Policy Post 2.14 - Key Senators Strengthen Medical Privacy Bill

-----------------------------------------------------------------------------
   _____ _____ _______
  / ____|  __ \__   __|   ____        ___               ____             __
 | |    | |  | | | |     / __ \____  / (_)______  __   / __ \____  _____/ /_
 | |    | |  | | | |    / /_/ / __ \/ / / ___/ / / /  / /_/ / __ \/ ___/ __/
 | |____| |__| | | |   / ____/ /_/ / / / /__/ /_/ /  / ____/ /_/ (__  ) /_
  \_____|_____/  |_|  /_/    \____/_/_/\___/\__, /  /_/    \____/____/\__/
  The Center for Democracy and Technology  /____/     Volume 2, Number 14
-----------------------------------------------------------------------------
     A briefing on public policy issues affecting civil liberties online
-----------------------------------------------------------------------------
 CDT POLICY POST Volume 2, Number 14                          April 12, 1996

CONTENTS:   (1) Key Senators Strengthen Medical Privacy Bill: 
                Mark-up Set for April 24
	        (2) Subscription Information
	        (3) About CDT, contacting us

This document may be redistributed freely provided it remains in its entirety
       ** Excerpts may be re-posted by permission (editor@cdt.org) **
-----------------------------------------------------------------------------

(1) Key Senators Strengthen Medical Privacy Bill: Mark-up Set for April 24

Today, Senators Nancy Kassebaum (R-KA) and Edward Kennedy (D-MA) released a 
stronger, more privacy-sensitive rewrite of the Medical Records 
Confidentiality Act (S.1360), also known as the Bennett-Leahy bill after 
its chief sponsors. The bill is scheduled to be considered by the full Labor
and Human Resources Committee on April 24. If the Committee approves the bill,
S.1360 will be ready to be voted on by the full Senate in the coming months. 

The revised Bennett-Leahy bill incorporates many of the key changes 
recommended by CDT (see CDT policy post March 19, 1996) and members of a 
CDT-led coalition, including AIDS Action Council, the Legal Action Center, 
the Center for Patients' Rights, IBM, AARP, the American Hospital 
Association, and the Association of Academic Health Centers. In addition, the
bill includes revisions suggested by Public Citizen, the Coalition for 
Patient's Rights, the ACLU, and EPIC.

In its current form, CDT believes that S.1360 is an extremely strong and 
enforceable medical privacy bill, which would give people the right to see
their own records, prohibit disclosures of most personal medical data without
the patient's consent, and bring heavy criminal and civil penalties to bear 
on those who violate the law. The revised S.1360, like its predecessor, is 
more stringent than any medical records privacy law currently on the books at
either the state or federal level. If passed, the Bennett-Leahy bill will 
give people the greatest degree of control over the use and disclosure of 
their personal medical data. CDT hopes that the Senate Labor Committee will 
unanimously approve the amended S.1360.

Significant changes to S. 1360 include:

 o  A new section has been added to S.1360 that lays out the principles 
underlying the bill, including that people have a right of confidentiality 
in their medical records that is being eroded, and that such erosion may 
jeopardize the quality of health care by reducing peoples' willingness to 
confide in their doctors.

 o  The revised S.1360 narrows instances under which protected health 
information may be disclosed without the individual's consent. Under S.1360 
as introduced, a number of disclosures of personal health information were 
allowed without the individual's consent, such as to researchers and for 
the purpose of creating nonidentifiable data. Both of these exceptions to 
consent have been eliminated. S.1360 now requires researchers who want 
access to identifiable data to get the record subject's consent, unless 
they can meet a waiver standard already in place for federally funded 
researchers.  

 o  The revised S.1360 removes "health information services" from being 
treated as trustees, and now only allows them to receive personal health 
information with an individual's consent. Now, trustees, such as doctors, 
hospitals, and insurance companies, must anonymize personal health 
information prior to disclosing it to health information services, such as 
EDS or Equifax. A health information service may only strip the identifiers 
if they are under the control of a trustee as an employee or contractor. 
This change is a major improvement in the bill, which will significantly 
limit the number of people who get access to sensitive medical data. 
Overall, the bill creates a big incentive to use health data in 
nonidentifiable form. 

 o  S.1360 now includes a higher "clear and convincing evidence" standard 
that law enforcement must meet before a warrant can be issued for access to 
personal medical information.

 o  S.1360 has now been narrowed by clarifying that insider access to medical 
records must be limited. The bill now states explicitly that internal 
disclosures of personal health information must be compatible with and 
directly related to the purposes for which the information was collected.

For more information on the Medical Records Privacy legislation, including 
the text of the S.1360 as introduced and as revised (once it is made 
available), CDT's recommended changes to S.1360, CDT's testimony before the 
Senate Labor and Human Resources Committee, and other relevant information, 
visit CDT's Health Information Web Page at:

	http://www.cdt.org/health_priv.html

For additional information contact

The Center for Democracy and Technology    +1.202.637.9800

	Janlori Goldman, Deputy Director
	Deirdre Mulligan, Staff Counsel

-------------------------------------------------------------------------
(2) SUBSCRIPTION INFORMATION

Be sure you are up to date on the latest public policy issues affecting
civil liberties online and how they will affect you!  Subscribe to the CDT
Policy Post news distribution list.  CDT Policy Posts, the regular news
publication of the Center For Democracy and Technology, are received by
more than 9,000 Internet users, industry leaders, policy makers and
activists, and have become the leading source for information about
critical free speech and privacy issues affecting the Internet and other
interactive communications media.

To subscribe to CDT's Policy Post list, send mail to

     policy-posts-request@cdt.org

with a subject:

     subscribe policy-posts

If you ever wish to remove yourself from the list, send mail to the
above address with a subject of:

     unsubscribe policy-posts

-----------------------------------------------------------------------
(3) ABOUT THE CENTER FOR DEMOCRACY AND TECHNOLOGY/CONTACTING US

The Center for Democracy and Technology is a non-profit public interest
organization based in Washington, DC. The Center's mission is to develop
and advocate public policies that advance democratic values and
constitutional civil liberties in new computer and communications
technologies.

Contacting us:

General information:  info@cdt.org
World Wide Web:       URL:http://www.cdt.org/
FTP                   URL:ftp://ftp.cdt.org/pub/cdt/

Snail Mail:  The Center for Democracy and Technology
             1634 Eye Street NW * Suite 1100 * Washington, DC 20006
             (v) +1.202.637.9800 * (f) +1.202.637.0968

-----------------------------------------------------------------------
End Policy Post 2.14                                           4/12/96
-----------------------------------------------------------------------
Return to the CDT Publications Page
Return to the CDT Health Information Privacy Page
Return to the CDT Home Page