[Congressional Record Volume 144, Number 41 (Thursday, April 2, 1998)]
[Senate]
[Pages S3136-S3137]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]

      By Mr. JEFFORDS (for himself and Mr. Dodd):
  S. 1921. A bill to ensure confidentiality with respect to medical 
records and health care-related information, and for other purposes; to 
the Committee on Labor and Human Resources.


                        the health care pin act

  Mr. JEFFORDS. Mr. President, today, I join with my good friend 
Senator Christopher Dodd, in announcing the introduction of the Health 
Care Personal Information Nondisclosure Act of 1998--The Health Care 
PIN Act. This legislation will establish necessary national standards 
to protect the confidentiality of each American's medical records.

  Information technology presents our nation with the difficult 
challenge of ensuring that we reap its benefits without sacrificing one 
of our most important values: the right to individual privacy. In order 
to maintain control over our personal medical information, Congress 
must pass health care confidentiality legislation--as quickly as 
possible.
  The time is ripe for action. There have been major technological 
advances in health care's administrative, delivery, and payment 
systems. These advances have the potential to improve the quality of 
patient care. For example, electronic pharmaceutical records make it 
possible for pharmacists to identify potential drug interactions before 
filling a prescription. However, we must also have guarantees that our 
personal health care information is not being used inappropriately.
  Congress has made repeated attempts to enact a comprehensive federal 
privacy law but has, to date, been unsuccessful. The loose web of 
protections at the federal and state levels that has evolved in the 
absence of a comprehensive law leaves many aspects of health 
information unprotected.
  The Health Care PIN Act represents a synthesis of recommendations 
from many sources. It draws heavily from the discussion draft that I 
worked on with Senator Bennett and the ``Medical Information Privacy 
and Security Act,'' introduced by Senator Leahy and Senator Kennedy. 
The Labor and Human Resources Committee has held three hearings on the 
confidentiality of health care information, and the testimony and 
comments provided at each of those hearings has been invaluable--
especially, the administration's recommendations presented by Secretary 
Shalala in September.
  Under the terms of the Kassebaum/Kennedy legislation, if Congress 
fails to enact federal privacy legislation by August 1999, the 
Secretary of Health and Human Services is required to promulgate 
regulations establishing electronic privacy standards in the year 2000. 
This is too important a matter of public policy to be done outside of 
the legislative process and it is another reason why I intend to make 
this task one of the highest priorities of the Labor and Human 
Resources Committee.
  Other nations have taken steps to protect patient privacy. In 1995, 
the European Union enacted the Data Privacy Directive. The EU Directive 
requires that individuals have rights of consent, access, correction, 
and remedies for failure to protect confidential personal information. 
This Directive requires that by October 1998, if countries trading with 
any of the 15 European Union member states do not introduce similar 
rules, data cannot be transmitted between these countries. If we do not 
act promptly, this initiative raises the concern that the European 
Union could limit the flow of health care data between our countries 
for research and restrict the ability of American companies to compete 
overseas.
  The Health Care PIN Act would preempt state laws relating to medical 
records confidentiality--with the important exception of public health 
issues and those areas having a history of discrimination, such as 
mental health and HIV-AIDS. Since most health plans exchange health 
care information over the borders of many states, we need one privacy 
standard in this county--rather than 50 different ones--in order to 
achieve the greatest benefits from information technology and also 
ensure that all Americans have a uniform standard of privacy 
protection.
  The Act requires that individually identifiable health care 
information not be released unless authorized by patient consent. With 
very few exceptions, individually identifiable health care information 
should be disclosed for health purposes only, which includes the 
provision and payment of care and plan operations. Under the 
legislation, patients would have the right to copy and correct their 
medical records. In order to achieve accountability, the Health Care 
PIN Act provides that civil and criminal penalties would be imposed on 
individuals who use information improperly through unauthorized 
disclosure.
  Our individual right to privacy at times must be balanced against the 
need to protect the health of others. The Health Care PIN Act allows 
for the disclosure of health information without patient consent for 
the release of information to public health authorities for disease 
reporting. In addition, patient consent would not be required to 
disclose information needed for legitimate law enforcement purposes, 
including purposes required by state law such as the reporting of 
gunshot victims. Quality care requires more than the free flow of 
information between providers, payers, and other users of health 
information. It requires trust between a patient and a care giver. For 
our health care system to be effective, as well as efficient, patients 
must feel comfortable sharing sensitive information with health 
professionals. Technology has provided the tools to allow the ease of 
access to health care information. Now, the Health Care PIN Act is 
needed to ensure the confidentiality of this personal health 
information.
  It is my intent to work closely with the other members of the Labor 
and Human Resources Committee, and Senators Bennett and Leahy, to enact 
legislation this year that will establish national standards to protect 
medical information and enhance quality of health care for all 
Americans.
  Mr. DODD. Mr. President, I am pleased to join the Chairman of the 
Labor and Human Resources Committee, Senator Jeffords, in introducing 
the Health Care Personal Information Nondisclosure (PIN) Act of 1998. 
This legislation is designed to offer Americans the peace of mind that 
comes with

[[Page S3137]]

knowing that their most personal and private medical information is 
protected from misuse and exploitation.
  Medicine has changed dramatically since the time Norman Rockwell 
painted the scene of a doctor examining his young patient's doll. The 
flow of medical information is no longer confined to doctor-patient 
conversations and hospital charts. Recent technological advances have 
introduced more efficient methods of organizing data that allow 
information to be shared instantaneously--helping to contain costs--and 
even save lives. The national database of medical information provides 
a prime example of the benefits of these advances. Through the use of a 
simple computer, emergency room doctors are now equipped with a quick 
and inexpensive means of accessing the medical records needed to 
properly treat unconscious patients.
  Unfortunately, as we saw all too clearly just a few months ago, our 
laws have not kept pace with technology. In February the Washington 
Post exposed the activities of two pharmacies that were sharing 
personal medical information about prescription drug use with 
unauthorized third parties. And, most disturbingly, these actions were 
perfectly legal. Clearly, the existing patchwork of state laws 
protecting medical records are proving to be inadequate to address the 
public's concerns.
  These concerns are so strong that in some cases they threaten to 
actually negate the benefits of advances in medicine and technology. 
The fear of discrimination and exploitation has led some ethnic 
communities with susceptibility to certain conditions to urge their 
members to avoid genetic testing. The fear that sensitive medical 
information might be released without authorization has led patients to 
avoid full disclosure of mental health concerns to their physicians and 
to unnecessarily forego opportunities for treatment.
  I believe that the Health Care PIN Act offers the privacy protections 
that the public demands. This legislation sets clear guidelines for the 
use and disclosure of medical information by health care providers, 
researchers, insurers, employers and others. The Health Care PIN Act 
provides individuals with control over their most personal information, 
yet promotes the efficient exchange of health data for the purposes of 
treatment, payment, research and oversight. To ensure the 
accountability of entities and individuals with access to personal 
medical information, the legislation imposes stiff penalties for 
unauthorized disclosures.
  The Health Care PIN Act provides consumers with a strong, nationally 
uniform set of privacy protections. However, in areas of privacy law in 
which states have been the most active--namely in the confidentiality 
of sensitive mental health and public health records--states could 
continue to establish additional protections.
  I would also like to indicate my intent to work with Senator Jeffords 
to incorporate into this legislation protections against genetic 
discrimination in both employment and health insurance. Although we 
were unable to resolve this issue before introduction of this 
legislation, I am confident that we can reach consensus on this 
critical and timely issue.
  This legislation represents common-sense middle ground in the range 
of proposals that have been offered both this and the previous 
Congress. I look forward to working with Senator Jeffords, as well as 
with Senators Bennett, Leahy, and Kennedy, who have contributed so much 
to this debate, to move forward quickly to enact comprehensive, 
bipartisan legislation.
                                 ______