Skip to main content

Serious differences stall movement on privacy bill

September 1, 1999

Serious differences stall movement on privacy bill

Major differences in bills introduced in the U.S. House and Senate have prevented any significant movement toward the passage of patient confidentiality legislation, says Kathleen Frawley, JD, MS, RRA, vice president for legislative and public policy services for the American Hospital Information Management Association in Chicago. At press time, it seemed certain that an Aug. 21, 1999, deadline would pass with no real progress having been made.

Several issues stall progress

Serious disagreement on these issues among the authors of the various bills resulted in a lack of progress on moving legislation forward:

• whether federal legislation would preempt state laws that afford more privacy protection;

• whether an individual would be able to bring a lawsuit against a party that violated his or her confidentiality;

• whether law enforcement would have access to medical records;

• whether parents would have access to a minor’s health records.

The Health Insurance Portability and Account ability Act (HIPAA) of 1996 requires Congress to pass legislation governing electronic health information before Aug. 21, 1999. If Congress failed to act by that time, the responsibility for the regulation was to pass to the secretary of Health and Human Services (HHS) in Washington, DC, with a final rule required by February 2000. With that in mind, Frawley says, staff at HHS are working on a regulation. "They know [the department] would have to introduce a notice of proposed rule-making in the Federal Register this fall to allow time for the 90-day comment period required before a final rule can go into effect."

However, she notes, Congress missing its deadline does not necessarily take the medical privacy ball from its court. "[Congress] could extend the deadline by passing legislation giving itself more time, or the deadline could come and go and Congress could continue to do work on bills. The HHS secretary and the administration have urged Congress to enact legislation."

A "mark-up" on Senate medical privacy legislation — in which members of the Health, Education, Labor and Pensions Committee would offer amendments to a "chairman’s mark" that combines language from three proposed bills — wasn’t expected to happen until after Labor Day at the earliest, Frawley says.

Five bills on the floor

The three medical privacy bills introduced in the Senate are the Medical Information, Privacy and Security Act, introduced by Sen. Patrick Leahy (D-VT); the Health Care Personal Information Non-disclosure Act, introduced by Sen. James Jeffords (R-VT), who chairs the Health, Education, Labor and Pensions Committee; and the Medical Information Protection Act, introduced by Sen. Robert Bennett (R-UT).

"Sen. Jeffords is hoping to have resolved these issues after Labor Day and to hold the mark-up," Frawley notes. "But because of the four issues [of contention] that are key, it could reach a point that he is not able to move a bill forward."

Two bills introduced on the House side include the Medical Information Privacy and Security Act, introduced by Rep. Edward Markey (D-MA), and the Health Information Privacy Act, introduced by Rep. Gary Condit (D-CA). Also expected to introduce bills were Rep. James Greenwood (R-PA) and Reps. Bill Thomas (R-CA) and Ben Cardin (D-MD).

Another issue is that while most observers believe HHS’ authority under HIPAA is limited to electronic data, the department has sought a legal opinion regarding its authority to reach beyond electronic records and attempt to regulate all medical records in all forms, according to a report from the Joint Healthcare Information Technology Alliance (JHITA) in Washington, DC.

Some members of Congress may attempt to postpone not only the HIPAA privacy regulations, but all of the HIPAA standards that are in process, according to JHITA, an alliance of five professional health care organizations.

Some groups oppose federal involvement

Several hospital and information management associations are supporting Sen. Bennett’s bill, which completely preempts state law and establishes a uniform national standard for the use and disclosure of health information. Some privacy and medical groups, however, are opposed to any federal legislation that would override state laws that afford more privacy. California, for example, has a series of HIV/AIDS-specific confidentiality laws that cover testing, reporting, and partner notification. Wiping out that type of protection would create a public health crisis by discouraging people from seeking testing, counseling, and treatment for these conditions, the privacy groups argue.

The National Coalition for Patient Rights in Lexington, MA, for example, prefers Leahy’s bill, under which federal law would not override tougher state laws.