cr> Medical Privacy


(Introduction from moderator: Remember the bill S. 1360, introduced
into the U.S. Senate to determine how medical records could be stored
and shared?  It set off quite a fight between the CDT (which supported
the bill) and Jamie Love's TAP (which opposed it).  CDT has released a
newsletter explaining new measures that improve the bill by making it
harder for law enforcement agencies, researchers, etc. to get patient
information without the patient's consent.  I think it's significant
and important emough to post here.--Andy)

   _____ _____ _______
  / ____|  __ __   __|   ____        ___               ____             __
 | |    | |  | | | |     / __ ____  / (_)______  __   / __ ____  _____/ /_
 | |    | |  | | | |    / /_/ / __ / / / ___/ / / /  / /_/ / __ / ___/ __/
 | |____| |__| | | |   / ____/ /_/ / / / /__/ /_/ /  / ____/ /_/ (__  ) /_
  _____|_____/  |_|  /_/    ____/_/_/___/__, /  /_/    ____/____/__/
  The Center for Democracy and Technology  /____/     Volume 2, Number 14
     A briefing on public policy issues affecting civil liberties online
 CDT POLICY POST Volume 2, Number 14                          April 12, 1996

CONTENTS:   (1) Key Senators Strengthen Medical Privacy Bill:
                Mark-up Set for April 24
                (2) Subscription Information
                (3) About CDT, contacting us

This document may be redistributed freely provided it remains in its entirety
       ** Excerpts may be re-posted by permission (•••@••.•••) **

(1) Key Senators Strengthen Medical Privacy Bill: Mark-up Set for April 24

Today, Senators Nancy Kassebaum (D-KA) and Edward Kennedy (D-MA) released a
stronger, more privacy-sensitive rewrite of the Medical Records
Confidentiality Act (S.1360), also known as the Bennett-Leahy bill after
its chief sponsors. The bill is scheduled to be considered by the full Labor
and Human Resources Committee on April 24. If the Committee approves the bill,
S.1360 will be ready to be voted on by the full Senate in the coming months.

The revised Bennett-Leahy bill incorporates many of the key changes
recommended by CDT (see CDT policy post March 19, 1996) and members of a
CDT-led coalition, including AIDS Action Council, the Legal Action Center,
the Center for Patients' Rights, IBM, AARP, the American Hospital
Association, and the Association of Academic Health Centers. In addition, the
bill includes revisions suggested by Public Citizen, the Coalition for
Patient's Rights, the ACLU, and EPIC.

In its current form, CDT believes that S.1360 is an extremely strong and
enforceable medical privacy bill, which would give people the right to see
their own records, prohibit disclosures of most personal medical data without
the patient's consent, and bring heavy criminal and civil penalties to bear
on those who violate the law. The revised S.1360, like its predecessor, is
more stringent than any medical records privacy law currently on the books at
either the state or federal level. If passed, the Bennett-Leahy bill will
give people the greatest degree of control over the use and disclosure of
their personal medical data. CDT hopes that the Senate Labor Committee will
unanimously approve the amended S.1360.

Significant changes to S. 1360 include:

 o  A new section has been added to S.1360 that lays out the principles
underlying the bill, including that people have a right of confidentiality
in their medical records that is being eroded, and that such erosion may
jeopardize the quality of health care by reducing peoples' willingness to
confide in their doctors.

 o  The revised S.1360 narrows instances under which protected health
information may be disclosed without the individual's consent. Under S.1360
as introduced, a number of disclosures of personal health information were
allowed without the individual's consent, such as to researchers and for
the purpose of creating nonidentifiable data. Both of these exceptions to
consent have been eliminated. S.1360 now requires researchers who want
access to identifiable data to get the record subject's consent, unless
they can meet a waiver standard already in place for federally funded

 o  The revised S.1360 removes "health information services" from being
treated as trustees, and now only allows them to receive personal health
information with an individual's consent. Now, trustees, such as doctors,
hospitals, and insurance companies, must anonymize personal health
information prior to disclosing it to health information services, such as
EDS or Equifax. A health information service may only strip the identifiers
if they are under the control of a trustee as an employee or contractor.
This change is a major improvement in the bill, which will significantly
limit the number of people who get access to sensitive medical data.
Overall, the bill creates a big incentive to use health data in
nonidentifiable form.

 o  S.1360 now includes a higher "clear and convincing evidence" standard
that law enforcement must meet before a warrant can be issued for access to
personal medical information.

 o  S.1360 has now been narrowed by clarifying that insider access to medical
records must be limited. The bill now states explicitly that internal
disclosures of personal health information must be compatible with and
directly related to the purposes for which the information was collected.

For more information on the Medical Records Privacy legislation, including
the text of the S.1360 as introduced and as revised (once it is made
available), CDT's recommended changes to S.1360, CDT's testimony before the
Senate Labor and Human Resources Committee, and other relevant information,
visit CDT's Health Information Web Page at:

For additional information contact

The Center for Democracy and Technology    +1.202.637.9800

        Janlori Goldman, Deputy Director
        Deirdre Mulligan, Staff Counsel


Be sure you are up to date on the latest public policy issues affecting
civil liberties online and how they will affect you!  Subscribe to the CDT
Policy Post news distribution list.  CDT Policy Posts, the regular news
publication of the Center For Democracy and Technology, are received by
more than 9,000 Internet users, industry leaders, policy makers and
activists, and have become the leading source for information about
critical free speech and privacy issues affecting the Internet and other
interactive communications media.

To subscribe to CDT's Policy Post list, send mail to


with a subject:

     subscribe policy-posts

If you ever wish to remove yourself from the list, send mail to the
above address with a subject of:

     unsubscribe policy-posts


The Center for Democracy and Technology is a non-profit public interest
organization based in Washington, DC. The Center's mission is to develop
and advocate public policies that advance democratic values and
constitutional civil liberties in new computer and communications

Contacting us:

General information:  •••@••.•••
World Wide Web:       URL:
FTP                   URL:

Snail Mail:  The Center for Democracy and Technology
             1634 Eye Street NW * Suite 1100 * Washington, DC 20006
             (v) +1.202.637.9800 * (f) +1.202.637.0968

End Policy Post 2.14                                           4/12/96

 Posted by Andrew Oram  - •••@••.••• - Moderator: CYBER-RIGHTS (CPSR)
   CyberJournal:  (WWW or FTP) -->
 Materials may be reposted in their _entirety_ for non-commercial use.