The battle over medical information privacy is starting to get interesting. On the same day that U.S. Health and Human Services (HHS) secretary Tommy Thompson said the Health Insurance Portability and Accountability Act's (HIPAA) privacy rules might be eased to lessen their burden on healthcare providers, Rep. James Greenwood (R-PA) introduced legislation to replace them.
Introduced March 27 in the House of Representatives, H.R. 1215 would nullify the proposed HIPAA privacy rules (Section 264) issued by the HHS last December. It would replace them with the Medical Information Protection and Research Enhancement Act, as Greenwood's bill is known. The bill's proponents say HHS should never have issued the privacy rules in the first place.
"We hope that Secretary Thompson does a good job of revising the reg, but ultimately we think that Congress should have fulfilled its statutory requirements under HIPAA and passed a bill," said a staff member in Greenwood's office.
A number of industry groups have voiced concerns about the high cost of implementing the privacy rules, which were released in the Clinton administration's final days. In response, Thompson on February 23 moved to delay their implementation pending a new round of public comments that ended March 30.
On March 27, Thompson spoke at a healthcare reporters' breakfast about the thousands of comments his office had received from healthcare professionals and others. He promised to make a decision about any changes by the end of April and send his recommendations to Congress.
"I am fairly certain at this point -- without saying for sure -- that there will be some modifications to simplify and lessen the financial burden," Thompson said, "but there will be lots of security placed in there so that patients' rights and records will be protected."
The Greenwood approach
Greenwood's bill takes a different tack to preserving information privacy. In place of HIPAA's consolidated authorization approach, for which the patient authorizes the disclosure of identifiable healthcare information for treatment, billing, and healthcare operations, H.R. 1215 begins with the legal premise that all disclosure is prohibited unless exempt.
It goes on to allow the disclosure of individually identifiable, or "protected," healthcare information without any form of patient authorization:
- To next of kin under specific circumstances.
- For emergencies.
- For oversight by an accrediting body, state insurance department, etc.
- To public health authorities.
- For civil, judicial, and administrative purposes.
- For law enforcement purposes.
- For electronic payment transactions.
The bill also differs from the proposed HIPAA rules by preventing individual states from passing stricter laws.
"The (HIPAA) privacy regulation creates what proponents call a floor of protection. However, it's a floor above which states can enact more stringent protection," said Greenwood's staff member. "Since health data is transferred state-to-state, you get treatment in Arizona by a company whose third-party processor is based in Minneapolis, whose claims processor is located elsewhere. It creates problems from that standpoint, and we would say preemption is a better way to go."
In another departure from HIPAA, the bill relaxes the privacy requirements for purposes of interventional and observational research, and safety and efficacy reports. Medical researchers have complained that the proposed HIPAA rules would hamper research by prohibiting the disclosure of information that is both essential for research, and highly unlikely to be misused.
For example, researchers might want information on patients' zip codes, or gender, to determine when and how clustering of certain diseases is occurring. A doctor would be prohibited from releasing that information under HIPAA; however, disclosure would be allowed under Greenwood's bill.
At the same time, the bill would prohibit any researcher from being compelled to disclose protected information in any legal or administrative proceeding, except in narrowly defined situations.
Finally, to deal with unlawful disclosure, the bill provides sanctions that are roughly in line with those proposed by HHS, including criminal and civil penalties ranging from $500 to $100,000.
In a statement introducing the legislation, Greenwood said that "the final rule (HHS) Secretary Shalala issued on December 28 fails healthcare consumers and it fails America. It should be rejected, and comprehensive legislation should be enacted in its stead."
The prospects
It's too early to assess H.R. 1215's chances of passage, but its fate may depend on how much HHS, now led by Bush appointee Thompson, is willing to tinker with rules painstakingly drafted during the Clinton administration.
Many Democrats would be loath to see wholesale changes in the HHS regulation, which was created as a result of five years of debate and more than 50,000 comments from the public. And in a sense, the Republican-sponsored H.R. 1215 will have to compete with any amended rules proposed by the Republican-led HHS, a prospect that could strain loyalties within the party.
But Greenwood's bill already has a few friends in high places, and they're not all Republicans. A similar bill (H.R. 2670) he introduced last year garnered 12 co-sponsors. And the Healthcare Leadership Council (HLC), an influential industry lobbying group, has signed up in support of H.R. 1215.
"This legislation takes a comprehensive approach to protecting patient information," said HLC president Mary Grealy. "We have long advocated the sort of approach this legislation takes, and we commend Congressman Greenwood for his commitment to striking the right balance between protecting patient privacy, and ensuring that the necessary flow of information isn't blocked within the healthcare system."
By Eric BarnesAuntMinnie.com staff writer
April 6, 2001
Additional HIPAA resources can be found at:
Related Reading
HIMSS embrace HIPAA privacy regulations, April 3, 2001
Democrats urge go-ahead on medical privacy rules, March 22, 2001
IT veteran offers advice on real-world HIPAA implementation, February 7, 2001
HIPAA hopefuls get religion from privacy guru, December 11, 2000
Encryption is key to medical data security, September 19, 2000
Biometrics comes of age as security takes center stage, September 19, 2000
New HIPAA rules portend sweeping changes in medical data security, June 27, 2000
Click here to post your comments about this story in our PACS Digital Community. Please include the headline of the article in your message.
Copyright © 2001 AuntMinnie.com
