Privacy Revisions Made To Health IT Bill; Markup Set For House Committee

Main Category: IT / Internet / E-mail
Also Included In: Public Health
Article Date: 24 Jul 2008 - 6:00 PDT

email to a friend   printer friendly   view / write opinions   rate article

In an effort to maintain the support of the health care business community, sponsors of a health information technology bill (HR 6357) aimed at creating a nationwide system of electronic medical records recently added significant privacy revisions, CongressDaily reports. The legislation, sponsored by House Energy and Commerce Committee Chair John Dingell (D-Mich.) and ranking member Joe Barton (R-Texas), is scheduled for committee markup on Wednesday (Noyes, CongressDaily, 7/22).

Health IT, which includes electronic medical records and electronic prescriptions, is a "centerpiece of almost every major health care reform proposal" and an issue that "practically everyone agrees on its benefits," The Hill reports. One of the primary reasons for the slow progress on health IT legislation is concern about protecting the confidentiality of patients' medical records, according to The Hill. Some privacy advocates seek adequate safeguards to protect patients from exploitation, such as workplace discrimination or unsolicited marketing pitches.

During a House Energy and Commerce Health Subcommittee hearing on June 4, privacy protection advocates expressed concern about the extent of the bill's protections. When the subcommittee marked up the legislation on June 25, the privacy protections had been strengthened, which jeopardized the support of some health care businesses, The Hill reports. Previously, the bill would have required consent be obtained each time medical records were accessed, even if identifying information was removed from the records. The full committee on Tuesday released a new draft of the measure that "appears to answer industry concerns but could give privacy advocates pause," according to The Hill. Under the new version of the bill, patients would need to give their consent only to health care companies that want to access their medical records without identifying information for purposes approved by HHS -- such as hospital audits or fraud and abuse investigations (Young, The Hill, 7/22).

In addition, the original version would have required health care providers to notify an individual upon unauthorized acquisition, access or disclosure of health information and included a safe harbor for encrypted data. The amended version said that a "good faith" data disclosure, such as a letter sent to the wrong address, would not constitute a data breach. It would maintain a requirement that providers comply with existing federal rules to restrict the amount of health information disclosed to outside parties. The revised version also would prevent health plans and business associates from selling health records without patient permission, unless it is deemed necessary for treatment or to receive payment.

According to CongressDaily, the revised legislation also builds on existing federal privacy laws to allow for the provision of a no-cost digital copy of an individual's medical records, and strengthens marketing language to prevent direct and indirect payment of providers in return for advertising health care goods or services to patients without permission. According to CongressDaily, the bill also requires HHS' Office of Civil Rights to formally investigate complaints and permits the agency to impose fines for violations that are considered "willful neglect" (CongressDaily, 7/22).

Reaction

Rep. Nathan Deal (R-Ga.) said the bill is likely to advance. "I think we worked out most of the big issues, barring amendments that come in and change that balance," Deal said. A spokesperson for Rep. Edward Markey (D-Mass.) said that Markey still is dissatisfied with some parts of the bill, including its lack of a "right to privacy" provision and a section on informing patients when their data might be sent overseas for processing. According to CQ Today, Markey's office was still deciding whether not to offer amendments (Armstrong, CQ Today, 7/22).

Paul Cotton, senior legislative representative for AARP, said that health IT is a building block for a health care system overhaul and that certain privacy and structural challenges should not prevent the bill from moving forward (Parnass, CQ HealthBeat, 7/22). Mary Grealy, president of the Healthcare Leadership Council, said, "They did make improvements in those provisions we had some concerns about, so I do feel like we're making progress." According to The Hill, a spokesperson for the advocacy group Patient Privacy Rights said the organization is still reviewing the revised bill and could not comment (The Hill, 7/22).

Reprinted with kind permission from http://www.nationalpartnership.org. You can view the entire Daily Women's Health Policy Report, search the archives, or sign up for email delivery here. The Daily Women's Health Policy Report is a free service of the National Partnership for Women & Families, published by The Advisory Board Company.

© 2008 The Advisory Board Company. All rights reserved.