The trusted source for
healthcare information and
HHS begins working on its own regulation
Major differences in bills introduced in the U.S. House and Senate prevented any significant movement toward the passage of patient confidentiality legislation as the August deadline approached, says Kathleen Frawley, JD, MS, RRA, vice president for legislative and public policy services for the American Hospital Information Management Association in Chicago.
The Health Insurance Portability and Accountability Act (HIPAA) of 1996 requires Congress to pass legislation governing electronic health information before Aug. 21, 1999. If Congress fails to act by that time, the responsibility for the regulation will pass to the secretary of Health and Human Services (HHS) in Washington, DC, with a final rule required by February 2000.
The Senate Committee on Health, Education, Labor and Pensions (HELP) has attempted at least four times to "mark up" federal records legislation. The "Health Information Confidentiality Act of 1999," which combined features of bills introduced by Sens. Patrick Leahy (D-VT) and Edward Kennedy (D-MA), Robert Bennett (R-UT) and Connie Mack (R-FL), Jim Jeffords (R-VT), and Christopher Dodd (D-CT), was comprehensive in scope and applied to medical records in both paper-based and electronic formats. On June 16, Jeffords (R-VT), committee chairman, again postponed a committee vote on the bill.
Lack of agreement slows bill
Serious disagreement on these issues was behind the lack of progress on moving a bill forward:
• whether federal legislation would preempt state laws that afford more privacy protection;
• whether an individual would be able to bring a lawsuit against a party that violated his or her confidentiality;
• how much access law enforcement should have to medical records;
• how much access parents or guardians should have to a minor’s health records.
Democrats on the committee, led by Kennedy, refused to accept compromises that would have put a dollar cap on the damages for which individuals could sue for a violation of their privacy, as well as a provision to clarify state oversight of minors’ privacy rights.
Frawley predicts the legislation markup won’t happen until after the August recess, at the earliest. "Sen. Jeffords is hoping to have resolved these issues after Labor Day and to hold the markup," she notes. "But because of the four issues [of contention] that are key, it could reach a point that he is not able to move a bill forward."
The bickering continued during a July 15 hearing held by the House Commerce Committee’s subcommittee on health. The focus of the hearing was to get public reaction on the latest medical record privacy bill, H.R. 2470, the "Bipartisan Medical Information Protection and Research Enhancement Act," introduced by Rep. Jim Greenwood (R-PA). Committee Democrats who attended the hearing were disturbed that other bills, introduced by Democrats, were not also to be discussed, according to AHA (American Hospital Association) News.
What might happen next
With Congress at a standoff, the staff at HHS began working on a regulation. "They know [the department] would have to introduce a notice of proposed rule making in the Federal Register this fall to allow time for the 90-day comment period required before a final rule can go into effect," Frawley says.
However, she notes, Congress missing its deadline does not necessarily take the medical privacy ball from its court. "[Congress] could extend the deadline by passing legislation giving itself more time, or the deadline could come and go and Congress could continue to do work on bills. The HHS secretary and the administration have urged Congress to enact legislation."
Another issue is that while most observers believe that HHS’s authority under HIPAA is limited to electronic data, the department has sought a legal opinion regarding its authority to reach beyond electronic records and attempt to regulate all medical records in all forms, according to a report from the Joint Healthcare Information Technology Alliance (JHITA) in Washington, DC.
Some members of Congress may attempt to postpone, not only the HIPAA privacy regulations, but all of the HIPAA standards that are in process, JHITA says.