Leahy, HELP leaders reach deal on IT privacy accords

Leahy's privacy proposal would eliminate a loophole that allows some healthcare providers to give out patient information for marketing purposes.

Senate Judiciary Chairman Patrick Leahy and Senate Health, Education, Labor and Pensions Committee leadership reached a deal Wednesday on privacy protections that, in part, free up legislation meant to facilitate adoption of interoperable electronic medical records.

Comment on this article in The Forum.The agreement will spawn a bill HELP Chairman Edward Kennedy and ranking member Michael Enzi are expected to introduce this week, according to a statement from Leahy's office. Leahy plans to hold a hearing on the privacy protections in the measure next month, leaving a timeline for passage unclear.

The HELP Committee passed the bill in October, and Kennedy and Enzi have contemplated passing it by unanimous consent since to no avail.

Leahy's privacy proposal would eliminate a loophole in privacy law known as the Health Insurance Portability and Accountability Act that allows some healthcare providers to give out patient information for marketing purposes.

The protections would change privacy law to prohibit operators of personal health information databases from distributing patient information indiscriminately.

"It's not that the law was badly written. It just didn't apply to certain people" said Kirk Nahra, an attorney and co-chair of the HHS Confidentiality, Privacy and Security Workgroup.

"The development of electronic health records and personal health records have highlighted the fact that there are lots of entities that have healthcare information but who are not covered by the HIPAA rules," he added.

Both Nahra and John Kamp, executive director of the Coalition for Healthcare Communication, cautioned that HIPAA regulations are extremely complicated.

"Privacy is a significant issue for the American people, and I don't pretend HIPAA is perfect," Kamp said. "I just worry about people trying to change it in the dark of night."

Under the new privacy protections, HHS also would be directed to create privacy and security recommendations to pass on to Congress and to develop standards to alert people whose electronic medical records are compromised.

Leahy's objections are not the only hurdles the bill must jump. Other members raised privacy objections and whether Leahy's provisions will satisfy them is unclear.

Some members disagree with a grant program in the original bill that would offer matching funds for entities to create electronic health record systems. The administration also flagged some technical changes it would like made, a Kennedy spokeswoman said.