Medical Device Daily Washington Editor

WASHINGTON — The introduction and passage by voice vote from the House Energy and Commerce Committee of a healthcare information technology (HIT) bill was the result of bipartisan interest and input, an increasingly scarce commodity on Capitol Hill of late, but given the contentious nature of most of the recent legislative activity, Congress may feel an urge to push this legislation through.

If so, it still has to overcome a lot of differences of opinion as to the role of privacy in the debate.

The passage of the clumsily named bill, the Protecting Records, Optimizing Treatment, and Easing Communication through Healthcare Technology Act of 2008 (H.R. 6357), if enacted in its current form, would mandate that Uncle Sam cough up $560 million in grants and loans to providers to help fund electronic medical record systems, with a special emphasis on small and rural providers and those serving medically underserved areas.

Those grants and loans would run to as much as $115 million a year until fiscal 2013.

As for the privacy provisions of H.R. 6357, known in shorthand as the PRO(TECH)T Act, the bill would require that a provider's associate entities be subject to standards promulgated under the Health Insurance Portability and Accountability Act (HIPAA) of 1996, and that patients be notified of any breaches under HIPAA within 60 days of the discovery of the breach.

The bill also would allow a patient to request that their personal health information not be disclosed for purposes of payment or healthcare operations unless that disclosure was legally mandatory. Also, any such disclosures would have to be restricted to a "limited data set" deemed the "minimum necessary to achieve the purpose."

A companion bill, the Wired for Healthcare Quality Act (S. 1693) has been making the rounds in the Senate since last year, but has yet to make onto the Senate docket for a vote due to conflicts over privacy provisions (Medical Device Daily, April 8).

In yesterday's hearing in the House Ways and Means health subcommittee, a number of observers weighed in on the subject of healthcare IT, including Peter Orszag, director of the Congressional Budget Office. Orszag told the panel chairman, Pete Stark (D-California), that HIT alone will not fix the nation's problematic healthcare spending patterns.

"Technology and incentives are the most important" factors in the effort to trim healthcare spending, but "in order to alter that system of incentives, we need more information on what works and what doesn't," he said.

However, it is still true that all this requires more HIT, which Orszag described as "the foundation or the gateway to capture that $700 million opportunity." Not to put too fine a point on it, he added that as far as a ranking of the economies challenges is concerned, "I think this is by far - not even close - the most important fiscal challenge we face."

The nation's chief financial auditor told the committee that a modest subsidy would be of limited value in getting doctors' offices into the 21st Century. "Unless you're going to spend lots of money, there is not going to be the effect" that is sought by policymakers, and a limited set of financial incentives might affect mostly those who are prepared to wire their offices anyway.

Hence, Orszag commented that some sort of stick would have to accompany the carrot of financial incentives. "If we want to get to universal health IT in the near term, I do not see an alternative to the stick," even if combined with carrots, he said.

Addressing the privacy aspects of the debate, Deven McGraw, director of the health privacy project at the Center for Democracy and Technology (Washington), said that "too often privacy advocates are accused of placing obstacles" in the path of HIT proliferation, but made the case that "privacy is an enabler."

She said, "Surveys show that about two thirds are concerned about privacy and security," adding that other survey data indicated that in the absence of "appropriate protections for privacy and security in the healthcare system, patients will engage in 'privacy-protective' behaviors" to avoid having their personal health information used inappropriately.

Some respondents to such polls apparently "say they withhold information from their health providers due to worries about how the medical data might be disclosed," McGraw said.

According to her written testimony, respondents "who report that they are in fair or poor health and racial and ethnic minorities report even higher levels of concern about the privacy of their personal medical records and are more likely than average to practice privacy-protective behaviors."

McGraw asserted that the task of satisfying the concerns of patients need not be onerous. Privacy provisions can be built on HIPAA with some effort toward "filling in the gaps to create a comprehensive policy framework," she said. "We are calling on Congress to think big" but "act incrementally."

Noting that "enforcement is another area we hope Congress will pay attention to," McGraw said that to date, the Department of Health and Human Services has not imposed any civil money penalties for HIPAA violations.

"We also think a significant shortfall in HIPAA is the lack of recourse to be made whole," she said, adding that her organization is of the opinion that while "a private right of action to pursue every HIPAA complaint no matter how trivial would be inappropriate," Congress should nonetheless consider giving consumers a means of pursuing legal action "where there are intentional violations of the law, or in circumstances of willful neglect."