Last year, the 104th Congress tried, but failed, to pass a law
protecting the confidentiality of medical records. It's not hard to
understand this failure; the difficulties facing Congress are
These difficulties derive from two seemingly unrelated changes
in the medical industry - changes in the way health care is
financed and changes in the way medical records are catalogued and
stored. These changes have created uncertainty about the future
that makes legislation more difficult to draft.
Ironically, the same changes that are holding Congress back are
also pushing it forward, as the marriages of computers to medical
records and big business to medical care have created incentives
for abusing patient confidentiality. These abuses are fueling the
clamor for a federal law.
Meanwhile, Congress is attempting to tame a snake pit of
competing interests - the privacy interests of patients, the
business interests of medical providers and insurance companies and
the pure-profit interests of drug marketers, information brokers,
computer manufacturers and database administrators.
Even though Congress failed last year to pass a law
safeguarding medical privacy, it took a small step in this
direction with a provision of the Health Insurance Portability and
Accountability Act of 1996, also called Kennedy-Kassebaum Bill.
Though the law's focus was not medical records, it included a
section requiring Congress to establish medical privacy rules
within three years.
This little-publicized provision assures that Congress will
continue to grapple with the issue of medical privacy. Both of the
bills introduced in the 104th Congress - one by Sen. Bill Bennett,
a Utah Republican, another by Rep. Jim McDermott, a Washington
Democrat - are expected to be reint roduced this year.
Despite the difficulties of drafting legislation, the hallmarks
of a good law are easy to recognize.
* Does the law recognize the importance of patient consent? One
doesn't have to be a "privacy advocate" to understand that a
patient's medical records should not be released unless the patient
has signed an authorization. This is not a radical concept, but
insurers and medical providers sometimes view it as an unnecessary
* Does the law give patients a method for determining who is
looking at their medical records, and why? It is not enough simply
to provide patients legal remedies for violations of their privacy. …