Why are Mental Health Professionals

Why are Mental Health Professionals, Physicians
and Other Concerned Citizens Suing
the Department of Health and Human Services?

Did you know... that under a new so called federal “medical privacy” rule (effective October 15, 2002), your personal health information—including your past medical records and genetic information— can be disclosed to organizations such as the following without your consent?

· Data-processing companies · Insurers · Researchers (in some instances) · Hospitals

· Doctors (even those not treating you) · Law enforcement officials · Public health officials

· Federal government

That’s right. Under the new federal HIPAA rule (which became fully effective on April14, 2003 for most covered entities), all of the above will be able to access your personal health and genetic information without your permission.

How did this federal rule come about? Who was behind it and lobbied for it?
What can you do to protect your medical privacy? Read on….

Why a New, Weak Federal Medical Privacy Rule?

Until recently, health privacy was considered a matter regulated by the states. Every state has some type of law to protect citizens’ medical records. However, abiding by 50 different state privacy laws has proved difficult for the industries that want to create a national health information system.

Thus, leaders of medical, hospital, insurance, and other industries have been working for over a decade to nationalize standards for electronic medical records. HIPAA regulation of personal health information was expanded to include paper records and oral and written communication.

Who was Behind the National Electronic Health Information System?

In 1991, the Workgroup for Electronic Data Interchange (WEDI) was established to foster development of national electronic medical codes and electronic payment systems.

WEDI succeeded in getting many of its goals incorporated into the Clinton health care plan. President Clinton’s 1993 Health Security Plan included a provision titled “Administrative Simplification.” That section of the plan called for establishing a national health information infrastructure. It required that unique identifiers be assigned to four groups for processing medical claims electronically, including every: (1) individual, (2) employer, (3) health insurer, and (4) health care provider. It also called for creating national codes for medical claims and for new, federal medical privacy rules.

HIPAA Law Includes Mandatory Unique Health Identifiers

The American people clearly rejected the Clinton plan to nationalize health care. However, the Administrative Simplification provision was tucked away in the Health Insurance Portability and Accountability Act of 1996 (HIPAA), which was signed into law on August 21, 1996 (Public Law 104-191). Under the HIPAA law, the following four groups are required to have unique identifiers for tracking medical records and electronic claims processing, including every:

· individual · employer · health insurer and · health care provider.

Unique Health Identifiers Put on Hold—but Only Temporarily

Due to public outcry, federal funding for assigning every individual a unique health identifier has been put on hold temporarily over the past few years. But unless the Administrative Simplification provision of the HIPAA law is repealed, all Americans may soon be assigned a number for tracking their medical information from cradle to grave

Also, aware that the American people were concerned about medical privacy, legislators included a provision in HIPAA requiring that a medical privacy law be passed by August 21, 1999, or the secretary of the U.S. Department of Health and Human Services (HHS) would have to draft such a rule. Congress missed its self-imposed deadline, and the authority to establish federal regulations for medical privacy shifted to HHS under the Clinton administration.

Clinton Administration Drafts a Federal “Medical Privacy” Rule

In November 1999, the Clinton administration proposed federal regulations relating to medical privacy. It proposed prohibiting doctors, hospitals, and others from obtaining patients’ consent before releasing their medical information. The public spoke out loudly against that version of the proposed rule; HHS received more than 52,000 comments during the public comment period.

The issue most discussed was patient control of personal health information.

A final federal medical privacy rule was released on December 28, 2000, just before President Clinton’s left office. It required that individuals give their consent before medical records could be used for health care treatment, payment, or “health care operations”—a broad term encompassing many clinical and corporate activities. However, many other third parties did not need patients’ consent before obtaining their medical records, including: · the FDA (for monitoring drugs and dietary supplements) · law enforcement · researchers (in some instances) · public health officials · the federal government, and · medical licensing boards.

Bush Administration Eliminates Patient Consent

Some industries were strongly opposed to the consent provision as it appeared in the December 28, 2000 final rule. They lobbied the incoming Bush administration to eliminate patient consent.

In March 2002, HHS proposed to modify the rule so that health care insurers, hospitals and others could transfer medical information— without patients’ consent—to pay claims, treat patients, and do other tasks. There was less than a month for public comment. The health care industry was rolling toward “compliance” with the new rule.

The removal of consent turned privacy protection into permitted disclosures.

The Bush administration published its final modifications to the federal medical privacy rule on August 14, 2002. The final rule can be found in the U.S. Code of Federal Regulations, at 45 CFR 160 and 45 CFR 164.

(See links at www .AmericanMentalHealth.com on the Professionals Page at HIPAA Help)

For the first time in American history, the federal government is giving itself and the medical industry full authority to decide for individuals whether personal health information can be released to others without individuals’ consent. Individuals will not get an accounting of when their medical records are disclosed for routine (most) purposes.

Powerful Industry Groups Support Pre-empting State Laws Regarding Medical Privacy.

When they exist, state laws that offer stronger privacy protections over-ride the HIPAA regulation. Given the past lobbying success of the insurance and pharmaceutical industries, it’s likely that many states’ laws will be pre-empted by the federal rule unless concerned people act now and decisively.

What Can You Do to Protect Your Medical Privacy?

If you want to restore true medical privacy and control who has access to your personal health and genetic information, you can act:

(1) Get Congress to eliminate HHS’s authority to decide for you who can access your medical records, learn about the two bills currently in Congressional Committee to repeal the Administrative Simplification provision and other onerous aspects of HIPAA. (HR 1699 & HR 1709)

(2) Support the lawsuit against HHS filed April 10, 2003 to restore Consent filed by a number of concerned citizen groups, including AMHA-USA and The National Coalition of Mental Health Professionals and Consumers. See: http://www.TheNationalCoalition.org for details about this suit and its current status.

(3) Lobby your state legislators and governor to maintain/restore personal protections at the state level.

Privacy Information Resources

For information about legal actions & legislation to reverse HIPAA provisions with emphasis on mental health issues start here: http//:www.thenationalcoalition.org

For more about the Lawsuit …“While officials of the U.S. Department of Health and Human Services claim the regulations will increase security of medical records, the lawsuit filed by the advocacy groups contends that HIPAA’s little-known provisions actually grant unprecedented, unconstitutional access to files without the consent of patients. http://www.medicalprivacycoalition.com/

Search for current status of legislation to overturn HIPAA provisions: http://thomas.loc.gov/ See HR1699 See HR1709

Statement of Rep. Ron Paul on Introduction of the Patient Privacy Act (HR1699) 4/10/03… Mr. Speaker, the federal government has no authority to endanger the privacy of personal medical information by forcing all citizens to adopt a uniform health identifier for use in a national data base. Per 1/8/04 this bill continues to languish in Committee with only 4 co-sponsors. http://www.house.gov/paul/privacy/statementprivpro.htm

Stop Taking Our Health Privacy (STOHP) Act (HR1709) Responds to Privacy Loopholes Effective April 14 (2003) Washington, DC: Representative Edward J. Markey (D-MA), a senior member of the House Energy and Commerce Committee and Co-Chair of the House Privacy Caucus, introduced H.R. 1709, the bi-partisan Stop Taking Our Health Privacy (STOHP) on 4/9/03. Per 1/8/04 this bill continues to languish in Committee with only 4 co-sponsors.

Citizens Council on Health Care offers forms to challenge disclosures permitted by HIPAA: http://www.cchc-mn.org/

Information about the Association of American Physicians and Surgeons lawsuit and advertisements in response to HIPAA http://www.aapsonline.org

Sue Blevins, president of the Institute for Health Freedom: "…under this new Rule, citizens actually lose the precious freedom to give or withhold consent regarding the release of their personal health information to many persons for many purposes." http://www.forhealthfreedom.org

For a stunning illustration of how health information moves in the current health care environment see: http://www.ahima.org/infocenter/current/patientflowchartweb.pdf

Help to support the National Coalition by purchasing logo items from our store

Click here to view our PRIVACY policy