National Coalition of Mental Health Professionals and Consumers, Inc.

an educational foundation and advocacy organization serving mental health consumers and professionals

April 24, 2006

Dear Representative:

We commend Congress for considering legislation to create a nationwide electronic health information sharing system that has the potential to improve safety and quality of health care, while reducing wasteful spending. However, we are gravely concerned that Congress is rushing to pass legislation that does not provide adequate privacy protections for the personal and sensitive information of patients who use their health insurance to help pay for mental health and substance abuse treatment.  

American’s are worried about healthcare privacy. According to a recent Gallop poll 78 percent of Americans believe it is important to keep medical records confidential and 69 percent of adults surveyed by Harris Interactive in February of this year do not believe sufficient data security will be installed in new health IT legislation. According to the Electronic Privacy Information Center, 36 percent of women surveyed declined a DNA Breast Cancer Test because of fear that the information would be shared.  

Suffice to say, Americans suffering from psychological problems, family problems and problems with alcohol and drugs have an even greater likelihood of not seeking needed treatment. Privacy in mental health and substance abuse treatment records is vital. The knowledge that the intimate disclosures made during psychotherapy, family therapy, or counseling sessions could find their way into public access is not overstated. The epidemic of financial database breaches last year that left tens of thousands of consumers vulnerable to identity theft is proof that poor information security measures cost consumers.

The U.S. Department of Health and Human Services eliminated patients’ rights to control access to their medical records in a 2002 amendment to the privacy law, which permitted over 800,000 health-related businesses and government agencies to access personal health information without patient knowledge or permission. The amendment allows health care providers to share patient records with employers, drug and insurance companies, marketing firms, credit reporting agencies, accounts, banks, lawyers, and others without permission, and for business and other uses, unrelated to healthcare treatment or paying claims. HIPAA now grants access to private corporations, individuals and government agencies without patient consent.

We need strong privacy legislation that covers everyone who has access to individuals’ health, mental health and substance abuse treatment records. We believe that the benefits of technology must not override the importance of preserving medical ethics and patient control of access to their sensitive identifiable records. The privacy standards in state and common law, Constitutional law, and medical ethics must be incorporated into the design of all regional and national health information technology systems and networks.  

It is important that we preserve patients’ right to consent, or refuse consent, to what healthcare providers in non-emergency situations can see in their records. America’s Information Technology industry is capable of building a system that can permit qualified medical personnel complete access to a patient’s medical record in an emergency, but limit access in other, non-emergency cases.  

We urge you to support a patient-centered system with a foundation that assures privacy rights and protections in the health information technology legislation now under consideration by the House of Representatives. The patient should be in control of his or her healthcare information, not the drug, insurance or marketing industries.

The current House bill H.R. 4157 would allow unauthorized disclosure of medical records. Language of the bill calls for state and federal privacy and security laws, but does not assign new parameters for regulation. On November 18, 2005 the Senate passed an amended version of S.1418, which added security measures requiring data breach reporting, but patients’ rights to privacy were not addressed. We urge the House to include strong privacy standards in any healthcare information technology bill, restoring patients’ rights to control their medical records and paving the way for these standards to be included the House and Senate reconciliation legislation.

We urge you to build a foundation of medical information technology that is based on the following longstanding ethical and privacy principles and protections as outlined by the Coalition for Patient Privacy on April 5th: ·         Restore the patient’s right of consent
·         Restore the patient’s right of consent
·         Give patients the right to opt-out of having their records in any national or regional electronic health system
·         Give patients the right to segregate their most sensitive medical records
·         Require audit trails of all disclosures
·         Deny employers access to medical records
·         Require that all patients be notified of all suspected and actual privacy breaches
·         Preserve stronger privacy protections in state laws
·         Enact meaningful enforcement and penalties for privacy violators

 Sincerely, 

William A. MacGillivray, PhD, ABPP
President, National Coalition for Mental Health Professionals and Consumers

The National Coalition is an educational foundation and advocacy organization serving mental health consumers and professionals. We are an interdisciplinary professional and consumer organization that advocated for mental health and substance abuse treatment. We are committed to the preservation of confidentiality, integrity, and quality care for all. The focus of The National Coalition is on education and political and legal action to preserve the highest standards of treatment and medical privacy.  

cc. Every Member of the U.S. House of Representatives