Skip banner
HomeHow Do I?Site MapHelp
Return To Search FormFOCUS
Search Terms: medical w/5 information w/5 privacy, House or Senate or Joint

Document ListExpanded ListKWICFULL format currently displayed

Previous Document Document 13 of 124. Next Document

More Like This
Copyright 2000 Federal News Service, Inc.  
Federal News Service

 View Related Topics 

June 14, 2000, Wednesday

SECTION: PREPARED TESTIMONY

LENGTH: 1837 words

HEADLINE: PREPARED TESTIMONY BY EDMUND MIERZWINSKI CONSUMER PROGRAM DIRECTOR, U.S. PIRG U.S. PUBLIC INTEREST RESEARCH GROUP
 
BEFORE THE HOUSE COMMITTEE ON BANKING AND FINANCIAL SERVICES
 
SUBJECT - ON HR 4585, THE MEDICAL FINANCIAL PRIVACY PROTECTION ACT

BODY:
 Mr. Chairman, Ranking Member LaFalce, members of the committee: Thank you for the opportunity to testify before you on the important topic of health and financial privacy. My testimony today is on behalf of the U.S. Public Interest Research Group (U.S. PIRG).1

We want to commend the Chairman for introducing legislation that would improve the privacy provisions of Title V of the Gramm-Leach-Bliley Financial Services Modernization Act (the Act). As you know, our organization is troubled2 that, last year, when Congress enacted HR 10/S 900 into law as the Act, it failed to adequately take into account the consumer need for strong privacy protection based not only on notice, but on all of the Fair Information Practices.3 The chairman's bill, HR 4585, The Medical Financial Privacy Protection Act, is designed to address one of the most important problems left unaddressed in Title V -- protecting medical financial privacy. Summary

We are pleased that the coverage of HR 4585 is very similar to the medical privacy provisions of the Administration's proposal, HR 4380, as introduced by Ranking Member LaFalce, Mr. Markey and others. Nevertheless, while we generally support HR 4585 with modifications as discussed below, we would respectfully point out that we believe that the more comprehensive proposal offered by the President, with amendments, should be the one enacted by the Congress.4 HR 4380 addresses not only medical financial privacy, but also closes the affiliate sharing and joint marketing loopholes in Title V and makes other important changes that apply not only to medical information, but also to financial information.

By carving out the nearly consensus issue of protecting medical financial privacy, which even the banks are afraid to oppose too strongly, we fear that our task in enacting the balance of the missing privacy elements in the Act will grow even harder. Nevertheless, we commend the Chairman for taking an important step to protect medical financial privacy and urge him to consider adopting strengthening amendments to broaden the effect of his important bill by picking up more pieces of the comprehensive plan proposed by the President. We believe that the public concern for privacy deserves as broad and rapid a response as possible. The need to move quickly has been exacerbated by passage of the Act, which will encourage even more affiliations and more information sharing.

Key Elements of HR 4585 and Suggestions To Improve HR 4585 And HR 4380

Like the President's proposal, HR 4585 recognizes that medical financial privacy deserves the strongest possible protections. Firms would be generally prohibited from sharing health information without express opt-in consent. Further, several elements of the Chairman's bill infer a very high standard of express consent before sharing, notably its provision that use of information already held requires consent and its provision that mental health information be subject to special separate consent. These are important provisions.

We would suggest that the following amendments to either the Chairman's bill, the President's bill, or both. In addition, we have discussed the bill with the American Civil Liberties Union, the Georgetown University Health Privacy Project and Consumers Union, and associate ourselves with their remarks on other aspects of the bills that need strengthening.

Exceptions: First, both bills have broad exceptions provisions. We believe that there may not be adequate public policy justification for all of the exceptions sought and would urge the committee to carefully reevaluate each of the uses that have been proposed to be exempt from the privacy protections of the two bills.

Non-Coercion/Boilerplate Consent: We believe that consent is a necessary but not sufficient condition for obtaining and using medical financial information. Section 4 of HR 4380 establishes that all consumers be treated equally, whether they are customers of an affiliate or not. The Chairman's bill appears to have a parallel provision, although its construction is somewhat different. Both bills may have useful elements that should be incorporated into a strong final provision. However, neither bill has the additional provision common to the strong medical privacy bills introduced in this Congress an express requirement that no treatment be conditioned upon provision of consent.

"Loans or Credit:" Important parts of the Chairman's bill restrict its applicability to the provision of "loans or credit" but not to other products and services offered by or anticipated to be offered by either the one-stop financial supermarkets or their joint marketing partners enabled by the Act. The protections of any medical financial privacy bill should apply across the board, to the use of medical privacy information for any purpose. Under the limitation to "loans or credit," sensitive medical information could be used for pre- screening, marketing, employment decisions, and investment due diligence or other purposes, without consent, under the bill. Yet, while the HHS regulations under the Health Insurance Portability and Accountability Act (HIPAA) prohibit such uses for health insurers, this bill does not prohibit such uses for numerous other insurers or entities -- such as auto, life, property and casualty and certain disability insurers.

Private Right of Action: Neither bill would amend Title V to grant consumers a private right of action for violations. Consumers deserve the right to enforce violations of their medical financial privacy.

Access: The bill establishes that consumers have access to their files and a right to correct errors. We would strongly recommend that instead of establishing such a narrow right that only applies to medical financial privacy, why not take the language of the administration bill and amend Title V to apply these stronger, important Fair Information Practice rights to all information held by financial services holding companies? This change would obviate one of the industry's running complaints about complexity of regulations. Instead of having strong access and correction provisions apply only to some information, make the law less complex and less burdensome by giving consumers these rights in all information covered under the Act, thereby establishing only one rule for firms to comply with, instead of two.

Stronger Law Controls: Both bills include language describing their relationship to HIPAA. Despite this provision, we believe that there may be overlaps and conflicts between the laws. We would suggest two changes. First, the inclusion of a more explicit section that clarifies that in all cases of overlap, the stronger, more pro-privacy protection applies. Second, we would suggest that the notion of describing a relationship to "regulations," rather than statutes, may prove problematic and deserves clarification before markup. For example, what if the regulations are amended under a successor administration?

Conclusion:

We are pleased to support HR 4585 with the modifications above.

It closes important loopholes in the Act and protects the most sensitive, unprotected information about consumers from misuse. If enacted, the bill would protect consumer medical financial privacy information through an opt-in, express consent system. We are encouraged that both the President and the Chairman of the committee have adopted the concept of opt-in consent and strong privacy protection that has been supported by a broad consensus of American privacy, civil liberties, consumer, and pro-family organizations5 and championed by a growing, bi-partisan number of members. Now, we need to extend the Chairman's opt-in provision on medical information, and the President's opt-in provision on medical information and sensitive financial information, to all information held by entities under the Act.6 We believe that the Chairman's bill offers an important template for extending this concept. We hope that the Chairman, Mr. LaFalce and the President will work together to expand the Chairman's bill before markup, so that the final bill addresses other major loopholes in the Act. Thank you for the opportunity to share our views.

ENDNOTES:

1. U.S. PIRG serves as the national lobbying office for state Public Interest Research Groups. PIRGs are non-profit, non-partisan consumer and environmental advocacy groups active around the country.

2. For more details on PIRG's Financial Privacy Platform, see (http://www.pirg.org/consumer/banks/action/privacy.htm)

3. As originally outlined by a Health, Education and Welfare (HEW) task force in 1973, then codified in U.S. statutory law in the 1974 Privacy Act and articulated internationally in the 1980 Organization of Economic Cooperation and Development (OECD) Guidelines, information use should be subject to Fair Information Practices. Noted privacy expert Beth Givens of the Privacy Rights Clearinghouse has compiled an excellent review of the development of FIPs, "A Review of the Fair Information Principles: The Foundation of Privacy Public Policy." October 1997. (http://www.privacyrights.org/AR/fairinfo.html ) The document cites the version of FIPs in the original HEW guidelines, as well as other versions: Fair Information Practices U.S. Dept. of Health, Education and Welfare, 1973 (From The Law of Privacy in a Nutshell by Robert Ellis Smith, Privacy Journal, 1993, pp. 50-51.)

1.Collection limitation. There must be no personal data record keeping systems whose very existence is secret.

2.Disclosure. There must be a way for an individual to find out what information about him is in a record and how it is used.

3.Secondary usage. There must be a way for an individual to prevent information about him that was obtained for one purpose from being used or made available for other purposes without his consent.

4.Record correction. There must be a way for an individual to correct or amend a record of identifiable information about him.

5.Security. Any organization creating, maintaining, using, or disseminating records of identifiable personal data must assure the reliability of the data for their intended use and must take precautions to prevent misuse of the data.

4.Of course, it is our view that HR 4380, which adopts a mixed opt- in/opt-out approach for financial privacy protection, should be strengthened to a full opt-in approach across the board, as HR 3320 (Markey) would provide.

5.For a list of organizations that make up the informal Shelby-Markey Financial Privacy Coalition, see the letter 16 groups sent to financial regulators last month condemning the delayed implementation of Title V, the privacy provisions of the act, at http://www.consumer.org/consumer/glbdelay.htm

6.And then, of course, to resolve the egregious gaps in U.S. privacy law by working to extend opt-in consent and other Fair Information Practices to all use of consumer information, whether financial, medical, Internet or otherwise.



END

LOAD-DATE: June 15, 2000




Previous Document Document 13 of 124. Next Document


FOCUS

Search Terms: medical w/5 information w/5 privacy, House or Senate or Joint
To narrow your search, please enter a word or phrase:
   
About LEXIS-NEXIS® Congressional Universe Terms and Conditions Top of Page
Copyright © 2002, LEXIS-NEXIS®, a division of Reed Elsevier Inc. All Rights Reserved.