Janlori Goldman
Deputy Director
Center for Democracy and Technology
Before the
Senate Committee on Labor and Human Resources
on
S. 1360
The Medical Records Confidentiality Act of 1995
November 14, 1995
Madame Chairwoman and Members of the Committee:
My name is Janlori Goldman and I am the Deputy Director of the
Center for Democracy and Technology (CDT). I appreciate the
opportunity to testify before you today on behalf of CDT in support of the
Medical Records Confidentiality Act of 1995, (S.1360).
CDT is a non-profit, public interest organization founded by civil
liberties advocates to advance public policies protecting civil liberties and
democratic values in the development of new media. One of CDT s
primary goals for the 104th Congress is the passage of federal legislation
that establishes strong, enforceable privacy protection for personally
identifiable health information. We believe the need for such legislation is
the most critical information privacy issue facing our country today.
Further, the passage of a medical records confidentiality bill should be
viewed as an essential stepping stone to achieving other health care
reform goals. The public will not have trust and confidence in the emerging
health information infrastructure if their sensitive health data is
vulnerable to abuse and misuse. We strongly support S.1360, and applaud
Senators Robert Bennett and Patrick Leahy, as well as the bill's co-
sponsors for their strong leadership towards enacting medical
confidentiality records legislation this Congress.
At present, there is no comprehensive federal law to protect peoples'
health records. However, a Louis Harris survey found that most people in
this country mistakenly �believe their personal health information is
currently protected by law. And most people mistakenly believe they have
a right to access their own medical information. In fact, only 28 states
allow patients access to their own medical records and 34 states have
conflicting confidentiality laws. A federal privacy policy is urgently needed
to address the fact that the traditional doctor-patient relationship is being
intruded upon by increasing demands for health information. CDT
believes Congress must act to protect personally identifiable health
information so that the reality of our laws will finally conform, to some
extent, with the perception and desires of the American public.
To that end, CDT has been working with a diverse coalition of
privacy and consumer advocates, health policy specialists and industry
representatives, to develop a consensus on privacy policy for personally
identifiable health information (see attached letter to Senator Bennett).
This consortium of groups has operated with a keen understanding of the
advances in technology today.
The societal impact of technological innovations, including those
that allow medical records, data and images to be transferred easily over
great distances, is felt across our country in significant ways. The
development of a national information infrastructure and information
superhighway are changing the ways we deal with each other.
Traditional barriers of distance, time and location are disappearing as
information and transactions become computerized, and few relationships
in the health care field will remain unaffected by these changes. In the
absence of any Congressional action on S.1360, the collection and use of
personally identifiable health information will continue to occurr within
electronic networked environments without privacy protections.
But while this information revolution may hold great promise for
enhancing our nation's health, CDT and others who support S.1360
believe that personal health information, in both paper and electronic
form, must be handled within enforceable privacy rules. Even useful
technologies pose potential risks, as conflicts may arise between an
individual's need to keep health information confidential and the
economic opportunities posed by the computerization of health records,
from lowering the cost of processing insurance claims to selling personal
medical records for marketing purposes.
Confidentiality must not be an afterthought in the design and use of
information systems. A provision known as "administrative
simplification" has been included in the House-passed budget
reconciliation bill and mandates that certain personal health information
be reported in standardized, electronic form. Although"administrative
simplification" fosters the development of networked health information
databases, the provisioin is silent on privacy. Without protections such as
those incorporated in S.1360, CDT believes the "administrative
simplification" section should not become law.
CDT strongly supports the Medical Records Confidentiality Act as
the most comprehensive and strong privacy bill the Congress has yet
considered in this area. Similiar legislation was widely supported by both
Republicans and Democrats during last Congress' effort to enact health
care reform. We commend Senator Bennett, Senator Leahy and this
Committee for the leadership and commitment you have shown on this
important legislation. Our testimony today outlines the need for this
legislation, discussion of S.1360, and our recommendations for
strengthening and clarifying several sections of the bill.
A. Consensus Exists
A consensus exists that federal legislation is needed to protect the
privacy of personal health care records. At a conference in Washington,
D.C. two years ago, co-sponsored by the U.S. Office of Consumer Affairs,
the American Health Information Management Association, and Equifax,
nearly every panelist and member of Congress supported the need for
making privacy an integral part of the health care reform effort underway
at that time. In agreement were panelists from the American Medical
Association, CIGNA Health Care, the U.S. Public Interest Research
Group, Computer Professionals for Social Responsibility and IBM.
At the conference, Louis Harris and Associates released their Health
Information Privacy Survey, prepared with the assistance of Dr. Alan
Westin, a privacy expert at Columbia University. The survey found that
the majority of the public (56%) favored the enactment of strong
comprehensive federal legislation governing the privacy of health care
information. In fact, eighty-five percent (85%) said that protecting the
confidentiality of medical records was absolutely essential or very
important to them. Most people wanted penalties imposed for
unauthorized disclosure of medical records (96%), guaranteed access to
their own records (96%), and rules regulating third-party access.
A 1992 Harris survey showed that while a large majority of people
recognize the benefits to society of innovative technology, nearly nine out
of ten people believe computers make it easier for someone to improperly
obtain confidential personal information. Twenty-five percent of the
public believe they have been the victim of an improper disclosure of
personal medical information.
In addition, a number of federal studies have concluded that a
federal law is needed to protect peoples' medical records. In 1994, the
Office of Technology Assessment (OTA) issued a report entitled Protecting
Privacy in Computerized Medical Information, which addresses the
effects of the computerization of medical records on people's privacy. In
recommending comprehensive federal legislation, OTA found that:
The Institute of Medicine (IOM) of the National Academy of Science
released a study that focused on the risks and opportunities associated
with protecting the privacy and confidentiality of personally-identifiable
health data. The IOM report recommended that Congress enact
legislation to preempt state laws to establish a uniform requirement for
the confidentiality and protection of privacy rights for personally-
identifiable health data, and specify a Code of Fair Health Information
Practices to ensure a proper balance between required disclosures, use of
data, and patient privacy.
Most recently, Professor Larry Gostin concluded that a federal
preemptive statute based on fair information practices was necessary to
protect personal privacy as networked health information databases are
growing. (80 Cornell Law Review 451 (1995).
All these efforts represent a tremendous pulling together of the
public and private sector to achieve a critical goal -- the passage of a
health records confidentiality law. Nearly twenty years ago there was
similar pressure to craft a medical records privacy law. In 1977, the
federal Privacy Protection Study Commission issued a report
recommending legislation to protect private sector records, including
medical and insurance records. The Commission's recommendations
sparked a Congressional effort to enact a medical records privacy bill. In
1980, due in part to pressure from the law enforcement community for
unfettered access to health records, the legislative effort failed.
B. Negative Consequences
The unauthorized disclosure of personal health information can
have disastrous consequences. New York Congresswoman Nydia
Velazquez won her House seat only after overcoming the results of an
unauthorized disclosure. Her medical records -- including details of a bout
with depression and suicide attempt -- were faxed to a New York
newspaper and television station during her campaign.
More common, and in some ways more troubling than the well-
publicized privacy invasions of public figures, are the consequences
suffered by ordinary individuals whose privacy has been compromised by
the disclosure of medical information.
In one instance, a journalist disguised himself as a doctor, obtained
an actress medical record and published that she had been treated for a
sexually transmitted disease. In another case, a physician at a large New
York City medical school logged on to a computer system, discovered that
a nurse was pregnant, and proceeded to publicize that information. Also,
a Colorado medical student sold medical records to attorneys practicing
malpractice law. These are just a few of the more well known stories;
undoubtedly there are millions of similar breaches that occur either
without the knowledge of the individuals harmed or outside the media's
spotlight.
Further, errors in peoples medical records have been difficult to
correct and control. For instance, Mary Rose Taylor of Springfield,
Massachusetts went without health insurance for a year and a half
because of a computer error at the Medical Information Bureau (MIB), a
clearinghouse of medical information kept by insurance companies. MIB
reported that Ms. Taylor had an abnormal urinalysis, even though she had
only undergone a blood test. Ms. Taylor was forced to go to the insurance
commissioner of her state to have the error corrected before she could
finally receive health insurance.
Despite the public and private horror stories, many Americans trust
that the information they share with their doctor is kept private. Indeed,
the traditional nature of the doctor-patient relationship is intended to
foster trust and to encourage full disclosure. However, once a patient's
information is submitted to a third-party payor, or to any other entity, the
ethical tie between doctor and patient evaporates. In fact, in a particularly
telling statistic, 93% of those termed "leaders" in the Harris survey,
including hospital CEOs, health insurance CEOs, physicians, nurses, and
state regulators, believe that third party payors need to be governed by
detailed confidentiality and privacy policies.
Within our current health care system, many people try to protect
themselves against potential privacy violations. Some people routinely
ask doctors to record a false diagnosis because they fear their employer
may see their health records. Some people don t even tell their doctors
everything about their medical condition for fear of losing control over this
sensitive information. In psychiatric practices, it is common for many
patients to ask doctors not to take notes during sessions for fear such notes
could be leaked or even obtained legally with a subpoena. And some
people try to avoid the creation of a record altogether by paying for
medical services out-of- pocket, even though they are entitled to insurance
coverage.
A few insurers have been candid enough to concede that their
primary business relationship is with the employer/customer and not the
employee/patient. These insurers may be reluctant to disclose
individually-identifiable health information if requested by an employer,
but they will comply if pressed. No federal law prevents disclosures by
insurers to employers. Most patients, of course, believe the fiduciary
relationship is between themselves and their doctors, and don't realize
that a third party with no direct relationship to their medical treatment
actually controls the information. It is intolerable to support a system in
which an employer's payment of a portion of employees health care
premiums, a normal part of most American employees compensation
packages, amounts to employers controlling their employee's health
records.
The problems that arise because of a lack of uniform, federal privacy
protection for identifiable health information are often exacerbated by
advances in technology. For example, at the state and local level today,
employers, insurers, and health care providers are forming coalitions to
develop automated and linked health care systems containing lifetime
health histories on millions of Americans. The primary goals of these
projects are cost reduction and improved quality of care.
Attempts are being made in some state coalitions to address the
privacy, confidentiality and security of health data by crafting internal
guidelines, regulations and contracts. In addition, in those states where
the automation of health care information is seen as a key component of a
state's health care reform package, state legislatures and public agencies
are attempting to enact legislation that establishes a right of privacy in
personally identifiable health care information. These states are also
attempting to design effective enforcement penalties and oversight
mechanisms to monitor the information practices of these newly created
health data systems.
The outcome of this piecemeal, state by state, approach to protecting
the privacy and security of health care information will be conflict among
the states and a setback for the overall goal of privacy protection.
Relegating the protection of health care information to the states'
different guidelines, policies and laws leaves individuals subject to
differing degrees of privacy depending upon where they receive their
health care. In some instances, this means that individuals traveling
across county or state lines to receive necessary medical treatment may
lose their ability to control how their personal medical information is used.
Moreover, states and local governments with different rules governing
the use of health care information may be prevented from sharing health
care information contained in their systems with neighboring states that
insufficiently protect privacy.
Health care records, in both paper and electronic form, deserve
privacy protection. But the vulnerability of information to unauthorized
use grows exponentially as the computer makes possible the instant
sharing of information. As a 1992 study by the Workgroup for Electronic
Data Interchange (WEDI) pointed out: "The paper medium is cumbersome
and expensive . . . Ironically, it is the negative impact of the paper
medium . . . that has minimized the risk of breaches of confidentiality.
Although a breach could occur, if someone gave access to health records or
insurance claim forms, the magnitude of the breach was limited by the
sheer difficulty of unobtrusively reviewing large numbers of records or
claim forms. "
Nevertheless, technology itself is not the evil. Information systems
can actually be designed to promote the confidentiality and security of
personal information. For instance, a computerized system can sometimes
be more closely guarded through technological devices than paper systems
can sometimes be protected from prying eyes. The key is to recognize
technology's potential to enhance privacy, not simply to focus on the risks
technology poses to undermine privacy. There is widespread agreement
among privacy and security experts that protections must be built in on the
front-end; it is too difficult and risky to try to add them after the fact.
Privacy and security must be viewed as the foundation on which health
information networks are created. Only then can we acheive�the potential for enhancing privacy and security.
CDT strongly supports the Medical Records Confidentiality Act. In
particular, we support provisions in the bill that:
Without protections such as those embodied in S.1360, the rise of
patchwork regulation and the widespread electronic transmission of
records will produce the worst of both worlds--confusion and red tape for
legitimate data users, as�well as debilitating fear and mistrust for people seeking medical care.
CDT believes that the Medical records Confidentiality Act
represents a vast improvement on current law. Nevertheless, we urge that
the bill be strengthened and clarified in a number of area, most notably by
1)requiring consent for disclosure to health researchers; 2)heightening the
warrant requirement for law enforcement access; and 3)narrowing the
scope of the oversight section.
A. Health Research
S.1360 currently allows researchers to receive protected health
information without first obtaining an individual's authorization. We
believe this is an unnecessarily broad exception and should be rewritten to
incorporate a consent model.
We acknowledge that in some instances the use of records for health
research may be a legitimate exception to the bill's authorization
requirements. But CDT does not believe that the exceptions for research
should be made broadly or routinely. Research does not usually require the
release of identifiable data; anonymous non-identifiable data are often
sufficient. In fact, research does not usually require the release of
identifiable data without consent; it is often possible to get consent easily
and prospectively.
CDT recommends that the research section be amended to require an
individual's authorization prior to disclosure of personally identifiable
information. We urge the committee to consider an analagous situation in
which federal regulations that apply to NIH-funded biomedical research
presume that consent will be obtained for use of personal medical records.
Under those regulations, the nonconsensual release of records is only
allowed when such records are required for the research to be effective,
consent would be infeasible, and the project s significance outweighs the
intrusion into privacy.
The regulations have worked well for years at institutions funded by
the NIH. Since they acknowledge an individual's privacy interest while
recognizing the value of research, we would urge the Committee to
review them and to incorporate similar provisions in the bill.
B. Oversight
We believe that the use of records for authorized oversight functions
may be a legitimate exception to the general rule of nondisclosure.
However, we are concerned about the breadth of the exception currently
in S.1360. As drafted, the oversight provisions of the bill have an almost
undefined reach and could be over zealously extended. We recommend
tightening this section by requiring oversight officials to obtain an
administrative summons or subpoena for access to identifiable records.
We want to emphasize the importance of the general and specific
limitations that are already in the bill. Under the general privacy rules of
the bill, health oversight agencies cannot re-disclose identifiable
information for other purposes not specially authorized. In addition, a
health oversight agency may not use the information gathered in its
oversight role for any actions against an individual other than those
arising out of receipt or payment for health care or fraud.
With the inclusion of a legal process for access to identifiable
information, CDT believes the bill will come closer to striking a fair
balance between individual privacy and the government's legitimate needs
to conduct audits and control fraud.
C. Law Enforcement
CDT strongly supports the creation of warrant requirement for law
enforcement access to personal health records currently in S.1360.
However, we urge that the proposed probable cause standard be
heightened to equal the standard now in place for access to cable
subscriber records. Under the Cable Communications Act of 1984, a
warrant can not be issued for access to subscriber records until law
enforcement can show "clear and convincing evidence that the subject of
the information is reasonably suspected of engaging in criminal activity
and the information sought would be material evidence in the case." We
believe that federal privacy protection for peoples' medical records should
be at least as strong-- if not stronger-- than we apply to peoples' cable records.
V. CONCLUSION
CDT believes the protection of personally identifiable health
information is critical to ensuring public trust and confidence in the
emerging health information infrastructure. Health care reform cannot
move forward without assuring the American public that the highly
sensitive personal information contained in their medical records will be
protected from abuse and misuse. As the Harris surveys indicate, people
are highly suspicious of large scale computerization and believe that their
health records are in dire need of privacy protection. If people are
expected to embrace and participate in a reforming health environment,
the price of their participation must not be the loss of control of sensitive
personal information.
In the end, any system that fails to win the public's trust will fail to
win the public's support, and we risk having individuals withdraw from
full and honest participation in their own health care. To allow people to
fall through the cracks because their privacy is not fully protected is too
serious a matter to continue to go unaddressed by the Congress. We urge
you to continue your commitment to moving forward with this critical
legislation.
We have come a great distance in achieving broad consensus on the
principles of health information privacy and we look forward to working
with you to refine and enact S. 1360.
I. OVERVIEW
II. THE NEED AND DEMAND FOR FEDERAL PRIVACY PROTECTION
[t]he expanded use of medical records for non treatment purposes exacerbates the shortcomings of existing legal schemes to protect
privacy in patient information. The law must address the increase in
the flow of data outward from the medical care relationship by both
addressing the question of appropriate access to data and providing
redress to those who have been wronged by privacy violations. Lack
of such guidelines, and failure to make them enforceable, could affect
the quality and integrity of the medical record itself. (OTA Report, p.
44).
III. THE MEDICAL RECORDS CONFIDENTIALITY ACT
IV. RECOMMENDATIONS
Return to the CDT Home Page