[Congressional Record Volume 142, Number 117 (Friday, August 2, 1996)]
[Senate]
[Pages S9636-S9638]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]




         TRIBUTE TO MARGUERITE'S PLACE OF NASHUA, NEW HAMPSHIRE

 Mr. SMITH. Mr. President, I rise today to pay tribute to 
Marguerite's Place, a support home for disadvantaged women and children 
in Nashua, NH. This outstanding service organization, sponsored by the 
Sisters of Charity, provides a very welcome service in New Hampshire. 
The Grey Nuns have worked hard to ensure the success of this very 
special place.
  Marguerite's Place is designed to provide a fresh start for women in 
abusive or other disadvantaged situations. It is unique because it 
allows women to keep and continue to care for their children, promoting 
strong family values. It is also a long-term support program that 
teaches women how to put their lives back together. Sisters Sharon 
Walsh and Elaine Fahey, who manage Marguerite's Place, previously ran a 
similar program in inner city Philadelphia that had a very high success 
rate. Between them they have 20 years experience helping poor women 
restructure their lives.
  Marguerite's Place can accommodate seven women and their children and 
provides vital support services like day-care. Women may stay in 
Marguerite's Place for up to 2 years and have access to continuing day-
care for 5 years through the aftercare program. While Marguerite's 
Place does provide some necessary services, the sisters are determined 
not to do anything for the women that they are capable of doing for 
themselves. During their stay, the women must pay rent and utilities, 
buy and prepare their own food, and are responsible for the maintenance 
of their quarters. The Grey Nuns' philosophy for Marguerite's Place is 
to empower women to move forward into the future with hope.
  The sisters are tough about the rules of Marguerite's Place, but they 
provide a safe environment for women who need time to heal. For 
example, no men are allowed in the building at any time and there is a 
security system. They employ drug testing if necessary and allow the 
women only one slip or relapse before removing them from the program. A 
thorough screening finds women who can demonstrate a commitment to the 
program and improving their lives and the lives of their children.
  Marguerite's Place enjoys a tremendous amount of state and community 
support from the citizens of Nashua. It received funds from the Office 
of Alcohol and Drug Prevention for the purchase and rehabilitation of 
the building and from the Department of Housing and Urban Development 
as a continuum care program. They now receive operational funding from 
the United Way for their program, and local religious groups have been 
invaluable. Community youth help Marguerite's Place through events such 
as the United Way Youth Day of Caring and Rivier College, which sends 
staff out to discuss health issues with the women.
  Marguerite's Place is the type of program that this country needs 
because it not only provides people with an immediate opportunity but 
teaches them how to improve their lives. The women are given a chance 
and the responsibility to make something of it. By giving them this 
responsibility, they empower these women. Their success rate shows that 
this type of program, combining aid with responsibility, works. I 
commend Marguerite's Place for an excellent job meeting community 
needs. The caring of Sisters Sharon and Elaine has given hope to women 
in desperate situations and provided a way out of that situation. I am 
proud to thank them of behalf of the Granite State.


   Need for Privacy protection in Connection with Computerization of 
                        Health Care Information

 Mr. LEAHY. Mr. President, for the past several years, I have 
been engaged in efforts to make sure that Americans' expectations of 
privacy for their medical records are fulfilled. I do not want 
advancing technology to lead to a loss of personal privacy and do not 
want the fear that confidentiality is being compromised to deter people 
from seeking medical treatment or stifle technological or scientific 
development.
  The former Republican Majority Leader Bob Dole put his finger on this 
problem when he remarked that a ``compromise of privacy'' that sends 
information about health and treatment to a national data bank without 
a person's approval would be something that none of us would accept. 
Unfortunately, the former Republican majority leader's worst nightmare, 
and mine, is being facilitated by provisions inserted by the House into 
this conference report that require the development of a national 
health information system.
  The conference report includes provisions that require a system of 
health

[[Page S9637]]

care information exchanges by computers and through computer 
clearinghouses and data networks. These are provisions that were not 
included in the Senate bill and have not been separately considered by 
the Senate.
  The Senate sponsors of a similar bill, which is pending without 
action before the Senate Finance Committee, acknowledged the need to 
establish standards not just for accomplishing electronic transactions 
but also for the privacy of medical information. Unfortunately such 
standards are not included in this bill.
  I worked during Senate consideration of the Kennedy-Kassebaum bill in 
April to include such protections. Indeed, along with Senators 
Kassebaum, Kennedy, Bond and Bennett, we were able to reach agreement 
on an amendment that would have combined administrative simplification 
provisions with critical privacy protection provisions. Our proposal 
was, unfortunately, not included in the Senate bill due to an objection 
from the staff of the Senate Finance Committee. This was especially 
troubling since similar provisions had been included in the Finance 
Committee bill reported in the last Congress and in Republican Leader 
Dole's bill--as well as in the Labor Committee bill and Democratic 
Leader Mitchell's bill and in the bill produced by the mainstream 
group.
  Now we are confronted with a conference report that calls for 
nationwide data networks to be established within 18 months but 
contemplates delay of the promulgation of any privacy protection for 42 
months. That is not the way to proceed. When the American people become 
aware of what this law requires and allows by way of computer 
transmission of individually identifiable health information without 
effective privacy protection, they should demand, as I do, prompt 
enactment of privacy protection.
  I have long felt that health care computerization will only be 
supported by the American people if they are assured that the personal 
privacy of their health care information is protected. Indeed, without 
confidence that one's personal privacy will be protected, many will be 
discouraged from seeking help from our health care system or taking 
advantage of the accessibility that we are working so hard to protect. 
These are among the serious problems being created by the conference 
report provisions that do not enact or require promulgation of 
effective privacy protection.
  The American public cares deeply about protecting their privacy. 
Louis Harris polling indicated that almost 80 percent of the American 
people expressed particular concern about computerized medical records 
held in databases used without the individual's consent. The American 
people know that confidentiality of medical records is extremely 
important.
  The Commerce Department released a report earlier this year on 
Privacy and the NII. In addition to financial and other information 
discussed in that report, there is nothing more personal than our 
health care information. We must act to apply the principles of notice 
and consent to this sensitive, personal information. It is time to 
accept the challenge and legislate so that the American people can have 
some assurance that their medical histories will not be the subject of 
public curiosity, commercial advantage or harmful disclosure. There can 
be no doubt that the increased computerization of medical information 
has raised the stakes in privacy protection. The nationwide, 
comprehensive computerization represented by the administrative 
simplification provisions of this conference report makes the enactment 
health care privacy legislation essential.
  Three years ago, I began a series of hearings before the Technology 
and the Law Subcommittee of the Judiciary Committee. We explored the 
emerging smart card technology and opportunities being presented to 
deliver better and more efficient health care services, especially in 
rural areas. Technology can expedite care in medical emergencies and 
eliminate paperwork burdens. But it will only be accepted if it is used 
in a secure system protecting confidentiality of sensitive medical 
conditions and personal privacy. Fortunately, improved technology and 
encryption offer the promise of security and confidentiality and can 
allow levels of access limited to information necessary to the function 
of the person in the health care treatment and payment system. 
Unfortunately, the conference report fails to include technological or 
legal protections for patients' privacy.
  In January 1994, we continued our hearings before that Judiciary 
Subcommittee and heard testimony from the Clinton Administration, 
health care providers and privacy advocates about the need to improve 
upon privacy protections for medical records and personal health care 
information.
  As I focussed on privacy needs, I was shocked to learn how catch-as-
catch-can is the patchwork of State laws protecting privacy of 
personally identifiable medical records. A few years ago we passed 
legislation protecting records of our videotape rentals, but we have 
yet to provide even that level of privacy protection for our personal 
and sensitive health care data.
  As policymakers, we must remember that the right to privacy is one of 
our most cherished freedoms--it is the right to be left alone and to 
choose what we will reveal of ourselves and what we will keep from 
others. Privacy is not a partisan issue and should not be made a 
political issue. It is too important.
  I am encouraged by the fact that the Clinton administration has 
understood that ``health security'' must include assurances that 
personal health information will be kept private, confidential and 
secure from unauthorized disclosure. Early on the administration's 
health care reform proposals provided that privacy and security 
guidelines would be required for computerized medical records. The 
administrations's Privacy Working Group of its NII Task Force has been 
concerned with the formulation of principles to protect our privacy. In 
these regards, the President is to be commended.
  The difficulty I had with the initial provisions of the President's 
Health Security Act I now have with this conference report. We cannot 
delay enactment of laws to protect our health care privacy for several 
more years. This bill will require that personal health care 
information be available for electronic transmission without proper 
protection and without any effective way for a patient to object or 
withhold consent from such insecure transmission. The two-track system 
for establishing national computer networks of health care information 
within 18 months and getting to the fundamental issue of privacy 
protection some 2 or 3 years later is unacceptable and wrongheaded.
  Having introduced health care privacy legislation in the last 
Congress, I joined with Senator Bennett and others in introducing the 
Medical Records Confidentiality Act, S. 1360, in this Congress. Our 
bill establishes in law the principle that a person's health 
information is to be protected and to be kept confidential. It creates 
both criminal and civil remedies for invasions of privacy for a 
person's health care information and medical records and administrative 
remedies, such as debarment for health care providers who abuse others' 
privacy.
  This legislation would provide patients with a comprehensive set of 
rights of inspection and an opportunity to add corrections to their own 
records, as well as information accounting for disclosures of those 
records.
  The bill creates a set of rules and norms to govern the disclosure of 
personal health information and narrows the sharing of personal details 
within the health care system to the minimum necessary to provide care, 
allow for payment and to facilitate effective oversight. Special 
attention is paid to emergency medical situations and public health 
requirements.
  We have sought to accommodate legitimate oversight concerns so that 
we do not create unnecessary impediments to health care fraud 
investigations. Effective health care oversight is essential if our 
health care system is to function and fulfill its intended goals. 
Otherwise, we risk establishing a publicly-sanctioned playground for 
the unscrupulous. Health care is too important a public investment to 
be the subject of undetected fraud or abuse.
  Those who have been working with us on the issue of health 
information privacy include the Vermont Health Information Consortium, 
the Center for Democracy and Technology, the American Health 
Information Management

[[Page S9638]]

Association, the American Association of Retired Persons, the AIDS 
Action Council, the Bazelon Center for Mental Health Law, the Center 
for Medical Consumers, the New York Public Interest Group, the National 
Association of Retail Druggists, the Legal Action Center, IBM Corp., 
and the Blue Cross and Blue Shield Association. They have worked 
tirelessly to achieve a significant consensus on this important matter.
  The Labor Committee conducted hearings last year on this legislation 
that showed significant support for the measure. Senators Kassebaum and 
Kennedy have worked hard on this matter and helped us to revise and 
improve the provisions of the bill. The working version of the bill now 
includes several important changes from the language originally 
introduced. We have tried to make it more patient centered and 
sensitive. We have eliminated the section on and references to a health 
information service. We would require informed consent for use of 
individually identifiable health information for research.
  It is with this in mind that I am troubled by indications in the 
conference report discussion that research is viewed by some as an area 
where privacy rights should be sacrificed and consent not required for 
use of individually identifiable health information. I feel strongly to 
the contrary and believe that research should include consent 
consistent with current, recognized professional standards and codes of 
conduct for clinical research. We need not and should not weaken those 
standards and protections through poorly conceived Federal mandates.
  It is unfortunately that criticism of S. 1360 from some quarters 
tended to obscure its purpose and impede its progress. Some critics 
were unwilling to work with us to improve the bill. Their recalcitrance 
helped create the threat we face in this conference report of federally 
mandated computer networks of sensitive health information without 
simultaneous enactment of privacy protection.
  I know that these are important matters about which many of us feel 
very strongly. It is never easy to legislate about privacy. Those of us 
who care about protecting privacy have no acceptable alternative and 
must pull together to achieve that which has always been our goal--
prompt enactment of effective privacy protection for health care 
information.
  When I testified before the Labor Committee earlier this year I 
suggested that our critics look at the bill against the backdrop of the 
lack of protection that now exists in so many places and in so many 
ways and the computerization of medical information. Indeed, in 1995 
the House had buried within its budget reconciliation bill provisions 
that would have required the development and use of protocols ``to make 
medical information available to be exchanged electronically.'' I was 
the only Member of Congress to protest the inclusion of those 
provisions without any attention to privacy protection last year. 
Fortunately, others are now beginning to recognize the need for action.
  During the last few days we have been able to improve the conference 
report, but only slightly to the point that it is now. Initially, it 
would have expressly preempted all States' laws that provide privacy 
protection for health information and records and made it virtually 
impossible later to add privacy protection measures. Now, there is at 
least an exception to the Federal preemption language for State laws 
relating to the privacy of individually identifiable health 
information. This is only a start because, as I have noted, the State 
laws are not sufficiently protective or comprehensive in the 
protections they seek to provide.
  Senator Bennett and I have been trying to respond to suggestions for 
improvements to our bill as originally introduced. We have been working 
closely with the Chair and Ranking Democrat of the Labor Committee, 
Senators Kassebaum and Kennedy, and with all interested parties.
  I deeply regret that we have not been able to develop a complete 
consensus to enable privacy provisions to be included in this measure 
at this time. When supporters of measures to standardize and require 
the electronic exchange of health care information insisted that 
administrative simplification mandates be included in this conference 
report without any significant privacy protection, we could only obtain 
a limited opportunity to include privacy protection somewhere down the 
road. While the conference report provides express protection for 
business trade secrets and confidentiality for commercial information, 
it all but ignores personal privacy and provides no current protection 
for individually identifiable health information.
  I will continue to work on this important issue. We are still engaged 
in discussions with some who have come forward with concerns very 
recently and have yet to offer suggestions for improvements or 
alternative language. Our fervent desire to make the Medical Records 
Confidentiality Act the best bill it can be should not be doubted. I 
come forward today to declare that further delay by critics cannot and 
will not be tolerated. If they have suggestions for improvements to the 
bill, they need to make them without delay. Our window of opportunity 
is closing.
  The conference report allows the Secretary 12 months to make 
recommendations. She has been engaged in this process from the outset 
so we need and expect her recommendations immediately. Congress must 
get about the job of enacting tough, effective privacy protection 
before mandated computer transfers of medical information become 
effective. We cannot risk the loss of privacy in the interim. Moreover, 
it will be near impossible to include appropriate privacy protection in 
the future. We must rededicate ourselves to act at the earliest moment. 
I hope we can do so before adjourning this year. Privacy was left off 
the table at this House-Senate conference. It must be given a central 
place and highest priority if this scheme for technological development 
is to proceed.
  I would ask all to join with us in a constructive manner to create 
the best set of protections possible at the earliest possible time. 
With continuing help from the Administration, health care providers and 
privacy advocates we can enact provisions to protect the privacy of the 
medical records of the American people and make this part of health 
care security a reality for all. 

                          ____________________