ACLU Urges Congress to Define Medical Privacy as Patient Control of Electronic Health Records

ACLU Urges Congress to Define Medical Privacy as Patient Control of Electronic Health Records (7/23/2008)


PRO(TECH)T Act leaves electronic patient data vulnerable to theft and misuse


FOR IMMEDIATE RELEASE

Contact: 202-675-2312, media@dcaclu.org



Washington, DC – The American Civil Liberties Union today urges the House Energy and Commerce Committee to require patient control of medical records and compensation for privacy breaches to be a part of the standards set for converting to electronic patient records. The ACLU cautions that H.R. 6357, the “Protecting Records, Optimizing Treatment, and Easing Communication through Healthcare Technology Act of 2008” or the PRO(TECH)T Act, has insufficient privacy provisions and leaves patients vulnerable to bad, lost, stolen or misused data.

In addition, the ACLU urges the House Ways and Means Subcommittee on Health to consider how privacy protections will be built into new, high tech health systems as it hears testimony this Thursday. The subcommittee announced that protecting patient privacy and information security would be among the issues discussed at its July 24 hearing regarding health information technology. Other issues include potential costs and benefits, clinical capabilities and incentive effectiveness.

The following can be attributed to Timothy Sparapani, ACLU Senior Legislative Counsel:

“As part of the transition from paper to electronic health records, Congress should go for the gold standard of medical privacy. Lawmakers must define medical privacy as patient control of electronic medical records. Ideally, when any company wants to use patient records for a secondary purpose – one that does not involve treatment, bill payment or reimbursement – it should require patient consent.

“Many lobbyists pushing against Congress mandating commonsense privacy protections claim existing law under the Health Insurance Portability and Accountability Act of 1996, or HIPAA, is enough to protect patients. HIPAA governs all personal records but it is not a privacy statute. It only addresses covered entities, such as hospitals and insurance companies. HIPAA has so many medical privacy loopholes, it makes Swiss cheese look solid. Lines of 300 to 400 lobbyists outside of congressional hearings tell the real story about the various interests opposing privacy protections. Microsoft’s Health Vault offers a better standard for patient control. If Microsoft can do it, why can’t the others?

“We have to harness the benefits of technology – improving patient outcomes and lowering costs – without creating a secondary market we regret. It is easy to imagine what that secondary market may look like: TMZ Health or celebrityhealth.com. ‘Click to see a photograph of George Clooney’s pancreas.’

“With the Dingell/Barton bill the lobbyists want, we are looking at a future of marketing-driven medicine. Doctors will be encouraged to give one type of drug over another as their electronic records spawn incentives. Insurance companies will have information to deny coverage to certain individuals. There may be a benefit to consumers, but probably not.”



For more information, go to http://www.aclu.org/privacy/medical/index.html