No. 27
July 9, 1999
By Sue Blevins*

Did you know that if Congress does not pass a medical privacy law by August 21, then the Clinton Administration will be handed the authority to regulate your medical privacy? This deadline, established by the Health Insurance Portability and Accountability Act of 1996 (HIPAA), puts pressure on Congress to act, or be acted upon, to protect the confidentiality of Americans’ medical records. If Congress fails to enact medical privacy legislation by August 21, 1999, HIPAA requires the Secretary of Health and Human Services to issue regulations, which must be finalized by February 21, 2000.

Currently, hundreds of individuals and organizations have access to your medical records, whether you know it or not. The Congressional Research Service reports that, according to one 1996 estimate, during the course of a hospital stay, as many as 400 people may see at least part of a patient’s medical record. Additionally, medical records are accessed every day by health insurance companies, life insurance companies, self-insured employers, state bureaus of vital statistics, managed care organizations, hospital accrediting organizations, and medical researchers.

What’s Congress doing to protect Americans’ medical privacy? So far, not much. Several bills have been introduced, but none of the bills truly protect Americans’ medical privacy. In fact, some of the bills actually make matters worse. For example, a bill introduced by Senator Robert Bennett (R-UT) preempts existing state laws that provide greater security for medical privacy.

Senator James Jeffords (R-VT) has proposed legislation that would force individuals to waive their right to privacy as a stipulation for purchasing health insurance. In addition, government agencies and biomedical researchers would have access to patients’records without obtaining their consent. Many patients could become research subjects without ever knowing their personal health information is being used as part of a study.

What’s most disturbing about the proposed medical privacy legislation is the way it defines "protected health information." That term is defined to encompass patients’ medical information in any form or medium, including individual cells or their components. So when researchers are able to access medical information without your consent, that means they will be able to ascertain your genetic information and other cellular information without obtaining your permission.

If Congress fails to meet its August 21 deadline, the Clinton Administration is ready to move forward with its plans to create a unique health care identifier number for each and every American. The number would be used to tag and track each person’s medical information electronically. That’s no way to ensure medical privacy!

It seems very unlikely that Congress will pass a bill—particularly one that truly protects patients’ medical privacy—by the August 21 deadline. First of all, Congress has only a few working weeks left this summer, with recesses scheduled for July 3 – 11, and August 7 – September 7. Second, it appears there is little consensus regarding the leading medical privacy bill in the Senate. In fact, since May 25, the Senate committee in charge of marking up (making changes and adding amendments to) a medical privacy bill has rescheduled the mark-up on at least four occasions.

If Congress can’t reach consensus on the existing medical privacy legislation, but yet doesn’t want to punt such authority to the Clinton Administration, it should extend the August 21 deadline. An extension would—at least—allow for greater public input and time to thoroughly debate medical privacy legislation. Such legislation will have an enormous impact on both privacy and liberty.

* Sue A. Blevins is president of the Institute for Health Freedom, located in Washington, D.C. This article is reprinted with the permission of Bridge News.

For additional information, contact Naomi Lopez at (415) 989-0833.