- The Washington Times - Thursday, February 17, 2000

The stakes over medical privacy are huge as Congress today considers the first national standards on the thorny issue.
Insurers and hospitals estimate that complying with medical privacy regulations proposed by the Clinton administration would cost as much as $43 billion, and even then the rules could be unworkable.
Advocates for doctors and patients say the measures would open windows into private information that could destroy the trust necessary for good care.
"We don't want technology or efficiency to supersede the patient's rights," said Dr. Donald Palmisano, a spokesman for the American Medical Association.
The two sides will take their battle to Capitol Hill this morning when a House panel holds a hearing on the Clinton administration's proposal, as well as others.
The complex issue cuts across party lines and has stymied Congress, which has been trying to write a law on medical confidentiality since the early 1990s.
After missing a self-imposed deadline in August, the Health Insurance Portability and Accountability Act of 1996 obligated the Department of Health and Human Services to write the rule. Widespread interest led the department to extend its public comment period on the regulations from Jan. 3 until today.
"The rule is really important. It's the first comprehensive rule for protecting people's privacy on health records," said Janlori Goldman, director of the Health Privacy Project, a nonprofit based at Georgetown University.
Nevertheless, she will urge the House Ways and Means health subcommittee this morning to expand the rules' scope to fill in gaps. For example, the rules cover only electronic records, not paper, and they don't give patients the right to sue for violations of privacy.
A computer expert agreed that medical privacy must be tightened.
"Health care information security is insufficient," said Greg DeBor, a principal with CSC Consulting, which advises health care companies on computer systems.
The National Coalition for Patient Rights tells the story of a nurse named Karen on its Web site as an example of why tighter medical-privacy provisions are needed.
Karen lost her job at a private psychiatric hospital because of an inadvertent disclosure that she was in a detoxification program for an addiction to pain killers.
Discrimination cases like this could increase without proper rules for medical privacy, according to the coalition.
The Health and Human Services Department's regulations allow health plans and providers to disclose only the minimum amount of patient information needed. It requires insurers and doctors to give patients notice of what they do with medical information and to whom they distribute it. Patients also gain the right to review their personal medical records, and appeal for corrections when they find errors.
The federal law does not pre-empt states from writing stronger laws.
To ease the flow of information, the law does not require patient authorization for treatment, payment and administrative operations such as quality assessment, performance review and training.
That's too much for patients' rights advocates, who believe that patients deserve the right to control communication about their medical condition and history through informed consent at every step.
"They basically abolish the bedrock policy of asking patients to disclose information," said Dr. Margo Goldman, executive director of the National Coalition for Patient Rights. "The only possible reason I can think of is that they believe it would increase efficiency."
Besides leading to embarrassment or discrimination in housing, jobs or insurance, the regulations could jeopardize trust and health care itself, Dr. Goldman said.
A California HealthCare Foundation survey in January 1999 found that 15 percent of respondents already were taking steps "out of the ordinary" to control personal medical information, she said. Some even seek care outside managed care networks and pay higher prices out of pocket rather than reveal problems to their network.
But Clinton administration officials believe the rules would give patients more protection than they have now.
Patients currently give consent because they are asked for blanket authorizations when they enter a hospital or join a health plan, said one administration official familiar with the proposed rules.
"It was in a coercive atmosphere," the official said.
Insurers say the rules are too restrictive.
"They could interfere with efforts to improve consumer health," said Chip Kahn, president of the Health Insurance Association of America, which represents 290 health plans. Rules about minimal disclosure could let medical errors persist and stifle innovation in medical research. He also castigated the idea of letting states draw up their own laws.
"You run into problems with how mental health records are cordoned off in one set of rules. It could have tremendous effect on operations," he said.
The complexity means extra costs, which concerns insurers and hospitals. One study commissioned by Blue Cross estimated that compliance with the rule would cost $42.8 billion to write policies, train staff and upgrade computer systems, among other things. The American Hospital Association was more cautious, saying costs would be "significant."
Insurers, now fighting off 17 class-action lawsuits that claim managed care companies unfairly denied care, also oppose Health and Human Services Secretary Donna E. Shalala's call for Congress to give patients the right to sue when medical confidentiality is breached. This could clog courts and drive up health care costs, Mr. Kahn said.
But excluding the right to sue, which applies under every privacy statute, could leave victims without any opportunity for redress, according to Ms. Goldman of the Health Privacy Project.
"We're not sure this will be enforced" by already overworked government officials, she said.
There are other complications as well, as government and industry argue over where to break new ground. The American Health Information Management Association, representing medical records managers, wants Congress to extend the law to cover paper records and to set higher standards for law enforcement officials to obtain medical records.
"All you need to do is flash a badge," said group spokeswoman Jill Dennis. They also want regulators to remove special protections for psychotherapy files.
That's at odds with a new surgeon general's report, which said the extremely personal nature of material shared in treatment and the stigma of mental health problems merit higher privacy standards.
All sides agree that it will take more time to sort out the issue. It could drag into 2001, according to Mr. Kahn.
Because the regulation is a "major rule," Congress has some power to alter it before it takes effect. Seven bills are circulating to deal with the issue.

Sign up for Daily Newsletters

Manage Newsletters

Copyright © 2020 The Washington Times, LLC. Click here for reprint permission.

Please read our comment policy before commenting.


Click to Read More and View Comments

Click to Hide