Privacy concerns plague Senate health IT legislation

The Senate's eagerness to mandate incentives for modernizing healthcare through information technology has prompted concerns about enacting a law without adequate privacy protections.

Psychiatrist Deborah Peel, founder of the Patient Privacy Rights Foundation, has alerted her coalition of nearly 40 organizations, including the American Academy of Family Physicians and the American Medical Association, to call the sponsors of a pending bill, S. 1693, about adding a privacy amendment proposed by Patrick Leahy, D-Vt.

Peel maintains that the legislation was almost and soon may be "hotlined," a procedure used to expedite passage under unanimous consent, without debate. She said the bill relies too heavily on privacy standards promulgated under a flawed 1996 law, the Health Insurance Portability and Accountability Act, in covering non-medical entities like data aggregators.

An aide for the Health, Education, Labor and Pensions Committee, acknowledged that there is a need to reform health privacy rules but said now is not the time. The strain of deliberating reforms would slow the bipartisan effort to improve access to health care through technology, reduce medical errors and lower costs, he said.

The legislation would require that patients be notified if their data is wrongfully disclosed, establish grants for providers to buy health IT systems, and help fund regional and local health information exchanges.

Leahy is working to attach an information privacy amendment to the bill that would give patients the right to revoke third-party access to their records, opt out of any electronic system, and limit access to certain information to only a subset of authorized recipients.

An aide for Leahy said he has received positive feedback from HELP Committee chairman Edward Kennedy, D-Mass., and ranking Republican Michael Enzi of Wyoming. The HELP aide said that Kennedy is still in discussions with other senators.

Enzi spokesman Michael Mahaffey said "the health IT bill, should it be hotlined, is a classic example" of an issue that "has been thoroughly debated by all senators involved." The HELP aide said that patient organizations like the National Partnership for Women and Families would not be backing the bill fervently if it did not provide sufficient privacy protections.

Sabrina Corlette, the partnership's health policy programs director, said "the bill is not perfect," but "good healthcare depends on the exchange of healthcare information."

The committee aide noted that the bill would strengthen safeguards by mandating that every health IT system receiving funding keep an audit trail. Ultimately, he added, it may be the case that e-health records are even more secure than paper records, which are not auditable.

But Peel pointed out that "with a paper system, an occasional person could masquerade as a member of a staff ... and sneak in and make a copy of a single chart. ... On the other hand, electronic records can be disclosed to millions of entities across the globe in a second. The sheer and stupefying scale of the ability to violate privacy using electronic records is unprecedented."

Corlette noted that a huge data leak "is a risk today," and the bill "does not add to that risk, I don't think."

Stay up-to-date with federal news alerts and analysis — Sign up for GovExec's email newsletters.
Close [ x ] More from GovExec

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Sponsored by G Suite

    Cross-Agency Teamwork, Anytime and Anywhere

    Dan McCrae, director of IT service delivery division, National Oceanic and Atmospheric Administration (NOAA)

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

  • Sponsored by One Identity

    One Nation Under Guard: Securing User Identities Across State and Local Government

    In 2016, the government can expect even more sophisticated threats on the horizon, making it all the more imperative that agencies enforce proper identity and access management (IAM) practices. In order to better measure the current state of IAM at the state and local level, Government Business Council (GBC) conducted an in-depth research study of state and local employees.

  • Sponsored by Aquilent

    The Next Federal Evolution of Cloud

    This GBC report explains the evolution of cloud computing in federal government, and provides an outlook for the future of the cloud in government IT.

  • Sponsored by LTC Partners, administrators of the Federal Long Term Care Insurance Program

    Approaching the Brink of Federal Retirement

    Approximately 10,000 baby boomers are reaching retirement age per day, and a growing number of federal employees are preparing themselves for the next chapter of their lives. Learn how to tackle the challenges that today's workforce faces in laying the groundwork for a smooth and secure retirement.

  • Sponsored by Hewlett Packard Enterprise

    Cyber Defense 101: Arming the Next Generation of Government Employees

    Read this issue brief to learn about the sector's most potent challenges in the new cyber landscape and how government organizations are building a robust, threat-aware infrastructure

  • Sponsored by Aquilent

    GBC Issue Brief: Cultivating Digital Services in the Federal Landscape

    Read this GBC issue brief to learn more about the current state of digital services in the government, and how key players are pushing enhancements towards a user-centric approach.


When you download a report, your information may be shared with the underwriters of that document.