Congress takes divided approach to confidentiality

AHIMA speaks out on provisions in new bills

Everyone seems concerned about the confidentiality of health information, but no one seems to agree on how to best ensure confidentiality is maintained.

In fact, the current legislative agenda has at least four separate bills dealing with the issue of confidentiality, but nothing has reached the president’s office for a signature. The proliferation of bills and heated debates could mean that ethics committees will have no clear guidance on developing a policy that complies with any new legislation until the last minute.

What’s more, time is running out: The Health Insurance Portability and Accountability Act of 1996 mandates that Congress pass health information confidentiality legislation by Aug. 21, 1999.

One industry group, the American Health Information Management Association (AHIMA) in Chicago, is becoming outspoken on the issue and saying Congress is taking the wrong approach.

The problem exists in three bills introduced to Congress on March 10. Senate bill 573 and its House of Representatives counterpart, HR 1057, include provisions that ultimately could endanger health information — not protect it, attests Linda L. Kloss, RRA, executive vice president and CEO of AHIMA.

S 573 is sponsored by Sen. Patrick J. Leahy, (D-VT), and HR 1057 is sponsored by Rep. Edward J. Markey, (D-MA). The bills, both named the Medical Information Privacy and Security Act, aim ’to provide individuals with access to health information of which they are a subject, ensure personal privacy with respect to health care-related information, impose criminal and civil penalties for unauthorized use of protected health information, provide for the strong enforcement of these rights, and protect States’ rights.”

However, S 573 and HR 1057 contain provisions that would fail to preempt state health information confidentiality laws comprehensively, leaving in place the current patchwork of state laws and rules federal intervention is supposed to remedy, Kloss says. She also is concerned that these bills would treat various types of health information differently and make it impossible to maintain uniformly high standards for the management of records.

’Currently, each state has different laws and rules for maintaining health information confidentiality. Some states have none,” she says. ’AHIMA members know that the confusion caused by this lack of consistency can lead to errors and potentially breaches of confidentiality.”

The third bill, S 578, the Health Care Personal Information Nondisclosure Act, also known as the PIN Act, fails to include comprehensive preemption language, she says. S 578 is sponsored by Sen. Jim Jeffords, (R-VT) and aims to ’ensure confidentiality with respect to medical records and health care-related information, and for other purposes.”

’One of the goals in the effort to develop federal confidentiality laws or rules is to create a single national standard that establishes a high level of protection for everyone,” Kloss says. ’These bills fall short of that goal.”

In addition to the preemption issue, provisions in S 573 and HR 1057 that codify different levels or methods of protection for various kinds of patient information are problematic, she says.

’All health information is important and deserves equal protection. Treating mental health information, genetic information, and other health information differently would add to the confusion and increase the potential for errors. It also incorrectly implies that one type of health information is more important than another,” she explains.

’Professionals know that waving a red flag over certain portions of a record in the name of protection may have the opposite effect. People are curious by nature and may be drawn to a record’s flagged portions,” she says.

Kloss also says that one provision’s concept of giving patients the choice of computer or paper-based records is unrealistic. ’The premise of this provision is a fallacy. Computer-based patient records are safe and no less prone to confidentiality breaches than paper records,” she says. ’In fact, it’s possible to build safeguards into computer-based patient record systems that limit access to records and/or keep a record of who has attempted to access them. These kinds of safeguards cannot be built into paper-based systems.”

The mentioned provision also does not take into account the many benefits of computer-based patient records, Kloss says. Those include:

  • enhanced patient care;
  • more accurate data for research;
  • greater overall efficiency/cost effectiveness;
  • technology-based confidentiality protections.

’It’s also important to note that no other type of businesses are mandated to give customers a choice between doing business electronically or on paper,” she points out.

Even with the problems with the current legislation, AHIMA will continue to work with Congress and the Clinton administration as it has over the past several years. The goal is ’to produce meaningful, effective confidentiality legislation,” Kloss says.

AHIMA has publicly endorsed a fourth bill, however, which contains language that addresses many of these problems. S 881, the Medical Information Protection Act (MIPA), was introduced in late April by Sen. Robert Bennett (R-UT). Key provisions of S 881 and the reasons they are important, according to AHIMA, include the following:

• Preemption of state confidentiality laws: Federal legislation should produce a single national standard for handling patient records. By preempting current state confidentiality laws, MIPA would create strong national standards that patients could understand and health care provid ers could follow. ’Having 50 separate laws creates confusion and puts health information at risk,” says Kloss. ’As long as the federal law is strict and really protects health information, as a nation we can feel comfortable about preempting state laws.”

• Same treatment for all health information: Employing unique methods for handling various kinds of health information, such as mental health and genetic information, while perhaps well-intended, in the end makes health information more vulnerable.

• Patient access to their records: MIPA would give patients the right to see and obtain copies of their records as well as ensure their accuracy.

• Patient consent for disclosures to third parties: Third parties, such as marketers, would be able to gain access to information only if patients give their consent beforehand.