By Lisa Seachrist
WASHINGTON — Declaring the "time was ripe for action," Sen. Jim Jeffords (R-Vt.), chairman of the Labor and Human Resources Committee, said Thursday that medical privacy will be a high priority this year.
Jeffords made his comments during a committee hearing on several different versions of legislation designed to ensure the confidentiality of health care information. The hearing focused the need for such a legislative response to medical privacy issues on information technology advances that place the most intimate medical information in electronic form.
However, even more pressing is the fact that part of the Health Insurance Portability and Accountability Act requires Congress to enact federal medical records privacy legislation by August 1999 or the Health and Human Services Department will take over the task in the form of regulations.
"This is too important a matter of public policy to be done outside of the legislative process," Jeffords said. "And, it is another reason why I intend to make this task one of the highest priorities of the Labor and Human Resources Committee."
Medical records privacy is a source of contention because much epidemiology, pharmaceutical and outcomes research rely on access to the records; and privacy provisions could limit the ability to conduct such research.
However, broad access to medical records can result in discrimination in the workplace and in obtaining health insurance. Even access to provide presumably helpful services can produce controversy.
Public Unaware Of Access To Records
In Washington, medical information came to the forefront in early February when The Washington Post detailed how two local pharmacy chains participated in a service that used a marketing firm to send letters to patients to remind them to refill their prescriptions and give them drug information.
Consumers who had no idea that their medical records were available to a marketing firm began lodging complaints with the pharmacy, and the ruckus has resulted in two bills to address medical privacy.
"Right now there is widespread dissemination of information throughout the health care system — often without explicit patient authorization," said Sen. Patrick Leahy (D-Vt.), who has cosponsored medical privacy legislation with Sen. Edward Kennedy (D-Mass.). "The problem is that few, if any, controls exist to ensure that medical information about individuals is not used for other purposes which may not truly be in a patient's interest or ensure the patient's privacy."
In addition to the Leahy-Kennedy effort, Sen. Bob Bennett (R-Utah) and Jeffords intend to introduce their own legislation sometime next week.
"When asked, most Americans believe the confidentiality of their medical records is protected under federal law," Bennett said. "Unfortunately, they are mistaken. Federal law protects the confidentiality of our video rental records, and federal law ensures us access to information like our credit history. But there is no law on the federal books which will protect our medical records."
The Bennett-Jeffords bill would provide a set of federal privacy standards that will preempt state privacy standards. Currently, medical privacy protections exist as a patchwork of laws across the country. The legislation would allow patients the right to limit the disclosure of their medical information for purposes other than "treatment, billing and essential health care options." Any other disclosures would require that the patient authorize the disclosures, and providers would be required to keep a record of those to whom they disclose personal health information.
The Leahy-Kennedy bill, S. 1368, establishes criminal and civil penalties if health information is misused and does not preempt state laws more protective of privacy. It also narrows the sharing of personal details within the health care system to the minimum necessary to provide care, allow for payment and facilitate effective oversight.
Both bills would allow patients to inspect, copy and supplement their medical records. And both would require that law enforcement officials obtain a warrant to access medical records.
The variety of provisions in the two bills represents the variety of opinions about the role of federal privacy protections and points to the difficulty the legislation is likely to have moving through Congress.
Conflicts With State Laws Likely
Kathleen Sebelius, commissioner of insurance for Kansas, urged the committee to remove the preemption requirement from any legislation that would come out of committee, noting that much of the protections of medical records in the states are scattered throughout the various laws of a state.
"My home state of Kansas has all kinds of laws scattered throughout the state code," Sebelius said. "A federal law which preempts the states may inadvertently interfere with important state laws without providing similar protections. It may also limit our ability to investigate fraud."
Michael Rhodes, a physician with Intermountain Health Care (IHC), a not-for-profit health care system in Utah, Wyoming and Idaho, argued that federal preemption language was necessary to ensure adequate health care delivery.
"The [Bennett-Jeffords] bill wisely adopts uniform federal confidentiality standards and preempts state authority in areas covered by federal legislation," Rhodes said. "Health systems like IHC, which operate across state lines, would have enormous difficulty complying with different federal and state standards with respect to the use and disclosure of an individual's health information."
Other areas of contention in medical privacy legislation include proposals to put all health research under the purview of institutional review boards; concerns over how to obtain adequate patient authorization; and efforts to define "essential health care operations."
"There are a number of competing interests present in this issue," Jeffords said. "But we must understand them."
Jeffords intends to have legislation through markup and ready for the Senate floor by the end of April. *