Health Information Compliance Alert

HIPAA Privacy:

CONSENT STILL KICKING?

The August modifications to the privacy rule may have induced the final death throes for the consent provision, but some in Congress are hoping to raise consent from the dead.

Introduced before the House Oct. 15 by Reps. Ed Markey (D-MA), John Dingell (D-MI), Henry Waxman (D-CA), Howard Berman (D-CA) and Michael Capuano (D-MA), the "Stop Taking Our Health Privacy (STOHP) Act of 2002" bill intends to resurrect certain provisions of the Health Insurance Portability and Accountability Act that had been erased Aug. 14 by the Department of Health and Human Services.

The bill (H.R. 5646) cites a recent survey that revealed that one in six Americans has "done something out of the ordinary to keep personal health information confidential." The bill claims that the Bush administration's August 2002 revisions to HIPAA "significantly weakened" and "undermined" privacy protections by eliminating the previous administration's requirement that covered entities obtain a patient's consent before using or disclosing patient health information for treatment, payment and other health care operations.

According to Markey, the August revisions to the privacy rule amount to little more than a transparent attempt to maximize health care profits by sabotaging patient privacy. Sponsors of STOHP focus on a change to the definition of "health care operations" which now includes sales, transfers and mergers of covered entities.

"This means that your private health information can be used without your permission to serve the commercial interests of health care companies, including during transactions such as the sale of an HMO," cautions Markey in an introduction to the STOHP Act. "The Clinton Administration's definition of health care operations not only was narrower, but it also required patient consent before personal health information could be used and disclosed for this purpose."

Opponents of the bill argue that regardless of definitions, reinstating the bulky consent requirement will offer little privacy for consumers. "Because a provider could have always conditioned treatment on signing the consent, any protection that was provided was illusory at best," says Robert Markette Jr. of Indianapolis-based Gilliland and Caudill. "You've added such a level of bureaucracy, additional paperwork and training for such a microscopic gain in the protections of the individual."

Regardless of whether the consent requirement offers more trouble than protection, industry insiders aren't very enthusiastic about the bill's chances. "Congress will be reluctant to change anything now because providers do not have that much time to be up and running." remarks Ellen Janos, an attorney in the Boston office of Mintz Levin Cohn Ferris Glovsky & Popeo.

In addition to restoring the consent provision of the privacy rule the STOHP Act would require a return to the December 2000 definition of marketing.

The current definition allows pharmacists "to send unsolicited health recommendations to patients that are paid for by drug companies but do not inform patients of the pharmacist's financial incentives or provide patients the opportunity to opt-out of receiving such communications in the future," according to Markey.

Editor's Note: To see the bill, go to http://thomas.loc.gov/cgi-bin/query.