Will Hillary’s New Health Care Plan Ensure That Americans Control Access to Their Health Records?

For Immediate Release September 18, 2007
Contact: Ashley Katz, Patient Privacy Rights or 512.732.0033

Austin, TX – 9/18/07 – The good news is Senator Clinton, who was talking about health system reforms before they had political traction, has unveiled her own plan. The bad news is her plan, like her more elaborate 1993 effort, gives only lip service to the linchpin of system reform: the restoration and preservation of patient privacy. This bedrock principle is hard to overlook, yet most of the competing plans on the presidential debate circuit are conspicuously silent as to how patients’ privacy will be protected from exploitation.

Over 2,400 years ago, Hippocrates realized that patients would not seek medical treatment unless doctors swore never to share any information they disclosed without consent. Health systems that do not preserve the privacy of the patient-doctor relationship will fail, because patients will not be willing to participate in a system that allows employers and corporations to steal and use personal health information to harm them.

Dr. Deborah Peel, of the Coalition for Patient Privacy, asserts, “HMOs, the insurance industry, employers, marketing firms, the drug industry, banks and financial institutions, and the data aggregating industry all view health care “reform” as a golden opportunity to strengthen and extend the authority HIPAA granted them to steal every American’s sensitive health data. The primary use of electronic health records today is for sale or use by corporation for purposes that do nothing improve health.”

Health privacy clearly resonates with the citizens of New Hampshire. In 2006 the New Hampshire legislature passed a law to stop prescription data mining; just one example of how companies violate privacy for profit. The state was sued by two data mining corporations and a judge blocked the new law. One of those corporations reported revenue of $1.75 billion in 2005 — not a dime was used to help a single sick person.

Senator Clinton’s 2007 Wired for Healthcare Quality Act left in place the same loopholes as other similar legislative efforts that in effect facilitate data mining of our most intimate health secrets to those with no real interest in our care. When looking at any of these plans, however well intentioned, patients should invoke the Reagan Doctrine: “Trust, but Verify.”

Consumers should look for the fine print in all the presidential proposals to determine whether their plans adhere to the 2007 privacy principles developed by the Coalition for Patient Privacy:

  • Recognize that patients have the right to medical privacy*
    • Recognize that user interfaces must be accessible so that health consumers with disabilities can individually manage their health records to ensure their medical privacy.
  • The right to medical privacy applies to all health information regardless of the source, the form it is in, or who handles it
  • Give patients the right to opt-in and opt-out of electronic systems
  • Give patients the right to segment sensitive information
  • Give patients control over who can access their electronic health records
  • Health information disclosed for one purpose may not be used for another purpose before informed consent has been obtained
  • Require audit trails of every disclosure of patient information
  • Require that patients be notified promptly of suspected or actual privacy breaches
  • Ensure that consumers can not be compelled to share health information to obtain employment, insurance, credit, or admission to schools, unless required by statute
  • Deny employers access to employees’ medical records before informed consent has been obtained
  • Preserve stronger privacy protections in state laws
  • No secret health databases. Consumers need a clean slate. Require all existing holders of health information to disclose if they hold a patient’s health information
  • Provide meaningful penalties and enforcement mechanisms for privacy violations detected by patients, advocates, and government regulators

* Definition: Health information privacy is an individual’s right to control the acquisition, uses, or disclosures of his or her identifiable health data. (Report of the NCVHS to Sec Leavitt dated 6/22/06)