Search Terms: health information privacy, House or Senate or Joint
Document 43 of 45.
Copyright 1999
Federal News Service,
Inc.
Federal News Service
APRIL
27, 1999, TUESDAY
SECTION:
CAPITOL HILL HEARING
LENGTH:
29291 words
HEADLINE:
HEARING OF THE
SENATE
HEALTH, EDUCATION, LABOR AND PENSIONS COMMITTEE
SUBJECT: PRIVACY OF MEDICAL RECORDS
CHAIRED BY: SENATOR JAMES JEFFORDS (R-VT)
WITNESSES:
SENATOR ROBERT F. BENNETT (R-UT)
SENATOR PATRICK J. LEAHY (D-VT)
JOHN BENTIVOGLIO, SPECIAL COUNSEL, HEALTH CARE FRAUD,
OFFICE OF DEPUTY ATTORNEY GENERAL, DEPARTMENT OF JUSTICE
RONALD WEICH, REPRESENTATIVE,
AMERICAN CIVIL LIBERTIES UNION
ROBYN S. SHAPIRO, REPRESENTATIVE,
AMERICAN BAR ASSOCIATION
LADONNA SHEDOR, REPRESENTATIVE
HEALTH CARE LEADERSHIP COUNCIL
PAUL APPELBAUM, REPRESENTATIVE,
AMERICAN PSYCHIATRIC ASSOCIATION
JOHN G. CURD, VICE PRESIDENT, CLINICAL DEVELOPMENT,
GENETECH, INC.
CHRIS KOYANAGI, REPRES
BODY:
SEN. JAMES JEFFORDS (R-VT): Good morning, today marks the Health and Education committee's seventh hearing on one of the most pressing issues confronting our health care system, the confidentiality of health care information.
At today's hearing, we will be examining the topics of law enforcement, authorization and preemption as they pertain to patient confidentiality. This series of hearings has provided committee members with a better understanding of the complex issues surrounding the use of health care information and it has given us a clear sense of the need for federal legislation.
The current loose web of medical record protections at the federal and state levels, which has evolved in the absence of the comprehensive law, these many aspects of health information, unevenly protected, if Congress fails to enact federal privacy legislation by August 21, 1999. The secretary of Health and Human Services is required, according to the Health Insurance Portability and Accountability Act of 1996, referred to as HIPAA to promulgate regulations, establishing electronic privacy standards in February 21, 2000. With that deadline only months away, we have our work cut out for us.
Recently, along with Senator Dodd, I introduced S578, bipartisan legislation to establish necessary national standards to protect the confidentiality of each of America's medical records. In addition, Senator Leahy and Senator Kennedy have introduced S573, Medical Records Privacy legislation. And yesterday, Senator Bennett introduced the Medical Information Protection Act. All three of these bills have been referred to the committee for our consideration.
In order to meet the HIPAA deadline, I am planning to hold a committee markup on Health Information Confidentiality legislation next month. In developing the legislation for markup, I intend to draw from the best provisions of the three medical records bills that have been referred to the committee.
The time is right for action. Major technological advances in health care's administration, delivery and payment systems have greatly improved the quality of patient care. However, we must also have guarantees to protect the privacy for every American's medical records.
A recent study by the National Research Council shows that the pathway of a typical medical record is no longer confined within the control of the patient's personal physician. Today, records may be handled by numerous individuals in more than 17 different organizations. Quality care requires more than the free flow of information among providers, payers, and other users of health information. It requires trust between a patient and a care given. Patients must feel comfortable sharing sensitive information with health professionals. Technology has provided a tool to allow the ease of access to health care information. Now, legislation is needed to ensure the confidentiality of this personal information.
Today, we will be hearing from Senator Bennett, Senator Leahy, two distinguished colleagues of mine, who have been leaders in the medical records privacy issue, as well as from other experts on the issues of law enforcement, authorization and preemption.
The hearing will follow the committee's usual format. Each of the witnesses will speak for five minutes and each member will have up to five minutes per round for questioning. The hearing record will remain open for two weeks and any written statements and questions for the record should be submitted within that timeframe.
That said, let me welcome all the witnesses. I look forward to hearing your testimony and I turn now to my good friend, Senator Kennedy.
SEN. EDWARD M. KENNEDY (D-MA): Thank you. Thank you very much, Mr. Chairman.
I want to express all of our appreciation for the hearings that we have had on this subject matter, which is of, I think, enormous importance to families all over this country. And the way that these hearings have been structured, I really it really maximized our committee's and hopefully the public's understanding of this issue.
I think, as you point out in your opening comment, there is more privacy when we go down and rent at Blockbusters than we do have in terms of medical records is a startling but true fact.
And Americans are naturally concerned about this. They're concerned about it, as we have seen over the course of our hearings. If they're not going to have the kinds of protections, then, they're clearly not going to give the kind of information to their doctor that they ought to give to their doctor in order to be able to get the best kind of medical attention, or they'll lie to their doctor if they have the sense that the information is going to be shared. It may very well impact their employment, or whether they're going to be able to get health information. We want to try to make sure that there's a balance between the providers of health care and of those in the health care area to try to enhance their ability to improve health delivery service, so there's obviously some balance. There has to be some degree of flexibility so that the providers, themselves, are able to gain information to give the best in terms of health care to their patients.
We, Senator Leahy, I want to thank him for his leadership as a key member, like others in the Judiciary Committee, has been enormously involved in the protection of individual's privacy issues and individual's rights. And I think he, in working with him, I have gained a great deal, as a former prosecutor, and Senator Leahy has in terms of also balancing the legitimate interests that law enforcement would have, establishing a standard, reasonable standard. And I will have a chance to get into some of that here today.
And we have also in this legislation incorporated many of the well-tested ideas that have been included at the National Institutes of Health, and have worked. And I have joined with Senator Leahy in supporting legislation that today has the broad support of over 100 different organizations, both in terms of researchers and patients' organizations, consumer organizations, and the providers. We've been heartened by working with them and to have their support.
And finally, I think, Mr. Chairman, we have tried to be sensitive to those states that have some particular kinds of needs. We have tried to establish a floor so that Americans across the country will know whether in this nation, which is moving around a great deal, increasingly so, that their medical records are going to be protected, but also to permit, at least, the states to take some opportunity to meet some of their very, very special needs.
So, we, Mr. Chairman, want you to know that we are looking forward to working with you, with other members of the committee. It's enormously important as you have pointed out. We do not want to let this just sort of drift on in to being an issue dealt with by administrative -- as much as we respect, and all of us do, the extraordinary leadership of Secretary Shalala, and to the administration, we ought to be the ones that decide the policy. And we are looking forward to working with you and Senator Bennett, and our colleague, Senator Dodd, and try to get a strong legislation -- Senator Frist, and I know other members that are here today -- trying to get good legislation that can meet to these conflicting needs, but they do it in ways, which will have a broad support.
Thank you, Mr. Chairman.
SEN. JEFFORDS: Well, thank you for an excellent statement. And I would say it's a real challenge to have five senators who are, and six, really, actively working on this bill, but with different ideas. So, it's going to be a challenge, but I am very pleased with the efforts on behalf of all of those who are participating to try to find a consensus here.
I am pleased to welcome five panels of witnesses this morning who will share their expertise with the committee also. First, it gives me a great pleasure to introduce two distinguished colleagues of mine, Senator Robert Bennett, and Senator Patrick Leahy, who have been leaders on this issue of medical records privacy for some time. I am delighted that they could both be with us this morning and share with us their thoughts.
And please proceed --
SEN. KENNEDY: Mr. Chairman, could I -- I hope to be here for Dr. Paul Applebaum, who's the chairman of the Department of Psychiatry and director of law and psychiatry at the University of Massachusetts Medical School in Wooster. I want to extend a very warm welcome.
As the Chair knows, there's the marking up of the bankruptcy legislation, and also in the Armed Services Committee matters dealing with Kosovo. So, we'll do the best to hear. But I wanted to express appreciation to the committee for inviting the doctor.
Thank you very much.
SEN. JEFFORDS: Thank you.
Senator Bennett.
SEN. ROBERT BENNETT (R-UT): Thank you, very much, Mr. Chairman, and I want to thank you, for holding the hearing and for your role in this important issue of protecting personal identifiable health information. And I'm pleased to be here to talk about the subjects you've identified for today's hearings federal preemption, the consolidated authorization, and law enforcement's ability to access medical records.
Each of the areas is an important aspect of any legislative effort to provide appropriate protections for our medical information. Before I get into the issue of federal preemption, let me make a personal statement and people asking me as a conservative Republican who believes in state's rights and state's preeminence, how can you come out and be in favor of federal preemption?
And I want to assure you and the committee that I have not approached this issue from the standpoint of political ideology, but out of my background as a manger. And I have come to the conclusion from a straight managerial point of view, the logical thing is to have federal preemption of state law. I think is vital. Most of wrongly assume that our personal health information is already protected under federal law. As Senator Kennedy has noted, it is not. Federal law protects the confidentiality of our video rental records and federal law ensures us access to information about ourselves such as our credit history. But there is no current federal law, which will protect the confidentiality of medical information against unauthorized use and ensure us access to that same sensitive information about us. It's ironic and other people can see the information, but we ourselves cannot in many situations.
Delivery of health care is a matter of interstate commerce. No longer are one's health care needs met within state boundaries. We consult specialists in other states. We are engaged in tele-medicine to help system that service us very often straddle state lines. Every American should have the assurance that their medical records are being treated with the same appropriate safeguards and dignity that they deserve.
This patchwork of state laws is confusing, contradictory, and complex. Individuals, providers, ensures, health plans, and others are forced to deal with this maze of state laws, which fail in many cases to provide the needed and desired protections. A federal floor provides only temporary relief from this maze of state law. Soon some state will pass a new law that will once again create confusion and slow the advancement of health care delivery and research.
I see no compelling reason to pass medical records protection legislation if there is not full and complete federal preemption. What would be the point? We would only find ourselves in the similar circumstance to the one in which we find ourselves today, the patchwork of state laws.
Now I believe that each individual should have the right and the ability to sign an authorization form. Each of us should have a better understanding as to how and for what medical information is being used. I do not believe that we need to as many of us do today, sign authorizing forms each every time we receive care from a different or nurse. I believe we should not be forced to agree to other activities outside of treatment, payment, and health care operations in order to receive treatment. When someone wants to use our medical information for marketing purposes, we should have the ability to say no thank you. We should have the right to revoke our authorization. And in doing so, realize that with such a revocation there are consequence and that we cannot expect our health care providers to provide us with the treatment when they have only access to a portion of our records. To do so puts our health at risk and places are caregivers in a precarious situation where they cannot hope to render the appropriate care.
Finally, I would like to address the issue of law enforcement. There are times when in the course of their duty, law enforcement officials need access to medical records. I believe it is I the best interest of the public to provide them with this access, but I believe we are better served when such requests are reviewed and authorized through an appropriate process.
My legislation would require either a warrant or a subpoena prior to law enforcement officials having access to anyone's medical records. I'm sure that law enforcement officials understand that there cannot be two standards when it comes to medical records. In order for individuals to have confidence in the system, there must be appropriate checks within the system in order to assure that all the information is required and that a legitimate need has been demonstrated.
I understand the unique nature of the law enforcement officials and believe we can come to a reasonable compromise regarding the privacy concerns of the individual and the legitimate needs of the law enforcement community.
Mr. Chairman, I look forward to working with you and the other members of this committee in crafting legislation that provides all Americans with greater access to their medical information as well as greater protection and I thank you.
SEN. JEFFORDS: Thank you, Senator Bennett.
My good friend from Vermont, Senator Leahy.
SEN. PATRICK J. LEAHY (D-VT): Thank you, Mr. Chairman, and I was glad to also hear from Senator Bennett. I've noticed from the time that he came to the Senate his strong interest on this and I enjoyed serving with him during those years he's been here.
These issues are new. I know in 1993 when I chaired the Judiciary Committee Subcommittee on Technology and the Law, I convened hearings on the privacy of medical records and new technologies. Senator Kennedy will remember that well because his valuable help with that. We learned a lot about how technology is overtaking the privacy rights, that information age enthusiasts, it became clear to me that technology can be a powerful tool for protecting our privacy rights or can be a powerful agent in eroding them. The answer is whether we make it our servant or our master.
In 1996 during consideration of the Kassenbaum-Kennedy Health Insurance Portability Bill, Senator Bennett and I worked very closely to include medical privacy protections in that law. In the end, what we worried we'd include is now the deadline that is looming. A time when our leading computer chip and software companies have built secret identifiers into their products that trace our every move in cyberspace without our consent, we have to ask ourselves whether Congress can stand by and see the potential erosion of the public's medical privacy rights. The ability to compile and store and cross reference personal health information has made our intimate health history a valuable commodity. In 1996, alone, the health care industry (spending?) estimated $10 to $15 billion on new technology just to store and compile this material. Mr. Chairman, you may remember the recent article from the Wall Street Journal. I cited it at your Vermont field hearing in had in March about a company that's seeking the mother load in health data mining. This company wants to get health data on millions of Americans of all states and then, sell it to the highest bidder. Today, there are no laws constraining the craze of large databases filled with sensitive, personally identifiable information on any of us. Information on all of us no matter how matter private is like gold to these so-called data miners.
We have to make sure that the grassroots stakes our constituents have in these decisions is not overrun by high powered and well funded lobbying efforts of these special interests who stand to make millions, if they can just delve in and get Senator Collins and Senator Hutchinson, Senator Frist and Senator Jeffords and Senator Kennedy, Senator Murray, Senator Bennett, Senator Leahy's medical records and everybody else's. We must not let threats to privacy rise to the point that the only way a person can ensure confidentially is to void seeking medical treatment in the first place and with some people, it may come to that. If they are afraid they can't protect their privacy otherwise, they might not seek the medical care they need.
Now, Mr. Chairman, you are working to try to bridge the gaps between the various legislative efforts that address this issue and I applaud you for that. I look forward to working with you. There are similarities between the bills that Senators Kennedy, Daschle, Dorgan, and I introduced as 573 NTSA (ph), and the bill that you and Senator Dodd introduced, and the legislation Senator Bennett, Senator Mack introduced yesterday.
There is one area where I've heard a red herring by some of the special interests in the question of health research. They've used this charge of the red herring to try to kill the passage of any medical privacy law or at least have any strong protections for health consumers. But we all agree, all of us, that once medical information is identified for research or other purpose, it falls out of the scope of our legislation.
The bill Senator Kennedy and I introduced keeps in place the current review structure for health research at institutions using federal funding such as NIH. You know, NIH is often touted, as it should be, the best health research institution in the world. So, following their privacy methods, I don't see how that would in any way stifle research.
Other issues may not be so simple to resolve 'til we get to the senate floor, such as preemption of state law. Here again we all agree that weaker health privacy laws should be preempted, but the legislation Senator Kennedy and I introduced does not preempt any federal or state law or regulation. It offers greater privacy safeguard. And our legislation, which may differ, makes room for the many, possible, future threats to medical privacy we don't anticipate today. We have to understand there is a whole lot of technology that, no matter how current we feel we are, we cannot predict. Even the best minds don't know where the technology will be 10 years from now.
We have differences on the question of preemption. These are differences of opinion, but my view is that addressing concerns about medical privacy is not static. Preempting state consumer laws, consumer protection laws, for example, the Congress has never done that. For instance, consumer protections in financial and communications laws set a federal floor not a preemptive ceiling. That's a precedent we should follow. In our own state, for example, we have a cancer registrant, which I've worked to help expand, as you have, to find a cure.
The National Association of Insurance Commission has pointed out that our state statute requires the health commissioner keep confidential all information before the cancer registry with exceptions for the exchange of confidential information with other state's cancer registries. Now, if we had a federal law that preempted our state laws, we could argue that you could wipe out the Vermont Cancer Registry. We don't want to do that for the public's interest, not special interest. That will be paramount as we proceed. And it should not become a special interest wish list or a partisan issue.
I believe we can take these various bills and work together and craft a good piece of legislation, which does not run roughshod over the states, but does protect individual consumers of health care. If we don't, I guarantee you we will have thousands, millions, of Americans, who will not seek health care because they will be afraid of what it might do to their privacy.
Thank you, Mr. Chairman.
SEN. JEFFORDS: Well, thank you both for your actual statements and thank you for all the work you have done. And I am confident from having worked with you and your staffs that we are in a position to be able to put together a bill that we'll all be able to get behind and that's certainly my goal. --
Senator Kennedy.
SEN. EDWARD M. KENNEDY (D-MA): Just briefly I want to thank both of you for -- these are circumstances where both of our colleagues have a good grasp and understanding of the legislation and long-held views and it's important. And I think they're highly respected positions in terms of the pressures that all of us have in terms of trying to work this process through.
I'd ask Senator Bennett, one aspect of the legislation that I want to hear you out on, perhaps you want to submit some additional information, and that is you know in the -- I've tried to lay out the different pieces of legislation and about the five major areas. And tried to see the comparisons and the similarities in trying to see if we can't find some common ground. And in your legislation as well as in the Jeffords-Dodd proposal, they have the required, under the required authorization, you use the World Health Care Operations related to disclosures.
You know you have the other provisions, you have, requires one- time authorization for treatment payment. And then you have health care operations. And then it allows patients to self-pay to avoid payment-related disclosures, which we have gone through, is a real problem for many people. Other disclosures require authorization separate from treatment and payment authorization and cannot condition to care upon receipt. Those are certainly important points. But the health care operation at least lends itself to I would imagine a variety of different operations.
I don't know whether you've thought through about what falls within that definition or how you would define or whether you'd -- something that you want to provide for us in the committee outputs so that we have a pretty good idea. Cause this is one of the areas obviously that is different, yours is different from some of the other proposals that we have before us.
SEN. BENNETT: Surely, I'll be happy to provide specific details and background. Let me give you the overall background for why that was in. When I first got involved in this issue, close to four years ago, and introduced the first piece of legislation with my name on it, and Senator Leahy, was at that time a co-sponsor of it. This was not included. And in the subsequent three and half to four years that I'd spent working on this issue, my door has been open to anybody who is affected by this to come in and tell us specifically how it would impact. And in the process of that information gathering activity, we had a number of health care providers come in and say, you have so narrowly focused on just treatment and payment that you have overlooked the impact of your legislation on our ability to run a hospital.
We have to have access to some of this information to make routine operational kinds of decisions. And I said as I said here today, I have no ideological commitment on this bill, I want us to solve the managerial problems, and I don't want to get in the way of somebody who has legitimate managerial reasons to have access to this information. Come tell us what you need.
And so, a number of health care providers, over literally the years, because as I say, we've been involved in this thing for several years now, have met with my staff, have given us examples of legitimate uses of this activity in order for them to manage their facility. And it is in response to that kind of information gathering that we put this language in the bill. Senator Jeffords and Senator Dodd have been aware of this and that's why similar language is in their bill. And we will be happy to provide the committee with specific information. This is not an attempt to do anything other than make sure that the normal operations of a legitimate health care provider are not interfered with in a way that would otherwise damage the delivery of services to a patient.
SEN. KENNEDY: Well, perhaps we could at least gain some additional insight. I mean the concern as you can probably imagine is that some plans would claim that sort of any activity they undertake is really a health care operation. An there expand that those words to somewhat to different -- it could mean, I mean it could mean any kind of information transaction, could it not?
SEN. BENNETT: We believe that we have addressed those concerns, they are ligament concerns, and they were raised in my office, when these first questions came in, and I'll be happy to supply to the committee all of the background that we have in this area.
SEN. KENNEDY: Okay, just too finally -- you have in you legislation that effectively preempts the states, and then virtually prohibits the states from acting further. Just wondering giving the kinds of technological breakthroughs that we're seeing even today, the use of the Internet for example, in terms of prescribing drugs over the Internet, how do you -- isn't that fairly prescriptive, in terms of healing, in terms of the future, and the possibilities both in terms of new kinds of technology, and new ways of delivering services, as well as new kinds of diseases, and treatments and needs?
SEN. BENNETT: In my opinion the language would not prohibit any progress, in those kinds of areas, and I would suggest to you sir, that if you allow the states to respond to those in a patch work kind of basis, rather than the federal government respond to those breakthroughs. On a uniform basis, you could well have a circumstance were one state says this is how we're going to respond to this new breakthrough with this kind of legislation, and another state right next to it, says no we think your wrong on that, and they adopt a different standard. And the health care provider servicing people who live on that state line, and 50 percent of American's do live on a state line, and are constantly crossing back and forth, find themselves wit-sawed between those two different approaches.
And again I get the criticism from time to time, gee you're a conservative Republican you believe in state's laws, and you believe in state experimentation, and let the states be the laboratories, and I do. I ideologically believe in all of those things, but some things that is scientifically based rather than ideologically based like this, I think should have uniformity nationwide. And if you get a breakthrough that requires a change in the standard, I am assuming that federal official's are intelligent enough, to make those changes at least as intelligent as the state people, and could do it in such a way that would be uniformed throughout the entire country.
Right now if I might take my own state of Utah, that has no legislation at all on this issue. We happen to have very good practice, because the standards have been imposed by the providers themselves, and the providers themselves have a high standard of good practice, and I do not feel particularly threatened by the absence of state law, in the state of Utah. But I recognized that there is a great possibility that something done in another state or something done nationally could affect the practice in my state. And the health care providers in my state who have thrived in this area without any legislation at all, have now come around and said to me, they support federal preemption's simply because they want a degree of uniformity, and predictability in this area, which currently doesn't exist.
SEN. KENNEDY: Well I think I just -- Senator Leahy, and I'll just make the last comment. I think that this is obviously the balance, which I think Senator Leahy had tried to have wherever you established the floor. But which we established the basic and the fundamental kinds of protections, and permit flexibility in terms of some states that want to enhance and provide additional kinds of protections. I think that's at least some what of a different view than you have, it just seems to me with all of the kinds of -- I don't know whether Senator Leahy wants to make a brief comment.
I thank the chair very much.
SEN. LEAHY: Well thank you. Well Senator Bennett had talked about it being a difference whether it is scientifically driven or ideologically driven and I would agree with him in concept. The trouble is sometimes determining where science stops and ideology takes over. Again, I mentioned in my testimony the red herring was brought up by some who say that our legislation would stifle research. And we've had privacy guarantees unfortunately some of the people are saying you might stifle research, ignore the fact that there are very strong privacy standards by NIH and others, but also they are doing the mantra of some of these data mining companies. Those that want to be able to go in, get all this data, and sell it, your personal information for a number of reasons.
We saw this in this area when one of the local pharmacies, people somebody started getting all kinds of ads and all that. And it turned out people who were getting prescriptions filled, their prescriptions, which may reflect intimate facts about them were being sold to another company. These are things that I think most of us find very, very worrisome. So, if there was purely technology or purely ideology it would be easy to make that cut. I think having a floor there helps us in those areas where it's questionable what's technology and what's ideology.
SEN. JEFFORDS: Senator Frist.
SEN. FRIST: Thank you, Mr. Chairman. I'll be brief. I know we have five panels today. But I just want to make two points and one is to thank both of you for your tremendous leadership. Ever since I've been in the United States Senate for the last four and a half years the two of you along with the ranking member and our chairman have participated actively in discussions, which strike right at the heart of current practice of medicine. But also will affect the future practice of medicine care that we'll receive in the future and that our children will receive. And it's been fascinating, because the debate comes down to the three fundamental issues we'll be talking about today.
And though today we're not talking quite as much about the research end of things, clearly very important. And I feel very good that we can meet this August deadline because of the great work that the two of you especially have done. My second point and last point is it was fascinating for me last night, my middle son, Brian, my youngest son Brian who is 11, had to memorize something for school and it was the Hippocratic Oath. And in that Hippocratic Oath, he didn't have to memorize the whole thing it's really three sections and it's referred to a lot when we talked about the history of medicine and health care and people say it's outdated.
But really it boils down to the tremendous importance in value of confidentiality of the trust that has to be at the heart of our debate today. And that trust is reflected in the privacy issues, which we all feel strongly about. That trust in the future in terms of access to data and this balancing act begins to come in, in terms of use of that data for the future. And then as Senator Kennedy pointed out this whole system is changing so fast we don't want to do anything that's going to lock us back in time as we go forward. But that Hippocratic Oath, that trust, that when you go see a health professional of some sort that that information will be used, principally in your best interests, number one.
And number two that that if possible can be used for the interests of others in a way that you're very comfortable with. And that's a balancing act that we must all go ahead with. And it comes back to something as a physician that does effect the quality of health it goes back to that Hippocratic Oath and we'll have time to go further into the debates of the three issues, but just want to thank you for your leadership.
SEN. JEFFORDS: Senator Murray.
SEN. MURRAY: Thank you, Mr. Chairman.
I know you want to get on to the panelists so let me just thank you for having this hearing and thank both Senator Leahy and Bennett for their work on this issue. It is a difficult issue and I think the key issues were already talked about, the whole issue of whether states who have done a lot of work on this ought to be able to continue to move forward and how we balance that I think is key in.
And how we deal with the research issue versus patient's rights and I'm sure Senator Leahy's concern is that people will not seek medical help if they fear that they don't have protection of privacy. I've already talked to individuals who have not sought mental health services because they fear that someone will find out about it. I am well aware that some insurance companies deny both life insurance and disability insurance to victims of domestic violence.
And women not seeking care for abuse because they are fearful that they will then be denied insurance coverage in the future. These are difficult to balance against the needs of research. And I hear from my research committee as well, we have a lot of work to move through and I appreciate both of you and your tremendous work on this and look forward to the panelists talking about how we deal with those issues.
SEN. JEFFORDS: Senator Hutchinson.
SEN. HUTCHINSON: Thank you, Mr. Chairman.
I also want to thank you for your presentation today, I look forward to hearing the panels clearly one of the most pressing issues this committee will address this year. Senator Leahy if you could just deal with the law enforcement issue, I think Senator Bennett said that a subpoena or warrant is what he envisioned as far as what law enforcement would have to do to justify access to those records. How would your legislation address that?
SEN. LEAHY: We do the same thing, we have a very strong law enforcement because we know that law enforcement is necessary. I think if the secretary of HHS had wanted complete and unfettered access, by law enforcement we require a warrant or a grand jury subpoena or court order.
Basically what we're saying is this, we're saying they got to have the same kind of court proceeding as they would to get your video records. I mean if we have -- Allen Simpson and I wrote the law, the so called Bork Law, which we've put in because of our outrage at somebody who's gone into former Judge Bork's video records and were publicizing them -- of video rental records, and publicizing them during his confirmation hearing.
So, Senator Simpson and I wrote a law that said you couldn't do that. But we felt you ought to have at least as much protection of your very personal medical records as you do whether you had rented Star Wars or not, it seemed to make sense you have at least that much. And as a former prosecutor I'm used to -- when I was a prosecutor I knew we had to get subpoenas or we had to get a search warrant to get somebody's medical records. And I did that in cases where it's appropriate.
Law enforcement should have to do that even if your records are in electronic form or however it's kept. I don't know what doctors are going to put much into a medical record if they think that there isn't at least that kind of a privacy. But it would not stop law enforcement with the appropriate -- either search warrant or subpoena.
SEN. JEFFORDS: Thank you.
Senator Bennett would you just respond to that also and the concern that without unfettered access that it's going to unduly hamper law enforcement's efforts on fraud and abuse and other needs for medical records. SEN. BENNETT: Well we've spent a lot of time working with the law enforcement community to come up with the right balance here, and we feel we have struck it. There is, of course a very legitimate reason for law enforcement to have access to medical records, but they must be able to demonstrate it. And so, we think we have found the right kind of balance in the language we've adopted. It's been a very difficult one we've been working on for this period of time that I've talked about.
I try to -- for example if you've been a psychiatrist and had psychiatric work and all of that, you ought to be entitled to at least the same privacy as whether you rented Gone with the Wind.
SEN. HUTCHINSON: Well, it seems like a pretty compelling logical argument to me, but I'm interested to hear why the concerns about those kinds, even those kinds of limitations.
SEN. JEFFORDS: Senator Wellstone.
SEN. PAUL WELLSTONE (D-MN): Thank you, Mr. Chairman, I just have a half an hour or so of questions, and then I'll --. No, actually.
You know, I didn't get a chance, I apologize, to hear either one of colleagues. And so, I just would thank them and just signal one big concern that I have. It's not so much in a form of a question to Senator Bennett, whom I've come to really appreciate.
I think this whole issue of preemption of state efforts in the State of Minnesota, we have a really strong piece of legislation, which really goes to the heart of giving people some protection. And we've made some adjustments to accommodate some people that have been doing medical research and how we can find the balance, but I would find it very difficult. I think, this is the strength, Senator Leahy of your approach. I would find it very difficult to support something that would preempt what Minnesota has done. And I'm sure you're hearing that from other colleagues and you may want to consider that as you go forward. But we've worked pretty hard in our state to get it right and I wouldn't want to see legislation that would preempt, I think, a really strong state effort.
SEN. BENNETT: I addressed that before you came, but let me just say again, you cited your state, let me site my own that has no state law, whatsoever, but that has very good practice, an it has been put in place by the providers themselves who recognize the importance of confidentiality. And we've had little or no concern with respect to confidentiality within the State of Utah.
Nonetheless, they are willing to give up the flexibility that they have, knowing that they can provide good practice in return for uniformity. Because the problem that we run into with 50 percent of Americans living on state lines and having different standards back and forth across the state lines is a desire for uniformity here as we move further into the information age. And this information goes around the country with literally the speed of light. It becomes very difficult for somebody to say, well, we're going to comply with this state law here, the other state law there. The established practice that is not mandated by law in another state becomes a patchwork that's almost impossible to deal with.
SEN. WELLSTONE: I appreciate you comment. I guess my philosophy on these matters, when it comes to what side you air on is -- I think this has become such an important issue to families.
I would prefer to establish the uniformity in terms of a minimum standard, but I think states that want to go forward and do even better should be allowed to do so. And I'm just saying that I believe that's the position of people in Minnesota and that will be my position, understanding full well and holding respect for your position.
SEN. JEFFORDS: Senator Collins.
SEN. SUSAN COLLINS (R-ME): Thank you, Mr. Chairman.
I want to join in commending our two witnesses for their leadership in this area, as well as the leadership of several members of this committee. I think it contrasts very sharply with the lack of leadership by the administration in trying to come forward with a proposal that would apply an appropriate balance or strike an appropriate balance, particularly in dealing with the law enforcement concerns that that privacy legislation raises.
The rapid changes in which health care -- in the way in which health care has been provided, documented and paid for in the United States has raised very serious concerns about medical privacy and the confidentiality of our records. And I think everyone here is committed to drafting legislation that provides the kind of protections that all of us would want for our personal records.
I would just add a cautionary note. Last year the State of Maine passed a Medical Privacy Bill that everyone thought was the answer to this problem. It had widespread support among all the stakeholders; it passed the legislature very easily; it was signed into law by the governor and this year when it went into effect it was in effect for all of two weeks when there was an outcry at the unintended consequences of the legislation. The result has been that the legislature unanimously voted to suspend the law until October 1st of this year. The governor has signed that suspension into law and everyone's back to scratch to start to try to piece together a workable law.
So I think Maine's experience in this area shows how difficult it is to achieve workable legislation, even though every single person in this room shares the goal of protecting sensitive medical information and ensuring the confidentiality that gives trust to people in their relationships with healthcare providers. So I just want to thank you very much for your contributions to this debate and I look forward to our deliberations.
Thank you, Mr. Chairman.
SEN. JEFFORDS: Thank you, Senator.
Senator Dodd.
SEN. CHRISTOPHER J. DODD (D-CT): Thank you very much, Mr. Chairman. I'll ask unanimous consent that some prepared remarks be included in the record and let me welcome two colleagues here who have worked very, very hard on this issue. Senator Bennett's been involved in this for a long time, as Senator Leahy has. Their advice and counsel means an awful lot.
Like Senator Jeffords and I, as I think all of you know, have introduced a bill -- we've had a good conversation in fact the other day with Senator Bennett about some of his, some of his ideas in all of this and Mr. Chairman, I want to thank you. Normally committees like this who sort of reauthorize a lot of legislation that's needed, we're sort of venturing here as Senator Collins has just poignantly pointed out, into the unknown, an area where there are a lot of consequences to this issue. There's an initial reaction to it, which we all can appreciate, but there are the unintended consequences that can occur.
The only constituency that I know of that probably doesn't care about this so much is those who are operating under the false impression that they don't have a problem. And that if you look at what existing federal law does today, there's absolutely no law that establishes an individual's right to privacy for sensitive medical information. And the only -- right now you don't have a right to see your medical records; you don't have a right to keep your insurer; you're sharing your records with your employer; you don't have the right to prevent information you give in confidence to your doctor from being used in direct marketing. These are things, rights, people think they have and they don't.
And so what we're obviously trying to do here is given the information age we're exploding into, and while I have deep respect for what the states are doing and our colleague from Minnesota articulated that well, what Senator Jeffords and I have tried to do is to sort of combine both of that to recognize the state effort, but to also fully there's some appreciation that if we don't have a national standard in this area that it's going to be very, very difficult to kind of have the uniformity that's necessary to deal with it. So I won't -- and I think plenty of members are probably aware of the sort of middle ground that we've carved out here as a way of trying to satisfy the desires of the state level to do something in this area and yet at the same time recognize that there's a real need for a federal role here given the magnitude of this problem rather than the patchwork of laws across the country when it comes to these issues, if for no other reason than I think consumers would like to have clarity on this as well, as well as our researchers and our doctors, our insurers, our employers.
Everyone needs clarity and there's a danger when you run the other direction here that you lose that which will be critically important if this law or the proposals are going to succeed. Today about 90 percent of all medical records are still in the old file cabinets. The assumption it's all on computers is not the case; it's in file cabinets, 90 percent of it. That's changing by the hour. To give you some idea, the volume on the Internet, increases, it doubles, excuse me, the volume on the Internet doubles every six weeks. That's how explosive nature of the Internet and clearly that's the direction this is going in. As a result of that, the access to this information is going to be global in its perspective, let alone national in its perspective. So the need for a national legislation in this area, I think, is obvious.
Again, Mr. Chairman, I thank you for your efforts and deeply appreciative of the efforts of our two colleagues.
SEN. JEFFORDS: Well thank you both. I've taken a great deal of your time, but that emphasizes how important this issue is. Thank you. We will continue to be consulting and working with both of you as we move forward.
(Chorus of thank yous.)
SEN. JEFFORDS: We will now turn to our second panel, Mr. John J. Bentivoglio. Pleased to have you here.
MR. JOHN J. BENTIVOGLIO: Good morning, Mr. Chairman.
SEN. JEFFORDS: And you have someone with you, I believe.
MR. BENTIVOGLIO: I do. This is Lynn Hunt. She is the chief of the Financial Crimes Section at the Federal Bureau of Investigation.
Good morning, Mr. Chairman, and other members of the committee. My name is John Bentivoglio; I'm the special counsel for healthcare fraud for the Department of Justice. I'm also the Department's chief privacy officer. I appreciate the opportunity to present the Department's views on the issue of medical records privacy.
The Department supports the enactment of federal legislation to protect the confidentiality of patient health information. We recognize that patient medical records contain sensitive, personal information, including past and present medical conditions, family medical history, prescription drug usage and similar information. And we are aware of the studies and reports on the misuse of confidential information by employers, insurance companies and other private sector entities. Accordingly, the Department supports the recommendations in the September 1997 report by the secretary of Health and Human Services which outlined a comprehensive framework for federal medical records privacy standards, including guidelines to ensure the security of identifiable health information, federal safeguards and consumer controls of information in medical records and holding healthcare entities responsible for employees who misuse protected information.
In addition, we support the recommendations in the secretary's report that call for strong sanctions for violations of patient confidentiality, including criminal penalties for knowing and intentional violations of federal medical records privacy laws. At the same time we urge you to recognize and accommodate the needs of law enforcement to investigate and prosecute civil and criminal violations and to protect public safety. In many cases, our ability to investigate and solve serious crimes, including violent crimes, healthcare fraud and other serious offenses, turns on our ability to obtain individually identifiable health information in a timely manner. We're able to do so under current law and we have used such authority in a responsible manner.
Moreover, law enforcement agencies have a strong incentive not to disclose investigative information including confidential health information beyond those with a need-to-know for legitimate law enforcement purposes. I'd like to provide a couple of examples that demonstrate why law enforcement needs access and access in a timely manner. During the course of a rape in Washington, DC, the victim slams a car door on the assailant's hand, possibly causing serious injury. Local police immediately contact emergency rooms in Washington, DC, Maryland and Virginia to determine if anyone matching the assailant's description has been treated for a serious hand injury.
Or a law enforcement agency conducts a comprehensive review of patient medical charts during investigation of a hospital suspected of billing health insurance plans for services that were never rendered. During this lawful review, investigators discover notations in a medical chart that a patient has been physically assaulting other patients, causing serious physical injury. Hospital executives decide not to report these incidents to authorities in order to cover up inadequate staff coverage during the time of the assault.
Finally, a person who has recently been released from a psychiatric facility barricades himself inside the offices of his former employer, kills two people and holds several more hostage. Negotiators need immediate access to his medical record to understand the kidnapper's diagnosis, discover what medications he may be taking, contact his psychiatrist, and to assist in resolving the situation without further loss of life. These are just some examples where individually identifiable health information is disclosed to, and used by, law enforcement in an appropriate manner.
In some cases, the need for health information is limited but urgent. For example, in the rape scenario described above, police are not seeking the entire medical file of a patient; rather, they simply need to know if a person matching the assailant's description has been treated for a serious hand injury. However, even though they are not in hot pursuit of a suspect, they need immediate access to that information.
In other cases, such as in the Medicare billing fraud, investigators will need access to hundreds of patient medical records. Generally through an administrative or grand jury subpoena or civil investigative demands. In this scenario, it would be extremely burdensome and in some cases impossible to provide each patient with advance notice and an opportunity to be heard before the subpoena is enforced.
Furthermore, notice to patients will unfairly and publicly broadcast the law enforcement's suspicion of a provider before any charges are brought. Also, providers who receive premature notice that they are under investigation have the opportunity to destroy or conceal assets that might be ceased in the future.
Law enforcement has an excellent track record in obtaining and using health information in an appropriate manner and in protecting its confidentiality. We are not aware of any systemic or widespread misuse of confidential health information by law enforcement. And federal, state, and local agencies are already under a wide array of constitutional statutory and regulatory requirements that protect the confidentiality of health information, ensure that is obtained and used only for official law enforcement activities.
Given the frequent and sometimes urgent need for law enforcement access to this information, the department recommends that we maintain current federal privacy protection. We urge the committee to follow the September 1997, report of the secretary of health and human service, which recommends that law enforcement agencies be protected from new restrictions and provided no additional authority for access to medical records.
As the committee moves forward, we would appreciate the opportunity to work with the committee on the development of patient privacy legislation.
Again, I appreciate the opportunity to present the department's views and look forward to answering your questions.
SEN. JEFFORDS: Right on the second.
MR. BENTIVOGLIO: Thank you. SEN. JEFFORDS: Well done. You testified that federal, state, and local law enforcement agencies are already subject to a wide array of constitutional, statutory, regulatory, and administrative requirements that protect the confidentiality of health information. How do you respond to those who argue that these protections do not guarantee privacy and that more strict hurdles are needed for law enforcement?
MR. BENTIVOGLIO: Well, in general, we do take advantage of constitutional and statutory processes for obtaining medical records. Typically at the federal level, we get this through the grand jury subpoena process or through a search warrant. But the examples I described demonstrate that in some situations that going that process would be unduly burdensome and could jeopardize public safety. In those instances, I think -- we looked at a very sound track record of law enforcement, which does not include really widespread or systemic misuse of confidential health information. And I think that's largely because we have such a strong incentive to use the information in an appropriate manner and to not publicly disclose it beyond the needs of the law enforcement investigation.
SEN. JEFFORDS: You mentioned that the department is in the process of developing more specific guidance governing the disclosure use and handling of health information. When to do you expect the guidance to be available for members of this committee?
MR. BENTIVOGLIO: I can't give you a specific deadline. I would think in the next several weeks or several months we should be able to issue that. That guidance will direct our personnel to do things like redact documents that are disclosed in administrative or judicial proceedings, to ensure that we have appropriate security of confidential medical records in the light. So, we would be happy to share that with the committee as soon as it's available.
SEN. JEFFORDS: Ms. Hunt, do you have any comments to add?
MS. LYNN HUNT: Yes, just very briefly, thank you. Good morning. As Mr. Bentivoglio stated, I'm Lynn Hunt, chief of the financial crime section of the Federal Bureau of Investigation. I want to thank the Chairman and the entire committee for allowing me to appear this morning to express not only FBI's, but I believe all of law enforcement's concerns with proposed medical records legislation, which could severely hamper law enforcement's efforts to address a host of crime problems plaguing the American society. In 1996 Congress enacted comprehensive legislation to combat the health care fraud crime problem, which continues to rob Americans of billions of dollars annually and effects the quality of medical care that we all require.
The health insurance Portability and Accountability Act of 1996 gave the FBI increased funding and new legal tools to address this very crime problem. We at the FBI interpreted this as a message that Congress wanted the FBI to step up our efforts, we responded. I and other senior management officials have used this increased funding to hire, equip and train more agents to be assigned to healthcare fraud crime matters.
The bureau has now the equivalent of 420 agents investigating over 2,800 cases of healthcare fraud, a more than three-fold increase from the early 1990's. This is a serious commitment of investigative resources. Let me assure you these 2,800 investigations do not involve instances of honest billing mistakes, as we have neither the resources nor the desire to pursue these matters. There are other remedies to correct these mistakes that do not require an investigation by the FBI.
What all our agents are pursuing are criminals who commit massive fraud and who may put financial gain over the care and medical needs of the patients.
My staff and I have reviewed a number of bills introduced as well as proposed and we have grave concerns about the new burdens and restrictions that many will place on law enforcement, particularly in our healthcare fraud enforcement efforts.
It is our most basic need to be able to compare what was billed to government sponsored as well as private healthcare plans with what services were actually provided to the patient. The FBI has investigated literally thousands of allegations of egregious fraud in this area and I am not personally aware of any instance in which our agents have been careless with personally identifiable healthcare information. In fact, we take great steps to prevent this very occurrence.
The FBI and the entire Department of Justice agree that new protections are needed for patient records. However, absent documentation of any systemic abuse by law enforcement, we would urge Congress that no new legislation be enacted that would unduly burden law enforcement in investigating serious criminal conduct as well as civil fraud.
Mr. Bentivoglio indicated that these restrictions would adversely impact on many other areas of law enforcement to include serious violent crimes, hostage situations and terrorist activities. What about those states that currently have laws requiring the mandatory reporting of gunshot wounds? Further more, how would the requirement contained in these bills impact on the excellent working relationship that presently exists between the investigators and prosecutors of the Department of Justice and the Healthcare Financing Administration as well as the special investigative units of Private insurance companies?
What about QETAM (ph) relaters and other good citizens who want to report healthcare fraud to the FBI or other law enforcement agencies, would they be committing a criminal act by furnishing documentary evidence to law enforcement? These are some of the issues which we urge Congress to consider. As Mr. Bentivoglio pointed out the department views with enormous concern the right of Americans to have their medical records protected from unwarranted disclosure.
He mentioned that the Deputy Attorney General recently issued a memorandum stressing the need to protect individually identifiable health information obtained during the course of our investigations and prosecutions. This memorandum was forwarded to all FBI field offices so that they too would be reminded of the importance of confidentiality. I believe that this should be reinforced at the FBI Academy so that all new agents are clear on this issue, and I will personally guarantee this committee that this will be done.
In conclusion, I urge you not to recommend new restrictions on law enforcement access when you consider Medical Records Privacy Legislation.
Thank you.
SEN. JEFFORDS: Thank you. I remind you that we have to get this out and moving. We hope to have it marked up and out of this committee by the end of next month, May. So, I would hope you would keep in touch with us, and we will keep in touch with you to make sure that we will end up with a product that you will not feel unduly burdensome.
MR. BENTIVOGLIO: We'll be happy to work with the committee, Mr. Chairman.
SEN. JEFFORDS: Senator Dodd.
SEN. DODD: I would to ask -- I do have a question. Let me just -- let me be very practical with you. You cited in your testimony, an example of a rape case in which the alleged perpetrator, there was some wounds, or whatever, some blood samples, and you needed to get at that information. I wondered if you just might take that example, a very concrete example, and explain how law enforcement currently accesses those records, number one. And how specifically would the bills that have been introduced, how would they impact, in your view, that present process?
So, take us through what you do very quickly right now in that kind of absolute, clear fact situation.
MR. BENTIVOGLIO: Well, that would, that offense would be a violation of state law. So, if it happened in DC, the DC police would probably go to local emergency rooms and see if someone has been treated for an injury, a hand injury that matches the assailant's description.
If that were the case, they would probably go back and get a search warrant in that situation. The difficulty that we have with the legislative proposals --
SEN. DODD: That's under the present situation.
MR. BENTIVOGLIO: Correct.
SEN. DODD: All right.
MR. BENTIVOGLIO: The difficulty that we have is even that initial contact with the emergency room would be problematic because they couldn't disclose that information to us. So, we couldn't even get a search warrant of the hospital because we wouldn't have any --
SEN. DODD: Under which bill now? Which bill are you talking about?
MR. BENTIVOGLIO: Under virtually all of the bills. Under the bill introduced by the Chairman, Mr. Bennett's, and Mr. Leahy as well.
SEN. DODD: And what about the one that Senator Jeffords -- that bill as well?
MR. BENTIVOGLIO: Yes, sir.
SEN. DODD: Okay.
MR. BENTIVOGLIO: So, we -- and that highlights a dilemma that we face. In that situation, that initial contact with the emergency room, we're not asking for the patient's entire medical file. We're asking merely whether that person, a person has been treated for an injury. And in that sense, we don't think that the grand jury process or search warrant process is practical.
Since it's a local investigation, they would have to go local courts in Montgomery County, PG, the District, Arlington, Alexandria to get a search warrant. And without the initial information about whether a patient's been treated for that type of injury who matches the description, they couldn't even get any compulsory process.
SEN. DODD: Mmm-hmm.
Well, the ACLU disputes these alarms, as you might not be surprised. And I guess we're going to hear from them, Mr. Chairman, on this. But that's a -- but I appreciate that.
Thank you.
SEN. JEFFORDS: Senator Hutchinson.
SEN. TIM HUTCHINSON (R-AR): Thank you, Mr. Chairman.
Let me just follow up on what Senator Dodd said. You stated that you thought that no new restrictions should be added. What exactly are you required to access medical records currently, individually identifiable medical records?
MR. BENTIVOGLIO: Well, if we were to obtain the records under a grand jury subpoena, there are standards for when we could issue a grand jury subpoena for those records. It has to be relevant to an ongoing criminal investigation. If we wanted a search warrant, we'd have to go to (and attach?) magistrate based on probable cause to get certain records.
In the instance of the rape example that we are discussing, there would not be any restrictions on us currently going to a hospital and saying, has someone matching this description been treated for a hand injury.
SEN. HUTCHINSON: Okay, in that instance, I think you said that you went to the hospital's emergency room, and then, you asked, and then, you'd go back and get a search warrant. But you said we might want to go get a search warrant.
Would you be required to get a search warrant, or could you demand access to their records currently?
MR. BENTIVOGLIO: We could probably ask them for those records. Most hospitals wouldn't provide them. And I think in the vast majority of cases, we would go back and get a search warrant as a matter of good law enforcement practice. Because in that situation, we would be looking for the entire patient record.
SEN. HUTCHINSON: But there are currently no requirements that you do that?
MR. BENTIVOGLIO: Correct.
SEN. HUTCHINSON: When Senator Leahy was here, he gave the example of video records. If you wanted to get someone's video records, video rental records, what would you currently have to do?
MR. BENTIVOGLIO: You would need to get a court order. And I would like to address that issue.
SEN. HUTCHINSON: I want you to have that opportunity.
MR. BENTIVOGLIO: Thank you, Senator.
Video records are rarely needed for any type of investigation, whether it's a violent crime, health care fraud or the like. So, those restrictions, which are very severe, don't get in the way of many investigations that we face. If those same restrictions were put in place on health care information, it would have a devastating impact on our ability to solve some crimes.
SEN. HUTCHINSON: So, the requirements, as I understand in the various bills, are fairly consistent. That the information would need to be relevant, material to ongoing investigations, the investigative needs for the agency could not reasonably be satisfied with identified health information and law enforcement need for information outweighed the privacy interest of the individual involved.
Explain to me, is it simply a matter that the time required to demonstrate those requirements would make it unwieldy or interfere with good law enforcement? MR. BENTIVOGLIO: If, in addition to those requirements --
SEN. HUTCHINSON: It does sound fairly reasonable that that should be demonstrable before you have access to that information.
MR. BENTIVOGLIO: Senator, if it were only those requirements, we would be less troubled, but those requirements are coupled with the need to go to a court and get an order before we get access to this type of information and that's the burden that would be troubling to us. If we had to go and get a court order before, example, going to a hospital, that would be very burdensome, particularly in the example I described where we have multiple jurisdictions that you'd have to go to.
SEN. HUTCHINSON: So, are you required to get a court order in certain instances today. You mentioned video rental records, but is that a --. I mean, it was my impression that getting a court order was fairly routine, that it was frequently done. It wasn't something that required a lot of time.
MR. BENTIVOGLIO: Well, a search warrant does take -- you know, you have to prepare an affidavit. You have to go to a court and get that order. And you need probable cause to establish that the evidence you will seize will be relevant to a crime.
In the instance that I described, the rape example, we wouldn't even know, going to a hospital in the first instance, whether a person meeting that description has been treated for that type of injury that we're looking for. So, we wouldn't even have probable cause to go to a court and say, we want the patient records from hospital X. That's why we need the ability to contact those local hospitals, get that preliminary information, determine whether there's probable cause and then go back and get a court order.
SEN. HUTCHINSON: I think you touched upon this, but could you just expand on how the various proposals would impact current, mandatory, reporting requirements. We've had prosecutors who've called us, concerned about mandatory requirements on reporting gunshot wounds, knife wounds, how do you see these proposals impacting current law?
MR. BENTIVOGLIO: In our review of the legislation, I think both the Bennett and Leahy Bills would preempt the mandatory reporting laws. Laws for example that mandatory reporting of gunshot wounds. The bill introduced by the Chairman has an explicit exception for that. So, that reporting under federal or state law could continue to occur.
SEN. HUTCHINSON: Well, I appreciate your answers. They've been very responsive and I think clearly that the need for balance in the kind of bill that the committee puts forward is essential and I appreciate the Chairman's willingness to work with you. SEN. DODD: Tim would you just ask on this one point here. The Senator asked you a question about how burdensome. Specifically, what do you do? How burdensome is this really?
MR. BENTIVOGLIO: To get a search warrant.
SEN. DODD: Yeah. Just to follow up. I want you go through that here. How burdensome is it? I mean, you have the police showing up. You've got a hospital here. Clearly, you're not --
MR. BENTIVOGLIO: Correct. Most hospitals would not just simply turn over a patient --
SEN. DODD: Right, now you've got to go back. How much time does that time? Is it an hour? Is it a day? Is it a week?
MR. BENTIVOGLIO: At least several hours or longer. You'd need an affidavit from an agent describing the probable cause. That would need to be submitted to a court and a court would need to rule on that. And when you're making that type of statement under oath, you need to make sure that all your facts are straight and it's very serious to seek a search warrant from a court.
SEN. DODD: It should be. Shouldn't it be serious?
MR. BENTIVOGLIO: Absolutely.
(Cross talk.)
SEN. HUTCHINSON: I recognize the need for a balance, but I think that if we're talking about an inconvenience, not something that is going to dramatically hamper law enforcement's efforts, then that we need to air -- we need to lean to the side of the protection of the individual. So, as we work through this, I hope that we'll keep that in mind and the clarification that we're talking in terms of possibly a few hours as opposed to something that is going to be a very, very lengthy process. We need to keep that in mind.
MR. BENTIVOGLIO: Senator, if I might respond to that. The difficulty in the example that we described, though, is that we couldn't go to a court and get a search warrant if we didn't have some idea that that particular patient was treated, the assailant was treated at a particular hospital. If we couldn't make that initial contact with the local hospitals to determine if someone meeting a certain description has had a certain type of injury treated, we couldn't get a search warrant in that instance. So I would argue that it's not a matter of an inconvenience. In some situations, if we don't have access to that initial information, we can't move forward and the search warrant or grand jury subpoena would not be available to us.
SEN. HUTCHINSON: So, hospitals currently if go and say did you treat someone with this wound, they will automatically give you the answer?
MR. BENTIVOGLIO: Uh, in many instances, they would, yes SEN. HUTCHINSON: Thank you, Mr. Chairman.
SEN. JEFFORDS: Senator Wellstone.
SEN. PAUL WELLSTONE (D-MN): I was here before you --
SEN. REED: You were here for a while.
SEN. WELLSTONE: Okay, I didn't want to take -- but I'll go ahead if you like.
(Laughter.)
I think this is an extension to the question that Senator Hutchinson and Senator Dodd were asking. Can you give us, as a federal prosecutor, can you give us some examples or instance in which law enforcement has sought a court order for medical records and actually been denied? And if there's a denial then for it, you know, you're being able to be successful in your investigation.
MR. BENTIVOGLIO: I can't think of any specific examples. We don't keep track of its instances where we haven't been able to pursue matter due to one reason or another. So, I couldn't provide you any specific examples.
SEN. WELLSTONE: I mean, I think that's part of the question that we're trying to get at here. And the reason I mentioned this is that I do think that part of what you're suggesting though I fully appreciate your framework is it breaks precedents with privacy laws that would allow law enforcement to gain access to, you know, very sensitive personal information without some legal process. And so I think the question of whether or not there is some experience, some evidence that you can point to where you sought a court order for medical records and you were denied. I mean -- maybe you could try and supply us with that information because that to me is a key point.
MS. HUNT: The only thing that I can come with that's fairly close is that we had a situation where we requested a court order for medical records and the judge was very nervous about the privacy issues associated with giving medical records. He took it under advisement for several weeks. When he then gave us the ability to get the records, he only gave us the records without the identifying information, which then turned out to be useless for us. Because we could not compare the billing records with the medical records, which is what we usually need to do in these health care fraud cases. The judge was nervous and as a result even though we got the records, they were useless.
SEN. WELLSTONE: What's the burden for getting a court order?
MR. BENTIVOGLIO: Depending on what type of order you get. If you, for example, a search warrant you need probable cause to establish that persons or places, be ceased or searched are going to yield the (suits?) of a crime, or evidence of a crime. So, essentially you need probable cause.
SEN. WELLSTONE: I do a fair amount of work in the tough issues dealing with substance abuse. And I want to ask you in the course of a fraud and abuse investigation of a substance abuse clinic what happens if the DOJ uncovers evidence of illegal drug use on the part of the patient? Can that information be used to prosecute the patient, in other words, do you follow my question?
MR. BENTIVOGLIO: There are already heightened privacy protections for substance abuse records under the federal law. And so typically to get the information in the first place we would need a court order because of concerns about the unique nature of substance abuse record, so we would need a court order.--
SEN. WELLSTONE: So, in the absence of that, the answer would be no.
I just was told, I don't want to pretend like this is my own view, but this right now is only for federally funded treatment, is that the only protection there is with the court order or do you know?
MR. BENTIVOGLIO: Well, I believe that that's the case.
SEN. WELLSTONE: I'm told -- I'm not a lawyer here. Why don't you repeat that?
(Laughter.)
This is what happens sometimes. Rather than my -- this is what happens sometimes. You know, we hear from staff, who know 10 times more than we do and we pretend like we know it, but then we repeat. But then sometimes we don't repeat it well.
(Laughter.)
Why don't you ask the questions? You know more that I do.
MS. HUNT (??): I understand it's very arcane. And like many privacy issues, tucked into different pieces of legislation that it's different from protections from medical records. But I believe that the extra protection that you are referring to for people who have substance abuse history, only extends to people who are in a program that has federal funding, and that their treatment is federally funded.
There are some people nodding their heads back there, so --
MR. BENTIVOGLIO: I believe that that's right and I think we can make sure, for the record, that we get that answer to you.
SEN. WELLSTONE: That would be good because I'm glad I thought of that question.
(Laughter.
Thank you, Mr. Chairman.
SEN. JEFFORDS: Senator Frist.
SEN. BILL FRIST (R-TN): Thank you, Mr. Chairman.
I want to ask you, the fundamental question is, what do you do in terms of search warrants that is specific for health care, and are there specific procedures? Let me set the background for this, because recently I was back in Tennessee and was made aware of a situation that I've got numerous articles about and that both of you probably know something about. Let me just share with you what I was told.
On February 24, 1999, approximately 37 federal and state agents with guns and bullet proof vests executed a search warrant on Woods Memorial Hospital, a non-profit, 72-bed hospital, which operates a home health agency, a nursing home, all of which are owned by McMenn (sp) County. It's a county hospital. Agencies represented by these individuals, included the Office of Inspector General, the Federal Bureau of Investigation and the Tennessee Bureau of Investigation.
The unprofessional conduct, I was told, of many of the agents, upset families, upset patients and workers and in some cases, jeopardized patient safety. And so, this is why I'm coming back to health care, health care facilities, when these raids or these search warrants are given. This was referenced by the president of the Tennessee Hospital Association, who basically said that he believes, and I believe, quote from the letter, "The agents participating in the Woods Memorial Hospital raid, far exceeded the boundaries of the search warrant. In short, the Department of Justice, and its endeavors to ferret out fraud and abuse, should not be allowed to put patient's health at risk or frighten, intimidate and humiliate innocent nurses and others with heavy handed and inappropriate investigative tactics."
That's from the letter. There are numerous, numerous articles. Just an editorial from the local paper there, The Daily Post Athenian. It's just a small town, Athens, Tennessee. Attawa (sp) is right next to that. I'll just quote from, again, there are numerous articles, "Dozens of these federal agents descended upon the hospital wearing hand guns and bullet proof vests, a scary sight in itself. They flashed their badges and demanded to know who people were and what they were doing at the hospital. These agents with an air of arrogance about them herded employees into offices and began questioning them without any explanation of why they were being interrogated.
It was a frightening experience for all of the employees who found themselves feeling as if they were at the mercy of the federal agents. Some of the hospital workers even feared for their own safety and it wasn't just the employees and this is what bothers me most, personally.
And it wasn't just the employees who found themselves recoiling in fear from the federal agents. Patients and visitors alike were treated with total disregard and were given no respect by the agents.
We found it especially troubling to learn these federal employees burst into the dialysis center where patients with extremely fragile conditions were being treated and started acting like a schoolyard bully. I talked to, and had the hospital administrator come in recently, these are all constituents of mine, and basically describe what happened as agents with the search warrant came in to a dialysis center where patients were actively being treated. It's interesting that one of those patients in that dialysis center when the agents came in had hepatitis C. Hepatitis C, as you know, is a very infectious agent and the description, and this was all documented in numerous letters, is frightening to somebody such as myself and made me think regardless of whether the hospital has done something wrong or not, what assurances we can give patients and doctors and nurses who are in these hospitals when a search warrant, which all of these bills says you can have search warrants for records.
The records that were taken in the description going through, first of all just the behavior and the description, the narrative, of what happened. Employees were forced into a small office in the dialysis center between 10 and 12 people were crammed into a 10- by 12-foot office, which also contained bookcases. One nurse was claustrophobic and nearly fainted due to the tight space. She started yelling; finally yelling and they finally let her out. The description goes on.
Agents also raided the dialysis center next door; the director of the center was washing artificial kidneys in a back room when an agent walked in with his hand on his gun and loudly demanded to know his name and why he was there. The agents intimidated the patients and staff of the dialysis center and home health department and disturbed dialysis patients who are in a fragile state due to their disease. They trampled through sterile areas. They didn't wear any protective clothing or gloves in these areas to guard against infecting the patients who had open bloodlines.
Staff was not allowed to use the telephone in a home health agency where there were ongoing calls coming in from people who needed help. They were not allowed to use their telephones. Employees had to raise their hands; some personal items were taken. I guess when I read this and it makes me think and now there've been enough people to come through the office from this, again a county-owned hospital there, that disturbs me a little bit and I want to make sure in all of the legislation that we have some recognition that healthcare facilities, when raids or you are taking medical records even with a search warrant, are protected.
And my question is, is there anything specific in terms of the regulations that recognizes the delivery of healthcare is an environment that is very different than where other types of raids would be carried out?
MR. BENTIVOGLIO: Indirectly, yes. I don't want to say that there are specific guidelines on search warrants executed at hospitals. I should say that as a matter of general practice, our people know not to disrupt the ongoing operations of the healthcare facility when executing search warrants or subpoenas. And where possible we will try to serve it, for example, at night when there are not patients around. We'll do so in a manner that tries to disrupt the facility as little as possible.
In that particular instance, Senator, I have seen those press clips as well and I've asked for a report on what occurred in that situation and at least from our information I'm getting, many of those facts are grossly distorted. Nonetheless, it is very serious when we execute a search warrant during the day in a hospital facility and we're still looking at that to see if we did something wrong and if we didn't, what procedures we should have in place to make sure that we are sensitive.
There's no doubt that we have tools available to us that need to be used responsibly, even in the absence of legislation. We need to do a good job with those tools and then have people confident that when you give us the tools to fight healthcare fraud or violent crime or terrorism that they're being used appropriately. Putting aside legislation we need to make sure that we're getting it right. Beyond that, I don't want to comment on that particular matter because it is an ongoing investigation. We should be able to provide our side of the story to the committee so that you're not left with the impression that the facts are supported in the press will be completely accurate.
SEN. FRIST: Thank you.
(Cross talk.)
SEN. JEFFORDS: I'd appreciate that because I'd like to know what action is taken if it's felt that this was not appropriate conduct.
MR. BENTIVOGLIO: Yes, Mr. Chairman.
SEN. JEFFORDS: Senator Reed.
SEN. REED: Thank you, Mr. Chairman, and I want to thank the witnesses for their testimony.
In response to Senator Dodd's question, you seemed to imply that all of the legislation would unduly restrict law enforcement activities and you cited in your testimony some specific examples which on the surface appear very compelling, like you can't stop police from checking out an emergency room if some crime like that has happened. But I would note, and I'm not a co-sponsor, but I would note that Senator Leahy and Senator Kennedy's bill at Section 208 I, does in fact have a hot pursuit exception, which I think could reasonably fit your rape example since that, I presume would be hot pursuit. There's been a report of an incident; they immediately go to the emergency rooms, they ask for a report of anyone who's appeared or will appear in the next reasonable amount of days, hours.
In addition, there is a Section 204 B which has a harm to others provision, which would be if someone is going to cause harm to others you can get their records which would cover your psychiatric dischargee holding people hostages example.
And then at Section 207 there is a provision in a non-criminal context for oversight of records and disclosing these records with a balancing test. The point of it is, I think that there is legislation, which is trying to address those issues, and by way of allowing you a comment, my comment would be it seems to me unhelpful for your department to come in here and simply say you can't do anything. Don't do anything. Technology alone is changing the calculations and just simply to sit there and say you can't do anything because it will impair and impact on the law enforcement I think is avoiding an issue which we have to deal with in a principle way.
And again, I'm not a co-sponsor, but I think at least in the outline that the Leahy-Kennedy bill and I've assumed Senator Dodd- Senator Jeffords bill will try to deal with these issues. So could you be -- comment on that and perhaps be a little bit more helpful?
MR. BENTIVOGLIO: Yes, Senator.
First, we do recognize that the bills try to strike the right balance between law enforcement and privacy interests. We would like them to go a little farther in the law enforcement area to address specific needs. With the hot pursuit example, a good one, under case law, which defines hot pursuit, I believe that that rape example would not qualify as hot pursuit. We don't have a specific suspect in mind; we don't know where they are. We have maybe a general description and an injury that they might have, but I would think that under the definition of hot pursuit in the case law we could not go to a hospital under that circumstance and get that information.
I also don't want to leave the impression that we don't think there -- that we think all the provisions in the bills are bad. There are some that we could live with. For example, the requirement of destruction of records after we obtain them. That seems to make good sense. It would impose a burden but we would think that's reasonable. Provisions dealing with the redaction of records that we disclose in the course of a judicial proceeding or the like. That, too, seems reasonable. A burden, yes; but a reasonable burden given our needs. But it's that initial access to information, and not necessarily the entire patient file, but information nonetheless that would qualify as individually identifiable health information that gives us great pause.
And we would be happy to work with the committee to see if there's an appropriate balance that could be struck in that area.
SEN. REED: Well, I think that would be the approach. I would also point out that I believe that this hot pursuit in particular is being criticized by some, the ACLU and others, I think in terms of its going too far. But what I find unhelpful is a notion of saying rather than coming forward and giving us specific advice with respect to like the hot pursuit, maybe it's the choice of the wrong terminology. Maybe rather than hot pursuit it's in the immediate investigation of a crime to ascertain the identity and not the medical -- if that's what you need, those types of helpful, specific comments I think should be presented to the committee.
And I thank you.
I thank you, Mr. Chairman.
SEN. JEFFORDS: Thank you.
And I would agree with your statement.
Senator Collins.
SEN. COLLINS: Thank you, Mr. Chairman.
Law enforcement officials need access to other kinds of personal records to investigate and prosecute cases. Now, you've already said that it would rare case that you would need access to video store records, which we've talked about the amount of privacy afforded to those. But surely, it would be very common for you to seek access to bank records.
Could you tell us what kinds of privacy protections apply when you try to access bank records?
MR. BENTIVOGLIO: Well, under the Right to Financial Privacy Act, it does require some type of court order or subpoena for those kinds of records.
SEN. COLLINS: So, what you're arguing is that we should provide greater protection to bank records than we do health records. I just can't accept that argument. Given the sensitive information that is contained in medical records, how can we justify providing less protection to the access of medical records than we do to bank records?
MR. BENTIVOGLIO: Senator, I understand the logic of that comparison, and it is, it seems compelling, but I could only say that the example cited in my testimony demonstrate why in some situations we need limited but urgent access to individually identifiable health information. That's a very concrete example of where a court order, either a search warrant, or a grand jury subpoena would be a serious burden.
SEN. COLLINS: I just don't think getting a court order is a serious burden. But let me take the example, one of the examples in your testimony because they are compelling examples. They are probably the best examples for allowing you immediate access without the kinds of protections that I think we would like to have. But let's take the example, perhaps, your most compelling example, of the rapist who has his hand slammed in the car door.
What if on the same night, my friend, Senator Hutchinson, also slammed his hand in the car door, -- (laughter) -- and went to the hospital, or my friend, Senator Reed, was skiing and broke his hand, and was in that same hospital. Under your scenario, you would have access to their records without any cause, without any reason to believe that they had been involved in a crime. I'm troubled by that. I'm troubled by that sweeping accessibility to sensitive records.
MR. BENTIVOGLIO: Senator, I think I was trying to make clear, and perhaps, I didn't, that in that situation, what we would be looking for is whether someone has been treated for a particular type of injury. We wouldn't go to the hospital and demand from the emergency room staff the entire patient file. If we wanted that patient file, we would go back and seek a search warrant or subpoena for that file.
And so, I think, the example demonstrates the accommodation and balancing that needs to occur. I agree that getting accessing to an entire patient file is very serious, and that our access should be limited to that in some situations. But there are other situations where we need at least identifying and other types of information that's not as sensitive, and we need it on a very time-sensitive basis.
SEN. COLLINS: But I think the legislation that is before us would give you access to that kind of information. I was very disappointed when, last September, Secretary Shalala came up to us and proposed that there be essentially no new privacy protections applying to law enforcement in this area.
I would strongly urge the administration to reconsider its approach to adopt the advice of the senator from Rhode Island, and be more helpful to the committee in this area. We do not want to interfere with the legitimate access of sensitive information if it's absolutely necessary for an investigation. I've done extensive work in the area of Medicare fraud. I realize that it is a very troubling problem, and I don't want to put unnecessary impediments in your way. But neither do I want to give you complete and unfettered access to the most sensitive information about individuals. And it seems to me that there is an answer here and that the legislation before us has tried very hard to strike the right balance.
And so, I would urge you to work with the committee as we go forward because I, frankly, do not think you will find a great deal of sympathy for your position that there be no privacy protections at all.
Thank you, Mr. Chairman.
MR. BENTIVOGLIO: Well, Senator, we will take the committee up on the offer to be constructive, and we do want to be constructive in this area. And we do want to recognize that, and do recognize the committee has attempted to balance some of these issues. We think a little more work needs to be done, but your point is very well taken. And we'd like to come up and work with you.
SEN. COLLINS: Thank you. We look forward to hearing your specific suggestions.
Thank you, Mr. Chairman.
SEN. JEFFORDS: Well, thank you both. As you can see, you have perked a little interest here. We'll work in close cooperation with you. This is a very (important?) and sensitive area.
MR. BENTIVOGLIO: Thank you, Mr. Chairman.
SEN. JEFFORDS: We have six more witnesses in three panels. So, I am going to try to expedite matters. I think the third panel of witnesses today consists of representatives of the legal profession who will discuss the topic law enforcement access.
I am pleased to welcome Mr. Ronald Weich, who will be testifying on behalf of the American Civil Liberties Union. Mr. Weich is a partner in the law firm of Zuckerman, Spaeder, Goldstein, Taylor and Kolker, in Washington. Previously served in a number of senior staff positions in the US Senate, including a general counsel to the Committee on Labor and Human Resources.
Mr. Weich we look forward to your testimony.
Also on panel three, testifying on behalf of the American Bar Association is Professor Robyn S. Shapiro, director of the Center for the Study of Bioethics, and professor of bioethics at the Medical College of Wisconsin. In addition, Professor Shapiro is a partner in the health law practice group of (Michael, Beth?), and Roderich (ph) in Milwaukee.
Professor, Shapiro, we are privileged to have the benefit of your expertise this morning.
Also, Mr. Weich, why don't you proceed.
MR. ROLAND WEICH: Thank you.
Mr. Chairman, and members of the committee, my name is Ronald Weich, and I am a partner in the law firm of Zuckerman, Spader, Goldstein, Taylor and Kolker, and a legislative consultant to the American Civil Liberties Union. I am pleased to appear before you today on behalf of the ACLU to discuss the issue of medical records confidentiality.
The ACLU is a nationwide nonpartisan organization of nearly 300,000 members dedicated to protecting the principles of liberty, freedom, and equality in the Bill of Rights. For 80 years, the ACLU has worked to preserve and strengthen privacy in all aspects of American life.
Now, Mr. Chairman, am I correct that my full written statement is in the record?
SEN. JEFFORDS: That is correct.
MR. WEICH: Then, I'll summarize and focus my oral remarks specifically on the question of law enforcement access to an individual's medical records. And in discussing that issue, I would like to say that in addition to representing the ACLU, I bring two additional perspectives here.
First of all, I served as an assistant district attorney in New York City from 1983 to 1987. I prosecuted numerous criminal cases in which medical evidence was at issue, and I obtained search warrants. And I am prepared to talk about the process that that entails.
Second, from 1989 to 1997, I served as counsel to this committee, and then, to the Senate Judiciary Committee, participated in the formulation of health care and criminal justice policy during those years, and I think it's particularly relevant to my testimony today that I had an opportunity to work on mental health and substance abuse issues. Two fields in which privacy of medical records is absolutely essential.
I'm not going to reiterate the general points that have already been touched on about the importance of privacy in the medical records context because this need for trust between doctor and patient. I would only note that those considerations are as important when you talk about law enforcement access to records as to any other kind of access.
In other words, a patient is no more comforted hearing that the government is reviewing his or her sensitive and intimate medical information than if they hear that a pharmaceutical company is. And so, the same policy considerations that leave the committee to want to have strong protections with respect to access to outsiders generally apply here.
We believe that it's very important that there be a principle embodied in federal law, which we believe is embodied especially in the Leahy/Kennedy Bill although, Mr. Chairman I will very quickly say some good things about the Jeffords/Dodd Bill as well. But with respect to Leahy/Kennedy there's a principle that we want to emphasize, which is that government agents should be required to obtain judicial approval under a meaningful probable cause standard before they are granted access to medical records containing personally identifiable information.
There are two bills that we have analyzed, we have not had an opportunity to analyze Senator Bennett's bill because it was only introduced yesterday, although in general that bill is similar to the chairman's bill in some respect it falls short actually of the privacy protections offered by the Jeffords/Dodd Bill in the law enforcement area.
But the Leahy/Kennedy Bill is in our opinion the most protective of privacy in this area because it requires the police to obtain a court order or its functional equivalent before gaining access to records and it sets a sufficiently high legal standard for such court order. There's been a lot of discussion so far today about obtaining court orders and warrants on the one hand and subpoenas and I think that there's some confusion about the difference between those two prophecies.
A court order or a warrant requires judicial review, a subpoena, especially an administrative subpoena or a summons as the Jeffords/Dodd Bill and I believe the Bennett Bill also provide are not judicially reviewed. A prosecutor or indeed an FBI agent or a local law enforcement official simply makes a demand of a hospital or another healthcare provider.
Under Leahy/Kennedy that would not generally be permissible, rather a prosecutor would have to go before a judge to show that the information sought is relevant and material to an on going criminal investigation. The investigative needs of the agent cannot reasonably be satisfied by de-identified health information and the law enforcement need for the information have raised the privacy interest of the individual of whom the information pertains.
Now there's nothing magical about this, this is reference to a 200-year-old principle embodied in our constitution. Effectively we're bringing the warrant requirement of the Fourth Amendment over to the medical records context. And there's a reason why it's not there now. If I happen to maintain my x-rays in my home, you know because I have a bad knee and I'm going to bring the x-rays from doctor to doctor. The police need a search warrant before they can see the x- rays in a desk drawer in my home.
But if the x-rays are in my doctor's office or an insurance company computer or an HMO's computer, I've lost my ownership. Or at least current law doesn't recognize my ownership in those x-rays. The bill's that are before the committee would generally restore that ownership interest and would apply the Fourth Amendment kind of protections to here.
And the Fourth Amendment simply embodies a balancing test between the interests of law enforcement, and we all recognize those important interests. Nobody wants to be the victim of a crime, everybody wants vigilant law enforcement on the one hand. And on the other hand we have to recognize the value of privacy.
Now in my testimony I reviewed the specific ways in which we believe Kennedy/Leahy is superior to Jeffords/Dodd and two specific ways in which we think Jeffords/Dodd is superior to Kennedy/Leahy on the issue of law enforcement privacy. But I would say in conclusion Mr. Chairman that it's very important I feel as a former prosecutor that law enforcement be held to sensible rules.
If the public believes, and Senator Frist's comments about the incident in Tennessee make this very clear. If the public believes that law enforcement is over zealous, too intrusive, playing outside the rules, there's a corrosive and destructive effect on the effectiveness of law enforcement and that's dangerous to all of us.
Thank you.
SEN. JEFFORDS: Professor Shapiro.
MS. SHAPIRO: Mr. Chairman and distinguished committee members, thank you, for this opportunity --
SEN. JEFFORDS: Don't expose the others.
(Laughter.)
MS. SHAPIRO: To present the views of the American Bar Association regarding legislation to protect the privacy health care information particularly as it effects the law enforcement interest and needs. I serve on the governing board of the ABA section of individual rights and responsibilities and I previously chaired that section's health rights committee, which originated ABA policy in this area. As you mentioned, in addition I'm a professor Bio-ethics at the Medical College of Wisconsin where I direct the bio-ethic's center and I practice health law in a large Milwaukee firm. And I've had experience with some of the law enforcement activities that have been mentioned here today. Much of my practice and my academic work actually focus on
health information privacy
concerns. And in my mind and really as was alluded to by Senator Frist today, these concerns are and must be at the center of the larger debate on health care that has engaged to this country for the past several years. Because
health information privacy
does and must anchor the doctor patient relationship and the public's trust in our health care delivery system.
And I am going to back and reiterate some of this, although, I believe there's consensus in the room. We have to, again acknowledge that health information is uniquely personal and sensitive. And that records contain not only detailed information about the conditions and the treatment and the medication that patients get, but information about patient's families, information about mental illness, information about dietary habits, employment status, and the health care providers subjective impressions of the patient's character, personality, and mental states. With advances in genetic capabilities many patient's medical records now also contain genetic test and treatment information, which often discloses probabilistic information not only about them, but about their parents, about their children, and about their siblings.
And patients do fear disclosure of this sort of information to their employers and insurers and school officials and mortgage lenders and other entities that could use this information against them. Unfortunately, these fears are not unwarranted. Recently, a pregnant woman who under went cystic fibrosis testing, which was positive was informed by her insurance company that it would not pay for her child's health care cost if she chose to continue the pregnancy.
In another case, a woman whose mother had breast cancer was told that her own health care coverage would exclude treatment of that condition. In another case, a man who underwent screening for colon cancer as part of a research protocol ended up losing his health insurance.
In response to these fears and these real dangers, many patients are insisting that their physicians treat them anonymously on a self- pay basis with no documentation at all. Some as has been mentioned today are avoiding tests or withholding from their information's critical information about their habits and their conditions. Sometimes patients decide not seek treatment at all or not to enroll in clinical trials. And physicians for their part fearing that their medical records maybe accessed and used to create a database for purposes other than good patient care feel pressured to fudge what they put in a record or to not put in critical information in at all. And all of this increases the risks of misdiagnosis, inadequate care, and stymied medical research. We are then deprived from the benefits of both public health information and enhanced medical knowledge. This past February, in response to advances in genetics and advances in computerized health information capabilities and the growing significance of the disparities among state information privacy laws. The ABA supplemented its existing
health information privacy
policy. The salience provisions of our policy affirm our strong support for legislation at the federal level, which would ensure that confidential, personally identifiable health information is not disclosed without informed voluntary written authorization except for specific and limited purposes including certain properly circumscribed disclosures to law enforcement. That those who have this sort of health information have a continuing obligation to refrain from misusing it and that effective tracking and enforcement mechanisms are in place.
We recognize that the privacy of health information is not absolute and that law enforcement agencies do need access to this information as was said early primarily for two purposes, investigating potential cases of fraud and to investigate specific individuals on matters related to fraudulent activity.
We have to I think look at the disparity in state laws that currently doesn't govern that access. In some states law enforcement officials are free to search through patients medical records without any legal process at all. In other states law enforcement officials use compulsory process in the form of a warrant or subpoena to get medical records. In the first instance clearly there's no protection, and in the latter, the thresholds for obtaining the information very considerably. Some states required prior judicial approval for certain subpoenas, some do not.
At the federal level an agent who seeks to obtain a grand jury subpoena for access to medical records simply has to convince the prosecutor that the information sought is relevant to the scope of a pending grand jury investigation, which is a bar so low that it really offers almost no protection at all. There's no judicial oversight in these circumstances unless the recipient of the subpoena refuses to comply in which case there's a motion for a court order to compel, and even then protection is very limited.
I see the red light and --
SEN. JEFFORDS: Take another minute or two.
MS. SHAPIRO: Thank you.
Where health information is obtained pursuant to a subpoena I think we also have to acknowledge there's no guarantee that this information is going to be used for the purpose for which it was obtained. Evidence that's shown to a grand jury is sealed for secrecy, but information that's obtained but not shown to the grand isn't sealed and can be used then for other purposes. As early as 1977 the Privacy Protection Study Commission recognized this fundamental gap in privacy protection, concluding that a grand jury subpoena had become little more than an administrative tool.
There's no comprehensive law today that guards against these kinds of threats to privacy, we need one. Of the three major health information proposals currently before you, we believe that S573 is the most consistent with our ABA
health information privacy
policy provisions although Mr. Chairman yours comes very close as a runner up. We're particularly concerned about two aspects of the Leahy proposal that have not been focused on here today and that has to do with destruction of return of material once it is obtained, and with limited use of this material for unrelated purposes. We need uniform minimum national standards for privacy and confidentiality and I encourage you and applaud you for your work.
SEN. JEFFORDS: Well, thank you. All of the Senators that you've seen this morning are going to be working together to come up with the solution. I deeply appreciate your comments. We heard testimony earlier that the Department of Justice supports a recommendation made by the Secretary of Health and Human Services in 1997 with regard to law enforcement. What is your position on the secretary's recommendations Mr. Weich?
MR. WEICH: Mr. Chairman we're very concerned by those recommendations. We don't think they afford adequate protection to the American people in this important area. The Justice Department testimony this morning was striking in several respects. First of all, I can say that each of the examples that they pose where they would like to obtain access to information, I believe they could obtain under the bills that are before the committee.
For example, the example of the individual who is a rapist and then had his hand injured and is going to be treated at local hospitals. The non-identifiable requests by law enforcement agents of local hospitals, did you treat somebody for a hand injury is not one that I believe is considered protected health information under your bill, Mr. Chairman. And so, that simple inquiry, which doesn't ask for any names, could clearly be provided by the hospitals.
In any event, as Mr. Bentivoglio conceded, the law enforcement agent would need to get a warrant after that after finding out that in Washington area hospitals on a particular night, some people were treated for hand injuries. They're going to have to go before a court and a judge should have to weigh whether the specificity of the information that is sought and the seriousness of the crime, outweighs the invasion of privacy that innocent bystanders will suffer.
I think on the facts that were presented, given the relative specific nature of this injury, the non-intimate nature of the health care that was sought by various people with hand injuries and the serious nature of the crime, namely rape, I think the judge might well issue a warrant. And it's not that difficult to obtain a warrant.
I, myself, when I was an assistant district attorney, obtained search warrants in less than an hour. It's really that simple. Much of the work is already prepared because these cases are fairly routine and the fact patterns tend to recur. In a more complicated case where there's a closed question, it might be that you need to put in more work. If time is of the essence in getting the information, as Senator Reed pointed out, there are provisions in the bill that provide for immediate access for law enforcement.
In both bills, there's a provision that says if someone is in imminent danger of serious injury, of course we're going to permit access to records to prevent that injury. But if it's something that can wait a couple of hours, so that a neutral magistrate could consider the facts and weigh on the one hand, law enforcement's needs against the interest of privacy, that's what should happen under our constitutional system of government.
SEN. JEFFORDS: Ms. Shapiro
MS. SHAPIRO: I agree with much of what was said and have two additional comments. We need uniformity and we need laws, if only for that.
Second, there are abuses. Some anecdotes that are included in my written testimony, we've heard some from Senator Frist this morning. But maybe, most importantly, and this is based on my own experience in my health law practice, that theoretically, and I'm making no allegations here. But theoretically, the danger of abuse and invasion of privacy, wouldn't the request from law enforcement is all the more heightened on account of the often intimidating nature of the request. People with whom I deal with as clients, for the most part, are law abiding citizens who are scared to death when the people with the windbreakers come in and say, let me see your medical records.
So, we need to assure that people know the ground rules, that they know how they can best protect their patient's privacy while facilitating appropriate law enforcement requests.
SEN. JEFFORDS: You advocate a requirement that law enforcement must give prior notice to the individual whose health records will be investigated. Law enforcement officials, who investigate Medicare billing fraud, believe such a requirement would be extremely burdensome and would indicate suspicion of a provider before any charges have been brought. How do you respond to that?
MR. WEICH: Well, first of all Mr. Chairman, it's important to distinguish between the law enforcement access provisions in both bills, all bills, and the health oversight provisions, the kind of routine audit of health care billing records that's going to occur. Well, I think, occur under the health oversight provisions and there, there's no need for prior notice. That's just going to go on in a routine way. Much of that, incidentally, can occur using D identified information.
So, again, there's no privacy interest implicated and no need to provide notice to anybody else. If you're talking about a specific law enforcement investigation of a particular person and if the exceptions in the Leahy-Kennedy Bill are not present, yes, we believe notice is important. And our system of, our adversarial system of justice, we believe that the person whose interests are directly implicated, the owner of the medical records should have an opportunity to contest the probable cause that's asserted by law enforcement. And in particular cases that will be heard by a judge and the judge will make a determination. It happens every day in courts throughout the country.
SEN. JEFFORDS: Senator Reed.
SEN. REED: Thank you, Mr. Chairman.
I want to thank the witnesses for their testimony and first I think something we can agree upon and Professor Shapiro, you seem to say it very explicitly that there is a need for federal standards that would essentially clarify for every state privacy responsibilities in respect to medical records. And I presume you'd agree with that.
MR. WEICH: Yes, although I want to emphasize that the ACLU opposes preemption of state laws, we think there should be a federal floor.
SEN. REED: Let me get back to the law enforcement issues, which we was talking with the Justice Department officials. I think we all recognize that there are fundamental privacy rights. But we also recognize there are fundamental law enforcement concerns. And getting back to the example, which was presented about searching the emergency rooms. From your previous comment to the Chairman's question, Mr. Welch, you seem to imply well they could ask for information about -- without any personal connection, they could ask did you treat somebody?
MR. WEICH: Well first of all, Senator, it strikes me as unnecessary step and in taking the example as it's specifically presented. In the Washington area there were people treated for hand injuries at every hospital, every night. And so I wouldn't think that law enforcement needs to go around asking that general question. What they want to do is find out if a person matching a particular description was treated for this kind of hand injury and if so, who was that person and that that is asking for personally identifiable information? And we think that law enforcement should have to seek a warrant for that information.
SEN. REED: Well it seems to me, again, this is one of the areas where both absolute positions are going to yield ultimately to some type of practical arrangement. That's what we do. That's our job. It seems to me that if there is a crime committed. You notice the perpetrator has been injured serious enough to probably get medical care, you have a rough description the person, that logically a police official would go into treatment centers. Have you seen this person? And you're saying to me that the hospital that your view would be that they'd say even they know that they say couldn't do that, go back and get a, what would they have to get?
MR. WEICH: Well I think they would obtain a search warrant.
SEN. REED: So, they'd have to go and a search warrant to come back and establish that question. Just to identify that a person had been there?
MR. WEICH: No, no, no. As I said, the initial inquiry, which doesn't call for personally identifiable information was somebody treated? Did you treat people --
SEN. REED: But again, excuse me.
MR. WEICH: Oh, that's all right, I just want to.
SEN. REED: No, but I guess the question really here is -- and think it's the Chairman's question too. They're trying to determine the identity of this individual, not his record of substance abuse or not and not his medical condition and not his family's medical condition. Many of the concerns that we're all terribly concerned about, they're just trying to find out if this individual, who this individual is.
So, presumably they can go and find him and question him or find her and question her. And you would say that that would go across the line without some type of quarter proofed search warrant?
MR. WEICH: Right, but my point is that I think a search warrant would be issued in that case. I think it's appropriate. The reason why we believe the police should have to seek a search warrant is because there were many factual scenarios that are going to be a lot murkier. Let me pose one to you. What if there's a crime scene and somebody at the crime spilled blood and that blood is type O-positive. And all the police know we've got -- there was an African American male involved. And they want to find out which African American males have type O-positive blood. And they're going to ask hospitals that question. Well that's a far more sweeping search.
SEN. REED: Also and probably from the sense that I'm not a law enforcement officer, a search they wouldn't conduct because it so sweeping. But the point I think here and this is what I'm, you know, this is what I hear. We're hearing from the Justice Department and I think we hear from the ACLU and others is that you can't think of an example where they wouldn't have to get a search warrant. And they can't think of an example where they would have to get a search warrant. That is a problem.
MR. WEICH: Well I understand that, Senator, but in fairness I really have said that there are many cases where because of the urgent need to prevent physical harm to somebody that the police will not need a search warrant. I mean that's well established before --
SEN. REED: We can agree with that and in fact that's embodied in the Kennedy-Leahy legislation. And I think that's a point that's a good point. But there are still these situations where you literally are looking for a suspect.
You have good evidence that the person might be seeking medical treatment. You don't care what kind of treatment he has or she has, what his prior medical history is, but you want find that person just to question him. And that's the area, that's one of those gray areas where I think we have to come grips in order to have a bill that will pass.
And the other thing I should say too is that you know one of the reasons why I think that the Justice Department is so non -- well this point less than forthcoming with suggestions is I think they're perceived as a real concern that if a language like hot pursuit got in the bill, it would be limited because you would go in and argue -- go in and argue well this hot pursuit doesn't apply the situation et cetera. So --
MR. WEICH: Except that there's nothing unduly burdensome about the requirement that the police obtain a warrant. I think that there may be a misperception that this is something which is going to require days of effort and litigation and motions back and forth. Let me just, if I may, briefly describe what happened.
SEN. REED: Can I ask a question before we do that?
So your view would be it would be permissible now under the language in Kennedy-Leahy, for example, for the police to put out the proverbial all points bulletin to all the emergency rooms asking not the identity, but have you treated a six-foot tall, let me -- a five and a half foot tall middle aged white guy with -- for something? You know a bloody nose or something. That would be okay, now and then to get the identify they would have to get a warrant.
MR. WEICH: That's correct.
But if I may talk briefly about a search warrant, it really is not unduly burdensome. It's typically an ex parte proceeding, which means that there's nobody on the other side; it's just a prosecutor going before a judge. Now where I practice as a prosecutor in Manhattan, there was a judge who was literally on duty 24 hours a day; arraignments in Manhattan go 24 hours a day. So the police came to me because I was the assistant district attorney on duty at that point and said, you know, we need a search warrant on the following facts and I made a legal judgement that there was probable cause on those facts. I would draft an affidavit for the police officer and literally walk the police officer down to the arraignments part on the first floor of my office building.
The judge who would be hearing a series of arraignments would take a break between arraignments and hear us, either back in chambers or sometimes just at the bench. And he would swear in the police officer, listen to the facts. He might have some questions to determine, to probe, whether there really is probable cause on those facts and if so he would sign the warrant. And the officer was on his or her way to execute that warrant and search for the information. It really is not an unduly burdensome requirement and it serves a very important fundamental, constitutional principle, which is protecting everybody's privacy.
SEN. REED: Thank you.
SEN. JEFFORDS: Even in a hot pursuit situation?
MR. WEICH: Well, hot pursuit, frankly we don't see why hot pursuit would ever be relevant in the case of medical records. Now there are two different provisions at play here. The provision in the bills that say if there is a danger of physical injury to somebody, imminent danger of physical injury, you can obtain the records. That's there and we have no problem with it. Hot pursuit is a term of (art?) in Fourth Amendment law which typically refers to literally the officers pursuing somebody who, if they were to stop to get a warrant, they'd lose the suspect. The suspect would evade arrest.
Now if that's to be included in the bills it might well address this situation and you know we think it shouldn't be included because it potentially opens the door too much, but one way or another you can find the words that create the common-sense exceptions for the warrant requirement but still have the basic principle in place that in the routine case where nobody's running away and nobody's fleeing and a criminal isn't about to commit another crime, that privacy is protected through a neutral magistrate evaluating whether probable cause is present.
SEN. JEFFORDS: When does an observation become a record? Suppose in this case that a fellow has an injured hand as we've been using and they're going to go through a record to find out who they treated for an injured hand. Does that, do you have to get a warrant to find out, for them to check the record to see whether they, the name of the person that they did their hand?
MR. WEICH: Well, just to clarify or if that point in your question, Mr. Chairman, are the police asking for the identity or they're just asking the identified question is there such a person you've treated?
SEN. JEFFORDS: Is there such a person that you treated?
MR. WEICH: You know, I just, as I read your bill that is not protected health information because it doesn't call for the identification of a person. So, I don't think that's covered by the bill, and I don't think there's a lot of privacy interests in that plain vanilla question.
So, I think that's fine.
SEN. JEFFORDS: Okay. Well, I'll leave it at that.
Professor Shapiro.
MS. SHAPIRO: I just wanted to --
SEN. JEFFORDS: Just generally respond.
MS. SHAPIRO: Yeah, and this is, I have to say, outside the bounds of what the ABA policy would say because the ABA policy doesn't speak so specifically to some of these issues. But from my own perspective, it seems that there's an opportunity here to work with the hot pursuit language in, for example, the Leahy Bill, and to balance the privacy interests versus the law enforcement needs, and to, as Senator Reed suggested, to acknowledge that simply by giving somebody's name, and not the entire contents of his or her medical records in response to that initial police request so that they can pursue hotly this individual may be something that should be added to the hot pursuit provision.
SEN. JEFFORDS: Well, thank you both. It's been very helpful, or discouraging. I'm not sure which, but anyway --
(Laughter)
-- it has been enlightening, shall we say.
Thank you.
Appearing on our fourth panel to discuss the issue of authorization are two distinguished witnesses from the health care professions. First, I am delighted to welcome Ms. LaDonna Shedor, chief information officer and director of management information systems of Centra Health, a major health care provider in Lynchburg, Virginia. Ms. Shedor's career has involved the use of network computing to improve services and contain health care costs.
Ms. Shedor, we appreciate your appearing before us today.
And I will also introduce, testifying on behalf of the American Psychiatric Association is Dr. Paul Applebaum, who is chairman of psychiatry and director of the law and psychiatry program at the University of Massachusetts Medical School in Wooster. Dr. Applebaum has long been interested in the area of confidentiality of medical information and patient's rights, having performed some of the few empirical studies in confidentiality of psychiatric records. We welcome you also. Senator Kennedy apologized for not being able to be here, but as he indicated, there are other committees also trying to get some work done. And he is on an important committee, two important committees in that regard.
Ms. Shedor, please proceed.
MS. LADONNA SHEDOR: Thank you. Well, good morning, Mr. Chairman, and members of the committee.
I hope I can share maybe a kinder, gentler side of health care, the actual delivery in a community environment.
As you noted, I am the chief executive officer, the CIO at Center Health. And we're a not-for-profit health care provider in Lynchburg, Virginia.
I'm here today on behalf of the Health Care Leadership Council, which represents the leaders and innovators of the health care industry from various sectors. As the CIO at Center Health, I'm acutely aware of the power of patient information. It has the potential to dramatically improve the quality of health care that we can deliver.
It also has the potential to be harmful if it's misused. Maintaining the trust of our patients by ensuring a responsible use of medical information is a fundamental cornerstone of our practice. We fulfill this promise daily, establishing the trust between our patients and our caregivers. And this is prevalent throughout our practice.
The Health Care Coalition has been leading a broad effort in support of federal legislation, which largely mirrors the Center Health philosophy. Uniform standards are critical, and these will provide strong protection for patient health information while recognizing that the reality of healthcare delivery today is that it is driven by information.
This crucial yet delicate balance is recognized at Centra Health and is the very edifice, it's this very balance that the committee's efforts must achieve if it's to enact new law that demands greater accountability for how information is safeguarded, disclosed and used but that also facilitates the responsible and appropriate use of patient information to fulfill our mission of providing better healthcare services to our community. To enact federal legislation which achieves the twin goals of patient confidentiality and enhanced healthcare quality requires you to develop a system of accountability and responsibility but to work in the real world standards must provide for flexibility; flexibility to design the systems and to implement policies which work in the particular environment for which that information is stored and used.
Centra Health has invested several million of dollars in its electronic medical records and its security systems. The Centra Health method may not be appropriate in other communities where there are larger populations or more diverse providers. Federal legislation must address the use of patient information by all of the players in the healthcare delivery system. All of the standards that Congress developed must work for all of the healthcare entities. At Centra Health we boast a single information system that provides for about a quarter million lives. We have a significant amount of patient information already online. We have a fully secured environment electronically, and we are expanding our capability for electronic medical records to enable our caregivers to access years of demographic information, medical results, medical histories and other critical information.
Our approach has been successful in our small communities. It grants access of information based on need to know policies. We maintain an audit trail of all electronic access. It's searchable by medical record number, by user ID, by location and time. All of these rules and security tactics are bolstered to very strict enforcement, including a policy of using good judgement, which can and I add, has, resulted in termination of employees. We believe that the appropriate way to handle authorization is to establish a mechanism whereby healthcare plans obtain a single authorization.
This consolidated authorization approach is taken in the Bennett bill and to some extent in Jefford's and Dodd's. These bills allow healthcare plans to secure a single authorization at the time of enrollment for the disclosure and use of patient information for treatment and payment and healthcare operations, terms that I understand are carefully defined in the bill. Treatment and payment are well-understood functions. Healthcare operations, however, are less understood, but equally important -- services and functions fundamental to the ongoing and daily management and operation of the delivery system and the benefits context.
Conversely, we strongly oppose multiple authorization schemes that would require separate authorization from an individual each time medical information is accessed. Such a requirement each time even a subset of our daily, just over 850,000 electronic transactions, occurs would dramatically interfere with our ability to provide healthcare. We strongly support consolidated authorization mechanisms but we oppose proposals that would extend this approach to treatment and payment only. We're on the verge of using electronic information in a way that can change how we understand medical events. To require separate authorizations would dramatically impact that. For instance, it makes no sense to use the information that we have available to treat an asthma attack but prevent that same information from helping that person become involved in a asthma management program and thus prevent another attack.
Lastly, we support the overall approach taken by Senator Bennett's legislation as it most effectively establishes a workable and yet balanced systematic approach to protecting patient confidentiality. It will create accountability by one, requiring that patient information be safeguarded; two, drawing clear and uniform boundaries around how patient information can be disclosed and used; three, providing strong incentives to use non-identifiable information where possible; and four, establishing tough penalties for violating those requirements.
In conclusion, I want to reiterate the importance of your efforts and the magnitude of what you're taking on. It's important to meet the August deadline imposed on Congress for action, and I hope this committee will build on these principles outlined in my testimony, and pass legislation that strikes a balance that we all believe is necessary.
And I thank you for considering my input.
SEN. JEFFORDS: Well, thank you.
Dr. Applebaum.
DR. APPLEBAUM: Mr. Chairman, I'm Paul Applebaum, MD, testifying on behalf of the American Psychiatric Association, a medical specialty society representing more than 40,000 psychiatric physicians nationwide. I serve the APA as its vice president-elect. And I am also, as you noted professor and chair of the Department of Psychiatry at the University of Massachusetts Medical School.
I think I'm the only physician, and probably the only person treating patients who's testifying before you here today. And I would like to thank you for this opportunity.
Mr. Chairman, we greatly appreciate your commitment to passing medical records privacy legislation and note that your bill contains valuable provisions that will enhance patient privacy. We would also like to applaud Senator Kennedy for the legislation he has introduced with Senator Leahy, which will provide a very high level of confidentiality protections for patients.
Patient privacy is a valuable right in and of itself, and requires protection so that patients will be willing to seek needed medical care and that the care that is provided will be of the highest quality. It is not my intention here today to provide an analysis of each of the bills before the committee. Rather, I would like to comment on the general principles that we believe should guide whatever legislation is adopted, and then, note several implications of those principles.
Three principles should govern those sections of the legislation concerning authorization and consent for disclosure. First, patients, themselves, should decide whether or not personal health information is disclosed. This has been our historic standard embodied in common law and professional practice. Those who would alter this traditional procedure as sales justify such a radical change.
Second, identifiable personal health information should be released only when de-identified data are inadequate for the purpose at hand. The burden should be on the person seeking access to the information to prove the necessity of using identifiable data.
Third, even when consent has been obtained, disclosure should be limited to the least amount of personal health information necessary for the purpose at hand. The bill introduced by Senator Kennedy and Senator Leahy incorporates these principles in the authorization sections, and indeed, throughout the legislation.
Of all of the proposals before the Congress, the Leahy-Kennedy Bill will clearly provide the highest level of privacy protection for patients, thus, improving the quality of care enjoyed by Americans.
We also believe that these and other needed principles can be incorporated into the framework established into the legislation introduced by you and Senator Dodd.
These principles have implications for some of the major policy questions regarding authorization of disclosure. For patients to retain meaningful control over personal health information, respective consent for routine disclosures should be limited to information needed for treatment and payment purposes. Other health care operations can usually be accomplished with de-identified data. And patients should be informed before disclosures are made so that they have a reasonable opportunity to withdraw consent if they so desire.
Patients' ability to maintain their privacy also requires that in cases where patients pay expenses out of pocket, patients must not be compelled to have their information used for purposes beyond treatment of their medical condition. We support the right of self-pay patients to maintain the maximum level of privacy by limiting disclosures of their personal information to their immediate treatment team.
Patients should also retain the right to limit access to sensitive information in their medical record so that is not available to everyone with whom they may come into contact in an integrated health care system. In fact, is perfectly understandably that a patient may not want their dermatologist who is their spouse's tennis partner to know about their mental health issues, alcohol abuse, or sexual history.
Such privacy protections are particularly important in tightly knit communities or in rural areas. When patients act to protect their interests by withholding consent for disclosure for any of these reasons, health plans, facilities, or providers should not be able to force patients to consent to disclosures by denying them care, terminating them from their plan, or denying payment for a claim. No compelling case for establishing such a coercive consent mechanism has been made.
There are numerous other examples that can be used to document how and why a high level of protection should be applied to medical record's information. Indeed as psychiatric physician, it's particularly easy for me to point out the importance of the legislation before the committee. Patients often refrain from entering psychiatric treatment because of concerns about confidentiality. Without the very highest level of confidentiality, patients receiving mental health services will be less likely to enter treatment and less likely to remain in treatment.
And I might note that this extends not simply to mental health treatment, but to other populations with particular concerns about privacy, for example, adolescents. We have several studies that demonstrate that. Once frightened by the prospect that confidentiality of their medical records will not be maintained, adolescents are highly unlikely to seek treatment even for conditions such as sexually transmitted diseases for which treatment is essential.
Disease and other reasons specifically related to mental health treatment, the US Supreme Court recognized the special status of mental health information in its 1996, Jaffee (sp) v. Reddman (sp) decision. I urge you and the other members of this committee not only to protect the letter of this decision, but indeed to protect its spirits by including appropriate provisions in this legislation.
We thank you, for this opportunity to testify and we look forward to working with the committee on these important issues.
SEN. JEFFORDS: Thank you very much, both of you, excellent statements and we'll be keeping in touch with you as we wind down towards the end of the next month.
Ms. Shedor, in your testimony, you discussed the need for flexibility in developing confidentiality standards. Do you believe it is possible to allow for flexibility while at the same time truly safeguarding information?
MS. SHEDOR: Yes, I do. I think that most of the people in health care delivery are focused on the care of the patients, but that individual communities, the size of the entities involved would dictate different applications. The thing that confuses or confounds local health care delivery, in my opinion is unclear guidelines. And as care is shifting in different -- in ways, for example, much care used to be delivered in the acute environment. Now much more is delivered on either end, either in clinics, physician's offices and home health on the other end. Continuity, the sharing of information across all of those entities, which may or not be legally part of the same group, is crucial. And if we require different signatures at each point along the way, we will necessarily slow down the process. We may inhibit the pre-flow of information.
I really believe having seen what happened in Centra Health that individual communities will meet the goals if the goals are clearly defined. I think there's no question.
SEN. JEFFORDS: Senator -- my bill and Senator Bennett's bill both allow for consolidation authorization. Others may argue that patients may not want their information used for health plan operation activities. In your experience at Centra Health, do many patients request their medical information only to be used for certain purposes?
MS. SHEDOR: I think most individuals right now do know to ask that question. They look to us to provide not only the care they're requesting, but also to advise them on care they may require. It's important for us to be able to send out reminders to ensure that individuals follow up on their health care. As I understand it, some of the bills would limit that possibility. And I think that it's important that we are able to do that, that we are able to do disease management. And that requires us to analyze all those states.
SEN. JEFFORDS: Although I am sure that it is rare that one of your employees violates the rules for disclosing information, can you describe your policy of good judgement by employees and how it's enforced?
MS. SHEDOR: Our policies require that there is review of any breached confidentiality by the related group. For example, if there is a breach by an employee, the employee who of course, the individuals are involved if there's a breach by the professionals the professional committees are involved. In order of event, if there is a complaint or a sense of a breach, we pull from the electronic records the audit trail of the relevant employee or the relevant records. We examine that and determine whether or not there was a legitimate reason for that individual to be accessing that data in the manner that they were. If we can determine no legitimate use that person is counseled and terminated if appropriate. And it has happened.
SEN. JEFFORDS: Let me ask you a general question. As we look towards the future and utilization of all the modern technology we have to try and make sure that we understand how best to handle medical needs and all and we have the international pipelines and everything else to try and examine outcome analysis. What barriers are there to doing good outcomes analysis that this bill might impede or that the matters might impede so that we can use information which is not at least individually disclosed but is individually disclosed in census?
MS. SHEDOR: That's a really tough question. I think to do good outcome studies, and we're all struggling with what the definition of good outcome studies are, in an electronic world, you need to have access to all of the relevant data. For example, I'm a diabetic and I know my instinct is not to report my glucose readings when I have not been compliant. If those readings during that period of time are excluded from the study, you get skewed results. I think that it is important that if we're going to do disease management in this country that we include all the relevant data and truly detach that from the patient identification. It is not necessary to have individual patient identification I think, which is the issue here --
SEN. JEFFORDS: Right.
MS. SHEDOR: -- for outcomes.
On the other hand, I expect and fully believe that healthcare plans should help individual patients manage their disease and to do that we have to have a continuous picture of what's going on with that patient, and that does require the boundaries to be crossed within an individual delivery system, within a state and interstate. We are not real close to the border, but we have patients who go into North Carolina, for example, to Duke University and we would want to be able to freely ship their records, as needed, to their healthcare providers.
DR. APPLEBAUM: Senator, may I comment --
SEN. JEFFORDS: Yes.
DR. APPLEBAUM: -- on that. Disease management is a new catch phrase or term of art, that's being used in healthcare today and it means different things to different people. But in one of its guises what it means is that healthcare organizations or managed care plans contract with outside entities to oversee the care for particular conditions that their patients are receiving. Overseeing they mean intensive efforts to follow up with patients to make sure they're taking medications, to suggest additional things that they may do to change their lifestyle, to encourage them to come to appointments, things, which in may respects, may be good, but are in another respect actually highly intrusive in a very different way from the way we've practiced medicine in the past.
And for the treating entity to turn over patient care information to the third party that's conducting these disease-management protocols means that a serious breech in the traditional wall of governing patient medical record information confidentiality.
Should patients desire such disease management, should someone being treated for diabetes find that to be helpful to them, I think we would say patients should have the right to consent to it. But since many patients will react otherwise, we believe strongly that patients should be given the option as to whether their information crosses those boundaries, is turned over to a third-party entity, and is used for those purposes.
SEN. JEFFORDS: So, when you get a general release from someone that says, yeah, disclose it, when does that cease to be valid? In other words, suppose you have one disease, and all of a sudden, you contract another one. Does that initial blank, say, I don't care, just disclose it. Does that apply continuously?
DR. APPLEBAUM: Well, this is where we have some concerns about the general authorization procedures that are actually in all three of the bills under consideration. Clearly, there's some need for authorization for disclosure for payment purposes and for ordinary use in treatment settings. Our concern is that these consents are obtained prospectively at the time someone signs up for insurance or enters a health plan. At that point, one may have no idea of the kind of information that will ultimately be disclosed. How one deals with that could occur in several ways. But if there is going to be a blanket up-front authorization process, then, we think that it's very important for patients to have some meaningful control over the release of information even under that process, which means that they need to be informed prior to subsequent disclosure of information, and being given the opportunity to object to that disclosure.
So, if I signed up, and I said -- I thought I was healthy -- and I said you can release whatever information you want because I couldn't conceive health information that might be embarrassing to me, and I subsequently contracted a sexually-transmitted disease, the disclosure of which I didn't want to occur to my family physician, who's also my close friend, I would then, be given the option to preclude that information from being released.
We also support provisions that would allow such information to be sequestered within medical records and released only under particular circumstances.
SEN. JEFFORDS: Dr. Applebaum, you testified about the need to limit access to -- oops -- I guess maybe (we handled that one?). Medical records are used by providers to conduct outcomes, research, providers - thought I'd get that one right --
(Laughter.)
My staff was -- I thought I was ahead of my staff, and they were right there with me. But anyway, but this is a most difficult area to me. It's just, as we take a look at the broad picture of how we can better medical science and get all of the information we need to on outcomes and all is to -- but the most important one is in your area of psychiatry, and incredibly important that we give confidence to people that it's not being misused or --
I just want to let you know that I'm very deeply interested in all of these issues, and I hope we can look to you to guide us next month as we go down towards the finish line.
Thank you very much for your efforts for us. And I look forward to working with you.
DR. APPLEBAUM: Thank you, Senator.
MS. SHEDOR: Thank you, Senator.
SEN. JEFFORDS: Our fifth and final panel of witnesses today will discuss the topic of preemption.
First, I am happy to welcome Dr. John G. Curd, vice president of clinical development at Genentech, Inc., in San Francisco. Before joining Genentech, he headed the Division of Rheumatology, and was vice chairman of the Department of Medicine at Scripps (sp) Clinic and Research Foundation. Dr. Curd is a fellow of the American Academy of Allergy and the American Rheumatism Association.
Dr. Curd, welcome, and please proceed.
DR. JOHN CURD: Thank you, Mr. Chairman.
Mr. Chairman, ladies and gentlemen, this is really a critical issue that we're talking about today, and confidentiality of patient medical information is going to affect patients individually and the society's health care. And you really have to deal with that balance.
When I think of myself, I graduated from medical school 30 years ago. I've done research for the NIH. I understand clinical research in the NIH guidelines. I practiced medicine for 10 to 15 years. I was the president of the medical staff for a hospital that dealt with the regulations that you all have put forth to us. In the last seven to 10 years, I've done drug development.
Some of things I'm most proud of is I've participated in the development of Homazine (ph) for Cystic Fibrosis, the first drug was Homazine and Cystic Fibrosis. I helped to develop a drug for non- Hodgkin's Lymphoma, again, the first. And most recently, I worked on Perceptin (ph) for women with breast cancer. So, I've had a broad- based experience, both with patients, their medical information, and the use of that information for research.
When I think of my own personal experience, as well as that of many others in academics and research, we really need to understand appropriate access and use of patient medical information. It's critical that you enact strong, uniform federal standards designed both to safeguard, on one hand, the confidentiality of patient information and to limit its use for the activities that are appropriate and necessary for the daily functioning of our dynamic health care system.
Probably every person in this room, certainly, every person's family has benefited from medical research that's been done in the last five or six decades. And we need to look forward to what's going to happen in the next five or six decades. The medical research community has to have uniform standards for the performance of clinical and medical investigations.
If we think of a legislation to protect privacy and confidentiality of patients, it's got to protect them from a few, but we need to make absolutely sure that that legislation doesn't build up barriers so that medical researchers can't get access to the information that they need to do further medical research. We don't want to slow and impede medical research; we don't want to do ultimate harm to the generations of people that are depending on it. If you think about it, one of the principles of medicine is to do no harm. So, as I practice medicine, I've always had in my mind, don't injure the patient.
That's relevant to what you're doing here. Your legislation needs to be important to protect the patient, but it shouldn't do harm.
So, if we look forward, and you just think about some of the things that are practically happening today, one of the best places in the country for patient information and population research is been the Mayo Clinic, founded in 1907. From the very beginning the founders of the Mayo Clinic had the foresight to say we'll need to look critically at our own experience. And they did that both in the natural history of diseases, the outcomes of their patients for both surgical and medical intervention.
And if we think about it, they've also been a leader. At the time computers were first invented, the Mayo Clinic was inducting and using patient population information to provide critical data about population diseases in the United States. And they've continued to do that. they're now leaders in the computerized medical records, and they have institutions in Florida, Arizona, and Minnesota.
Now, we heard today, actually, that Minnesota passed a law which made it -- it's made it really practically more difficult for the Mayo Clinic to conduct broad population-based research by requiring specific patient authorizations for the use of patient data. That law started in 1997. And I brought a paper published -- I always like the medical literature, and you should read it today. It was published in 1997, the last few months, and what it shows is compared to 1997, when three percent of the patients refused to have their medical information used for research, in 1999, that very same patient population, 30 percent of the patients refused to respond to the first questionnaire asking for permission. After they did it three additional times over three months, 20 percent of the same patients never responded. Now, of that 20 percent, only 4 percent said, "You can't use my information"; the other 16 percent just didn't respond, they were non-compliant.
Now, if you think about what that means in a statistical sense, if you have a population and you only have 80 percent of the people responding, you have 20 percent of the people are non-responding, and in a vital statistical sense, it makes any conclusions that you'll draw from that population much less valuable, much less higher quality, and perhaps even irrelevant.
Imagine the situation where some of those patients have died and you can never get response. How are we going to get information on critical diseases like cancer and AIDS and heart disease where people are actually dying and can't provide consent for the information?
If I stop, then, and think about another place, let's compare drug development in the United States to drug development in Europe. Almost every pharmaceutical company likes to do drug research in the United States. Why? Because we have relatively uniform FDA standards that are applied by institutions, researchers and hospitals across the United States. Compare that with what goes on in Europe where you have Spain, the United Kingdom, France, Germany and a variety of other countries, each with their own regulatory agency, each with their own set of laws. And what happens, in fact, it's practically much more difficult to do research in Europe. I don't want the United States, with a lot of state laws, to become like Europe. If, as a drug developer, that happens, I'm going to look for a better place to spend my time and money. And ultimately, what that will do is take away some of the leadership that's happened in the United States in terms of drug development.
In other words, the discussion by the previous presenters about outcomes research, one of the things that I'm most proud of, actually, is the National Registry of Myocardial Infarction that's been sponsored by Genentech. It's in 1,500 hospitals across the United States. A recent article showed that, in fact, if you live in a different region of the country, you're less likely to get treatment for your heart attack. It also showed, in fact, that if you're a woman, particularly if you're an older woman, you have about at 25 percent reduced likelihood of getting effective, accurate diagnosis and treatment. Having information across the country is what's going to allow us to deal with outcomes research and improve the quality of medical care, which will translate into savings in terms of the health care delivery system and benefits for our patients.
The last example I want to talk about is genetics and genomics. If you think about it, one of the things that's really powerful about our technology is we're beginning to understand those principles which develop in the patient that affect drug metabolism. The FDA now requires us, in fact, to do sub-population pharmacogenetic analysis for drug development -- older people, younger people, people with kidney functions, Hispanics, black. Why is that? Because safety and efficacy depends upon your genetic and racial background. And the FDA already requires that.
So now we're getting to the situation where we are understanding the genetic basis of drug interaction, safety and efficacy, and we're going to decide to exclude that information from use both in the treatment of patients and understanding how research could relate to drug development. This would be a bad thing.
And to put that in principle, when I was in the 1970s, I was actually told we should exclude women and children from drug studies. In fact, my (RAV ?) at Scripps Clinic excluded women and children because we wanted to protect them. The outcome of that was we had almost no data on the people we've protected. Now, when the drugs were approved based on male studies, they were used in women and children just the same as they were used in men, in the absence of data. We don't want to have the unintended consequences of protecting people and then have them subjected to potential risk and harm because we've protected them.
Now, we have diverse laws governing patient confidentiality potentially developing in every state. This would require that people like myself have tailored programs to do research in every state. The variability, the diversity in different states will create a level of absolutely unnecessary complexity. To address the complexity, researchers will need to spend more time and money to accomplish their research goals. The consequences will be to increase the cost of research, reduce the number of investigations that are done. And if you think about, smaller numbers of more expensive studies are not in the best interest of patients or the country.
If I put this in the context now of where we're at in dealing with the legislation, the point I want to make is that uniformity provisions in the legislation are really critical. And for that reason, I personally favor the legislation that was introduced yesterday by Senator Bennett. Senator Bennett's bill provides very thorough preemption of state law; it creates a uniform, predictable environment for the research community; it replaces current law with a rational, comprehensive program of federal safeguards, responsibilities, limits and penalties. To date, this is the only legislative proposal that would effectively address concerns I addressed earlier, such as those at the Mayo Clinic. It does not sacrifice any of the protections provided the patients.
Conversely, proposals by Senators Kennedy and Leahy, and by yourself and Senator Dodd, could potentially undermine our ability to conduct broad, inclusive population-based research and could subject us to a new federal standard as well as several conflicting state laws.
Your committee has been a vital partner in assuring a stable, fruitful environment for bio-medical research as illustrated by your recent efforts on the Food and Drug Administration Modernization Act. Please understand that the ultimate impact of this issue is no different. It's directly related to innovation and research. Be assured that we, at Genentech and in the industry share your commitment to protecting and safeguarding patient information. After all, patients are our business.
Also understand, though, that the information is the life flood of research and it's necessary for us to have this information in order to basically evolve the health care delivery system and improve quality.
Thank you, again, Mr. Chairman, for providing us this opportunity to address you.
SEN. JEFFORDS: Well thank you.
Ms. Koyanagi.
MS. CHRIS KOYANAGI: Thank you, Mr. Chairman.
My name is Chris Koyanagi, and I'm policy director with the Judge David L. Bazelon Center for Mental Health Law here in Washington. But I am testifying today on behalf of the Consumer Coalition to Health Privacy, which is a coalition of numerous groups representing the interest of those who will use the health system.
We think that privacy is in fact a first principle in terms of enhancing quality of health care. And without trust, patients are not going to use the health system, not fully participate in their treatment. I thought it was interesting how often this morning this issue came up and that you might be interested if I give you some of the statistics in a very recent survey on this question, which is in my full written statement.
I've seen a number of studies on this issue over the years, particularly with respect to mental health treatment. But this was a survey in California of individuals using all kinds of medical care. And one and six people in that survey said they do not believe that they're health care information is used appropriately. We believe it has been used or misused in certain instances. And one and five of them said that they engage in some form of privacy protection such as paying out of pocket, doctor hopping so they don't have a single consolidated medical record. They avoid giving information to their providers or they give inaccurate information or they asked the doctor not to write certain things down.
And I think that this kind of behavior is something to expect if we move forward with legislation that does not provide consumer confidence in this area. Individuals both consumers themselves and the doctors will respond if the legislation is not sufficiently protective. And in the end, this compromises health care quality and it compromises the objectives of the health plans who are in fact seeking weaker privacy protection. In the end, the validity of their own information will not be as good.
We would like to see preemption, which is the issue that I was asked to specifically address this morning. We would like to see the legislation not preempt the existing state laws in this area. Federal legislation should provide a floor of uniformity, but not a (sealing?). And currently, I think it's important to understand that all of the bills introduced and being seriously considered by this committee including Senator Bennett's bill are in fact stronger than nearly all the provisions in nearly all the state laws. The states have not moved aggressively forward in the general privacy protection area, partly because they think it has not major issue with the American public, although, it is increasingly becoming so. And so even the enactment of the weakest provisions that are before you will in fact create for the health plans, a very uniform set of rules for them to follow in terms of privacy protections.
There's also no precedence for over ruling the state's flexibility in this area when you look at civil rights law and federal privacy law. Banking industries, the credit laws, and the communications and all these areas, which are very intrastate in terms of their commerce, allow states to continue to build upon the federal floor and to add greater protections.
I think the experience of some of the states where we do see them more, intense protection for consumer is also important. They are usually in specific areas. Some of them we've sited earlier this morning including by Senator Leahy, the cancer registry in Vermont, where particular states have particular situations where they need certain protections for privacy that may not be thought about in terms of the federal statute.
In addition, where states have moved forward, perhaps, too aggressively and here, I think, it's very important in terms of reassuring some of the health plans and researchers, they have reversed themselves. Maine enacted a highly protective privacy law, was in force a very, very short period of time before it was put on hold because of the implications and the unforeseen consequences of that legislation. In Minnesota, which enacted legislation with respect to research, which is very rare incidentally among the states, also amended it's legislation when it became apparent that that was, in fact, a barrier to legitimate research.
I think the states are quite capable of legislating in this area. They will move forward on specific issues that are important to their constituency in their particular part of the country and they will not behave irresponsibly and if they make mistakes, they will reverse themselves and states, I think, can reverse themselves more quickly than could the federal government. And so, I think it's important for you to continue to allow the flexibility at the state level that is in the Leahy Kennedy Bill and partly, in your legislation, although, in your legislation that would end after a set period of time. And I think also in this area it's important to understand why people request preemption of state laws.
This is legislation is about protecting individual privacy, which I believe that your bill and Senator Leahy's bill truly are and that is the perspective on where the bills begin. Then, there is no reason to restrict states from going further than your federal legislation. On the other hand, if this bill is about making the management problems of multi-state health plans easier, then you would begin from the other end and you would say you want a single uniform standard around the country.
So I think this issue actually goes to the heart of why you are passing legislation. And if you wish to protect patient privacy, I would urge you to permit the states to go beyond whatever may come from the Congress in this first stab at a very difficult area and see what happens if there are, in fact, significant problems with state actions following enactment of the federal law, you can come back and revisit it. But in the meantime, with technology roaring along as some of the members of the committee have pointed out, I think it's very, very important to let the states have that flexibility in the future.
Thank you, Mr. Chairman.
SEN. JEFFORDS: Thank you.
Dr. Curd, the issue of preemption of state laws could be one of the most difficult ones that we're just listening to. If it is safe to assume that Genentech currently uses medical information from all over the United States in it's research, how does it currently deal with the differing state laws?
MR. CURD: We do the best we can and in fact, to be really quite honest with you, when somebody brings with a list of 50 potential sites for a clinical investigation to me, one of the things that goes into the equation about whether we use them or not is their past performance, the difficulties of getting things through their IRB, their ability to enroll. So what I would tell you, for instance, is that the University of California education system is really a pain in the ass. They're really difficult, whereas I can do things at the Mayo clinic or in Utah or in New Mexico or in Texas much easier. And that's time and money and it, ultimately, turns into quality science. If I can enroll a study of 100 patients in three months versus maybe 100 patients in two years it makes an enormous difference to the pace and the quality of research. And so we are influenced by one of the factors being how restrictive or how non-restrictive is it to do research there.
SEN. JEFFORDS: You mentioned the Mayo Clinic in Minnesota. Speak to the California state law and what implication does it have on you?
MR. CURD: Well, right now there's s whole proliferation. I'm actually not qualified to say. I think there are probably six or seven different conflicting bills ongoing now in the state legislature in California, some of them, which will be a nightmare for companies like Genentech. So at least Minnesota at this point has one law and we know what it is. Now what's interesting from my point of view is if I want to work with the Mayo Clinic and I'm actually dealing with Florida, Arizona and Minnesota, does the Minnesota law apply to the Mayo Clinic patients that are in Florida or not? And again, so it makes it more complex and I think the data that I tried to cite about what's going on at the Mayo Clinic with 100-year good record in terms of patient- related research, says that their system's being eroded, may be being devastated by the fact that patients just don't understand what they're consenting to. And in fact, I wanted to quote this one thing. It's just an article that came out in April. They went back to the patients who didn't send in their cards and didn't consent and it said, they talked to them in focus groups. And it said most participation, most participants in the focus groups were unaware that this type of research is the source of most prognostic and outcome data that could be used for making crucial healthcare decisions for themselves. Most patients when they're asked to sign one of these consents are thinking about that important issue of personal private medical information and not about the altruistic things for the society. So again, I think we've got a real dilemma here that requires uniform standards across the US by a body like yourself.
SEN. JEFFORDS: My bill, as well as Senator Bennett's bill, allows state laws to continue with respect to public health activities.
Knowing that you support strong federal preemption, do you support a limited carve-out for public health laws?
MR. CURD: We have a long history of certain public health issues that really are dealt with on the state level -- reportable diseases, infectious diseases, AIDS, some of these things and so I would say yes.
SEN. JEFFORDS: In your testimony you comment that a federal standard that creates a floor will in essence preempt many of the laws that currently exist because they are weaker. Do you believe that it is possible for Congress to pass one uniform standard that is strict enough that the states will not continue to pass tougher laws?
MS. KOYANAGI: Well, obviously where you place the bar will have a lot to do with whether states would continue to legislate in this area, but I think one of the things that's very important to recall is some of the comments earlier this morning that we don't really know today some of the issues that we might be facing even two years from now in terms of privacy with the increased explosion of information systems and use of the Internet. A few years ago we would not have thought about genetics information needing to be protected. So I think that while it's conceivable you could pass a federal bill that is so progressive, in my view, that it would negate the chance that states would add, would even wish to add if they had the flexibility, further protections. I think none of us can be quite sure what might be just around the corner and I do think that states are probably in a better position to act quickly than is the federal government in that area.
SEN. JEFFORDS: Should we consider a legislative proposal that preempts state law except in the areas of mental health, public health reporting and a few other narrow exceptions?
MS. KOYANAGI: Well of course as an advocate for people with mental illness, I'm very, very aware of the particular sensitivity of that information and that some other areas of healthcare. But I think it's reasonable to ask why, if these protections are so important for sensitive information, why they would not be equally useful for all medical information. I think that we really don't fully understand how concerned people can be about the release of what may seem to us to be fairly routine information; this may vary person to person and if it's possible to put in procedures that are fully protective of sensitive information, it should be fairly simple to use those procedures for other information. We would not at this stage suggest picking and choosing in terms of state preemption.
SEN. JEFFORDS: Your testimony you discussed the problems with Minnesota and Maine laws where state legislators went back in to fix some of the provisions. Would you -- some would argue that Congress can learn from these mistakes and create a workable federal standard. Would you agree?
MS. KOYANAGI: I would hope so, yes.
SEN. JEFFORDS: You'd hope, anyway.
MS. KOYANAGI: And we'd love to help you.
SEN. JEFFORDS: All right.
As we have heard today, many state laws are organized by entities, such as hospitals or health plans, and they have separate statutes governing them. As our healthcare system becomes increasingly more integrated, would consistency and standards benefit the patients whereby all entities have the same responsibilities and penalties for violation of the law?
MS. KOYANAGI: Yes. We very strongly support enactment of this legislation. I think it would do much to protect privacy and to create appropriate standards across all healthcare settings and so we very strongly support that.
A concern about the state flexibility is only that this is a new area of law; it's very, very complex. We don't have confidence that we will see the bar on privacy sufficiently high by the time legislation comes out of the Congress and if that is so we just continue to think it's important for states to have additional rights to protect privacy. But yes, I think this legislation is very, very important. We strongly support your moving forward on these bills as soon as possible.
SEN. JEFFORDS: Dr. Curd, any final comments?
MR. CURD: No, I just I think that the key thing here is that the United States is the world's leader in medical research, the quality, the technology and our medical system probably beats everybody else. That didn't happen by chance. It's really happened through a very coordinated effort that's involved medical research, the NIH, the CDC, industry and the cooperation of the whole United States. And that's a very valuable asset and I'd certainly hate to see us lose a position of leadership because we had some unintended consequences of trying to do another very important thing on an individual basis which is protect patient confidentiality.
Every one of us is, or will be, a patient and we want our private rights protected. And if somebody abuses mine I want them punished; but on the other hand, I don't want my children, in 10 years or 15 years, to not have access to important new treatments because we couldn't get population data that told us what needed to be done.
SEN. JEFFORDS: Thank you.
I'm very sensitive to your comments and watching it very closely. Of course we also have NIH and a few other organizations like that under our review, so we have -
MR. CURD: Well, we're counting on you.
SEN. JEFFORDS: All right. Thank you very much.
And I want to thank all the witnesses. Members will have an additional two weeks to ask questions of the witnesses and at this point I'm ready for lunch.
END
LOAD-DATE:
April 29, 1999
Document 43 of 45.
Search Terms: health information privacy, House or Senate or Joint
To narrow your search, please enter a word or phrase:
Copyright © 2002, LEXIS-NEXIS®, a division of Reed Elsevier Inc. All Rights Reserved.
