Gore renews call for health information privacy

Four key areas in the electronic bill of rights

Vice President Al Gore has renewed the call for an electronic bill of rights and has announced new steps toward making the bill a reality.

"We need an electronic bill of rights for this electronic age," Vice President Gore said in a July 31 speech in Washington, DC. "You should have the right to choose whether your personal information is disclosed. You should have the right to know how, when, and how much of that information is being used, and you should have the right to see it yourself to know if it's accurate."

Gore began the call for an Electronic Bill of Rights to protect Americans' privacy in an address at New York University last May.

In the newest speech, he announced new action in four key areas:

r Protecting sensitive personal information.

"The administration has proposed strong medical privacy recommendations and urged Congress to pass legislation that gives Americans the privacy protections they need," he said. "If Congress does not pass strong medical privacy legislation, the administration fully intends to implement privacy protections consistent with the authority given to us by the law."

(For information about the proposed rule to establish standards for the security of health information, see story, p. 159.)

Needed: Unique health identifiers

In 1996, Congress directed the Department of Health and Human Services in Washington, DC, to develop standards for unique health identifiers under the Health Insurance Portability and Accountability Act of 1996. "However, because the availability of these identifiers without strong privacy protections in place raises serious privacy concerns, the administration is committed to not implementing the identifiers until such protections are in place," Gore said.

Health care organizations applauded Gore's comments. The American Health Information Management Association (AHIMA) in Chicago says it is pleased that the administration is taking this position.

Once confidentiality protections are in place, AHIMA supports the implementation of unique health identifiers. "The development of unique health identifiers is part of a movement to use technology to enhance patient care. AHIMA supports the use of technology - especially computer-based patient records - in patient care as long as it's safe and effective and places the needs of patients above all else," says Linda L. Kloss, RRA, AHIMA executive vice president and CEO.

The Chicago-based American Hospital Association also agrees. "There was nothing in Gore's speech that we didn't agree with," says Dionne Dougall, assistant director of media relations for the AHA in its Washington, DC, office.

"We just want to make sure that federal safeguards are already in place [before implementing the identifiers] to ensure that everyone's medical records are protected and that the providers who need to see them can see them," she says.

The other key areas of the electronic bill of rights include:

r Stopping identity theft.

The administration is calling for strong penalties for so called "identity theft," which is the fraudulent use of another person's identity to facilitate the commission of a crime, such as credit card fraud. The administration also supports making it a federal crime to obtain confidential customer information from a bank by fraudulent means.

r Protecting children's privacy on-line.

Gore said the administration will seek legislation that would specify a set of fair information principles applicable to the collection of data from children, such as a prohibition on the collection of data from children under age 13 without prior parental consent. The Federal Trade Commission would have the authority to issue rules to enforce these standards.

r Urging voluntary private sector action to protect privacy.

The administration will monitor the progress of on-line industry self-regulation to ensure that the commitments made by companies are implemented, that the enforcement mechanisms are effective, and that the numbers of companies and organizations participating in the self-regulation expands so that the efforts become sufficiently broad-based, he said.

Informing the public

The administration also will work with the private sector, the privacy and consumer advocacy communities, and nonprofit organizations to develop a public education campaign to inform individuals about how they can choose how their personally identifiable information is collected and disseminated and about what technologies can make that choice possible.

Finally, the Office of Management and Budget will be given responsibility for coordination of privacy issues, drawing on the expertise and resources of other government agencies. "This will help improve the coordination of U.S. privacy policy, which cuts across the jurisdiction of many federal agencies," Gore said.