Senate Democrats Criticize Bush Revisions to Medical Privacy Rules

Senate Democrats at an April 16 Committee on Health, Education, Labor and Pensions hearing "harshly criticized" the Bush administration's proposal to roll back certain medical privacy provisions put in place by the Clinton administration in December 2000, the New York Times reports. The Bush administration would drop a requirement that doctors, hospitals and other health care providers obtain written consent from patients before using their personal health information for treatment, reimbursement or other "health care operations" and administrative activities. Under the proposal, providers would still have to inform patients of their rights, and patients would have to acknowledge their receipt of such notices. The Bush administration's proposal would also "redefine" the ban on using patient information for the purpose of marketing by exempting from the ban materials that recommend alternative treatments, therapies, drugs or providers for an individual patient (Pear, New York Times, 4/17). During the hearing, Sen. Edward Kennedy (D-Mass.), chair of the committee, called the proposed changes, which would take effect in April 2003, a "serious step backwards" and said he would introduce legislation to reinstate mandatory consent forms (AP/Dallas Morning News, 4/17). Kennedy added that the change in marketing regulations would create a "major loophole." Sen. Hillary Rodham Clinton (D-N.Y.) said the changes would "substantially weaken the privacy rules." But HHS Deputy Secretary Claude Allen testified that the changes are necessary because "it's far more important that [the Bush administration] do nothing to impede access to care." He added, "Having privacy means little if you don't have access to care" (New York Times, 4/17). Regarding the proposed changes to marketing rules, Allen said the new regulations would permit providers to "communicate freely with patients about individual treatment options and other health-related information" (Rovner, Reuters Health, 4/16).

A Report on Privacy Compliance
Also speaking at the hearing was Sam Karp, chief information officer at the California HealthCare Foundation, who presented the findings of a report that shows that eliminating major components of the medical privacy regulations is not warranted. The report was commissioned by the National Committee for Quality Assurance and Georgetown University's Health Privacy Project. Researchers surveyed 100 California health care organizations in January and February to assess their compliance with the current privacy regulations, to identify challenges and burdens HCOs face as they implement the rule and to identify sections of the rule that require revision by HHS. The survey yielded eight key findings:

• Planning for compliance with the rule is progressing, though implementation progress varies among HCOs.
• The consent requirements are "somewhat workable."
• The minimum necessary requirements are "somewhat workable."
• HCOs believe the consent and minimum necessary requirements limit access to information needed for quality assessment.
• HCOs view the business associates provision as "burdensome."
• HCOs need additional resources to analyze preemption of state medical privacy rules by HIPAA.
• HCOs have not allocated resources to fund compliance efforts completely.
• There is a "general need" for clarifications and/or modifications to the rule (CHCF release, 4/16).