Leading health experts and researchers say the nation’s medical privacy is slowly being sacrificed by Congress and government bureaucrats to big business interests even though most Americans prefer to keep their medical records concealed.
Last month the Bush administration called for the public’s input on a “final” medical privacy rule that the Department of Health and Human Services – which is accepting comments until April 26 – says will keep medical records safe “while improving access to care.”
The “federal privacy regulations guarantee patients full access to their medical records, give them more control over how their personal information is used and disclosed, and provide a clear avenue of recourse if their medical privacy is compromised,” said HHS Director Tommy Thompson, in announcing the administration’s policy March 21.
But according to Robin Kaigh, a New York lawyer who has tracked medical privacy since the passage of the 1996 Health Insurance Portability and Accountability Act, changes suggested by the administration reduce a patient’s ability to decide who can view medical records by removing consent forms for treatment, payment and health care operations.
That assessment was confirmed by the Institute for Health Freedom, which adds that the administration’s rule changes would also allow a person’s genetic information to be disclosed.
“This rule actually does the reverse of giving privacy – it allows the federal government to decide who should have access to every citizen’s medical records,” Kaigh told WorldNetDaily. “For example, without the need for patient consent or for subpoena or advance notice to the doctor the federal government can access medical records. It was a provision that was written during the Clinton administration but left intact by Bush.”
The reason, she says, is because the administration feels the HHS Office for Civil Rights “needs to access medical records in order to make sure that our privacy is being protected by the doctor or hospital.”
“The logic is that they need to invade our privacy to protect our privacy,” she added.
In addition, under both the Bush and Clinton versions of the rule, medical records can be disclosed without patient consent for oversight of the health care system, Food and Drug Administration monitoring, public health surveillance, law enforcement activities, research under certain conditions and other uses.
According to Thompson, however, the rule changes favored by the administration would “strengthen notice provisions and remove consent requirements hindering access to care.”
“As written, the privacy rule’s general requirement that patients give prior consent on privacy practices before receiving treatment created serious unintended consequences that interfere with patients’ access to health care. For example, patients could be required to visit a pharmacy in person to sign paperwork before a pharmacist could fill their prescriptions,” said HHS, in its March 21 statement.
Thompson added that the proposed changes assure “appropriate parental access” to a child’s medical records and “would explicitly require pharmacies, health plans and other covered entities to first obtain the individual’s specific authorization before sending them any marketing materials.”
“These are common-sense revisions that eliminate serious obstacles to patients getting needed care and services quickly while continuing to protect patients’ privacy,” Thompson said.
Patients losing control?
But ditching the consent requirement will destroy privacy, advocates say, because it removes all control patients currently have over their own medical records.
“For example, right now since there is patient consent required before medical records are released, a patient can start over fresh with a new doctor in a malpractice, misdiagnosis or personality conflict situation with their doctor,” Kaigh said.
However, “if the medical records flow freely from doctor to doctor, that prior bad relationship will follow the patient as well,” she adds.
Also, other experts say, such information – which is highly sought after by medical information and insurance firms – is subject to errors, as well as abuse and misuse.
Sue Blevins, president of the Institute for Health Freedom, said that unless lawmakers and the public oppose the new proposed rule en masse, the abuse is likely to worsen.
“Citizens who are concerned about their rights to medical privacy should let HHS know how they feel about this important and timely issue,” she said. “In a few years, patients’ personally identifiable health information is going to be flowing over the Internet. But patients won’t even know this is happening because they won’t be able to obtain an accounting of when and to whom their health information was disclosed for most of their health care services.”
Blevins added that the proposed changes “would allow use and disclosure of health care information for treatment, payment, and health care operations without prior written patient consent.”
The privacy rule comes from the Health Insurance Portability and Accountability Act of 1996. When it passed, Congress was supposed to develop the privacy rules. When it didn’t, the job fell to HHS.
Industry battles privacy rules
Industry is lobbying hard against strict federal privacy rules. In meetings held Aug. 21-23, the National Committee on Vital Health Statistics Subcommittee on Privacy and Confidentiality met in Washington, D.C., supposedly to hear suggestions for minor modifications of the rule.
According to Kaigh, who attended some of the meetings, the panels were stacked heavily in favor of industry, which has been trying for years to chip away at patient privacy protections.
But instead, the discussion centered around “major changes that were equal to rewriting the final rule,” Kaigh told WND.
“Almost one hundred percent of the invited speakers were from the health care industry – people who wanted to see changes that made it easier for industry to get information,” she said.
The NCVHS participant’s list included Henry R. Desmarais, M.D., senior vice president for policy and information for the Health Insurance Association of America; Bernice Welles, M.D., senior director of product development for Genetech, Inc.; Mary Henderson, of Kaiser Permanente – the nation’s largest not-for-profit HMO; Jacqueline M. Darrah, M.A., J.D., in the office of general counsel for the American Medical Association; Roy Bussewitz, R.Ph., J.D., National Association of Chain Drug Stores; Susan C. Winckler, R.Ph., J.D., policy and advocacy, American Pharmaceutical Association; Dan Rode, vice president, policy and government relations, American Health Information Management Association; Bruce Kelly, director of government relations, the Mayo Foundation, who also testified on behalf of the Health Care Leadership Council; and Melinda Hatton, vice president and chief Washington counsel, the American Hospital Association.
The subcommittee members also were heavily stacked in favor of industry, Kaigh said. They included Kathleen Fyffe, the federal regulatory director of the Health Insurance Association of America; Kepa Zubeldia, M.D., president of Claredi – “the definitive testing and certification service for HIPAA transaction compliance”; Jeffrey S. Blair, M.B.A., vice president of the Medical Records Institute; and Simon T. Cohen, M.D., national director for health information policy for Kaiser-Permanente medical care program.
The subcommittee initially was only supposed to discuss “minimum” changes to the rule, but Kaigh said the result was that major changes were considered, including “taking away the patient’s consent.”
She also said she is baffled as to why the privacy rules are not already written and why HHS has to have yet another commentary period.
“A true medical privacy rule would have only one sentence,” said Kaigh. “‘The patient, through the use of a patient consent form, should decide who can have access to his medical information unless there is a true emergency situation, in which case only the minimum necessary information should be released.'”
“A patient goes to a doctor to be healed, not revealed,” she told WND.
Patients oppose giving up consent
After the medical privacy rule was presented, about 50,000 people submitted comments to HHS regarding the privacy rule. An overwhelmingly large number opposed giving up consent.
That view was substantiated by a separate Gallup survey, released Sept. 26, 2000, conducted on behalf of the Institute for Health Freedom, or IHF. According to the survey, an overwhelming majority oppose giving information to federal, state and local agencies.
“Opinion is no different when it comes to medical doctors other than ones given permission by the respondent. Seventy-one percent said they oppose giving doctors access to their medical records without permission,” the survey said, adding that fully nine of ten (92 percent) “oppose giving government agencies access.”
“It is important to note that the Clinton administration initially proposed prohibiting doctors and hospitals from getting patients’ consent before releasing their medical information. But after receiving more than 52,000 public comments, the Clinton administration revised the rule and added a very weak, coercive consent provision,” confirmed an analysis by the IHF.
“The Bush administration is legally permitting health insurers, doctors and medical data-processing companies to release patients’ personal health information without asking patients for their permission,” the group said, in its analysis. “This is a major shift away from the precious health care ethics that we have honored for many years in this country: the ethics of consent and confidentiality.”
“The vast majority of Americans want and expect their medical records to be kept strictly confidential,” said Rep. Ron Paul, R-Texas. “Recent polls show that Americans overwhelmingly oppose giving government the power to create a national health database or issue health ID numbers.
“The latest revision of the so-called medical privacy rule makes the original Clinton administration regulation even worse, by giving HMOs, insurance companies, medical researchers, and other state-favored interests an enhanced right to view medical records without patient consent,” Paul said. “Rather than protecting the medical privacy of the American people, HHS is stripping patients of the last remnants of control over their health care.”
Liberal, conservative coalition
A coalition of liberal and conservative lawmakers is forming to not only oppose the current privacy rule but to potentially eliminate it.
Rep. Bob Barr, R-Ga., is crafting a bill that would require a medical privacy impact statement as part of all new federal regulations. And Sen. Edward Kennedy, D-Mass., is planning to introduce a measure to reverse the administration’s confidentiality rules. Ironically, it was Kennedy – along with former Sen. Nancy Kassebaum, R-Kan., who sponsored the original HIPAA bill nearly six years ago. At that time, it was commonly referred to as the “Kennedy-Kassebaum bill.”
James C. Pyles, an attorney specializing in privacy issues, says eliminating patient consent “has the potential to do the greatest damage to privacy in my lifetime.”
That damage “is done by having the federal government provide regulatory permission on your behalf to permit the use and disclosure of your information,” he said at an April 2 briefing sponsored by the IHF.
Pyles suggested that the “unprecedented notion of regulatory permission” on patients’ ability to consent may also be an infringement on the right to consent to treatment.
Though it was the most substantial health care legislation in the past two decades, “HIPAA has done little to improve consumers’ access to individual market coverage, and its regulatory provisions have increased the overall cost of coverage,” says a July 2001 CATO Institute report, “Making a Federal Case out of Health Care: Five Years of HIPAA.”
The law’s “medical privacy regulations obscure private markets for health information under the cloud of complex, costly, and contradictory commands,” while its “regulatory structure creates legal uncertainty and increases the risk of contradictory and duplicative regulatory treatment for defined-contribution health plans,” a summary of the report said.
HIPAA “substantially expanded the role of the federal government in controlling private health care arrangements,” said CATO.
No government protection?
Meanwhile, even former officials say the government is doing too little to protect patient privacy.
“‘Privacy’ may seem an overused word these days, but the demand for honoring secrets between a patient and doctor is one that transcends discipline, time and place,” Bernadine Healy, former director of the National Institutes of Health, wrote in a July 24, 1998 New York Times op-ed.
“There is perhaps no greater invasion of privacy than what occurs when people, because of mortal need, allow doctors to intrude into every facet of their lives, ask sensitive and deeply probing questions about their emotional and physical health and that of their families and examine their naked bodies from head to toe,” Healy wrote. “Personal medical records should be for private, not public, use. Perhaps we should focus on rooting out the medical record abuses that allegedly exist in the private sector rather than mandate that our … histories become shared government property.”
“It is time for Congress to reverse this dangerous trend toward complete government intrusion into private medical records,” Paul said.
“HHS is clearly siding with the special interests,” added Blevins, of the IHF.
The administration’s decision to eliminate the consent rule could even become a campaign issue this fall.
“We know (medical privacy) is an issue the American people think is absolutely critical and the Democratic Party has championed this issue for years,” one DNC spokeswoman told the Bureau of National Affairs this month in Washington, D.C. “This is yet another example of the Bush administration catering to special interests at the expense of the American people.”
According to the Center for Responsive Politics, health care industry donors who oppose privacy rules favor donations to Republicans. The DNC, on its website, claimed the insurance industry donated more than $1.6 million to Bush’s campaign in 2000.