By Lisa Seachrist

Washington Editor

WASHINGTON — Medical privacy legislation found its way into Congress this past session, attached to "Patients Bill of Rights" measures introduced into both chambers and passed by the House in late July.

While far from the comprehensive medical privacy protections that are required by the Health Insurance Portability and Accountability Act (HIPAA), the measures attached to bills providing protections for patients enrolled in group health plans appear to sidestep pitfalls that could stymie biomedical research.

"Our primary concern has been to guarantee access to encrypted or coded databases of medical information and genetic profiles for research," said Jeff Trewhitt, spokesman for the Pharmaceutical Research and Manufacturers of America (PhRMA). "We have no need to identify people."

In the privacy provision attached to House bill H.R. 4250, which passed on July 24, Rep. Bill Thomas (R-Calif.) made a clear distinction between medical information that could directly identify a person and information that has been coded or encrypted, Trewhitt said. However, Trewhitt noted PhRMA has concerns about the fact that the bill doesn't specifically outline access for biomedical researchers.

"This is a constructive first step in the development of medical privacy," Trewhitt said. "We believe more needs to be said about the need for access for researchers."

The Biotechnology Industry Organization (BIO) concurs with PhRMA's assessment of Thomas' medical privacy language.

"In a letter to Thomas, we praised him for his use of appropriate definitions," said Nancy Bradish, director of federal government relations for BIO. "We would have preferred if he had put more in the bill."

In addition to outlining access for researchers, BIO would like more universal preemption of state laws; a statement that the measures satisfy the HIPAA requirements; and a commitment to treat genetic information as part of the continuum of medical information, rather than a specially protected type of information.

Deadline For Privacy Law Coming In August 1999

Under HIPAA, Congress is required to enact federal medical records privacy legislation by August 1999. If it does not, the secretary of Health and Human Services will take over the task in the form of regulations. Several members of Congress have stated they are loath to cede the duties to the secretary. It is unclear whether these attached privacy provisions will fit the bill.

Bradish noted that, outside of the privacy legislation, BIO supports measures creating an external appeal process to reconsider health plans' coverage decisions on experimental and investigational treatments. Many biotech products in development would fit the definition.

"We think the option to have an external appeal for consumers is important," Bradish said.

The Senate bill, S. 2330, was introduced by Majority Leader Trent Lott (R-Miss.) on July 17. However, the bill has received no floor or committee action. Because action on the bill is impossible until sometime in September, BIO has not completed its analysis of the bill, Bradish noted.

Trewhitt said that, although privacy provisions are present in the bill, PhRMA has yet to take a position on the legislation. *