[Med-privacy] WIRED

[peter marshall]

From: Ashley Katz <akatz@patientprivacyrights.org>
Date: November 14, 2007

PATIENT PRIVACY IS GIVEN A SECOND CHANCE IN THE SENATE

The expected hotlining (rushing legislation through the Senate with =20
minimal or no debate) did not take place on S. 1693, the WIRED FOR =20
QUALITY HEALTH CARE ACT sponsored by Senator Edward M. Kennedy (D-MA). =20=

Right now, the Senate Health, Labor, Education and Pensions Committee =20=

is involved in negotiations with the Senate Finance Committee over =20
WIRED. However, once those negotiations are completed, the bill could =20=

very well be hotlined.

Privacy advocates are concerned that WIRED does not include adequate =20
patient privacy protections upfront.

WIRED would authorize the ELECTRONIC HEALTH INFORMATION NETWORK.

Senator Patrick Leahy (D-VT), who understands the need for protecting =20=

patient privacy, is working to attach parts of his more privacy =20
friendly S. 1814, the Health Information Privacy and Security Act. That =20=

also helped to forestall the Senate's hotlining of WIRED. =A0=A0

Here is one important issue: WIRED FOR HEALTH CARE QUALITY needs to =20
ensure adequate consumer representation (not a token member) on the =20
Public-Private Partnership that would be created to oversee the =20
implementation of the EHIN.

As it stands, the board would not require the member concerned with =20
privacy to be present at decisions requiring a vote as long as =20
two-thirds of the other members are present. =A0Moreover, the member =20
representing consumers would always be outvoted 3-1 on privacy =20
concerns.=A0

The membership of the Partnership will be stacked in favor of health =20
plans and insurance industry representatives, health IT vendors, and =20
health insurance purchasers who have no real interest in protecting =20
patient privacy. Patients are expected to just =93trust=94 these groups =20=

that benefit from open access to health data to guard their privacy.

WIRED also relies heavily on the Health Insurance Portability and =20
Accountability Act (HIPAA) to address privacy, a fatal flaw.=A0 HIPAA=92s =
=20
=93Privacy Rule=94 is actually a =93Disclosure Rule=94 that permits =
greater =20
disclosure of medical information to corporate entities with a presumed =20=

medical interest -- without a person=92s consent and over their =20
objections.

Curiously, just five years ago, WIRED=92s main sponsor, Senator Ted =20
Kennedy (D-MA) issued a statement criticizing the Bush Administration =20=

for their changes to the HIPAA rules:=A0

=93If we don=92t take steps to protect privacy in the information age, =
our =20
most personal information will be available to every employer, every =20
health insurance company, and every high tech Peeping Tom in America. =20=

This is not only unfair to patients, it is bad for their health=85The =
new =20
rules=85make private medical records an open book. This is a serious =
step =20
backwards. Each time patients see a doctor or fill a prescription, they =20=

are at a greater risk that their most private medical information will =20=

be available to prying eyes.=94

Those rules did in fact go into effect.

The lack of strict patient privacy protections and safeguards governing =20=

HIPAA means sensitive medical information could wind up in the hands of =20=

financial credit agencies and data aggregating firms. Americans with =20
pre-existing conditions such as diabetes and those who sought treatment =20=

from mental health professionals will be placed at risk when it comes =20=

to seeking employment or financial credit.

It is easy for advocates of WIRED to say they want privacy protection. =20=

However, unless they insist that WIRED be revised to provide adequate =20=

consumer representation on the Public-Private Partnership and to have =20=

stronger privacy protection than the counterproductive HIPAA, they are =20=

just handing you a line.

akatz@patientprivacyrights.org

http://www.patientprivacyrights.org/


Background:

Patient Privacy Rights has assembled a list of privacy principles and =20=

safeguards that should be included in whatever legislation ends up =20
hitting the president=92s desk to establish an electronic health =20
information network.

http://www.patientprivacyrights.org/site/PageServer?=20
pagename=3DPrivacyCoalition

HIPAA: Intent v. Reality. Describes how HIPAA became a regulation that =20=

sanctions disclosure of health information.

http://www.patientprivacyrights.org/site/PageServer?=20
pagename=3DHIPAA_Intent_Vs_Reality