[Congressional Record Volume 146, Number 77 (Monday, June 19, 2000)]
[Senate]
[Pages S5320-S5321]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]




                        INTERNET MEDICAL PRIVACY

  Mr. GRASSLEY. Mr. President, I come to the floor to speak on the 
subject of technology. The message on technology is very simple. 
Technology is moving fast, but somehow Congress does not pass laws that 
keep up with the technology. I wish to state the proposition that, from 
the standpoint of the right to privacy, our laws cannot be left behind. 
Every day, more and more Americans are waking up to what technology can 
do to improve their lives. Thanks to the hard work of the American 
people in the technology sector, we live in an amazing time. Congress 
didn't bring about this revolution, and Congress should not do anything 
to impede the rapid changes taking place in technology.
  However, one of the main threats to the growth of electronic commerce 
is the risk of a massive erosion of privacy. While the Internet offers 
tremendous benefits, it also comes with the potential for harm. If we 
lack confidence that our privacy will be protected online, we won't 
take full advantage of what the Internet has to offer. The Judiciary 
Committee is now considering a bill to protect the privacy of Internet 
users. I want to focus on one particular issue, and that is maintaining 
privacy of personal health information obtained by web sites.
  I happen to believe, as a matter of basic principle, that information 
about my health is very personal, and nobody else should know that 
without my permission. So I am pleased to join my colleague from New 
Jersey, Senator Torricelli, in cosponsoring an amendment on this issue 
before the Judiciary Committee. I think it will be up this week, on 
Thursday.
  The amendment Senator Torricelli and I plan to sponsor will give 
citizens a chance to control any health information that they might 
provide while surfing the web. None of that will be passed on to others 
without their explicit permission. Our amendment simply provides that a 
commercial web site operator must obtain permission from a person 
before sending health information to another entity. In addition, it 
would require that individuals be told to whom their medical 
information will be released if permission is given.
  I know to people watching this sounds like a pretty simple, 
commonsense thing, that there would be no dispute and it ought to be 
part of the laws of our country under our Constitution that personal 
information not be sold or used by anybody else without the personal 
permission of the person who that medical information is about. It 
sounds pretty simple that it ought to be part of our law. It appears to 
be such common sense that maybe we should not even have to deal with 
that; it is just common sense that nobody else should profit from your 
personal information without telling you about it and without your 
permission.
  It is only fair--it seems to myself and to Senator Torricelli--to put 
that burden on the web site operator and not on the consumer. Medical 
information can be highly personal, and consumers face serious risk if 
it becomes a public commodity that can be bought and sold without the 
individual's consent. If that is allowed, then we are all at risk.
  As far as your own personal information being a public commodity that 
can be sold--outside the fact that it shouldn't be done without your 
permission, not only to protect your privacy but you ought to know 
about the information being disseminated and to whom it is going, it is 
also the fact that personal health information, if it is a commodity, 
is under your personal, private property rights, and they ought to be 
protected just as personal property rights are protected under our 
Constitution.

[[Page S5321]]

  The Department of Health and Human Services is working on regulations 
to finalize medical privacy rules this summer. I understand that for 
the most part those rules would set up a mechanism so individuals would 
have to opt into the procedure of giving permission for their medical 
information to be disseminated--opting in meaning that you have to 
actually say, I give permission for my medical information to be used 
in such and such a way, as opposed to kind of an opt-out situation 
where your personal medical information will be disseminated unless you 
say it can't be disseminated. From that standpoint, the Department of 
Health and Human Services rules, which they say will actually come out 
this way, will be in agreement with the goals of our amendment. I see 
the need to allow the process in the Department of Health and Human 
Services to finish.
  The current draft of our amendment explicitly will not interfere with 
those rules and the rulemaking process now going on, and it also does 
not apply to entities subject to those proposed rules, such as health 
plans and providers.
  Our amendment gets at those commercial health web sites to which the 
protections of Health and Human Services rules will not apply. But 
having said that, our amendment is pending.
  Having made clear that our amendment does not interfere with the 
Department of Health and Human Services rulemaking now going on, I want 
to put President Clinton on notice, if it turns out that the final 
Health and Human Services rules are inadequate from the standpoint of 
protecting the personal privacy of health information of individuals, 
having this amendment in the bill as a placeholder will provide those 
of us in Congress who are concerned about this issue of privacy of 
medical health information a vehicle to strengthen the HHS rules 
legislatively in the future if necessary. There should be ample time 
for that because realistically we all know that more work will have to 
be done on Internet privacy before final enactment.
  Senator Torricelli and I are open to ideas on how to improve the 
amendment. But let me make clear that I am adamant on the point that 
people should have a basic right to control their medical information, 
and to control it from the standpoint of making a separate individual 
decision as to whether that information can be disseminated--not from 
the opposite point of view that if they fail to say it can't be used it 
can be legally disseminated. I believe that very strongly.
  We all know there are special interests out there that do not agree 
with us. I happen to think they are wrong. I look forward to having 
this issue aired fully in the committee. We should protect citizens' 
most confidential information from those who misuse it. I suppose there 
is a lot of confidential information other than just medical 
information about an individual that we ought to be concerned about. 
But I can't think of anything more personal or that could be more 
destructive to the individual than medical information.
  We should also arm our citizens to make a thoughtful and informed 
decision on how their health information will be used--even educating 
them about the possibility that because they use the Internet certain 
health information about them can be disseminated. I am not so sure 
that we don't take the use of the Internet and technology so much for 
granted today that we often don't think about what we are doing and 
what we are putting into it about ourselves, and who might be making 
use of that. It is important for us to be informed about the 
possibilities. Once we have done that, I think the American people can 
be assured that they can go online without having surrendered their 
privacy rights.
  I yield the floor.
  The PRESIDING OFFICER. The Senator from Arizona.
  Mr. KYL. Thank you, Mr. President.

                          ____________________