Health Privacy Standards Go Back to Drawing Board

From the WebMD Archives

Feb. 17, 2000 (Washington) -- Privacy went public in Congress, as a House panel today examined the Clinton administration's controversial proposal to safeguard personal health information.

The rules would give Americans the right to examine their own medical records, a right currently in law only in 28 states. The rules would also allow individuals to correct and make copies of their records.

However, they would also allow health information to be shared without patient authorization for reasons directly related to treatment, payment, and "health care operations." But they would require that plans, providers, and clearinghouses get authorization from a patient to use information for other purposes.

Currently there are no federal standards on the disclosure of personal health information. With that in mind, some groups told the House Ways and Means Committee's health subcommittee that the proposed rules provided an important foundation, from which Congress could fill gaps. "[The] regulations constitute a significant step towards restoring the public trust and confidence in our nation's health care," said Janlori Goldman, director of the Health Privacy Project at Georgetown University.

Rep. Phil English, R-Pa., complained that state health officials have told him that they are concerned the rules would result in overprotection of health information, even when it may be disclosed without patient authorization for public health reasons.

Meanwhile, Margaret Hamburg, MD, an official with the Department of Health and Human Services (HHS), conceded that the rules have gaps and that congressional action is needed to complete the job. The administration was required to issue limited rules because Congress failed to meet its deadline to pass a comprehensive law.

Subcommittee chairman Bill Thomas, R-Calif., tells WebMD that he is drafting privacy legislation with Rep. Ben Cardin, D-Md., although he would not say when he would introduce the bill.

The proposed rules cover only electronic-based information, just a fraction of the paper-centered universe. And its standards apply directly only to health plans, providers, and clearinghouses. Employers, researchers, and others that receive and retransmit information -- such as law enforcement officials -- are not covered.

Moreover, the rules also do not lay out the right of individuals to sue over their privacy rights and do not establish tough enough penalties, according to HHS. Although the rules would override state laws that are less stringent, they would permit stronger state laws to take precedence.


Key players at the hearing argued that the proposal would create costs and hurdles for improving care for future patients.

Thomas said the whole topic was a "perplexing policy challenge," a view echoed across the aisle. While there may be two sides to a story, "There are about nine sides to this issue," said Rep. Jim McDermott, D-Wash.

Major physician groups charged today that the rules do not adequately protect the privacy rights of individuals over their own health information, even as they increase the administrative burden on physicians.

But from the perspective of health plans, hospitals, and drug companies, the rules make it too hard to access patient information. "[The] regulations would have a detrimental effect on the quality and safety of patient care," says Mary Grealy, Healthcare Leadership Council president, claiming that research efforts would be chilled.

Overall, the Blue Cross/Blue Shield Association said it believed that the requirements in the proposal would increase health costs by $40 billion over five years. McDermott chided the company for what he said was an inflated estimate, but Thomas professed concern over these numbers.

The administration said the costs would far lower, in a range from $1.8 to $6.3 billion.

Underlying the sensitive nature of public policy on privacy, even the comment process itself for the rules came under fire. With individuals required to use a PIN number to comment on the proposal via the Internet, "American citizens who want to complain about government invasion of their constitutional right to privacy must subject themselves to the ultimate violation of privacy," said Jane Orient, MD, executive director of the Association of American Physicians and Surgeons.

WebMD Health News
© 2000 WebMD, Inc. All rights reserved.