AMERICAN CIVIL LIBERTIES UNION OF MASSACHUSETTS 99 Chauncy Street, Suite 310, Boston, MA 02111 (617) 482-3170 Fax (617) 451-000 CONTACT: John Roberts (617) 482-3170 http://users.aol.com/mcluf/home.html BENNETT-JEFFORDS BILL PLACES MEDICAL RECORD PRIVACY AT RISK The confidentiality of the doctor-patient relationship will be totally undermined as medical records become widely available without patient knowledge or consent. BOSTON - February 27, 1998. On Thursday 2/26/98 the United State Senate's Labor and Human Resources Committee heard testimony concerning a bill proposed by Senators Bennett and Jeffords that, if passed, would license the widespread disclosure of personal medical information contained in files held by doctors, hospitals, employers, educational institutions, and others. The bill which purports to be a privacy bill is, in fact, just the opposite. It places virtually no restrictions on the disclosure of personal medical records within health care entities (no matter how large and geographically widespread) or to a long list of other entities and agencies including the following: - any agents or contractors of the health care entities - Public Health Agencies, Oversight Agencies - Health Care Accreditation Agencies - State Health Care Databases There are major loopholes in access provisions for - Health Care Researchers - "Outcome" analysts ("cost/benefit" analysts for hospitals, HMO's, insurers, etc) Even law enforcement agencies will have easy access to browse computerized medical record systems for so-called "legitimate" investigatory purposes. This will make every American's medical record part of a new massive law enforcement database. The bill will destroy the confidential "doctor-patient relationship" and replace it with a new "patient-health care industry relationship." "This bill serves only the interests of the burgeoning health care industry," said John Roberts, Executive Director of the ACLU of Massachusetts. "It allows the transfer of your medical records to many entities that stand to profit from its information. Gone is doctor-patient confidentiality. Your doctor cannot protect your most sensitive medical information from many entities outside your medical facility. Even employers who have health plans are considered 'health care providers' in the Bennett-Jeffords bill. How many of us want our employers to have access to any of our medical records without our knowledge or consent?" The bill will also - Impose requirements that patients sign blanket consent forms for release of information as a condition of getting treatment, even for self-pay patients - Redefine "treatment" to make the patient's record a subject of continuous research - Blur the boundaries between individual patient care and the so-called "Population Management" and "Disease System Management" The bill will pre-empt all state laws which may be more protective of the confidentiality of medical records. The bill will not apply even its own minimal privacy protections to so-called "non-identifiable" medical records information. But...interestingly, the bill also refers to issuing "keys" to re-identify previously purportedly "non- identified" information. A formal logical analysis of this reveals that the bill itself admits that what it calls "nonidentifiable" medical record information is actually identifiable (i.e. containing patient information). The ACLU of Massachusetts believes that what is really needed for medical privacy protection would be the following: - Federal law should set a foundation or floor of privacy protection - State laws which are more-protective of patient's rights should not be preempted - No "Unique Patient Identification Numbers" - No electronic "linkage" of patient records stored in various sites - Computerized patient records must be encrypted with keys provided only to those directly involved in the individual patient care - The right of the individual patient to contract directly with physicians and health care providers regarding the privacy of the patient's medical records. -end-