New legislation pushes for stringent health record privacy

Twitter icon
Facebook icon
LinkedIn icon
e-mail icon
Google icon

Sens. Patrick Leahy (D-Vt.) and Edward Kennedy (D-Mass.) introduced a new privacy bill today that would place stringent restrictions on disclosures of personal health information and clear up at least some of the confusion surrounding federal privacy rules.

If passed, the new bill would not supplant the Health Insurance Portability and Accountability Act of 1996 but would require the Health and Human Services Department to revise HIPAA rules, according to a six-page summary the senators issued.

“In America today, if you have a health record, you have a health privacy problem,” Leahy said in a statement. He heads the Senate Judiciary Committee, which is expected to consider the bill.

Kennedy said the bill aims to strike a delicate balance between sharing information and protecting patients’ privacy. “For too long, the balance has been tilted too far against patient privacy, and our bill is a needed effort to correct that imbalance,” he said. Kennedy heads the Senate Health, Education, Labor and Pensions Committee.

The Health Information Privacy and Security Act of 2007 would prohibit the disclosure or use of personal health information without authorization from the patient in most cases. It would also allow patients to opt out of electronic systems that store or transmit health records and would require that individuals be notified if their information is disclosed without authorization.

It would establish an Office of Health Information Privacy at HHS and give it enforcement powers. The bill would impose criminal and civil penalties for unauthorized disclosure of patient information and direct the U.S. attorney general to debar health entities from federal programs if they are found guilty of a crime under the act.

It would also allow individuals to sue for damages in cases of unauthorized disclosure and would authorize state attorneys general to sue on behalf of state residents. In addition, whistle-blowers who report violations would be protected from retaliation.

For more news on the issue of privacy, see Conference News, "Privacy is key to interoperability."