privacy groups criticize proposed changes to
federal privacy rule</h1>
<p class=3D"sublink"> From <a class=3D"sublink"
href=3D"http://www.ahcpub.com/ahc_root_html/products/newsletters/aa.html=
">AIDS
Alert</a> | July 2002</p>
<h3><i>Changes will not safeguard HIV patients, they charge</=
i></h3>
<p class=3D"text">The importance of medical privacy
protection was perhaps never made more clear than when the
AIDS epidemic emerged and many HIV-positive people discovered
that strangers had access to their private medical =20
information. Fear of HIV status disclosures without consent is often =20
cited as one of the primary reasons at-risk people refuse to be tested=20
unless anonymous testing is available.</p>
<p class=3D"text">Then, with the passage of the 1996 Health
Insurance Portability and Accountability Act (HIPAA), a new
privacy rule offered hope that all patients, including those
infected with HIV, would have greater protection against
undesirable medical disclosures.</p>
<p class=3D"text">This hope has been dampened in recent
months as the Department of Health and Human Services (HHS)
has issued proposed changes to the privacy rule that
undermine many of its protections, according to HIV and
privacy advocates, as well members of Congress.</p>
<p class=3D"text">HHS under President George W. Bush=EF=BF=BD=
s
administration has proposed relaxing rules about obtaining
privacy consent. Under the original privacy rule, health care
providers would need to obtain an individual=EF=BF=BDs consent =
prior
to using or disclosing protected health information for
treatment, payment, and health care operations. HHS now
proposes to eliminate the prior consent requirement and substitute =20
it with a good-faith notification.</p>
<p class=3D"text">"President Clinton did what he could, and
now the pendulum swings backwards, and President Bush=EF=BF=BDs=
administration says the privacy regulations are too
restrictive,"says <b>Scott Brawley</b>, MSW, director of
public policy for AIDS Action in Washington, DC.</p>
<p class=3D"text">On the other side of the issue, the
American Hospital Association (AHA) of Chicago applauds the
administration's changes, saying in an April 25, 2002, letter
to HHS secretary Tommy Thompson that the switch from written
privacy consent to privacy notification would eliminate =20
barriers to care and redundant paperwork.</p>
<p class=3D"text">The AHA says in a prepared
question-and-answer memo for hospital patients that patients'
rights will still be protected even if they are not required
to sign a written consent form for privacy. Hospitals are still
required to provide you with a written notice of their
privacy practices (called a "privacy notice") that explains
how hospitals are permitted to use your medical information,=EF=
=BF=BD
the Q&A memo states.</p>
<p class=3D"text">HIV and privacy advocates say the biggest
problem with the proposed regulations and changes is the
change in consent requirements, because a privacy notice is
not as strong a protection. "If we=EF=BF=BDre going to give peo=
ple a
right to privacy, then they need to have real control over
it," says <b>Jeffrey Crowley</b>, MPH, project director for the =20
Institute for Health Care Research and Policy in Washington, DC. =20
=EF=BF=BDSome people say there's little difference between notice and =
=20
consent, but I say there's a huge difference," Crowley says. "Where
someone has to be told and has to confirm to consent is =20
different from a notice that anybody can argue they had given to a =20
patient."</p>
<p class=3D"text">In an April 26, 2002, letter to HHS, <b>Bil=
l
Thomas</b>, chairman of the AHA committee on ways and means,
and Rep. <b>Nancy Johnson</b>, chairman of the House Ways
and Means committee's subcommittee on health, write, "Patient
care could have been seriously harmed if providers were
required to obtain consent prior to treatment. However, we
are concerned that the requirement that providers make a good faith =20
effort to obtain written acknowledgement of a covered entity'=EF=BF=BDs =
=20
notice of privacy practices will be confusing for patients and lacks =20
any meaningful confidentiality protection."</p>
<p class=3D"text">Thomas and Johnson continue to urge HHS not=
to implement the change and to simply require the notice to
be provided without written acknowledgement. In an April 26,
2002, letter to Thompson, 16 members of Congress say the
administration has proposed several steps that would
undermine privacy, including the elimination of the patient =20
consent requirement for treatment, payment, and health care =20
operations.</p>
<p class=3D"text">Other concerns the congresspeople raise
include:</p>
<p class=3D"text">=C2=A0a marketing definition that would all=
ow
disclosure without permission by patients of their patient
records for marketing activities;</p>
<p class=3D"text">"public health" disclosures that would give=
drug companies new access to patient records without patient
permission;</p>
<p class=3D"text">=C2=A0a loophole that will allow the disclo=
sure
of medical information to non-health care components by
expanding the category of"covered entities."</p>
<p class=3D"text">Even under the existing privacy consent
requirement, health care providers would need to educate
patients about their rights, but at least consent would be
required, Crowley says. "Because of ongoing discrimination
faced by people with AIDS, these concerns could be more =20
pronounced," Crowley says.</p>
<h3>Serious breaches already have occurred</h3>
<p class=3D"text">If HIV/AIDS patients have some paranoia
about how their health information is being used, it's
probably because some very serious breaches of privacy have
become public knowledge. For example, the Lambda Legal
Defense and Education Fund of New York City is representing a
case that is being presented to the U.S. Supreme Court that
involves job discrimination against an HIV-positive dental =20
hygienist. While the court case doesn't address the privacy issue, =20
the entire case would never have occurred were it not for the fact =20
that the HIV patient's doctor violated the man's privacy.</p>
<p class=3D"text">"We're representing Spencer Waddell, a
dental hygienist who worked for Dental Associates in Atlanta,
and he went to his doctor and was given an HIV test and he
tested positive," explains <b>Catherine A. Hanssens</b>, JD,
director of the AIDS Project for Lambda Legal Defense and
Education Fund Inc."His personal physician took it upon =20
himself to call Spencer's employer without Spencer's knowledge or =20
consent to say that they had an employee who tested
HIV-positive,"Hanssens says.</p>
<p class=3D"text">"Mr. Waddell was a highly regarded
professional until the day he was found to be HIV-positive,
and then his employer responded by giving him a choice
between becoming a receptionist at half the salary or to get
fired," Hanssens adds."He chose not to work at the front
desk, and we lost the case in district court and the court of =20
appeals and now are asking the Supreme Court to look at the case." (<i>Ed=
itor=EF=BF=BDs
note: </i>Shortly before <i>AIDS Alert </i>went to press, the
Supreme Court declined to review this case.)</p>
<p class=3D"text">While Waddell has a separate action against=
the physician who violated his trust, any victory he receives
there will do little to remedy the situation, Hanssens says.</p=
>
<p class=3D"text">The fact is that according to guidelines
from the Centers for Disease Control and Prevention in
Atlanta, the risk of a dental hygienist transmitting HIV to
dental patients is so tiny that it's practically a zero risk,
Hanssens says."You can't put the genie back in the bottle,"
Hanssens notes. "This man lost his job, and he is now working
for a dental clinic that treats only people with HIV, and he
figures his options are over, so he's going public to =20
demonstrate the level of discrimination that people with HIV =20
experience."</p>
<p class=3D"text">Unfortunately, Waddell's privacy breach is
not an isolated case. There have been other instances of
hospital receptionists, pharmacists, and other health care
professionals who have gossiped about HIV patients, causing
them problems at work and with their families, who may not
have known their HIV status.</p>
<p class=3D"text">And the privacy rule with its proposed
changes will do little to alleviate fears of these sorts of
disclosures, Crowley says. "Say you're in a small town and
you go into the hospital, and you don't want your neighbor
who is a nurse there to know you're HIV-positive," Crowley
speculates. "The initial privacy rule would allow you to make
a request that you give your consent to share information,
but you would like to make certain this nurse doesn't see it"</=
p>
<p class=3D"text">The hospital would either accept or deny
your request. But under the proposed consent changes the
hospital will merely give you notice of your privacy rights,
and you may never have the opportunity to make such a
request, Crowley says. "People who claim the consent =20
requirement is too burdensome are overlooking the fact that right now =20
we go in for health care and have to sign forms," Crowley says. "It
can't be too burdensome because we're already doing it."</p>
<p class=3D"text">=C2=A0<!--Content Ends--> </p>
</td>
</tr>
</tbody>
</table>
<p class=3D"text"><img src=3D"cid:part1.00010503.06060209@comcast.n=
et"
width=3D"1" height=3D"20"> </p>
</td>
</tr>
<!--Footer--> <tr height=3D"20">
<td colspan=3D"3" height=3D"20" bgcolor=3D"#6699ff">
<p class=3D"footer"><a
href=3D"http://www.ahcpub.com/ahc_root_html/hot/articles/aa072002.html#t=
op"><img
src=3D"cid:part2.01020903.03070708@comcast.net" alt=3D"Back to Top"
border=3D"0" align=3D"bottom" width=3D"25" height=3D"16"></a> Content (c=
) 2003 <a
href=3D"http://www.ahcpub.com">Thomson American Health =20
Consultants, Inc.</a> </p>
</td>
</tr>
</tbody>
</table>
</body>
</html>
--------------080801060300090006090808
Content-Type: image/gif;
name="pix.gif"
Content-Transfer-Encoding: base64
Content-ID: <part1.00010503.06060209@comcast.net>
Content-Disposition: inline;
filename="pix.gif"
R0lGODlhAQABAID/AMDAwAAAACH5BAEAAAAALAAAAAABAAEAQAICRAEAOw==
--------------080801060300090006090808
Content-Type: image/gif;
name="top.gif"
Content-Transfer-Encoding: base64
Content-ID: <part2.01020903.03070708@comcast.net>
Content-Disposition: inline;
filename="top.gif"
R0lGODlhGQAQAJH/AP///8DAwDNmzAAzmSH5BAEAAAEALAAAAAAZABAAQAI4jI+pe+MDYnyD
KUGfsAlTkG3cSB7eA1Iil0FtGZwqTJfCeddyaH+TRkJJJA/SLgU0tpKwm2alKAAAOw==
--------------080801060300090006090808--