LEXIS-NEXIS® Congressional Universe-Document

Search Terms: health information privacy, House or Senate or Joint

Document 25 of 45.

JULY 20, 1999, TUESDAY

SECTION: IN THE NEWS

LENGTH: 6194 words

HEADLINE: PREPARED TESTIMONY OF
NATIONAL ASSOCIATION OF INSURANCE COMMISSIONERS
SPECIAL COMMITTEE ON HEALTH INSURANCE
BEFORE THE HOUSE COMMITTEE ON WAYS AND MEANS
SUBCOMMITTEE ON HEALTH
SUBJECT - CONFIDENTIALITY OF HEALTH INFORMATION

BODY:

I. Introduction
This testimony is submitted by the National Association of Insurance Commissioners' (NAIC) (EX) Special Committee on Health Insurance. The NAIC requests that this written testimony be submitted as part of the record for the hearing on "Confidentiality of Health Information" held by the Health Subcommittee of the House Ways and Means Committee.
The NAIC, founded in 1871, is the organization of the chief insurance regulators from the 50 states, the District of Columbia, and four of the U.S. territories. The NAIC's objective is to serve the public by assisting state insurance regulators in. fulfilling their regulatory responsibilities. Protection of consumers is the fundamental purpose of insurance regulation.
The NAIC Special Committee on Health Insurance ("Special Committee") is comprised of 46 state insurance regulators. The Special Committee was established as a forum to discuss federal proposals related to health insurance and to provide technical assistance to Congress and the Administration on a nonpartisan basis.
Our testimony focuses on four aspects of the preemption issue raised by the current federal health information privacy legislation. First, we will discuss the states' recognition of the desire for a minimum standard to protect the privacy of health information. Second, we will give some examples of what the states have done to ensure that health information is kept confidential, and discuss the concerns we have about the preemption language in the proposed federal legislation and how Congress can develop a minimum standard without eliminating existing state protections. Third, we will address the need for Congress to clarify the scope of any federal health information privacy legislation and to develop a way for states to measure their laws against any federal standard for compliance. Finally, we will discuss the enforcement of privacy laws, which may seem to go beyond the issue of preemption, but actually gets to the heart of whether Congress should adopt a floor in this area or completely preempt the states.
II. Recognizing the Desire for a Federal Minimum Standard
As required by the Health Insurance Portability and Accountability Act of 1996 (HIPAA), Congress must enact privacy legislation by August 21, 1999. Should Congress fail to act, HIPAA requires the Secretary of Health and Human Services to promulgate regulations by February 2000.
The states, acting through the NAIC, understand the desire for minimum standards to protect the privacy of health information. A minimum standard in this area is considered necessary given that health information is transmitted across state and national boundaries. The transmission of health information, as opposed to the delivery of health care services, is not a local activity. This was one of our main reasons for developing a model on this issue--The Health Information Privacy Model Act (attached).
The NAIC adopted the Health Information Privacy Model Act in September 19987 This model addresses many of the same issues that the federal legislation does, such as: (1) providing an individual the right to access and to amend the individual's protected health information; (2) requiring an entity to obtain an authorization from the individual to collect, use or disclose information; and (3) establishing exceptions to the authorization requirement. Our model was developed to assist the states in drafting uniform standards for ensuring the privacy of health information.2 However, because our jurisdiction is limited to insurance, and health information privacy encompasses more issues than insurance and more entities than insurers, we understand the desire for broader federal legislation.3
Recognizing all of the above factors, along with the fact that all of the health information privacy bills currently before Congress preempt state law in one fashion or another, the members of the NAIC have concluded that the privacy of health information is one of the few areas where it may be appropriate for the federal government to set a minimum standard. However, it should be noted that up until this point there has been no federal standard in place. Rather, states have been the protector of consumers in this area. Any federal legislation must recognize this fact and make allowances for it.
Preemption
A. Existing State Laws
As this Subcommittee is well aware, the drafting of legislation to establish standards that protect the privacy rights of individuals with respect to highly personal health information is a very difficult task. Like you, the members of the NAIC sought to write standards into the NAIC Model that would not cripple the flow of useful information, that would not impose prohibitive costs on entities affected by the legislation, and that would not prove impossible to implement in a world that is rapidly changing from paper to electronic records. At the same time, the members of the NAIC recognized the need to assure consumers that their health information is used only for the legitimate purposes for which it was obtained, and that this information is not disclosed without the consumer's consent or knowledge for purposes that may harm or offend the individual.
When developing protections for health information, Congress must recognize the impact of any federal privacy legislation on existing federal and state laws. Although we cannot fully address the impact on federal law, we do know that many state laws touch on protected health information and appear in many locations within the states' statutes and regulations. These laws do not neatly fit into a federal bill's list of exceptions.. For example, privacy laws can be found in the insurance code, probate code, and the code of civil procedure. Numerous privacy laws relating to health information are also contained in the states' public health laws, which address such topics as child immunization, laboratory testing, and the licensure of health professionals. Other potential areas involve workers compensation laws, automobile insurance laws, and laws regulating state agencies and institutions. In addition, many state privacy laws only address health programs or health-related information that are unique to a particular state.
Let us give you some examples of the existing state laws that protect health information.
California
California's Business and Professions Code provides protections for health information used in telemedicine, which is the practice of health care delivery, diagnosis, consultation, treatment, transfer of medical data and education using interactive audio, video or data communications (Cal. Bus. & Prof.. Code 2290.5). These protections are in addition to other existing confidentiality protections provided by law, including the "Confidentiality of Medical Information" statute in California's Civil Code (Cal. Civ. Code 56 et seq.).

Under the telemedicine law, the health care practitioner must obtain verbal and written informed consent from the patient prior to the delivery of health care via telemedicine. The individual retains the option to withhold or withdraw consent at any time without affecting the right to future care or treatment or without risking the loss or withdrawal of any program benefits to which the individual would otherwise be entitled. The patient is guaranteed access to all medical information transmitted during a telemedicine consultation, and copies of this information are available for a reasonable fee. Dissemination of any patient-identifiable images or information from the telemedicine interaction to researchers or other entities is prohibited without the consent of the patient. This statute provides only three exceptions to the requirement of patient consent for disclosure of health information: (1) when a patient is not directly involved in the telemedicine interaction, such as when one health care practitioner consults with another health care practitioner; (2) in an emergency situation in which a patient or representative is unable to give informed consent; and (3) to a patient under the jurisdiction of the Department of Corrections.
California's telemedicine statute could arguably be preempted by federal legislation that uses a total preemption approach. This statute is one example of states responding to changes in technology and addressing issues beyond those addressed in any of the federal bills. California not only protects the confidentiality of medical records but it protects health information in telemedicine. The telemedicine statute also requires consent for disclosing health information and has far fewer exceptions for disclosure without consent than any of the federal bills. The state law also guarantees patients the right to access all medical information without exception, whereas the federal bills have exceptions to patient access. Finally, the state law allows the patient to revoke consent at any time without affecting the right to future care or program benefits; however, this right is not included in the federal legislation. If a federal privacy bill using a total preemption approach is enacted, California's telemedicine protections, which are stronger than those in the pending federal legislation, would arguably be preempted.
Connecticut
Connecticut has already enacted a privacy protection law for insurance information. (Conn. Gen. Stat. 38a-975 et seq.). This law applies to insurance institutions, agents and insurance-support organizations, and it protects health information that is collected, received or maintained in connection with insurance transactions that pertain to individuals who are residents of the state or who engage in insurance transactions with applicants, individuals or policyholders who are residents of the state. It also applies to insurance transactions involving policies, contracts or certificates of insurance delivered, issued for delivery, or renewed in the state. This law applies to life, health, disability, and property and casualty insurance, and therefore to issuers.of these products. This state law would be preempted under a federal bill that used a total preemption approach. Arguably any health information held by life or health insurers may still be protected under the federal legislation; however, health information held by disability or property and casualty insurers, which is currently protected under this state law, would become unprotected under the current federal legislation. Without the opportunity for the state to implement its own laws to address these types of insurers, the health information they hold would be vulnerable to potential misuse or disclosure by those who hold it. In addition, if the federal standard were to fall short of Connecticut law in some way, the level of protection for information held by life and health insurers would be diminished.
Florida
Florida's Civil Rights law requires confidentiality and informed consent for genetic testing. (Fla. Stat. Ann. 760.40). The law provides that except for purposes of criminal prosecution, determining paternity, or acquiring specimens from persons convicted of certain offenses, DNA analysis may be performed only with the informed consent of the person to be tested, and the results of such DNA analysis, whether held by a public or private entity, are the exclusive property of the person tested, are confidential, and may not be disclosed without the consent of the person tested. This law arguably would be preempted by a total preemption approach that uses the "related to" standard. Civil rights laws and genetic testing laws do not fall within any of the federal bills' exceptions, so presumably DNA tests would be governed by the provisions of federal bills. However, the federal legislation would arguably allow DNA test results and the identity of the individual to be disclosed without the individual's authorization under some of the federal bills' provisions, including the research provisions.
Massachusetts
Under Massachusetts' education statutes, provisions are established for the testing, treatment and care of persons susceptible to genetically-linked diseases. (Mass. Ann. Laws ch.76, 15B). The law requires the Department of Public Health to furnish necessary laboratory and testing facilities for a voluntary screening program for sickle cell anemia or for the sickle cell trait and for such genetically-linked diseases as may be determined by the Commissioner of Public Health. Records maintained as part of any screening program must be kept confidential and will not be accessible to anyone other than the Commissioner of Public Health or to the local health department which is conducting the screening program, except by permission of the parents or guardian of any child or adolescent who has been screened. Information on the results of any particular screening program shall be limited to notification of the parent or guardian of the result if the person screened is under the age of 18 or to the person himself if he is over the age of 18. The results may be used otherwise only for collective statistical purposes. Again, this state program may be preempted by a federal privacy law because it does not fall under the federal bills' preemption exceptions. Under the federal bills this health information would be at risk of disclosure without authorization under the public health or research provisions.
Michigan
Michigan's Public Health Code mandates confidentiality of HIV testing and requires written, informed consent (Mich. Comp. Laws. 333.5114, 333.5133). A physician or the physician's agent shall not order an HIV test for the purpose of diagnosing HIV infection without first receiving the written, informed consent of the test subject. Written, informed consent must contain at a minimum all of the following: (1) an explanation of the test, including the purpose of the test, the potential uses and limitations of the test, and the meaning of the test results; (2) an explanation oft he rights of the test subject, including the right to withdraw consent prior to the administration of the test, the right to confidentiality of the test and the results, and the right to participate in the test on an anonymous basis; and (3) the persons or class of persons to who the test results may be disclosed. In addition, an individual who undergoes an HIV test at a department-approved testing site may request that the HIV test be performed on an anonymous basis. Staff shall administer the HIV test anonymously and shall obtain consent to the test using a coded system that does not link the individual's identity with the request for the HIV test or the results. The Michigan law states that consent is not required for an HIV test performed for the purpose of research, if the test is performed in such a manner that the identity of the test subject is not revealed to the researcher and the test results are not made known to the test subject. This state law risks being preempted by the federal legislation depending on the preemption approach and the exceptions. If state public health laws are exempt from federal law, this state law could be left in place depending on how the federal legislation classifies public health laws. If state public health laws are not excepted, this state law would arguably be preempted by federal legislation that uses a total preemption approach, but the protection the state law offers would not be replaced with a federal equivalent. Some of the federal bills would allow the identity of the individual to be disclosed without the individual's consent under the public health or research provisions.
Montana
Under Montana's laws governing health maintenance organizations, any data or information pertaining to the diagnosis, treatment, or health of an enrollee or applicant obtained from the enrollee, applicant or a provider by a health maintenance organization must be held in confidence and may not be disclosed to any person, except upon express consent of the enrollee or applicant, pursuant to statute or court order for the production of evidence or discovery, in the event of a claim or litigation between the enrollee or applicant and the health maintenance organization where in the data or information is pertinent, or to the extent necessary to carry out the purposes of this chapter. (Mont. Code Ann. 33-31-113). The provisions of the state law would presumably be preempted by a total preemption approach and would not be saved under any current exception in the federal bills.

The state law prohibits disclosure except in a few limited cases, mostly pertaining to litigation, whereas the federal legislation would allow health maintenance organizations (health plans) to disclose this protected information without authorization under many more instances.
In addition, Montana just enacted a comprehensive medical records privacy bill targeted at insurers. This new law was modeled after the NAIC Health Information Privacy Model Act, and it builds upon Montana's Insurance Information and Privacy Protection Act (Mont. Code Ann. 33-19-101 et seq.), which is very similar to Connecticut's law (see above). The efforts and careful consideration of the state legislature to adopt privacy legislation would be lost, if the federal privacy legislation preempts all state laws relating to confidentiality of health information.
Ohio
Under Ohio law, information collected by the Ohio Health Care Data Center must be kept confidential, and may only be released in aggregate statistical form. (Ohio Rev. Code Ann. 3729.46(B)). The Director of Health, employees of the Department of Health including employees of the data center, and any person or governmental entity under contract with the director shall keep confidential any information collected that identifies an individual, including information pertaining to medical history, genetic information, and medical or psychological diagnosis, prognosis, and treatment. Theses persons and entities shall not release such information without the individual's consent, except in summary or statistical form with the prior written permission of the Director or as necessary for the Director to perform his duties. This state law would be preempted by a federal privacy law that totally preempted state law or did not include this type of law as an exception to federal preemption. The state law only allows release of information in summary form without identification of the individual, but this same information risks being released as personally identifiable information under the federal legislation. The federal legislation would end up unprotecting this information that is currently protected under state law.
Vermont
Vermont, like some other states, has a cancer registry. (18 V.S.A. 154, 155, 156). The Vermont statutes require the Vermont Health Commissioner to keep confidential all information reported to the cancer registry, with exceptions for the exchange of confidential information with other states' cancer registries, federal cancer control agencies and health researchers under specified conditions. The provisions of these state laws Would arguably be preempted by a federal privacy law that totally preempted state law or did not include state cancer registry laws as an exception to federal preemption. Presumably, a federal privacy law would allow the Vermont Health Commissioner to disclose protected health information in situations not authorized by the state's statutes, but allowed to be disclosed without authorization under the federal bills' public health or research provisions.
These examples should not be construed as a definitive legal analysis of the relationship between these state laws and the federal bills. The comments are not based on an extensive review of all relevant state laws that might affect the ultimate conclusion about the interaction of the federal bills and the states' laws. However, the range of state laws relating to protected health information, and the diversity of their purposes and of the entities that they affect, are critical factors for assessing the impact of any federal preemption language.
B. The Best Approach to Developing a Federal Standard
An argument will be made that the only solution to this collection of state privacy laws is a total preemption of state law. However, this "solution" is a deceptively easy response to the various state privacy laws and will most certainly result in adverse, unintended consequences. The language "any State law that relates to matters covered by this Act" could preempt literally hundreds of state laws that affect protected health information.4 Many state laws that are seemingly unrelated to health information on their face affect health information privacy and could be eliminated by a total preemption approach without any equivalent federal protection. Health information or health-related information that is currently protected will end up unprotected, and states will not be able to remedy the problem or "reprotect" the information. We offer this perspective not to "protect our turf," but rather as a caution against unintended consequences to the consumer. Because of the number and scope of the laws involved, our concerns are not limited to insurance law. We do not want Congress to reduce or eliminate any protections already in place. Preemption of state law is not a workable solution.
We believe the best approach would be to set a federal standard that does not preempt state laws that have been protecting health information for so many years. Up until now, there has been no federal standard in place, and the states have been protecting consumers. We understand the desire to establish a federal floor in this area, but it is not appropriate to preempt stronger state laws or preempt state laws that are outside the scope of the federal privacy legislation. As discussed earlier, the states have enacted privacy protections for their citizens in a variety of areas. These citizens should not lose stronger protections for their health information or lose protections granted by the states in areas not contemplated by the federal legislation.
In addition, we believe that states should be allowed to enact stronger privacy protections in the future in response to innovation in technology and changes in the use of health information. We believe the best approach would balance the desire for uniformity with the recognition of the states' ability to respond quickly and to provide additional protections to their citizens. States can quickly identify the impact of any federal privacy law or any changes in technology or in the-use of health information and can efficiently remedy any adverse situation. We urge Congress not to take a "broad-brush" approach to preemption that would unintentionally take away protections at the state level, eliminate the states' ability to remedy unintended consequences that result from federal privacy legislation, or prevent states from responding in the future.
Since Congress is certain to set some type of federal standard, we offer the following language as a suggestion of how federal privacy legislation may be drafted. This language sets a federal minimum standard that leaves in place existing state laws that are at least as protective as the federal legislation and allows states to enact stronger laws in the future.
Nothing in this Act shall be construed as preempting, superseding, or repealing, explicitly or implicitly, any provision of State law or regulation currently in effect or enacted in the future that establishes, implements, or continues in effect any standard or requirement relating to the privacy of protected health information, if such state laws or regulations provide protections for the rights of individuals to the privacy of, and access to, their health information that are at least as protective of the privacy of protected health information as those protections provided for under this Act. Any state laws or regulations governing the privacy of health information or healthrelated information that are not contemplated by this Act, not addressed by this Act, or which do not directly conflict with this Act, shall not be preempted. Federal law shall not occupy the field of privacy protection. The appropriate federal authority shall promulgate regulations whereby states can measure.their laws and regulations against the federal standard.
We believe this language recognizes the desire for a federal standard while respecting what the states have already done.
IV. Scope of the Legislation
In addition to adopting an approach that recognizes the privacy protections already enacted by the states and that allows states the flexibility to enact stronger privacy laws in the future, we urge Congress to draft legislation that specifically outlines the areas that Congress intends to address. Congress needs to be very specific about the scope of any federal privacy legislation. This is of particular concern since the current privacy legislation is silent on many issues affecting federal and state law. The scope should not be left ambiguous or left to the courts to decide. We believe it would be better for the protection of consumers' health information if Congress would specify what is addressed by the federal legislation as opposed to attempting to list all of the state laws that are exempt from the federal legislation.

All of the current federal bills contain specific exceptions to the federal preemption language for certain state laws. Reviewing all of the bills, these exceptions include state laws that: (1) provide for the reporting of vital statistics such as birth or death information; (2) require the reporting of abuse or neglect information about any individual; (3) regulate the disclosure or reporting of information concerning an individual's mental health; (4) relate to public or mental health and prevent or otherwise restrict disclosure of information otherwise permissible under the federal legislation; (5) govern a minor's rights to access protected health information or health care services; (6) relate to the disclosure of protected health information or any other information about a minor to a parent or guardian of such minor; (7) authorize the collecting, analysis, or dissemination of information from an entity for the purpose of developing use, cost effectiveness, performance, or quality data; and (8) concern a privilege of a witness or person 'in state court.
Although each of the exceptions is appropriate and the list represents a good start at enumerating the specific categories of state laws that should not be preempted, these specific exceptions to the preemption language do not alleviate our concerns. There are other state laws that do not fit into any of the explicit categories and that would therefore be preempted by the broad scope of the general preemption language. In addition, not all of these specified exceptions are included in each of the bills. We mention this to underscore the critical importance of clearly defining the scope of what the federal legislation is addressing and the applicability of any specific privacy standard or exception. We believe it wiser and easier to define what types of health information and what state laws are within the scope of the federal legislation, rather than what types of health information and what state laws are outside of the scope of the federal legislation.
In addition, we urge Congress to outline a way in the federal privacy legislation for the states to measure their laws against any federal standard and to provide options for states to meet those requirements. In HIPAA, Congress gave the states three options in meeting the requirements of that legislation. Similar guidelines are needed in the privacy legislation. States need to be able to judge whether their state laws are stronger than the federal law in order to determine whether they need to take further action to revise their laws. V. Enforcement
Finally, we strongly caution Congress against enacting legislation that would preempt state laws, because we have several concerns about the enforcement of any federal privacy law. First, while all of the federal bills include criminal and civil sanctions and some of the bills allow a private right of action, we are concerned about the level of penalties. All of the federal bills include criminal sanctions for those who "knowingly and intentionally" disclose protected health information; however, under such a strict standard, it is unlikely that very many prosecutions will take place at the federal level. The federal bills also impose civil sanctions, but the maximum penalty is only $100,000 for violations occurring so frequently as to be considered a business practice. For a multi- million dollar company, $100,000 can be written off as a business expense. Given the lucrative market for the sale of individually identifiable health information, such an expense could be considered a minor inconvenience.
The states possess a more effective enforcement tool than just monetary penalties. Insurers and other entities, such as hospitals and providers who hold protected health information, are licensed by the state. For repeated violations, the appropriate state agency can revoke the entity's license to do business in the state. This type of penalty forces the entity involved to change its business practices to conform to the law. Total preemption of state law could eliminate this enforcement mechanism.
Second, we also have concerns regarding the federal government's ability to conduct day-to-day oversight and enforcement of these laws. Our internal and informal surveys have shown that states get very few complaints from individuals about inappropriate disclosures of their protected health information. Consumers generally are not aware when a company releases their information. Instead the state agency overseeing that entity uncovers the violation. State insurance departments employ examiners who conduct on-site reviews of insurance companies' files. When a violation is found, it can be corrected immediately. Unless the federal government is prepared to duplicate this system, states should not be preempted from enforcing their own laws.
In addition, state insurance departments offer consumers a place to register their complaints. Those consumers who believe their rights may have been violated can call their state insurance departments and talk with someone about their concerns and have their concerns investigated. We do not believe that this degree of interaction and involvement will exist at the federal level. When a consumer believes his or her rights may have been violated under the new federal law, who in the federal government will that individual call? States already have an enforcement structure in place. This is a structure that should be built upon not preempted.
VI. Conclusion
Establishing standards to protect the collection, use, and disclosure of health information is a very important undertaking. The growth of managed care, the increasing use of electronic information, and the advances in medical science and communications technology have dramatically increased both the availability and the importance of health information. The efficient exchange of health information will save thousands of lives. The information is critical for measuring and analyzing the quality and cost effectiveness of the health care provided to consumers. Consumer benefits from advances in health information are vast. However, the potential for misuse of this information is also vast. The information itself has become a valuable product that can be sold for significant amounts of money, and the consequences of unauthorized disclosure of health information can be potentially damaging to individuals' lives. The opportunities to exploit available health information will grow in number and value as technology and medical science advance.
As Members of Congress address this critical topic, we would urge you to recognize the importance of existing state laws addressing the use of health information in many contexts. Congress should be aware of the complexity of implementing federal standards without inadvertently displacing important provisions of state law. We urge Congress not to take a "broad-brush" approach to preemption that would unintentionally take away protections at the state level, eliminate states' ability to remedy unintended consequences that result from federal privacy legislation, or prevent states from responding to future changes in technology or changes in the use of health information. The scope of the preemption is a critical issue, and if not carefully constructed it could lead to unintended consequences. We urge you to recognize the impact of any privacy legislation on federal and state laws as you debate this issue. The members of the NAIC would be happy to work with the Members of Congress in this area. Thank you.
FOOTNOTES:
1 This model was developed with state regulators, representatives of the insurance and managed care industries, and representatives from the provider and consumer communities. The NAIC model reflects the excellent work that has been done by a number of states on this difficult topic. The NAIC recognized the need to update the provisions of its existing "NAIC Insurance Information and Privacy Protection Model Act," which was adopted by the NAIC in 1980, to reflect the rapidly evolving marketplace for health care and health insurance and the dramatic changes that have occurred over the past 19 years in information technology.
2 The NAIC model requires carriers to establish procedures for the treatment of all health information, whether or not it is protected health information. The model then establishes additional rules for protected health information. In contrast, the federal bills require that named entities establish and maintain safeguards to protect the confidentiality of protected health information, which is more limited. The NAIC believes that Congress should establish procedures to assure the accuracy and integrity of all health information, not just protected health information.
3 The most obvious difference between the NAIC model and the federal bills is in the scope of the entities to which the respective proposals would apply. The NAIC model applies to all insurance carriers. The federal bills are much broader and apply to health care providers, health plans, public health authorities, health oversight agencies, health researchers, health or life insurers, employers, schools, universities, law enforcement officials, and agents. Different sections of the federal bills apply to different combinations of these named entities. However, we are concerned that the federal bills only apply to health and life insurers and not to all insurers.
With respect to insurers, we recommend the approach of the NAIC model, which applies to all insurance carriers and is not limited to health and life insurers. The NAIC had an extensive public discussion about whether the NAIC model should apply only to health insurance carriers, or instead, to all carriers. Health and life insurance carriers are not the only types of carriers that use health information to transact their business. Health information is often essential to property and casualty insurers in settling workers' compensation claims and automobile claims involving personal injury, for example. Reinsurers also use protected health information to write reinsurance. The NAIC concluded that it was illogical to apply one set of rules to health insurance carriers but different rules, or no rules, to other carriers that were using the same type of information. Consumers deserve the same protection with respect to their health information, regardless of the entity using it. Nor is it equitable to subject life and health insurance carriers to more stringent rules than those applied to other insurers. Our model applies to all insurance carriers and establishes uniform rules to the greatest extent possible.
4 This language is very similar to the preemption language contained in the Employee Retirement Income Security Act of 1974 (ERISA), which states: "IT)he provisions of this title...shall supersede any and all State laws insofar as they may now or hereafter relate to any employee benefit plan .... "(emphasis added). As this Committee is well aware, twenty-five years of litigation and numerous Supreme Court decisions have yet to clarify the scope of the ERISA preemption language. We would respectfully suggest that a "relate to" standard is not a good standard to adopt in federal legislation regulating the use of health information. Total preemption language will unintentionally erase important state laws but not provide equivalent federal protections. This is the unfortunate situation that has occurred as the result of the preemption language contained in ERISA.
END

LOAD-DATE: July 22, 1999

Document 25 of 45.


Search Terms: health information privacy, House or Senate or Joint
To narrow your search, please enter a word or phrase: