Diverse Groups Demand Privacy in Electronic Medical Records

Published January 1, 2008

U.S. Sen. Edward Kennedy’s (D-MA) federal proposal establishing an Electronic Health Information System has prompted representatives from 47 state and national organizations and health IT companies to call for stringent legislation to protect patients’ privacy.

S. 1693, The Wired for Health Care Quality Act, would set up a nationwide, interoperable health information technology system, creating a paperless health record network. The system is touted as a way to improve health care quality and reduce skyrocketing medical costs by providing easier access to health care records.

The bill’s scheduled November 13 vote was postponed for further negotiations in the Senate Health, Education, Labor, and Finance Committee.

Ashley Katz, spokesperson for Patient Privacy Rights–an Austin, Texas-based group–said once those negotiations are complete, a vote could take place at any time. Patient Privacy Rights is part of a diverse group, called the Coalition for Patient Privacy, that’s joined forces to lobby for greater consumer protections in e-health records.

“If we don’t work to ensure privacy at the same time they kick off this new electronic system, consumers will be left without protection,” Katz explained. “If privacy is separated from the Wired for Health Care Quality Act, privacy will not be addressed now, or it will be ignored altogether. For the sake of medical patients, that just can’t happen.”

Profiting from Data

Katz said most consumers mistakenly believe the Health Insurance Portability and Accountability Act (HIPAA) protects their privacy. On the contrary, Katz said, HIPAA’s “privacy rule” is a “disclosure rule” authorizing more than four million entities to use and subsequently disclose patients’ private health information.

Patients’ health records are a rich source of data for companies selling information for research and marketing use. Fox example, the IMS Health Corporation claimed revenues of $2 billion in 2006 for aggregating and selling information made available via current HIPAA provisions.

Groups forming the Coalition for Patient Privacy run the political gamut from conservative organizations such as Gun Owners of America and the Family Research Council to left-leaning groups such as the National Center for Transgender Equality, AIDS Action, and the American Civil Liberties Union (ACLU). The coalition made its call for legislative protection in October.

“After signing their HIPAA forms, most Americans don’t think about what happens to their information, and worse, most would be shocked to know that their more personal information is not as safe as they would hope,” said Michael W. Macleod-Ball, ACLU’s chief legislative and policy counsel. “All Americans have a right to privacy, and that right doesn’t stop at their doctor’s office door.”

Screening Job Candidates

Without specific legal protections, electronic medical records could be taken into account during self-insured companies’ hiring and promotion decisions, Katz said, because insurance coverage is no longer about providing health care as much as avoiding risk.

“If a company is self-insured, there’s no doubt that company would be interested in a potential employee’s health records before hiring,” Katz explained. “An employee could also be passed over for promotion if that person’s health care is more expensive. That doesn’t take into account the effects such information could have from genetic testing. What if you’re found to have a faulty gene that could be found among cancer victims?”

The coalition believes an ideal patient record privacy law would require an individual’s consent before medical records could be searched or the findings passed along to other entities, Katz said. Patients would be fully informed about how their records are being used and to whom they are being distributed.

U.S. Rep. Edward J. Markey (D-MA), co-chairman of the House Privacy Caucus, says he is committed to making sure the House version of Kennedy’s bill addresses privacy concerns in health records.

“The dream of a nationwide, seamless, effective health IT system is enticing,” Markey said. “If we fail to build in tough privacy principles and strict safeguards, we run the risk that the dream of health IT will turn into a nightmare.”

Fran Eaton ([email protected]) writes from Illinois.

For more information …

S. 1693, The Wired for Health Care Quality Act: http://thomas.loc.gov/cgi-bin/query/D?c110:2:./temp/~c110HI1suP