[Congressional Record Volume 154, Number 25 (Thursday, February 14, 2008)]
[Extensions of Remarks]
[Page E199]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]




   INTRODUCING TECHNOLOGIES FOR RESTORING USERS' SECURITY AND TRUST 
                   (TRUST) IN HEALTH INFORMATION ACT

                                 ______
                                 

                         HON. EDWARD J. MARKEY

                            of massachusetts

                    in the house of representatives

                      Thursday, February 14, 2008

  Mr. MARKEY. Madam Speaker, the development of a nationwide 
interoperable health information infrastructure holds tremendous 
promise for improving patient care, reducing medical errors and 
lowering costs. Today's health care system needs to be transformed to 
improve health care quality, safety and affordability, and 
interoperable health information networks can play an important role in 
this transformation.
  At the same time, without sufficient privacy and security safeguards, 
such electronic systems could turn the dream of integrated, seamless 
health IT networks into a nightmare for consumers, reducing the 
likelihood that patients and providers will embrace and utilize such 
systems. If we fail to require strong privacy and security standards 
now, during the early stages of development of nationwide interoperable 
health IT systems, we run the risk that Americans' medical secrets will 
be extremely vulnerable to being lost or stolen from these systems, 
whose weak privacy and security safeguards will be an open invitation 
to identity thieves, fraudsters and others seeking unauthorized access.
  The great Irish poet William Butler Yeats famously wrote that ``In 
dreams begins responsibility.'' The dream of a nationwide, seamless, 
effective health IT infrastructure certainly is enticing. Let us hope 
that we can realize this dream in the future. Today Congress has a 
responsibility to ensure that patients' personal medical secrets are 
not put at risk in the process.
  According to a report released last year by the Government 
Accountability Office, GAO, the Department of Health and Human 
Services, HHS, has taken some steps to identify solutions for 
protecting patient privacy in health IT systems, but HHS has ``not yet 
defined an overall approach for integrating its various privacy-related 
initiatives and addressing key privacy principles, nor has it defined 
milestones for integrating the results of these activities.'' (GAO-07-
400T) Over the past 3 years, repeated breaches of electronic systems 
containing Americans' Social Security numbers, addresses and other 
sensitive personal information have reinforced the need for strong data 
safeguards for Americans' medical records. According to Privacy Rights 
Clearinghouse, a non-profit consumer organization, more than 218 
million data records of U.S. residents have been exposed due to 
security breaches since January 2005.
  I am pleased that Representative Rahm Emanuel is joining me in 
introducing the Technologies for Restoring Users' Security and Trust, 
TRUST, in Health Information Act. The TRUST Health Information Act 
promotes development of a nationwide interoperable health IT 
infrastructure that improves patient care, reduces costs and protects 
the privacy and security of Americans' personal medical information. 
The Trust Act contains provisions to encourage the development of 
health IT networks through grants and standard-setting processes while 
also ensuring that patients' medical records will be protected by 
strong privacy and security safeguards. For example, the TRUST Act:
  Empowers patients to keep their medical records out of health IT 
databases unless they first give their consent;
  Requires patients to be notified if the systems that contain their 
health information is breached and their information is exposed;
  Mandates the use of data security safeguards such as encryption and 
other technologies that render the information unreadable to 
individuals who are not authorized to access it;
  Authorizes grant funding to enable the purchase and enhance the use 
of qualified health IT systems; and
  Establishes a public-private partnership to make recommendations 
concerning health IT standards, criteria for the electronic exchange of 
personal health information and related purposes to encourage the 
creation of a nationwide interoperable health information technology 
infrastructure.
  Patient privacy and security protections are enablers of, not 
impediments to, successful nationwide interoperable health IT systems. 
Only after patients have confidence in these protections will they 
trust their sensitive medical information to such systems.
  The Trust Act is supported by Patient Privacy Rights, Microsoft 
Corporation, the American Psychoanalytic Association, American 
Association of Practicing Psychiatrists and the National Association of 
Social Workers.

                          ____________________