Skip banner
HomeHow Do I?Site MapHelp
Return To Search FormFOCUS
Search Terms: medical w/5 information w/5 privacy, House or Senate or Joint

Document ListExpanded ListKWICFULL format currently displayed

Previous Document Document 55 of 124. Next Document

More Like This
Copyright 1999 Federal Document Clearing House, Inc.  
Federal Document Clearing House Congressional Testimony

July 21, 1999

SECTION: CAPITOL HILL HEARING TESTIMONY

LENGTH: 2331 words

HEADLINE: TESTIMONY July 21, 1999 DONALD J. PALMISANO, MD, HOUSE BANKING AND FINANCIAL SERVICES FINANCIAL INSTITUTIONS AND CONSUMER CREDIT UNIONS FINANCIAL PRIVACY

BODY:
Statement of the American Medical Association to the Subcommittee on Financial Institutions and Consumer Credit Committee on Banking and Financial Services U.S. House of Representatives RE: Medical Privacy Issues in HR 10 Presented by Donald J. Palmisano, MD, JD July 21, 1999 The American Medical Association (AMA) is pleased to provide testimony to the Financial Institutions and Consumer Credit Subcommittee of the House Banking and Financial Services Committee regarding the privacy of medical information in the context of financial services modernization legislation. The AMA s Position on Medical Privacy The patient-physician relationship is based first on trust. Confidentiality of communications within this relationship is a cornerstone of good medical care. In order for physicians to provide the best and most appropriate care, patients must feel that they can disclose to their physicians personal facts and information that they would not want others to know. Without such assurances, patients may not provide the information necessary for proper diagnosis and treatment. Nor might they avail themselves of genetic tests that may be available to assist in the detection and possible amelioration or prevention of various disorders. The AMA believes that patients have the basic right of privacy of their medical information and records and that this right should be honored unless waived in a meaningful way. This requires informed consent for disclosures of personally identifiable health information for any purpose. Recognizing that there are situations in which obtaining specific informed consent is not always practicable or possible, however, the AMA believes that, in such instances, either (a) the information should have identifying information stripped from it, or (b) an objective, publicly accountable entity must determine that patient consent is not required after weighing the risks and benefits of the proposed use. The AMA s Position on HR 10 The stated purpose of HR 10, the "Financial Services Act of 1999," is to remove current barriers preventing affiliation among banks, securities firms, insurance companies, and other financial service providers, with the goal of enhancing competition in the financial services industry and fostering innovation and efficiency. The AMA went on record, in coalition letters to Members of the House of Representatives preceding the full House s debate and vote on HR 10, expressing deep concerns about the medical information component of the bill. Since health insurers are considered "financial services institutions" under the bill, new opportunities are created for personally-identifiable health information collected by insurers to move laterally through a company and its affiliates without patient consent or knowledge. We appreciate Representative Greg Ganske, MD, Representative Edward J. Markey and other Members bringing the issue of medical information privacy to the attention of their colleagues during the HR 10 debate. While the laudable intention of medical privacy language added to the bill was to limit the sharing of personal medical information among financial industries and their affiliates, in fact, the bill ended up doing exactly the opposite - facilitating the broad sharing of just such information. Our testimony today expands on the concerns raised in our letters to the House. Financial entities other than health insurers that are included in HR 10 s scope would become de facto secondary users of personal medical information. Generally speaking, secondary users are those whose use of medical records does not go directly to the treatment, payment or quality assessment of medical and health care provided to an individual. They can include life insurers; auto, property and casualty insurers; employers; licensing agencies public health agencies; medical researchers; educational institutions and even the media. "The flow of information to these parties in some cases affects people s lives in very direct ways, determining whether they are hired or fired, whether they can secure business licenses and life insurances, whether they are permitted to drive cars, whether they are placed under police surveillance or labeled as security risks." (Protecting Privacy in Computerized Medical Information, Office of Technology Assessment report, 1993, p. 48.) It is essential that individuals be notified of such information sharing and that their affirmative consent be required for disclosure of their individually-identifiable health information. The Dual Role of Insurers The matrix of the financial services affiliations covered by HR 10 is complex. Health insurers, as a function of paying claims for medical care, are privileged to have access to personal medical information and records. When insurers function as financial service institutions, the medical record becomes an item of commerce and a market indicator. Insurers claim, in the context of the congressional debate on a comprehensive confidentiality bill, that they are "providers" seeking to improve the quality of care for populations. Yet in their role here as "financial services institutions," they also seek to benefit from affiliating with banks, mortgage companies, holding companies, brokers and dealers and other insurers, to name a few possibilities envisioned by HR 10, creating financial services conglomerates. We find this troubling and believe that specific constraints are required to preclude inappropriate and unconsented-to disclosures of personally identifiable medical information in this context. The medical record is created primarily as a clinical tool to assist in the diagnosis and treatment of individuals in trust relationship with their physicians. We believe that, as a general rule, patients must be provided the opportunity to consent to disclosures on their personal medical information, with narrowly tailored exceptions for certain defined public benefits. When the record migrates from its primary purpose as a clinical tool, that consent becomes even more important in that its secondary uses are not generally anticipated by the individual in facilitating his or her personal care and payment for that care. The Medical Privacy Provisions in HR 10 The medical privacy provisions in HR 10, as set out in Section 351, while well-intentioned, are inadequate to protect patients sensitive medical information in the non-clinical setting. Despite the fact that patient consent is offered as a first alternative for insurers releasing personal medical information, a series of broad ranging exceptions swallow the rule. One exception, for example, would allow financial institutions to share an individual s personal medical information for "research projects." This term is not defined and could easily be construed to include a vast array of marketing evaluations or consumer profiling ventures. Further, it does not relate in any way with "research" and related protections as defined by the Common Rule (45 CFR 46). Another set of exceptions would allow disclosure of individually- identifiable health information "in connection with" an array of largely transaction-related activities. While some of these are legitimate functions of insurers, it is nevertheless imperative that they be carefully defined and, more important, that consumer consent be required for dislcosures for any of these functions. "In connection with" is vague language that, read with each of the exceptions, creates gaping holes in any systematic effort to protect patient privacy. Even more troubling than what appears in Section 351 is what doesn t appear in Section 351. Granted, the "Financial Services Act of 1999" should not become the vehicle for comprehensive medical privacy legislation; nevertheless, if provisions are included at all, they should contemplate the full range of protections for such information in at least the financial services context. The bill does not preclude redisclosures or circumscribe subsequent uses by affiliates and others. The bill does not create limits on government s and law enforcement s access to medical information. The bill does not provide any remedies for privacy breaches, except for those available at the state level, thus reducing the incentive for institutions to comply. The bill does not include any incentives whatsoever to de- identify personal medical information prior to sharing it with affiliates or unaffiliated third parties. Title V Privacy Provisions The "opt-out" provision offered in Section 502 of the bill - Title V, Subtitle A - does not apply at all to medical information. Section 507, also in Title V, Subtitle A, states that " t his subtitle shall not apply to any information to which subtitle D of title III applies, namely, section 351, "Confidentiality of Health and Medical Information." The only protections afforded by Title V to a consumer s health records would flow from Subtitle B, regarding "Fraudulent Access to Financial Information." Curing the Medical Privacy Provisions of HR 10 The AMA believes that it may be possible to improve the privacy language of HR 10, such that it provides adequate protections until comprehensive privacy legislation is passed by the Congress. However, it is a difficult task to define the proper boundaries and decide how comprehensive the provisions should be. We are prepared to join with other interested parties in assisting the House with this task. HR 10 should prohibit the transfer of medical information, even among affiliates, without the explicit consent of the individual. "Opt-out," even if it would apply to medical information disclosures under the bill - which it does not - is insufficient. Individuals should have the affirmative right to direct who has access to their information, particularly outside of the therapeutic and payment context. One approach we believe could work would be to include an explicit "opt-in" provision for individually identifiable health information. Financial institutions, their affiliates and any unaffiliated third parties would be required to affirmatively acquire an individual s consent to disclose their personally-identifiable medical and health information. We understand the arguments from the floor of the House regarding the expectation of consumers for efficient and integrated financial operations regarding their related accounts in a financial institution. However, health insurers play a dual role that does not fit so easily into this construct. Insurers want to be characterized as "financial service institutions" for the purposes of affiliating with other financial and securities based corporate entities. Yet when it comes to the health care delivery system, insurers want to be regarded as health "providers." They cannot have it both ways, and their inclusion in HR 10 explicitly demonstrates the dangers inherent in such an approach. The most prudent option would be to adopt stringent privacy protections, which the Congress may then have the opportunity to modify in comprehensive privacy legislation. It would be reckless to provide so-called "protections" that would allow personal health information to flow freely without individual consent among affiliated and unaffiliated third parties when the consequences are so enormous. Deleting the medical privacy provisions completely, leaving the status quo of state law in place for the time being, would be preferable to passing a version of HR 10 that allows such sweeping access to private medical information. The Congress should take the most measured approach possible in HR 10 to information sharing - the gate cannot be closed once it is opened. Information cannot be "un-shared." Once a financial institution has our medical information, it will become a permanent part of our consumer profile, regardless of future protections that might be imposed. Thus, we would urge the utmost caution so that, if Congress errs at all, it is on the side of protecting patients and their information rather than financial conglomerates desire to exploit that information. Relationship to State Laws If the Congress decides to retain and strengthen these medical privacy provisions, rather than deleting them entirely, we think it is essential to allow more protective state laws to remain in force. It is our understanding that the sponsor intended a "federal floor," however, and we suggest the language be modified to permit more protective state provisions to prevail. This would be consistent with the intent in Title V, Section 524, which provides that subtitle B, regarding "Fraudulent Access to Financial Information," should not be construed as superceding State law, and that greater State protections should prevail. Conclusion HR 10 provides an opportunity for significant enhancement of financial services industry operations. It also presents the potential for ethically perilous conglomerations of information and power as regards individually-identifiable health records. When insurers function as financial service institutions, the medical record becomes an item of commerce and a market indicator. Health insurers dual role as "providers" and as "financial services institutions" highlights the concern of physicians and patients that information will be shared without consent or knowledge of the individual, for purposes unanticipated by the individual. The AMA finds this to be a troubling possibility and urges the Congress to seek more protective language in HR 10 to specifically prohibit inappropriate and unconsented-to disclosures of personally identifiable medical information in the financial services context. Issues as to how medical information is disclosed and used are not a footnote to HR 10; rather they go to the heart of individuals rights within evolving commercial and market systems. The AMA thanks the Subcommittee for focusing its specific attention on these important matters.

LOAD-DATE: July 26, 1999




Previous Document Document 55 of 124. Next Document


FOCUS

Search Terms: medical w/5 information w/5 privacy, House or Senate or Joint
To narrow your search, please enter a word or phrase:
   
About LEXIS-NEXIS® Congressional Universe Terms and Conditions Top of Page
Copyright © 2002, LEXIS-NEXIS®, a division of Reed Elsevier Inc. All Rights Reserved.