Senators Patrick Leahy (D-Vt.) and Edward Kennedy (D-Mass.) introduced the Health Information Privacy and Security Act of 2007 (S.1814) last week. The bill requires that organizations that store health information electronically notify individuals of their privacy practices and establish adequate safeguards to prevent security breaches, or face civil penalties. The bill provides individuals the right to access their health data, prohibits the use of health data without patient authorization and requires de-identification of individually identifiable health data used for research purposes. The bill also establishes a health information privacy department within the Department of Health and Human Services that will provide consumers with privacy rights information.

Upon introduction, the legislation was referred to the Senate Health, Education, Labor and Pensions (HELP) Committee, which Kennedy chairs.