recommended reading

Reps to unveil electronic medical records bill

House Energy and Commerce Chairman John Dingell and ranking member Joe Barton plan to introduce legislation on Tuesday aimed at accelerating the nationwide adoption of electronic medical records.

Comment on this article in The Forum.Their bill, which incorporates language from several other measures, comes a month after they unveiled a discussion draft that generated a torrent of comments from the healthcare, high-tech and consumer advocacy communities.

Energy and Commerce Health Subcommittee Chairman Frank Pallone, D-N.J., held a preliminary hearing on the topic this month where members heard a variety of viewpoints, many of which emphasized patient privacy concerns.

To address those fears, the bill clarifies the definition of a security "breach" and adopts California's model of breach notification, which goes beyond existing federal privacy law to require that patients be alerted about the exposure of any unencrypted health information.

The legislation would give HHS the power to approve technologies that are equally or more effective than encryption and, rather than requiring notification within 15 days of a breach, calls for an alert "without unreasonable delay" or within 60 days, whichever is first.

The bill also calls for HHS to publish a list of entities that experience breaches affecting more than 1,000 people and requires that healthcare providers get patient consent before sharing medical records with other entities.

It would strengthen the enforcement of privacy requirements in the 1996 Health Insurance Portability and Accountability Act by clarifying that criminal penalties can be applied to an individual who improperly obtains records.

That modification is intended to address an opinion issued by the Justice Department's Office of Legal Counsel that has prevented federal prosecutors from charging individuals criminally for disclosing health information unless the defendant is a "covered entity" like a healthcare provider.

"Although shifting from paper to electronic health records would greatly benefit patients and healthcare providers, we currently lack the infrastructure to make this much-needed transition work," Dingell said in a Monday statement.

"The provisions included in this bipartisan proposal will encourage faster adoption of health information technology while also ensuring that patients' health information is protected," he added.

Barton called the bill, similar to one introduced by Senate Health, Education, Labor and Pensions Chairman Edward Kennedy and ranking member Michael Enzi, a "fine beginning" to encourage health IT expansion.

Barton said the importance of the measure's privacy provisions were brought home when some of his own medical records were lost when a laptop was taken from the trunk of a National Institutes of Health employee's car.

The legislation reflects "how people expect their most sensitive and personal information to be properly handled by their healthcare providers in the digital age," he said.

A spokeswoman for Rep. Mike Rogers, R-Mich. -- who introduced a health IT bill with Rep. Anna Eshoo, D-Calif., in October -- said her boss is pleased that some of their language was included in the Dingell-Barton measure.

But she said Rogers is worried that some provisions "might put limitations on the ability of healthcare providers to implement a smooth system that works well and still protects the security of the information." He plans to further articulate those concerns at Wednesday's markup of the legislation in Pallone's panel.

But others, like Patient Privacy Rights founder Deborah Peel, are not impressed.

"In a word, 'no.' We still don't have a common sense definition of privacy," said Peel, who testified at the subcommittee hearing.

She said the legislation is almost identical to the draft and "would never fly with the public." She said the bill "needs to end the 'commodification' of health information because nobody should be able to use, sell, trade or disclose your electronic health records without your permission."

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security


When you download a report, your information may be shared with the underwriters of that document.