[Med-privacy] TRUST Act

[peter marshall]

REPRESENTATIVE EDWARD MARKEY (D-MA)
STATEMENT OF INTRODUCTION OF H.R. 5442,
TECHNOLOGIES for RESTORING USERS=92 SECURITY and TRUST (TRUST)
IN HEALTH INFORMATION ACT
FEBRUARY 14, 2008

Mr. Speaker, the development of a nationwide interoperable health=20
information infrastructure holds tremendous promise for improving=20
patient care, reducing medical errors and lowering costs.  Today=92s=20
health care system needs to be transformed to improve health care=20
quality, safety and affordability, and interoperable health information=20=

networks can play an important role in this transformation.

  At the same time, without sufficient privacy and security safeguards,=20=

such electronic systems could turn the dream of integrated, seamless=20
health IT networks into a nightmare for consumers, reducing the=20
likelihood that patients and providers will embrace and utilize such=20
systems. If we fail to require strong privacy and security standards=20
now, during the early stages of development of nationwide interoperable=20=

health IT systems, we run the risk that Americans=92 medical secrets =
will=20
be extremely vulnerable to being lost or stolen from these systems,=20
whose weak privacy and security safeguards will be an open invitation=20
to identity thieves, fraudsters and others seeking unauthorized access.

The great Irish poet William Butler Yeats famously wrote that =93In=20
dreams begins responsibility=94.  The dream of a nationwide, seamless,=20=

effective health IT infrastructure certainly is enticing.  Let us hope=20=

that we can realize this dream in the future.  Today Congress has a=20
responsibility to ensure that patients=92 personal medical secrets are=20=

not put at risk in the process.

According to a report released last year by the Government=20
Accountability Office (GAO), the Department of Health and Human=20
Services (HHS) has taken some steps to identify solutions for=20
protecting patient privacy in health IT systems, but HHS has =93not yet=20=

defined an overall approach for integrating its various privacy-related=20=

initiatives and addressing key privacy principles, nor has it defined=20
milestones for integrating the results of these activities.=94=20
(GAO-07-400T)  Over past three years, repeated breaches of electronic=20
systems containing Americans=92 Social Security numbers, addresses and=20=

other sensitive personal information have reinforced the need for=20
strong data safeguards for Americans=92 medical records.  According to=20=

Privacy Rights Clearinghouse, a non-profit consumer organization, more=20=

than 218 million data records of U.S. residents have been exposed due=20
to security breaches since January 2005.

I am pleased that Representative Rahm Emanuel is joining me in=20
introducing the Technologies for Restoring Users=92 Security and Trust=20=

(TRUST) in Health Information Act. The TRUST Health Information Act=20
promotes development of a nationwide interoperable health IT=20
infrastructure that improves patient care, reduces costs and protects=20
the privacy and security of Americans=92 personal medical information. =20=

The Trust Act contains provisions to encourage the development of=20
health IT networks through grants and standard-setting processes while=20=

also ensuring that patients=92 medical records will be protected by=20
strong privacy and security safeguards.  For example, the TRUST Act:

Empowers patients to keep their medical records out of health IT=20
databases unless they first give their consent;
Requires patients to be notified if the systems that contain their=20
health information is breached and their information is exposed;
Mandates the use of data security safeguards such as encryption and=20
other technologies that render the information unreadable to=20
individuals who are not authorized to access it;
Authorizes grant funding to enable the purchase and enhance the use of=20=

qualified health IT systems;
Establishes a public-private partnership to make recommendations=20
concerning health IT standards, criteria for the electronic exchange of=20=

personal health information and related purposes to encourage the=20
creation of a nationwide interoperable health information technology=20
infrastructure

Patient privacy and security protections are enablers of, not=20
impediments to, successful nationwide interoperable health IT systems. =20=

Only after patients have confidence in these protections will they=20
trust their sensitive medical information to such systems.

The Trust Act is supported by Patient Privacy Rights, Microsoft=20
Corporation, the American Psychoanalytic Association, American=20
Association of Practicing Psychiatrists and the National Association of=20=

Social Workers.