(Introduction from moderator: Remember the bill S. 1360, introduced into the U.S. Senate to determine how medical records could be stored and shared? It set off quite a fight between the CDT (which supported the bill) and Jamie Love's TAP (which opposed it). CDT has released a newsletter explaining new measures that improve the bill by making it harder for law enforcement agencies, researchers, etc. to get patient information without the patient's consent. I think it's significant and important emough to post here.--Andy) ----------------------------------------------------------------------------- _____ _____ _______ / ____| __ __ __| ____ ___ ____ __ | | | | | | | | / __ ____ / (_)______ __ / __ ____ _____/ /_ | | | | | | | | / /_/ / __ / / / ___/ / / / / /_/ / __ / ___/ __/ | |____| |__| | | | / ____/ /_/ / / / /__/ /_/ / / ____/ /_/ (__ ) /_ _____|_____/ |_| /_/ ____/_/_/___/__, / /_/ ____/____/__/ The Center for Democracy and Technology /____/ Volume 2, Number 14 ----------------------------------------------------------------------------- A briefing on public policy issues affecting civil liberties online ----------------------------------------------------------------------------- CDT POLICY POST Volume 2, Number 14 April 12, 1996 CONTENTS: (1) Key Senators Strengthen Medical Privacy Bill: Mark-up Set for April 24 (2) Subscription Information (3) About CDT, contacting us This document may be redistributed freely provided it remains in its entirety ** Excerpts may be re-posted by permission (•••@••.•••) ** ----------------------------------------------------------------------------- (1) Key Senators Strengthen Medical Privacy Bill: Mark-up Set for April 24 Today, Senators Nancy Kassebaum (D-KA) and Edward Kennedy (D-MA) released a stronger, more privacy-sensitive rewrite of the Medical Records Confidentiality Act (S.1360), also known as the Bennett-Leahy bill after its chief sponsors. The bill is scheduled to be considered by the full Labor and Human Resources Committee on April 24. If the Committee approves the bill, S.1360 will be ready to be voted on by the full Senate in the coming months. The revised Bennett-Leahy bill incorporates many of the key changes recommended by CDT (see CDT policy post March 19, 1996) and members of a CDT-led coalition, including AIDS Action Council, the Legal Action Center, the Center for Patients' Rights, IBM, AARP, the American Hospital Association, and the Association of Academic Health Centers. In addition, the bill includes revisions suggested by Public Citizen, the Coalition for Patient's Rights, the ACLU, and EPIC. In its current form, CDT believes that S.1360 is an extremely strong and enforceable medical privacy bill, which would give people the right to see their own records, prohibit disclosures of most personal medical data without the patient's consent, and bring heavy criminal and civil penalties to bear on those who violate the law. The revised S.1360, like its predecessor, is more stringent than any medical records privacy law currently on the books at either the state or federal level. If passed, the Bennett-Leahy bill will give people the greatest degree of control over the use and disclosure of their personal medical data. CDT hopes that the Senate Labor Committee will unanimously approve the amended S.1360. Significant changes to S. 1360 include: o A new section has been added to S.1360 that lays out the principles underlying the bill, including that people have a right of confidentiality in their medical records that is being eroded, and that such erosion may jeopardize the quality of health care by reducing peoples' willingness to confide in their doctors. o The revised S.1360 narrows instances under which protected health information may be disclosed without the individual's consent. Under S.1360 as introduced, a number of disclosures of personal health information were allowed without the individual's consent, such as to researchers and for the purpose of creating nonidentifiable data. Both of these exceptions to consent have been eliminated. S.1360 now requires researchers who want access to identifiable data to get the record subject's consent, unless they can meet a waiver standard already in place for federally funded researchers. o The revised S.1360 removes "health information services" from being treated as trustees, and now only allows them to receive personal health information with an individual's consent. Now, trustees, such as doctors, hospitals, and insurance companies, must anonymize personal health information prior to disclosing it to health information services, such as EDS or Equifax. A health information service may only strip the identifiers if they are under the control of a trustee as an employee or contractor. This change is a major improvement in the bill, which will significantly limit the number of people who get access to sensitive medical data. Overall, the bill creates a big incentive to use health data in nonidentifiable form. o S.1360 now includes a higher "clear and convincing evidence" standard that law enforcement must meet before a warrant can be issued for access to personal medical information. o S.1360 has now been narrowed by clarifying that insider access to medical records must be limited. The bill now states explicitly that internal disclosures of personal health information must be compatible with and directly related to the purposes for which the information was collected. For more information on the Medical Records Privacy legislation, including the text of the S.1360 as introduced and as revised (once it is made available), CDT's recommended changes to S.1360, CDT's testimony before the Senate Labor and Human Resources Committee, and other relevant information, visit CDT's Health Information Web Page at: http://www.cdt.org/health_priv.html For additional information contact The Center for Democracy and Technology +1.202.637.9800 Janlori Goldman, Deputy Director Deirdre Mulligan, Staff Counsel ------------------------------------------------------------------------- (2) SUBSCRIPTION INFORMATION Be sure you are up to date on the latest public policy issues affecting civil liberties online and how they will affect you! Subscribe to the CDT Policy Post news distribution list. CDT Policy Posts, the regular news publication of the Center For Democracy and Technology, are received by more than 9,000 Internet users, industry leaders, policy makers and activists, and have become the leading source for information about critical free speech and privacy issues affecting the Internet and other interactive communications media. To subscribe to CDT's Policy Post list, send mail to •••@••.••• with a subject: subscribe policy-posts If you ever wish to remove yourself from the list, send mail to the above address with a subject of: unsubscribe policy-posts ----------------------------------------------------------------------- (3) ABOUT THE CENTER FOR DEMOCRACY AND TECHNOLOGY/CONTACTING US The Center for Democracy and Technology is a non-profit public interest organization based in Washington, DC. The Center's mission is to develop and advocate public policies that advance democratic values and constitutional civil liberties in new computer and communications technologies. Contacting us: General information: •••@••.••• World Wide Web: URL:http://www.cdt.org/ FTP URL:ftp://ftp.cdt.org/pub/cdt/ Snail Mail: The Center for Democracy and Technology 1634 Eye Street NW * Suite 1100 * Washington, DC 20006 (v) +1.202.637.9800 * (f) +1.202.637.0968 ----------------------------------------------------------------------- End Policy Post 2.14 4/12/96 ----------------------------------------------------------------------- ~=-=-=-=-=-=-=-=~=-=-=-=-=-=-=-=-=~-~=-=-=-=-=-=-=-=~=-=-=-=-=-=-=-=-=~ Posted by Andrew Oram - •••@••.••• - Moderator: CYBER-RIGHTS (CPSR) Cyber-Rights: http://www.cpsr.org/cpsr/nii/cyber-rights/ ftp://www.cpsr.org/cpsr/nii/cyber-rights/Library/ CyberJournal: (WWW or FTP) --> ftp://ftp.iol.ie/users/rkmoore Materials may be reposted in their _entirety_ for non-commercial use. ~=-=-=-=-=-=-=-=~=-=-=-=-=-=-=-=-=~-~=-=-=-=-=-=-=-=~=-=-=-=-=-=-=-=-=~