Congress tackles health info confidentiality

Association concerned about provisions in bills

Everyone, it seems, is concerned about the confidentiality of health information, but one association is saying that Congress is taking the wrong approach to the issue.

The problem exists in three bills introduced to Congress on March 10. Senate bill 573 and its House of Representa-tives counterpart, HR 1057, include provisions that ultimately could endanger health information — not protect it, attests Linda L. Kloss, RRA, executive vice president and CEO of the American Health Information Management Association (AHIMA) in Chicago.

S. 573 is sponsored by Sen. Patrick J. Leahy, (D-VT). H.R. 1057 is sponsored by Rep. Edward J. Markey, (D-MA). The bills, both named the Medical Information Privacy and Security Act, have the following goals:

1. provide individuals with access to health information of which they are a subject;

2. ensure personal privacy with respect to health care-related information, impose criminal and civil penalties for unauthorized use of protected health information;

3. provide for the strong enforcement of these rights and protect states’ rights.

However, S. 573 and H.R. 1057 contain provisions that would fail to comprehensively preempt state health information confidentiality laws, leaving in place the current patchwork quilt of state laws and rules federal intervention is supposed to remedy, Kloss says.

Inconsistent laws add to confusion

She also is concerned that these bills would treat various types of health information differently and make it impossible to maintain uniformly high standards for the management of records.

"Currently, each state has different laws and rules for maintaining health information confidentiality. Some states have none," Kloss explains. "As health information management (HIM) professionals, AHIMA members know that the confusion caused by this lack of consistency can lead to errors and potentially breaches of confidentiality."

A third bill, S. 578, the Health Care Personal Information Nondisclosure Act, also known as the PIN Act, fails to include comprehensive preemption language, she notes.

S. 578 is sponsored by Sen. Jim Jeffords (R-VT) and aims to ensure confidentiality with respect to medical records and health care-related information and for other purposes.

"One of the goals in the effort to develop federal confidentiality laws or rules is to create a single national standard that establishes a high level of protection for everyone," Kloss says. "These bills fall short of that goal."

In addition to the preemption issue, provisions in S. 573 and H.R. 1057 that codify different levels or methods of protection for various kinds of patient information are problematic, Kloss says.

"All health information is important and deserves equal protection. Treating mental health information, genetic information, and other health information differently would add to the confusion and increase the potential for errors. It also incorrectly implies that one type of health information is more important than another," Kloss explains.

"HIM professionals know that waving a red flag over certain portions of a record in the name of protection may have the opposite effect. People are curious by nature and may be drawn to a record’s flagged portions."

Should patients have a choice?

Kloss also says that one provision’s concept of giving patients the choice of computer or paper-based records is unrealistic.

"The premise of this provision is a fallacy. Computer-based patient records are safe and no less prone to confidentiality breaches than paper records," she says. "In fact, it’s possible to build safeguards into computer-based patient record systems that limit access to records and/or keep a record of who has attempted to access them. These kinds of safeguards cannot be built into paper-based systems."

The mentioned provision also does not take into account the many benefits of computer-based patient records, notes Kloss. Those benefits include:

    enhanced patient care;
    more accurate data for research;
    greater overall efficiency and cost effectiveness;
    technology-based confidentiality protections.

"It’s also important to note that no other type of businesses are mandated to give customers a choice between doing business electronically or on paper."

Even with the problems with the current legislation, AHIMA will continue to work with Congress and the Clinton administration as it has over the past several years. The goal is "to produce meaningful, effective confidentiality legislation," Kloss says.