10 August 1997

----------------------------------------------------------------

   The New York Times, August 10, 1997, p. 22.

   Clinton to Back a Law on Patient Privacy 

   A Move to Restrict Health Secrets as Pressure Grows for
   Disclosure 

   By Robert Pear

   Washington, Aug. 9--Clinton Administration officials say
   they will soon propose a comprehensive Federal law to
   protect the privacy of medical records, to let consumers
   inspect their own files and to punish any unauthorized
   disclosures of personal data by hospitals, insurers, health
   plans or drug companies.

   The measure would establish minimum Federal standards to
   control the use of such information in the era of managed
   care, when insurance companies and health maintenance
   organizations have the ability and, in many cases, a
   financial incentive to collect and sell data revealing the
   most intimate secrets of millions of patients.

   "Our private health information is being shared, collected,
   analyzed and stored with fewer Federal safeguards than our
   video store records," said Donna E. Shalala, the Secretary
   of Health and Human Services. "The way we protect the
   privacy of medical records right now is erratic at best,
   dangerous at worst."

   The Administration plans to send detailed recommendations
   on medical privacy to Congress later this month, as
   required by the 1996 law that made health insurance more
   readily available to people who change jobs or lose their
   jobs.

   "At present," Dr. Shalala said in an interview, "we rely on
   a patchwork of state privacy laws, only about a dozen of
   which are comprehensive. We have no real Federal health
   care privacy standards. We have no national standards."

   Robert M. Gellman, an expert on privacy and information
   policy, said the Administration's proposals "would impose
   greater restrictions on the use of medical records than any
   state law."

   If approved by Congress, the proposals would be the most
   significant protections for sensitive personal data since
   the Privacy Act of 1974, a landmark law that regulates the
   way Federal agencies keep records on individuals.

   The outlook for the Administration's proposals on Capitol
   Hill is unclear. Many lawmakers of both parties demand
   greater privacy for health records. But few have focused on
   the details, which will be a subject of intense lobbying by
   all segments of the health care industry.

   In translating abstract principles into concrete
   safeguards, lawmakers may offend companies that have large
   financial interests in the use of personal health
   information. The major incentive for action was established
   last year in another law, which gave the department the
   authority to impose rules itself if Congress does not act
   by August 1999.

   The Administration's proposals chart a middle ground. They
   reject the position of Federal and state prosecutors who
   wanted unfettered access to medical records and an
   exemption from any new Federal legislation. At the same
   time, the Administration spurned the pleas of psychiatrists
   and the most outspoken privacy advocates, who wanted even
   stricter safeguards like giving patients a right to veto
   any use of their medical records.

   While declaring that "privacy rights can never be
   absolute," Dr. Shalala said Congress should establish a
   code of fair information practices. Specifically, she said,
   the Administration will propose these standards:

   + Medical records should, with very few exceptions, be
   disclosed "for health care and health care only."

   + Patients should be able to get copies of their medical
   records and to correct inaccurate information, just as they
   can correct credit records. In addition, Americans should
   be able to find out who has been looking in their records.

   + Hospitals could use personal health information in
   training doctors and nurses, in conducting research and in
   monitoring the quality of care. But employers who received
   such data in the process of paying claims could not use the
   information in making employee assignments and promotions
   or for any other purpose unrelated to health care.

   + Those who have access to confidential medical
   information, including insurers, drug distributors and
   billing-service companies, should be bound by the same
   standards as doctors and hospitals. This would plug a
   loophole in the laws of many states.

   + People who improperly disclose medical records or
   misrepresent themselves to obtain such data should be
   subject to criminal penalties.

   The proposals come at a time when personal medical
   information has become a hot commodity, avidly sought by
   drug makers and other companies that want to identify
   potential buyers of their products.
             "There is a whole market of people buying and selling
   medical information," said Kathleen A. Frawley, vice
   president of the American Health Information Management
   Association, whose members keep the records at hospitals,
   nursing homes doctors' offices and H.M.O.'s.

   Dr. Shalala said the Administration wanted to balance the
   needs of law enforcement and the privacy interests of
   patients. But exactly where to strike that balance is a
   subject of lively debate within the Government.

   Officials from the Federal Bureau of Investigation and its
   parent agency, the Justice Department, as well as the
   Inspector General of the Department of Health and Human
   Services, said they needed access to patients' records to
   build criminal cases. In a typical case, prosecutors assert
   that a doctor or a laboratory was billing the Government
   for unnecessary services, or for services never performed,
   and they seek medical records to show what was wrong with
   the patient and what treatments were actually provided.

   Law-enforcement officials said they should also be able to
   use information from medical records in prosecuting
   patients for offenses unrelated to health care fraud. F.B.I
   officials said, for example, that medical records might
   provide evidence that patients were using illegal drugs or
   had been involved in violent crimes or domestic terrorism.

   Dr. Shalala summarized the issue this way: "Should auditors
   be able to peek through your private medical records
   looking for fraud committed by a doctor? Most people would
   say yes. Should law-enforcement officers be able to search
   through emergency room records looking for someone who has
   just fled the scene of a crime? Most people would say yes.

   "But," she asked, "what happens if law-enforcement officers
   are looking through insurance records for fraud and stumble
   upon information about a totally unrelated crime, say. drug
   use? What then?" Administration officials said they were
   still wrestling with that question.

   [End]


