------------------------------------------------------------------------
****** ******** *************
******** ********* *************
** ** ** *** POLICY POST
** ** ** ***
** ** ** *** October 24, 1995
** ** ** *** Number 27
******** ********* ***
****** ******** ***
CENTER FOR DEMOCRACY AND TECHNOLOGY
------------------------------------------------------------------------
A briefing on public policy issues affecting civil liberties online
------------------------------------------------------------------------
CDT POLICY POST Number 27 October 24, 1995
CONTENTS: (1) Landmark Privacy Legislation Introduced in Senate -- Would
Ensure Confidentiality of Medical Records
(2) CDT Led Coalition Letter In Support of Bennett Bill
(4) How To Subscribe To The CDT Policy Post Distribution List
(3) About CDT, Contacting Us
This document may be re-distributed freely provided it remains in its
entirety.
------------------------------------------------------------------------
(1) LANDMARK PRIVACY LEGISLATION INTRODUCED IN SENATE
Bill Would Ensure Confidentiality of Medical Records
Landmark privacy legislation designed to protect the confidentiality of
medical records was introduced today in the Senate by Senators Robert
Bennett (R-UT), Robert Dole (R-KS), Nancy Kassebaum (R-KS), Edward
Kennedy (D-MA), and Patrick Leahy (D-VT). If enacted, the "Medical
Records Confidentiality Act" would create strong, comprehensive, privacy
safeguards for the health data of all Americans. Similar legislation
has been introduced in the House by Representative Gary Condit (D-CA).
As CDT Deputy Director Janlori Goldman stated during a press conference
announcing the Introduction of the bill, "the Medical Records
Confidentiality Act is desperately needed to close a gaping hole in
current law that leaves peoples' most personal, sensitive information
extremely vulnerable to abuse and misuse. Strong protections are needed
to safeguard peoples' health records as the information moves on the
Global information highway. Congress must seize the opportunity to pass
this bill this session." Towards this end, CDT has organized a broad
range of privacy and consumer advocates, along with representatives from
the health care and information industries to work towards its passage.
(see attached letter below)
The 'Medical Records Confidentiality Act' would:
* Give people the right to see, copy, and correct their own medical
records;
* Limit disclosure of personal health information by requiring an
individual's permission prior to disclosure of his or her health
information by doctors, insurance companies, and other health
information 'trustees' (e.g.: researchers and public heath
departments);
* Require the development of security guidelines for the use and
disclosure of personal health information; and
* Impose strict civil penalties and criminal sanctions for violations
of the Act, and provide individuals with a private right of action
against those who mishandle their personal medical information.
CDT believes that strong uniform privacy rules for the handling of
personal health data are critical to ensuring public trust and
confidence in the emerging health information infrastructure. Recent
studies by the Institute of Medicine and the Office of Technology
Assessment have shown that state laws are inadequate to protect peoples'
health records, and that a federal law is needed to address this
shortfall.
More information, including the text of the bill and a section-by-
section summary, are available from CDT's Health Information Privacy web
page (URL:http://www.cdt.org/health_priv.html).
BACKGROUND -- THE NEED FOR MEDICAL RECORDS PRIVACY PROTECTIONS
The public is continually told that increased data collection, linkage
and sharing is necessary to improve the quality of health care and
reduce costs. Yet without giving individuals confidence that their most
sensitive personal information will be protected, we risk falling short
of these health reform goals. If people don't trust the health care
system to maintain the confidentiality of personal health information,
they will be reluctant to fully participate. A 1993 Lou Harris poll
shows that a majority of Americans favors new, comprehensive legislation
to protect the privacy of medical records. The poll found that nearly
50 million people believe their own medical records have been improperly
disclosed.
It is no wonder individuals are nervous about the privacy of their
health information. One need only read the paper to learn about leaks
of the sensitive health information of politicians, sports figures, and
celebrities. The ordeals of Representative Nydia Velazquez (D-NY) and
the late tennis star Arthur Ashe expose the dire consequences that can
occur when health information is wrongly disclosed. Both Velazquez and
Ashe suffered the disclosure of the most private intimate details of
their lives -- a suicide attempt and HIV infection respectively -- to
the world.
Public figures are not the only victims of unauthorized, egregious
disclosures. The average American also suffers from leaks of sensitive
medical information. Recently, information on the HIV status, drug-
abuse history, and sexual practices of volunteers at an Ohio Health
Department's AIDS prevention unit was wrongly disclosed. Following
another breach of confidential information, the office closed for
retraining.
Weak security also leads to unauthorized internal access and misuse of
peoples' health records. In March of this year, a 13-year-old daughter
of a hospital clerk printed out the names and phone numbers of patients
who had been treated at the University of Florida's Medical Center. As
a hoax, the 13-year old girl then contacted seven patients and
erroneously told them they were infected with HIV. After receiving one
of these prank calls, a young girl attempted suicide believing she had
the HIV virus.
CDT believes that the Medical Records privacy act is the most important
privacy bill since the Electronic Communications Privacy Act of 1986
(ECPA). Furthermore, enacting health information privacy legislation is
a critical first step in health care reform. The Medical Records
Confidentiality Act is supported by nearly everyone with a stake in the
debate. If passed, CDT believes the legislation will go a long way to
restore the public's faith and confidence in the integrity and security
of our nation's health care system.
NEXT STEPS:
The bill has been referred to the Senate Labor and Human Resources
Committee (Chaired by Sen. Kassebaum (R-KS), a co-sponsor). Committee
hearings are scheduled for mid-November, and the bill is expected to be
considered by the full Senate early in 1996. Similar legislation is
pending in the House (HR 435, sponsored by Rep. Condit (D-CA).
------------------------------------------------------------------------
(2) CDT LED COALITION LETTER IN SUPPORT OF BENNETT BILL
October 20, 1995
Senator Robert Bennett
431 Dirksen Senate Office Bldg
Washington, DC 20510
Dear Senator Bennett:
We write to express our appreciation and strong support for your efforts
to enact a comprehensive privacy law to protect personal health
information. We believe that safeguarding the privacy of peoples' health
information is a necessary and critical component of health care reform.
As the health system's infrastructure grows increasingly automated, it
is essential that people have confidence that their participation in the
health care system does not mean the loss of their privacy.
Although we are still in the process of resolving certain issues in the
draft Medical Records Confidentiality Act developed by your office, a
substantial consensus has emerged on the central policy of providing
Americans uniform, strong confidentiality protection for their health
information.
We look forward to continuing to work with you on this important bill.
Sincerely,
Aimee Berenson
AIDS Action Council
Kathleen Frawley
American Health Information Management Association
Rick Pollack
American Hospital Association
American Association of Retired Persons
Leanord Rubenstein
Bazelon Center for Mental Health Law
Joel Gimpel
Blue Cross and Blue Shield Association
Janlori Goldman
Center for Democracy and Technology
Arthur Levin
Center for Medical Consumers
Christopher G. Caine
IBM Corporation
Susan Jacobs
Legal Action Center
John Rector
National Association of Retail Druggists
Blair Horner
New York Public Interest Group
Don E. Detmer, M.D.
University of Virginia Health Sciences Center
------------------------------------------------------------------------
---
(3) HOW TO SUBSCRIBE TO THE CDT POLICY POST LIST
CDT Policy Posts, which is what you have just finished reading, are the
regular news publication of the Center For Democracy and Technology. CDT
Policy Posts are designed to keep you informed on developments in public
policy issues affecting civil liberties online.
SUBSCRIPTION INFORMAITON
1. SUBSCRIBING TO THE LIST
To subscibe to the policy post distribution list, send mail to
"Majordomo@cdt.org" with:
subscribe policy-posts
in the body of the message (leave the subject line blank)
2. UNSUBSCRIBING FROM THE LIST
If you ever want to remove yourself from this mailing list,
you can send mail to "Majordomo@cdt.org" with the following command
in the body of your email message:
unsubscribe policy-posts youremail@local.host (your name)
(leave the subject line blank)
You can also visit our subscription web page
URL:http://www.cdt.org/join.html
-----------------------------------------------------------------------
(4) ABOUT THE CENTER FOR DEMOCRACY AND TECHNOLOGY/CONTACTING US
The Center for Democracy and Technology is a non-profit public interest
organization based in Washington, DC. The Center's mission is to develop
and advocate public policies that advance constitutional civil liberties
and democratic values in new computer and communications technologies.
Contacting us:
General information: info@cdt.org
World Wide Web: URL:http://www.cdt.org
FTP URL:ftp://ftp.cdt.org/pub/cdt/
Snail Mail: The Center for Democracy and Technology
1001 G Street NW * Suite 500 East * Washington, DC 20001
(v) +1.202.637.9800 * (f) +1.202.637.0968
-----------------------------------------------------------------------
End Policy Post No. 27
Return to the CDT Publications Page
Return to the CDT Home Page