Return to Home PageContact Senator LeahySenator Leahy's Privacy PolicySearch Senator Leahy's Website
Vermont's US Senator, Patrick LeahyVermont's US Senator, Patrick LeahyVermont's US Senator, Patrick LeahyVermont's US Senator, Patrick LeahyVermont's US Senator, Patrick LeahyVermont's US Senator, Patrick Leahy
Vermont's US Senator, Patrick LeahyWelcome Audio MessageimageVideo MessageVideo Messageimage
Press Releases & Statements Senator Leahy's Biography Constituent Services Major Issues For Vermonters Senator Leahy's Office


Image


Privacy of Medical Records Committee on Labor and Human Resources

New Bill Offers Medical Privacy Parameters For The Information Age

October 28, 1997

Mr. Chairman, I am especially pleased to be here today. Being here with my good friend and fellow Vermonter Jim Jeffords, I can almost close my eyes and imagine I am at a Vermont town meeting.

Chairman Jeffords, Senator Bennett, Senator Kennedy and I, along with many other Members of Congress, have worked for many years to enact federal legislation to address the confidentiality of medical records.

I applaud the work being done by Senator Snowe to protect individuals from health insurance discrimination based on their genetic makeup. I also want to recognize the leadership of Senator Daschle in tackling the issue of discrimination in employment based on genetic information.

What I am here today to talk about is medical privacy. I wholeheartedly support efforts to end discrimination in health insurance and employment based on genetic information. Antidiscrimination and privacy of medical information legislation must go handandhand; one is not a substitute for the other. If we just passed antidiscrimination legislation without privacy protections it would be as if we were the judge asking a jury to just disregard repeated inflammatory statements made during a trial.

We have reached a critical juncture in deciding the level of privacy rights that Americans will hold over their own medical records now, and into the next century. We are seeing quantum advances in technology which allow our medical records to be collected in massive databases and to be sent from point to point, over the ether, at the stroke of a key. The growing complexity of our health care delivery system is another factor. And now Congress itself, in the KassebaumKennedy law, has set in motion a process and a deadline for debating and putting in place a system of privacy protections.

The Information Age opens the door to endless new possibilities and has empowered individuals with marvelous new tools and freedoms. But technology is our servant; we should not let it become our master. Unless we are vigilant, the Information Age can overwhelm our privacy rights before we even know it has happened.

Insurance companies want to know about your genetic makeup and health status so they can anticipate which diseases you might get later in life. Pharmaceutical firms want to know what diseases you have so they can market their products to you.

The outlines of the challenge we face in stemming the erosion of medical privacy are already clear. The insurance companies have set up their M.I.B. that does not stand for the movie "Men In Black." It stands for the Medical Information Bureau which stores personal medical information on millions of Americans. M.I.B. may have personal information on all of us in this room. Unfortunately, for one individual with AIDS, a local insurance agent tapped into the system and then announced the individual's medical condition at a local Kiwanis Club meeting.

Managed care programs, HMOs, drug companies, and hospitals are spending up to $15 billion a year on information technology to acquire and exchange vast amounts of medical information about Americans.

A current Member of Congress had her medical records faxed to the New York Post on the eve of her primary. In 1994 she offered eloquent testimony before Congress detailing her ordeal.

In another example, an insurance agent advised a couple that they would be denied coverage for any more pregnancies since they had a 25 percent chance that their children would have a fatal disease.

And in another instance, a Florida state public health worker improperly brought home a computer disk with the names of 4,000 HIV positive patients. He sent the names to two Florida newspapers.

Medical privacy issues in today's world also take on international implications. Canada and the nations of Europe are taking concrete steps to protect the confidentiality of computerized medical records. Our nation lags so far behind others in its protection of medical records that companies in Europe may not be allowed to send medical information to the United States electronically. European countries through an EU privacy directive are ensuring that private medical records are kept private. The EU prohibits the transfer of personal information from Europe to the U.S. if the EU finds U.S. privacy law inadequate. The implications for U.S. trade are staggering.

Many of us in this chamber quickly criticized the Social Security Administration and the IRS regarding the security of computer records. We blasted the IRS for allowing employees to randomly scan through our personal financial records.

If we are concerned about IRS employees looking at our tax records, shouldn't we be concerned about the millions of employers, insurers, pharmaceutical companies and others who have nearly unfettered access to the personal medical records of more than 250 million Americans?

For the American public, and for the Congress, this debate boils down to a fundamental question: Who controls our medical records, and how freely can others use them?

All of us are health care consumers every individual and every American family. As Congress works toward answering this question, the privacy interests of the American public will be at odds with powerful economic interests and with the penchant for large organizations and complex systems to control this kind of personal information. Wellfunded and sharply focused special interests often win in a matchup like this.

But I am encouraged that a variety of public policy and health professional organizations, across the political spectrum, are signaling their intentions to step forward to join forces with consumers during this debate.

Senator Bob Dole, the former majority leader of the Senate, put his finger on this problem when he observed that a "compromise of privacy" that sends information about health and treatment to a national data bank without a person's approval would be something that none of us would accept.

Unfortunately, this nightmare that Senator Dole envisioned is being brought to life by provisions insisted upon by the House in last year's health insurance portability bill that require a system of health care information exchanges by computers and through computer clearinghouses and data networks.

Now we are confronted with the fact that the computerization of health care record provisions are going into effect in the next few months but we are still contemplating the delay of promulgating privacy protection until August of 1999, unless Congress acts sooner.

To address the issue of health information privacy, today I have introduced the Medical Information Privacy and Security Act (MIPSA). I have also added my support and cosponsorship to bills by Senator Snowe and Senator Daschle dealing with discrimination based on genetic information.

The core principle that guided me in drafting my bill is that health care computerization will only be supported by the American people if they are assured that the personal privacy of their health care information is protected. In fact, without the confidence that one's personal privacy will be protected, many will be discouraged from seeking medical help. These are among the serious problems being created by requiring a system of computerized medical information without effective privacy protection.

I know that these are important matters about which many of us feel strongly. It is never easy to legislate about privacy. Those of us who care about protecting privacy have no acceptable alternative and must pull together to achieve that which has always been our goal: prompt enactment of effective privacy protection for health care information.

We now have the report from the HHS Secretary of Shalala, and it is time for Congress to act.

Americans strongly believe that their personal, private medical records should be kept private. The timehonored ethics of the medical profession also reflect this principle. The physicians' oath of Hippocrates requires that medical information be kept "as sacred as secrets."

As policy makers, we must remember that the right to privacy is one of our most cherished freedoms. It is the right to be left alone and to choose what we will reveal of ourselves and what we will keep from others. Privacy is not a partisan issue and should not become one. It is too important.

I will look with great interest at any proposals you may offer, Mr. Chairman, as well as any that Senator Kennedy and Senator Bennett may offer. I invite you and the members of this Committee to examine the legislation I have introduced today, and I would welcome any comments or suggestions. I see my bill as a work in progress, and I look forward to working with all of you.

We support the same values and I believe, in the end, we will all work together for passage of a strong bill to protect American families.

The bill I have introduced will close the existing gaps in federal privacy law to cover personally identifiable health information.

My legislation gives individuals the right to inspect, copy and supplement their protected health information. Today, only 28 states grant this right.

This legislation gives individuals the right to decide to whom, and under what circumstances, their protected health information, including genetic information, will be disclosed. MIPSA prohibits the disclosure of protected health information, except under strictly limited circumstances, without an individual's informed consent.

It creates a federal Office of Health Information Privacy to act as a clearinghouse for consumers to obtain information about their medical privacy rights and to provide tough enforcement and oversight of these rights.

It allows individuals to segregate portions of their medical records, such as mental health records, from broad viewing by individuals who are not directly involved in their care.

It binds researchers by the same rules that NIH currently requires of federally funded researchers. It includes a sunset provision on the use of Institutional Review Board (IRBs) waivers of informed consent unless, within 6 months of MIPSA enactment, the Secretary of HHS provides detailed recommendations to Congress to either approve or rewrite the waiver standard.

It gives individuals a civil right of action against anyone who misuses their personally identifiable health information. It establishes criminal and civil penalties that can be invoked if individually identifiable health information is knowingly or negligently misused.

It does not preempt state laws that are more protective of privacy. This is consistent with all other federal civil rights and privacy laws.

It prohibits law enforcement agents from searching through medical records without a warrant, and this is the major policy area where I disagree with the Administration.

It covers entities other than just health care providers and payers, such as life insurance companies, employers and marketers and others that may have access to sensitive personal health data. I am concerned that the Administration's recommendations do not address medical privacy in this comprehensive way.

My bill provides stiff penalties for intentionally selling such information for profit: a fine of up to $500,000, and imprisonment of up to 10 years and debarment from participation in federal health care programs.

The bill also mandates that genetic information like all other medical information be kept private.

And these provisions would be subject to enforcement by the U.S. Department of Justice.

In drafting MIPSA during the course of most of this year I listened to concerns expressed during the last Congress suggesting that earlier medical privacy proposals were not strong enough. To improve and strengthen legislation I have supported in the past, I have received input from a wide range of experts and organizations, including the American Medical Association, the American Psychiatric Association, the Consortium for Citizens with Disabilities, the Center for Democracy and Technology, National Coalition of Patient's Rights, AIDS Action, JRI Health Law Institute, the CATO Institute and the AARP. I look forward to continuing to work with these organizations as well as other health care organizations and industry representatives to craft as strong and workable a federal medical privacy law as we can achieve.

For the past several years I have been engaged in efforts to make sure that Americans' expectations of privacy for their medical records are fulfilled. I do not want advancing technology to lead to a loss of personal privacy and do not want the fear that confidentiality is being compromised to deter people from seeking medical treatment or stifle technological or scientific development.

I welcome this debate and the opportunity to work with others in helping to answer these questions for our generation, and for the generations of Americans to come.

Back
U.S. Postal Address Please select a destination: