Privacy language urged for bill to digitize federal employee health records

Employee groups on Tuesday urged a House panel to include in a health information technology bill language to protect the privacy of federal employees who would be covered under the bill.

The bill, H.R. 4859, is currently under consideration in the House Government Reform Federal Workforce Subcommittee. The measure would require participating health plans and providers to collect claims and services data into e-health records by 2008. It also would authorize funding from a federal health IT trust to provide incentives to contracted providers.

Under the legislation, 8 million federal employees would have access to free e-health records, which in time could lead to lower premiums for the insured, Subcommittee Chairman and bill author Jon Porter, R-Nev., said in prepared opening statement.

Government contractors would have to establish and maintain e-health records for employees, and patients would control who has access to their health information.

The measure defers to the health privacy regulations promulgated under a 1996 law as a way to ensure that employee privacy is maintained when e-health data is exchanged and stored by insurance companies.

Those rules require medical personnel to limit the disclosure of patient information to the "minimum necessary." But Jacqueline Simon, public policy director for the AFL-CIO's American Federation of Government Employees, told the subcommittee that "this rule is not absolute.

"It is questionable if all medical personnel understand the various restrictions surrounding 'medical privacy'," she said.

Simon pointed to a "fragmented" system of state and federal laws that protect privacy to varying degrees. Moreover, she questioned the relevancy of the 1996 law. The Washington Post last week reported that out of the 19,420 grievances filed under the law, no fines have been filed.

"The ubiquitous use of computers has made access to confidential medical records much easier and much more vulnerable to exploitation," Simon added, noting that the digitization of healthcare records could create problems that extend beyond hospitals or clinics.

A recent poll of more than 1,000 consumers found that 86 percent are concerned about the industry's ability to protect personal health data.

Colleen Kelley, the national president of the National Treasury Employees Union, said the recent security breach at the Veterans Affairs Department, where as many as 26.5 million veterans were placed at risk of identity theft, further shows the "status quo is not working."

Kelley called on a full review of the federal privacy rules to ensure adequate protections. Furthermore, she said employees must be protected from their employers accessing any of their personal health records.

Daniel Green, the Office of Personnel Management's deputy associate director of the Center for Employee and Family Support Policy in the Strategic Human Resources Policy Division, said that while OPM agrees with the legislation in principle, the agency is concerned with some of its provisions.

He said privacy issues must be addressed before electronic health records containing personal identifiable health information become accepted in the mainstream and added that, while privacy issues are addressed in the legislation, more work needs to be done to be sure they comply with the current law.

The bill should focus more on implementing interoperable standards covering carrier information than stressing the need for a carrier based "personal health record," Green said.

"There is nothing more personal and private than a person's medical information," Porter said, noting that his bill would not alter the federal privacy rules. However, he urged the Health and Human Services Department to consider revising the rules to ensure their adequacy.

Porter said he will move the bill forward in "short order" in subcommittee. A subcommittee spokesman said a date for action has yet to be set.

Daniel Pulliam contributed to this report.