Skip banner
HomeHow Do I?Site MapHelp
Return To Search FormFOCUS
Search Terms: medical w/5 information w/5 privacy, House or Senate or Joint

Document ListExpanded ListKWICFULL format currently displayed

Previous Document Document 109 of 124. Next Document

More Like This
Copyright 1999 Federal News Service, Inc.  
Federal News Service

 View Related Topics 

APRIL 27, 1999, TUESDAY

SECTION: IN THE NEWS

LENGTH: 4088 words

HEADLINE: PREPARED TESTIMONY OF
CHRIS KOYANAGI
POLICY DIRECTOR
JUDGE DAVID L. BAZELON CENTER FOR MENTAL HEALTH LAW
ON BEHALF OF THE CONSUMER COALITION FOR HEALTH PRIVACY
BEFORE THE SENATE COMMITTEE ON HEALTH, EDUCATION, LABOR AND PENSIONS
SUBJECT - THE CONFIDENTIALITY OF MEDICAL INFORMATION

BODY:

I. INTRODUCTION AND OVERVIEW
Mr. Chairman and Members of the Committee: I very much appreciate the opportunity to testify before you today on the preemption of state laws relating to medical privacy, confidentiality, and security. I am Chris Koyanagi, Policy Director for the Judge David L. Bazelon Center for Mental Health Law in Washington D.C. The Bazelon Center is a legal advocacy organization concerned with the rights of persons with mental impairments.
I testify today on behalf of the Consumer Coalition for Health Privacy (CCHP), a broad coalition of consumer, disability and patient advocates. The mission of the Consumer Coalition for Health Privacy is to educate and empower healthcare consumers to have a prominent and informed voice on health privacy issues at the federal, state, and local levels. Members of the coalition are committed to the development and enactment of public policies and private standards that guarantee the confidentiality of personal health information and promote both access to high quality care and the continued viability of medical research. The Coalition is an initiative of the Health Privacy Project, Georgetown University Medical Center.
As a member of the Coalition's Steering Committee, I have been working with my colleagues in the disability rights, consumer, and patient advocacy communities to make the case that protecting privacy must be a "first principle" of enhancing the quality of health care, of fostering research and public health initiatives, and of broadening access to critical health care services. We believe that without trust that the personal sensitive information that they share with their doctors will be handled with some degree of confidentiality, patients will not fully participate in their own health care.
A survey released by the California HealthCare Foundation in January 1999 found that" public distrust of private and government health insurers to keep personal information confidential is pervasive. No more than about a third of U.S. adults say they trust health plans (35%) and government programs like Medicare (33%) to maintain confidentiality all or most of the time."1 The consequences of such distrust -- real or perceived -- are significant. The Foundation's survey identified that:
- One in every six people believe their health information has been used or disclosed inappropriately.
- One of five people engage in some form of "privacy- protective" behavior when they seek, receive or pay for health care in this country. Such behavior includes paying out of pocket for care; intentionally seeing multiple providers to avoid the creation of a consolidated record; giving inaccurate or incomplete information on a medical history; asking a doctor to not write down the health problem or record a less serious or embarrassing condition; and even not seeking care to avoid disclosure to an employer.
The consequences of people not fully participating in their own care are quite troubling, for individual patients as well as the larger community. For instance, incomplete or inaccurate information can hamper a doctor's ability to accurately diagnose and treat a patient, inadvertently placing a person at risk for undetected and untreated conditions. In turn, if doctors are receiving incomplete, inaccurate information, the data they disclose for payment, research, public health reporting, and outcome analysis will be unreliable. Ultimately, information that lacks integrity at the front end will lack integrity as it moves through the health care system. Thus, protecting patient privacy is integral both to improving individual care, and to the success of public health initiatives and quality of care.
Members of the Consumer Coalition are keenly aware of the importance of good, solid data for research. As health care patients and providers, our members stand to benefit the most from advances in research, public health initiatives, and improvements in quality of care. People with disabilities, in particular, are frequent users of health care services, and are also deeply invested in ensuring that the health care system operates efficiently and effectively. As such, the Consumer Coalition for Health Privacy is committed to ensuring that protecting privacy and promoting health are values that must go hand-in-hand.
Towards this end, the Consumer Coalition has established a set of health privacy principles to guide our efforts (see attached principles and sign-on). We believe that public policy in this area should guarantee individuals: a right to see their own medical records; the ability to exercise voluntary, informed choices about the use of their health information; a court order or warrant requirement for law enforcement access to medical records; and a comprehensive set of enforcement mechanisms.
We hope that Congress will meet the deadline established in the Health Insurance Portability and Accountability Act (HIPAA) to pass comprehensive health privacy legislation by August 1999, and we also hope that the new law will go a long way in helping us to meet these public policy goals set forth in our principles. However, in many ways, one of the most critical issues for the Coalition is preemption. The Coalition arrived at a firm consensus that "federal legislation should provide a floor for the protection of individual privacy rights, not a ceiling."
All three of the health privacy bills pending in the Senate preempt weaker state laws. At issue here is how a federal health privacy law will relate to existing and future stronger state laws. Will Congress choose to establish a federal "floor" above which states would be free to enact greater protections? Or will the federal law fully preempt state laws by creating a "ceiling," thus eliminating both weaker and stronger state laws and preventing the passage of future stronger state laws.7 All three health privacy bills take a different approach to preemption:
- S. 573, Medical Information Privacy and Security Act (MIPSA), introduced bySenator Patrick Leahy (D-VT) and Senator Edward Kennedy (D-MA), proposes establishing a federal floor that would eliminate all weaker state laws, while allowing heightened state protections to stand.2
- S. 578, Health Care Personal Information Nondisclosure Act of 1999 (Health Care PIN Act), introduced by Senator James Jeffords (R-VT) and Senator Christopher Dodd (D-CT), proposes to grandfather in existing state laws with heightened protections, and establishes an 18 month window in which states can pass stronger laws until total preemption is the prospective rule.
 
- A draft bill circulated by Senator Robert Bennett (R- UT), Medical Information Protection Act of 1999, proposes to fully preempt state laws that extend heightened protections. State laws providing greater protection than the federal law would be eliminated, and states would be prohibited from passing medical privacy laws in the future.
Only the approach embodied by S. 573, the Leahy/Kennedy bill, mirrors the Coalition's principle on preemption.

Again, we strongly oppose federal preemption of state laws that provide greater consumer protections -- including heightened safeguards for certain medical conditions and circumstances. Our testimony today is intended to demonstrate that the federal law should establish a floor of protections, not a ceiling. We believe that a fully-preemptive federal law in this area is unprecedented, unwise, and may be a danger to public health.
Our testimony highlights specific state laws at risk of being preempted under a total preemption approach, as reflected in the Bennett draft. It should be emphasized, however, that preemption is a moving target. Until there is a consensus bill, it will be impossible to determine the full impact of preemption.
The Consumer Coalition for Health Privacy opposes the preemption of stronger state laws for the reasons outlined in this testimony.
II. THE NEED FOR UNIFORMITY
Congress will create a high level of uniformity simply by preempting weaker state laws. Passage of any of the proposed Senate bills will result in substantially greater uniformity, given that all three bills preempt weaker state laws. Simply by preempting these weaker state laws, Congress will eliminate the vast majority of state laws and create a high degree of uniformity.
Preliminary research on state health privacy laws conducted by the Health Privacy Project shows that most state laws governing the broad areas sought to be regulated by the federal bills -- patient access to records, notice of information practices, patient authorization for disclosure, remedies for violation of the law -- would fall under the floor laid down by the Senate bills.
Consider the state of affairs today: health care entities that do a great deal of business across state lines are currently required to comply with fifty different -- and often conflicting -state laws. At the same time, the vast majority of these laws are weaker than the standards proposed in all three Senate bills. Therefore, far from adding additional burdens, the federal law will provide a substantial degree of uniformity simply by preempting weaker state laws. A federal floor -- if it is set at an appropriate level -- will actually standardize the vast majority of health privacy and security practices. Moreover, there is no evidence that the interplay between state and federal laws in these areas significantly interferes with interstate commerce. The Right to Financial Privacy Act, the Fair Credit Reporting Act, and the Electronic Communications Privacy Act regulate the banking, credit, and communications industries, all of which conduct extensive business across state lines. All of these laws, however, leave states free to enact more protective laws as they see fit.
III. PRECEDENT IN FEDERAL CIVIL RIGHTS AND PRIVACY LAW
No precedent exists in federal privacy or civil rights law for preempting stronger state laws. In the past, when Congress has considered preemption, it has recognized the importance of allowing states to address issues unique to the states and their citizens. Historically, the federal government establishes a "floor" of protections, leaving the states free to provide greater protections.
The proponents of total preemption express fear that states will pass laws that are "too privacy protective," thereby interfering with important health-related activities. But the facts are reassuring: states have been quick to respond to the concerns of health care plans, researchers and others. Where a "privacy protection" was deemed to interfere with vital health care functions, states have quickly amended their laws. Minnesota, for example, amended a law relating to researcher access to medical records after hearing objections from health care organizations in the state. More recently, Maine postponed implementation of a health privacy law after objections on the part of press and family members.
Many states are considering pending health privacy bills, in an attempt to fill the vacuum created by the existing gap in federal health privacy law. However, in the past, following the passage of comprehensive federal legislation, the momentum behind such state initiatives drops significantly. After passage, state activity is likely to reflect the standards proposed in the federal law, thereby increasing uniformity.
IV. STATE LAWS MORE DETAILED AND NUANCED
State health privacy laws address a level of detail not found in any of the federal proposals. For the most part, state health privacy laws are organized by entity, and the statutes include requirements and specifications explicitly related to that entity. There may be separate statutes governing many different entities: employers, nursing homes, Health Maintenance Organizations, health and life insurers, psychiatrists, chiropractors, hospitals and insurers.
In addition, there are numerous issues traditionally acted on at the state level that include privacy provisions. These include anti- discrimination laws, commitment proceedings for the mentally ill, adoption, foster care, mental health treatment, reproductive health, parental involvement, partner notification, and abuse and neglect. In comparison, the federal proposals have, on the whole, treated all health care organizations in a similar fashion. The federal proposals have also established -- with a broad brush -- general rules about the use or disclosure of health information. These rules will address the vast majority of circumstances in which health information is used and disclosed, but they do not approach the level of detail that has been developed at the state level over many years.
California law provides patients a right to see and copy their own medical record, as do all the Senate proposals. The state law, however, also explicitly provides that access can not be denied because the individual owes money for past services.3
- Maryland has an intricate statutory system for dealing with mental health records. The disclosure of mental health records is governed by the state's Confidentiality of Medical Records Act. One provision stipulates that mental health records may not be disclosed between health care providers that participate in an approved plan of a core service agency/4 for the delivery of mental health services unless a patient has received a current list of the participating providers and has signed a written agreement to participate in the client information system developed by the agency.5
- Vermont requires the Health Commissioner to maintain a cancer registry and to keep all information confidential, except in limited circumstances.6 Most of the Senate bills would allow for greater disclosure of the information maintained in the registry than is currently permitted under Vermont law. Many states have established similar cancer registries by statute.
Such a level of detail is not even contemplated by any of the federal proposals, and regulating these spheres is clearly not the intent of any of the federal proposals. By fully preempting state law, Congress would likely preempt important state laws without providing an equal level of guidance, or necessary protections.
V. VALUE OF "HEIGHTENED PROTECTIONS" AT THE STATE LEVEL
All of the proposed Senate bills treat all health information the same. Unlike the state laws, the proposals do not establish specific rules for certain kinds of information.
The result is that even the strongest federal proposals have not set the bar as high as some state laws. If any of the current federal health privacy proposals were to pass with a preemptive federal ceiling included, the citizens of some states would actually forfeit the protections they are now guaranteed under their state laws.
- California has enacted a number of HIV/AIDS specific confidentiality laws, covering testing, reporting, partner notification, and discovery. The results of an HIV/AIDS test may not be disclosed in a form that identifies an individual, without patient consent for each disclosure, except in very limited circumstances. For instance, a physician or local health officer may disclose HIV test results to the sex or needle-sharing partner of the patient without consent, but only after the patient refused or was unable to make the notification. The law also requires patient authorization in more circumstances than provided for under the Senate proposals. In California, an individual's health care provider may not disclose to another provider or health plan without written authorization, unless to a provider for the direct purposes of diagnosis, care, or treatment of the individual.

7
- In Georgia, heightened protection is given to information derived from genetic testing. This information is considered to be strictly confidential and may be released only to the individual tested and to persons specifically authorized by such individual to receive the information. Any insurer that possesses information derived from genetic testing may not release the information to any third party without the explicit written consent of the individual tested.8
- New York has a comprehensive set of statutes providing additional protection of the confidentiality of HIV related information. New York generally prohibits the disclosure of HIV related information without the patient's consent. Accordingly, a patient's consent to the release of HIV related information specifically limits to whom disclosure may be made, the purpose for such disclosure and the time period during which the release is effective. Unlike the federal proposals, a general authorization for the release of medical information does not encompass the disclosure of HIV related information unless it specifically states so.9 In enacting these statutes, the New York legislature expressly stated that it intended to "encourage the expansion of voluntary confidential testing for ...HIV so that individuals may come forward, learn their health status, make decisions regarding the appropriate treatment, and change the behavior that puts them and others at risk of infection."10
- Tennessee law stipulates that the State Department of Health records on STDs may not be released even under subpoena, court order, etc. unless the court makes a specific finding concerning each of five criteria including: weighing probative value of the evidence against the individual's and public's interest in maintaining its confidentiality; and determining that the evidence is necessary to avoid substantial injustice to the party seeking it and either that the disclosure will not significantly harm the person whose records are at issue or that it would be substantially unfair as between the requesting party and the patient not to require disclosure.11 This standard is higher than the standard established in both the Jeffords/Dodd and the Bennett/Mack bills.
Many states have laws similar to the ones cited above for certain information such as mental health, genetic tests, and HIV/AIDS. Again, none of the federal proposals reach these levels of protection. In some circumstances, states enacted these heightened protections to respond to critical public health issues. Wiping out such laws could create a public health crisis, leaving people vulnerable by undoing protections that encourage people to seek testing, counseling, and treatment for a number of conditions.
VI. THE DANGER OF UNINTENDED CONSEQUENCES
Laws relating to the confidentiality of medical information are found throughout state codes. In California, for example, citizens have a right to privacy in the State Constitution. Major statutes are found in the Civil Code, the Insurance Code, the Health and Safety Code, the Penal Code, and the Welfare and Institutions Code. The laws cover a wide range of activities including treatment, payment, insurance- related activities, peer review, research, and prescribing drugs. Most importantly, states have developed bodies of law around discreet issues -- that touch on the use of health information -- such as anti- discrimination, worker's compensation, parental involvement, adoption, HIV/AIDS parmer notification, and access by law enforcement, and even real estate.
It is not possible to predict in advance the full impact of such broad preemption on state law and consumer protections. The "relating to" language used to preempt state law in some federal proposals casts a wide net in terms of the state laws that would be eliminated completely. The preemption of all state law "related to" the federal law could have significant unintended consequences.
- At risk of being preempted is a California law that prohibits insurers from discriminating on the basis of a person's "genetic characteristics that may, under some circumstances be associated with disability in that person or that person's offspring." The law includes a provision on authorization requirements for the disclosure of genetic information, which may open up the entire statute to preemption.12
A larger issue is at hand. Many state health privacy laws were enacted specifically to address public health concerns. Mental health and HIV/AIDS confidentiality laws, for example, were enacted specifically to encourage people to seek appropriate care, without fearing harmful reprisals.
The states are best equipped to respond to many new, unique, and inherently local challenges in health care and public health. It is impossible to predict what issues will require prompt attention in the future, but a preemptive federal law would prevent states from responding at all.
VII. CONCLUSION
Most importantly, Congress will create a high level of uniformity simply by preempting weaker state law with a strong federal law. This is true under any of the three Senate health privacy proposals- the research of state health privacy laws bears this out. Thus, there is no overriding justification to totally preempt state law in order to achieve substantial uniformity.
The interests of health care consumers and providers will be best served by Congress establishing a federal floor that leaves the states free to enact greater protections, as Congress has done for every other privacy and civil rights laws, regardless of how complex or interstate the area to be regulated. Such a solution would allow the states to address the specific- and unique needs of their citizens while providing a great deal of national uniformity regarding the use and disclosure of health information. A federal ceiling, on the other hand, could have profound negative consequences for consumers and health care providers by inadvertently eliminating important protections, or restricting the ability of states to respond to the privacy needs of their residents.
Passage of a federal health privacy law will necessarily involve compromises. The stakeholders are diverse, as are the states and their constituencies. It is appropriate that the federal law would reflect these compromises, but it raises a troubling possibility: that the federal law will set a relatively low standard and preempt state law. This is the worst-case scenario. The result would be to eliminate existing state protections without replacing them with comparable federal standards, locking the states out of taking steps to address local health needs.
We urge this Committee, and the rest of the Congress, to resist the proponents of total preemption. Such a radical approach would undo legal protections put in place by states responding to pressing public health concerns.
In order to encourage people to seek testing, counseling, treatment, and other health care services, many states have established heightened protections for people with mental illness, HIV/AIDS, drug and alcohol dependence, and other circumstances where people face stigma, discrimination, and embarrassment. If these safeguards were wiped off the books, as they would be under the Bennett draft bill, the most vulnerable people in our communities would immediately be put at risk of exposure, and faced with the creel choice of either protecting their privacy or seeking health care. Such a result, we believe, would substantially undermine state -and national -- health initiatives.
Rather than undermining our nation's existing system of checks and balances, we should continue the tried and true practice of allowing states to decide when it is appropriate to provide consumer protections stronger than the federal law.
FOOTNOTES:
1 The poll was conducted for the Foundation by Princeton Survey Research Associates. The survey topline is available at http://www.chcf.org.
2 A companion bill, H.R. 1057, was introduced in the House of Representatives by Representative Edward Markey (D-MA)
3 California Health and Safety Code, Section 123100 et seq.
4 A "core service agency" is an organization approved by the Mental Hygiene Administration to manage mental health resources and services in a designated area or to a designated target population. Md. Health - General Code Ann. Sec. 4-307(a)(3) (1999).
5 Maryland Id. At Sec. 4-307 (e).
6 18 V.S.A. Sections 154 et seq.
7 See California Health and Safety Code, Section 120975 et seq; 121015 et seq, Insurance Code, Section 799 et seq.
8 Ga. St. 33-54-3.
9 NYCLS Public Health Law Sec.2780 et seq.
10 NY Laws 1988, ch 584, Sec. 1.
11 Tenn. C.A. Sec. 68-10-113 6(A).
12 Insurance Code, Section 10140 et seq.
END


LOAD-DATE: April 28, 1999




Previous Document Document 109 of 124. Next Document


FOCUS

Search Terms: medical w/5 information w/5 privacy, House or Senate or Joint
To narrow your search, please enter a word or phrase:
   
About LEXIS-NEXIS® Congressional Universe Terms and Conditions Top of Page
Copyright © 2002, LEXIS-NEXIS®, a division of Reed Elsevier Inc. All Rights Reserved.