June 24, 2008
House Lawmakers To Introduce Health Care IT Legislation
House Energy and Commerce Committee Chair John Dingell (D-Mich.) and ranking member Joe Barton (R-Texas) today plan to introduce a bill that would promote the adoption of a nationwide electronic health record system, CongressDaily reports.
According to CongressDaily, the lawmakers released a draft of the legislation last month that "generated a torrent of comments from the health care, high-tech and consumer advocacy communities," many of which focused on patient privacy concerns. In response to those concerns, the lawmakers clarified the definition of a security "breach" and increased patient privacy protections in the bill.
Under the bill, HHS would have to publish a list of entities that experience security breaches that affect more than 1,000 individuals, and health care providers would have to obtain consent from patients before they share their medical records.
The legislation also would allow HHS to approve technologies equally or more effective than encryption and require notification of security breaches "without unreasonable delay," or within 60 days, whichever is first.
The bill also would clarify that criminal penalties imposed under the federal medical privacy rule issued after the enactment of HIPAA apply to individuals who improperly obtain medical records.
In a statement on Monday, Dingell said, "Although shifting from paper to electronic health records would greatly benefit patients and health care providers, we currently lack the infrastructure to make this much-needed transition work," adding, "The provisions included in this bipartisan proposal will encourage faster adoption of health information technology while also ensuring that patients' health information is protected."
Barton said that the bill represents a "fine beginning" to efforts to expand adoption of health IT and indicates "how people expect their most sensitive and personal information to be properly handled by their health care providers in the digital age."
Comments
A spokesperson for Rep. Mike Rogers (R-Mich.) praised the bill but raised concerns that some provisions "might put limitations on the ability of health care providers to implement a smooth system that works well and still protects the security of the information."
Deborah Peel, founder of Patient Privacy Rights, criticized the legislation. She said, "We still don't have a commonsense definition of privacy." Peel said that the legislation "needs to end the 'commodification' of health information because nobody should be able to use, sell, trade or disclose your electronic health records without your permission" (Noyes, CongressDaily, 6/24).
