Search Terms: medical w/5 information w/5 privacy, House or Senate or Joint
Document 16 of 124.
Copyright 2000
Federal News Service,
Inc.
Federal News Service
View Related Topics
June
14, 2000, Wednesday
SECTION:
PREPARED TESTIMONY
LENGTH:
2268 words
HEADLINE:
PREPARED TESTIMONY OF JOY PRITTS SENIOR COUNSEL HEALTH PRIVACY PROJECT INSTITUTE FOR HEALTH CARE RESEARCH AND POLICY GEORGETOWN UNIVERSITY
BEFORE THE
HOUSE
COMMITTEE ON BANKING AND FINANCIAL SERVICES
SUBJECT - H.R. 4585, THE "MEDICAL FINANCIAL PRIVACY PROTECTION ACT"
BODY:
I. INTRODUCTION AND OVERVIEW
Mr. Chairman and Members of the House Committee on Banking and Financial Services: I very much appreciate the invitation to testify before you today on H.R. 4585, a bill intended to amend the Gramm- Leach-Bliley Act (also known as the Financial Services and Modernization Act of 1999) in order to fill the health privacy gaps in the Act.
The Health Privacy Project was launched in December 1997 at the Institute for Health Care Research and Policy at Georgetown University. The Project is dedicated to raising public awareness of the importance of ensuring health privacy in order to improve health care access and quality, both on an individual and a community level. In the past year, the Project has published a number of resources on health privacy including Best Principles for Health Privacy: A Report of the Health Privacy Working Group; The State of Health Privacy: An Uneven Terrain (A Comprehensive Survey of State Health Privacy Statutes); and Privacy: Report on the Privacy Policies and Practices of Health Web Sites. All of the reports are available on our Web site at http://www.healthprivacy.org. In addition, the Project coordinates the Consumer Coalition for Health Privacy, which is comprised of a broad cross-section of consumer and disability fights groups committed to educating and empowering healthcare consumers to have a more prominent voice on health privacy issues at the federal, state, and local levels. At the outset, we would like to express our appreciation to Chairman Leach for his acknowledgment that there are significant health privacy gaps in the Gramm-Leach-Bliley Act (hereinafter "the Act"). We too believe that there are significant shortcomings in the Act.
The primary purpose of the Act was to enhance competition in the financial services industry by providing for the affiliation of banks, securities firms, insurance companies, and other providers of financial services. The idea is to offer "one stop shopping" for financial services. According to proponents of the Act, the exchange of personal data between affiliates is necessary to offer the kind of integrated financial services the bill is supposed to promote. But privacy advocates are concerned that allowing the exchange of this data, including
medical
or health
information,
endangers the
privacy
rights of consumers.
As enacted, however, the Act essentially allows the free-flow of a consumer's personal financial information among affiliates without the knowledge or authorization of the consumer. The Act only places restrictions on disclosures to "nonaffiliated" third parties, and those restrictions are de minimus. Even those restrictions can be circumvented through joint marketing agreements.
In our comments on the proposed regulations to the Act, we noted that these deficiencies would best be remedied through legislation. As such, we are pleased that the Chairman has - introduced legislation, and has held this hearing today. We also want to acknowledge that there have been additional efforts recently to amend the Act including an Administration proposal introduced by members in both the House and Senate, and a separate bill introduced by Senator Shelby (R-AL).
Finally, we must highlight that the Department of Health and Human Services is due to issue final health privacy regulations this fall, as required by the 1996 Health Information Portability and Accountability Act of 1996. The proposed federal health privacy regulations constitute a significant step towards restoring the public trust and confidence in our nation's health care. These rules, however, are by no means the final solution. By virtue of the limited authority delegated by Congress, the proposed rules have limited applicability and cover only health plans, health care clearinghouses, and health care providers who transmit health information ("covered entities") in electronic form. As such, a large segment of those who hold health information remains beyond the scope of these regulations. Therefore, it is important that the Financial Services Act be amended to establish clear and enforceable privacy rules for those entities not covered by the HIPAA regulations.
Our testimony today focuses on the major provisions of H.R. 4585: restrictions on disclosure; limitations on use; voluntary consent; the right to see and correct health information; and the relationship to other laws. As background, we have included brief information about the need to protect the privacy of people's health information.
II. PUBLIC NEED AND DEMAND FOR HEALTH PRIVACY
The public has consistently expressed a high degree of concern over the vulnerability of their privacy, and the vulnerability of their health information in particular.
In the absence of meaningful and enforceable privacy protections, people are withdrawing from full participation in their own health care. People are afraid that their health records will fall into the wrong hands, and lead to discrimination, loss of benefits, stigma, and unwanted exposure. A January 1999 survey by the California Health Care Foundation found that one out of every six people engages in some form of privacy-protective behavior to shield themselves from the misuse of their health information, including lying to their doctors, providing inaccurate information, doctor-hopping to avoid a consolidated medical record, paying out of pocket for care that is covered by insurance, and -- in the worst cases -- avoiding care altogether.
Without trust that the personal, sensitive information they share with their doctors will be handled with some degree of confidentiality, people will not fully participate in their own health care. As a result, they risk inadequate care or undetected and untreated health conditions. In mm, the integrity of research and public health initiatives that rely on complete and accurate patient data may also be compromised. Thus, protecting privacy and promoting health care quality and access are values that must go hand-in-hand.
III. STRENGTHS AND WEAKNESSES OF H.R. 4585
If enacted, H.R. 4585 would take a large step forward in filling the privacy gaps in the protection of health information within the context of the financial services industry. However, we do have a number of concerns about the bill. Due to the limited time we have had to review this bill, we will focus our testimony today on some of the major provisions in H.R. 4585.
A. Increased Restrictions on Disclosure One of the major weaknesses of the Gramm-Leach-Bliley Act is the minimal protections afforded by its restrictions on the sharing or disclosure of "nonpublic personal information.
" Under the Act, a financial institution can disclose nonpublic personal information, including individually identifiable health information, freely with its affiliates without any consent from the consumer. As for disclosures to nonaffiliates, the Act only requires notice of the potential disclosure and an opportunity for the consumer to "opt out" of such disclosures.
H.R. 4585 would improve these privacy protections in two major ways: First, the restrictions on disclosures would apply to both affiliates and nonaffiliates.
From a consumer's perspective it is the disclosure of information beyond the original record holder that triggers concern. It makes little difference to a consumer whether the recipient of that information is affiliated with the financial institution. Therefore, the approach taken in H.R. 4585 is preferable to the requirements that currently exist in the Act. Second, under H.R. 4585 a consumer must affirmatively consent (opt in) to the disclosure of individually identifiable health information.
This approach parallels that taken in many other areas of Federal privacy law, where "opt in" is the norm. For example, a consumer "opt in" is required before a tax preparer could transfer--information from a consumer's tax return to a financial advisory affiliate to provide the consumer with financial planning advice. An "opt in" is required before a video rental store can provide information regarding a consumer's videocassette rentals to others. "Opt in" is required before telephone companies can transfer information about what telephone numbers a consumer calls or the whereabouts of the cellular phone the consumer is using to other parties. "Opt in" is required before cable television companies can provide information about what pay-per-view movies a consumer is watching to other parties.We commend the adoption of an opt in requirement for the disclosure of individually identifiable health information within the financial services context. However, it is critical that this opt in be voluntary and uncoerced. (See "C" below.)
B. Limitations on the Use of Individually Identifiable Health Information One of the major concerns of health consumers is that they might be injured economically by a financial institution's use of their health information. The Act does not address this concern. H.R. 4585 moves towards correcting this problem by prohibiting financial institutions from obtaining or using individually identifiable health information in deciding whether to issue or continue credit or loans absent the consumer's affirmative consent. We support the general concept behind this provision which appears to alleviate one of the strongest concerns of consumers-that they might be denied a loan or a mortgage due to a health condition.
We are concerned, however, that this protection is limited only to uses for purposes of providing a "loan or credit" and does not apply more broadly to "financial transactions" in general. The current language would allow uses of health information obtained without a consumer's consent for any insurance transaction and for any other financial transaction that is not the provision of a loan or credit. We recognize that some insurance transactions (which would fall in the general category of "financial transactions") would require the disclosure of health information. We believe, however, that these interests could be served by obtaining the consent of the consumer.
We appreciate the fact that H.R. 4585 attempts to limit the circumstances under which a financial institution can request a consumer's consent to receive health information. The terms of the limitation, however, are somewhat confusing.
C. Voluntary Consent
We urge that H.R. 4585 be amended to include a provision ensuring that the opt in privacy protection is truly voluntary and meaningful. We recommend the adoption of provisions that would prohibit financial institutions from conditioning the delivery of a financial service or product on the consumer's signing an authorization allowing the financial institution to receive their health information. An authorization requirement is not very meaningful if the consumer can be coerced into providing such a requirement as a condition of receiving a benefit or service. We recognize that there are some legitimate circumstances for requiring an authorization for the receipt of health information as a condition to providing some financial services (such as some types of insurance transactions) but these should be the exception and not the rule.
D. Right to See and Correct Health Information
H.R. 4585 grants consumers the right to access and correct their individually identifiable health information that is within the possession of the financial institution. We strongly support the general concept behind this amendment to the Act. Financial institutions may base important decisions on an individual's health information. It is important that the consumer be able to verify that this information is accurate and, if necessary, to correct inaccurate information. We believe, however, that the right of access granted is too narrow. The right of access should not be limited to health information that is "within the possession" of the financial institution but should include information that is within the institution's control.
E. Relationship to Other Laws
As noted above, the Department of Health and Human Services is in the process of promulgating privacy standards under the Health In--cc Portability and Accountability Act of 1996 (HIPAA). The HIPAA privacy standards will apply to many of the same insurers that are subject to the Gramm-Leach-Bliley Act. We are pleased that H.R. 4585 expressly provides that it does not modify, limit or supersede the privacy standards being promulgated by HHS. It appears that this provision, in conjunction with other language in the Gramm-Leach-Bliley Act, will leave stronger state privacy laws intact. As detailed in our report, The State of Health Privacy: an Uneven Terrain (A Comprehensive Survey of State Health Privacy Statutes (July 1999) many states have detailed laws governing the use and disclosure of individually identifiable health information by insurers. The state protections which are stronger should stand.
IV. CONCLUSION
While there were unsuccessful attempts to remedy these privacy problems before final passage of the act last summer, we are heartened by your efforts to finish the job this year. We are available to work with you and the staff of the committee in moving this critical provision forward. H.R. 4585 is an essential piece of the overall effort to ensure that Americans have basic health privacy protections. Through the passage of this bill, the final regulations issued by the Secretary, and other health privacy legislation being considered by the Congress, we can help to meet this goal.
END
LOAD-DATE:
June 15, 2000
Document 16 of 124.
Search Terms: medical w/5 information w/5 privacy, House or Senate or Joint
To narrow your search, please enter a word or phrase:
Copyright © 2002, LEXIS-NEXIS®, a division of Reed Elsevier Inc. All Rights Reserved.