Last year, the 104th Congress tried, but failed, to pass a law protecting the confidentiality of medical records. It's not hard to understand this failure; the difficulties facing Congress are enormous.
These difficulties derive from two seemingly unrelated changes in the medical industry - changes in the way health care is financed and changes in the way medical records are catalogued and stored. These changes have created uncertainty about the future that makes legislation more difficult to draft.
Ironically, the same changes that are holding Congress back are also pushing it forward, as the marriages of computers to medical records and big business to medical care have created incentives for abusing patient confidentiality. These abuses are fueling the clamor for a federal law. Meanwhile, Congress is attempting to tame a snake pit of competing interests - the privacy interests of patients, the business interests of medical providers and insurance companies and the pure-profit interests of drug marketers, information brokers, computer manufacturers and database administrators. Even though Congress failed last year to pass a law safeguarding medical privacy, it took a small step in this direction with a provision of the Health Insurance Portability and Accountability Act of 1996, also called Kennedy-Kassebaum Bill. Though the law's focus was not medical records, it included a section requiring Congress to establish medical privacy rules within three years. This little-publicized provision assures that Congress will continue to grapple with the issue of medical privacy. Both of the bills introduced in the 104th Congress - one by Sen. Bill Bennett, a Utah Republican, another by Rep. Jim McDermott, a Washington Democrat - are expected to be reint roduced this year. Despite the difficulties of drafting legislation, the hallmarks of a good law are easy to recognize. * Does the law recognize the importance of patient consent? One doesn't have to be a "privacy advocate" to understand that a patient's medical records should not be released unless the patient has signed an authorization. This is not a radical concept, but insurers and medical providers sometimes view it as an unnecessary complication. * Does the law give patients a method for determining who is looking at their medical records, and why? It is not enough simply to provide patients legal remedies for violations of their privacy. …