Dear Mr. Deal and Mrs. Johnson:
The undersigned organizations urge you to include iron-clad patient privacy language in all legislation dealing with health information technology.
We realize there is strong pressure to pass HIT legislation this session, but all efforts to date disregard the importance of patient privacy. If health information technology legislation is not affirmatively grounded in medical ethics, common and Constitutional law, and the physician-patient privilege, patients will be forced to have their medical records used and disclosed against their will. Patients will neither willingly use nor trust electronic systems for storing and sharing their sensitive medical records if they do not control access to their medical records.
Some believe an acceptable first step would be to pass legislation that avoids language relating to patient privacy, under the flawed assumption that “neutrality” regarding patient privacy does no harm. On the contrary: not affirming patient privacy rights in HIT legislation is a prescription for disaster. Maintaining the status quo equals zero patient privacy. Omission of patient privacy language insures the permanent loss of privacy and control over who can see and use patient records by: (a) codifying AHIC or ONCHIT which allows non-elected appointees to set national standards for medical privacy over electronic networks, and (b) continuing the existing practice of denying Americans the right of consent. Records will flow to millions of private corporations, employers, individuals, and government agencies, resulting in irreparable harm to every American.
We ask that you take the position that doctors swear to uphold: first, do no harm. We the undersigned ask that you:
- Put specific language into all HIT legislation to protect the patient’s right to privacy by giving patients control over who can access their personally identifiable data over electronic health data networks. (Detailed principles are listed below.)
- Give this fundamental issue the full public debate it deserves. Do not allow HIT legislation to be attached to critical appropriations or other unrelated legislation, and do not place the bill on the Suspension calendar.
The following privacy principles must be included in any HIT legislation language:
- Recognize that patients own their health data
- Give patients control over who can access their personally identifiable health information across electronic health information networks
- Give patients the right to opt-in and opt-out of electronic systems
- Give patients the right to segment sensitive information
- Require audit trails of every disclosure of patient information and allow patients to review those disclosures
- Require that patients be notified of suspected or actual privacy breaches (The provisions in the Data Accountability and Trust Act should also apply to medical data.)
- Provide meaningful penalties and enforcement for privacy violations (Since February, 2005, over 52 Million consumer records have been hacked.)
- Deny employers access to employees’ medical records
- Preserve stronger privacy protections in state laws (Ivo Nelson of IBM testified before an Energy and Commerce Health Subcommittee hearing in March that it would not be difficult to develop technology that follows individual state patient privacy laws in an interoperable national health data network.)
We, the undersigned, believe that avoiding a full, open, national debate on the merits of building an electronic health network by either placing a bill on the Suspension calendar or incorporating language into an unrelated bill is not in the interest of patient privacy.
We believe that patient ownership and control of their medical records is in the best interest of our nation, our health, our safety, and the welfare of our communities.
African American Republican Leadership Council
American Association of People with Disabilities
American Association of Physicians and Surgeons
American Association of Practicing Psychiatrists
American Civil Liberties Union
American Coalition for Fathers & Children
Asian American Justice Center
Christian Coalition of America
Electronic Privacy Information Center
Fairfax County Privacy Council
Family Research Council
Free Congress Foundation
Just Health (formerly California Consumer Health Care Council)
Let Freedom Ring
National Center for Transgender Equality
National Federation of American Hungarians
National Health Law Program
Newsbull – America’s Family Blog Forum Network
Patient Privacy Rights Foundation
Privacy Rights Clearinghouse
Privacy Rights Now
Republican Liberty Caucus
Texas Public Interest Research Group
Thoughtful House Center for Autism
The Multiracial Activist
U.S. Bill of Rights Foundation
U.S. Public Interest Research Group
State Senator Karen S. Johnson, Legislative District 18, Arizona (Republican)
cc: Energy & Commerce Committee
Ways and Means Committee