Model state law on privacy of medical records sets strict protections for ident
Model state law on privacy of medical records sets strict protections for identifiable information
No state’s done a really good job’ yet of protecting patient information
A draft model state law to protect the confidentiality of public health records has been released by a 39-member panel convened under the auspices of Georgetown University Law Center in Washington, DC.
Dissemination of a final version is pending resolution of issues addressing the internal use of public health data and formal endorsement of the guidelines by the Centers for Disease Control and Prevention in Atlanta.
"If this particular act were passed in all 50 states, it would vastly improve the privacy of public health information," says James Hodge, professor of law at Georgetown Univers ity Law Center and director of the public health privacy project.
The proposed act is comprehensive, with separate sections addressing the acquisition, use, and disclosure of patient-specific information. The draft also suggests security measures public health entities should take to protect the confidentiality of data, as well as what protections patients have to ensure that information is accurate and kept confidential.
A separate section describes civil sanctions that can be sought by patients who believe they have been injured by a failure to adequately maintain the security of public health information, failure to supervise persons responsible for ensuring the confidentiality of public health data, disclosure of public health data, or other violations of the act. The act allows, for example, punitive damages for willful or grossly negligent violations of the act of up to $10,000 for each violation.
Texas is the first state in the nation to introduce legislation based on the draft model. Panel member Rep. Glen Maxey (D-Austin) this session sponsored broad-ranging legislation that would establish strict parameters for the use, dissemination, and disclosure of public health data. (See details of the legislation, at right.)
Advocates are simultaneously pursuing national privacy protections, coordinating such efforts with the development of privacy regulations required by the Health Insurance Portability and Accountability Act (HIPAA). HIPAA requires the federal government to enact federal privacy regulations by Aug. 21, or failing that, come under Department of Health and Human Services (DHHS) guidelines to be developed by February 2000.
Either scenario is consistent with the development of the state model, says Mr. Hodge. Various legislative proposals generally establish a floor from which states can enact more strict regulation—so-called floor pre-emption—and draft DHHS guidelines are consistent with the model state legislation, he says.
"We really don’t see the Aug. 21 deadline or Congress’ failure to act or DHHS action by February 2000 as a major obstacle at all," he says.
At the same time, advocates are pushing for congressional action by August.
"One of the reasons we need a strong federal law is that there really aren’t comprehensive state privacy laws," says Jeff Crowley, MPH, a panel member and chair of the Con sor tium for Citizens with Disabilities Privacy Working Group. "There’s no state we can point to and say, Oh, it’s really done a good job.’ Most states don’t have comprehensive laws."
Contact Mr. Hodge at (202) 543-2992 and Mr. Crowley at (202) 898-0414.
Subscribe Now for Access
You have reached your article limit for the month. We hope you found our articles both enjoyable and insightful. For information on new subscriptions, product trials, alternative billing arrangements or group and site discounts please call 800-688-2421. We look forward to having you as a long-term member of the Relias Media community.