Part of a series on Election 2008 that looks at the candidates’ positions or statements on the privacy of your health records and medical privacy (excluding abortion).

To see what other candidates have done or said, see the other files in this series on Representative Ron Paul, Senator Barack Obama, Senator John McCain, Mike Gravel, and Governor Mike Huckabee.

The following information is presented chronologically.

In May 2004, Clinton introduced the Safeguarding Americans From Exporting Identification Data Act (SAFE-ID Act), S. 2471.

In September 2004, she introduced the Patients’ Privacy Protection Act of 2004, S. 2827, saying, in part:

Mr. President, today, I rise to introduce the Patients’ Privacy Protection Act, legislation that will close a loophole in the Federal Rules of Evidence and ensure that every American’s medical records remain confidential.

[...]

I began exploring this issue when I learned that Attorney General John Ashcroft had subpoenaed the confidential medical records from thousands of women around the country to defend the first-ever Federal abortion ban in Federal court. The fact that the women in question were not a party to the lawsuits did not deter him.

Such a deliberate intrusion into people’s medical privacy record is deeply disturbing. Americans deserve full confidence that the government is not looking into their medical records. Without such an assurance, how will Americans trust their doctors? What procedures, discussions, and diagnoses will they avoid for fear that these records could shame them or adversely impact their future if unearthed?

At issue in this bill is what a reasonable person should expect when they walk into a doctor’s office. That person expects that what they say to her doctor stays with her doctor. Only because of that confidence are people able to be honest. And only through that honesty are people able to obtain the healthcare they need.

The right to private medical records is an issue that, in rhetoric at least, has broad support on both sides of the partisan divide. In fact, it was President Bush himself who, as recently as 2001 during a statement on the Medical Privacy Rule said, “I believe that we must protect both vital health care services and the right of every American to have confidence that his or her personal medical records will remain private.”

Even Attorney General Ashcroft has made strong statements in support of the privacy of medical records. Back in 1998, in a press release put out by his Senate office in which he is referred to as a “consistent champion of privacy rights,” then-Senator Ashcroft says “We should guarantee that the federal government does not undermine an individual’s fundamental right to privacy ….. Without privacy protections in place, people may be discouraged from seeking help or taking advantage of the access to health care.”

I agree. But unlike Attorney General Ashcroft, I believe preserving patient privacy entails more than issuing a press release. Patient privacy doesn’t end when it conflicts with a political agenda, no matter how deeply felt that conviction.

[...]

The Patient Privacy Protection Act of 2004 is very simple. It states that a patient’s medical records and any communication about their medical history are confidential unless a judge determines that the public interest in those records being made public significantly outweighs the patient’s privilege. In the cases where a judge orders the records to be disclosed, the court shall, to the extent practicable, eliminate any and all personally identifiably information.

In February 2005, Clinton supported the Genetic Information Nondiscrimination Act of 2005, S. 306. She said, in part:

Each vaunted scientific breakthrough brings with it new challenges to our health system and this legislation will help maximize advancing technology’s benefits while protecting Americans from the use of genetic information as a tool for discrimination. With this bill, we can help patients access the latest advances in science without sacrificing their personal privacy.

In April 2005, Clinton re- introduced the Safeguarding Americans from Exporting Identification Data (SAFE ID) Act, S. 810. From a press release:

Senator Hillary Rodham Clinton and Representative Edward J. Markey announced that they would introduce the Safeguarding Americans from Exporting Identification Data (SAFE ID) Act in the United States Senate and House today, legislation that would protect the privacy of consumers’ most sensitive personal information. This legislation would close gaps in U.S. privacy laws that leave consumers vulnerable when American businesses and healthcare organizations send accounting and medical information overseas for processing, often without consumers’ knowledge. As Americans prepare to file their taxes, Senator Clinton and Representative Markey underscored the urgent need to make sure that personal information is safeguarded.

“The growing trend of processing sensitive personal information like medical tests and tax returns overseas makes it even harder for consumers to protect themselves against misuse of their personal information. Most of the time, consumers have no idea this practice is being used and they have no say in the matter,” said Senator Clinton. “Consumers should have the opportunity to decide how their personal information will be used and businesses should be held accountable for the privacy practices of their foreign subcontractors.”

“When Americans hand over their tax information and financial data for tax preparation, they don’t expect that their most personal information leaves their tax preparer and travels to countries with no consumer privacy protection,” said Rep. Markey, Co-Chair of the Congressional Privacy Caucus. “Nearly half a million Americans have their taxes prepared overseas – most have little knowledge about what happens to their personal documents once they leave their hands. Consumers face a regulatory black hole when it comes to protecting themselves against the accelerating trend for tax preparers and others to ship data processing to low-wage countries overseas. The absence of any coherent federal policy means that, in effect, regulators are telling consumers to ‘check your privacy at the shore.”

The SAFE ID Act would require American businesses and healthcare organizations to provide notice to their customers of their information sharing practices with foreign affiliates or subcontractors. The legislation requires that companies provide consumers with an opportunity to opt out of such arrangements and bars companies from denying service or charging consumers more if they chose to exercise those rights. In addition, the legislation would hold companies directly liable to any person suffering damages resulting from the improper storage, duplication, sharing or other misuse of such information including identity theft and related acts by foreign subcontractors.

Clinton’s best-known statement on privacy was her speech on privacy at the American Constitution Society on July 16, 2006. A transcript of the entire speech is available on her web site. The following is the section of her talk that specifically addressed medical privacy:

We also face a critical balancing act in the area of health privacy. Patients’ lives may depend on sharing their most intimate information. Our ability to control costs and improve the quality of healthcare certainly depends on moving away from paper-based medicine to information superhighway medicine.

I’ve worked with Newt Gingrich on this, and when Newt and I agree, you know something unusual is happening.

Newt likes to say, when it comes to medicine, “paper kills,” and he’s absolutely right. But if we can’t assure Americans that their information is safe, we won’t be able to move forward on health information technology that I believe will save lives, improve care, and reduce error rates.

We had no federal protections for health information at all, until the Health Insurance Portability and Accountability Act – also known as HIPAA, a different kind of acronym – was enacted under the Clinton Administration. HIPAA provided important protections of patients’ often most private information – their medical information. HIPAA provides a baseline, but the business of healthcare is changing fast, and information technology is changing even faster. Consumers are getting care and risking their information in ways nobody could have foreseen years ago; and frankly, this administration’s indifference towards HIPAA and enforcement has made even the protections we have utterly inadequate.

Now, HIPAA is not without practical challenges – there is still confusion about the rules for releasing information to relatives for example. We are still trying to strike the right balance between promoting research into diseases and protecting an individual’s information. We need to build on the base HIPAA provides by improving enforcement and making sure we have one set of high standards for everyone who deals with health information.

HIPAA was designed to have teeth – government monitoring, fines and legal actions against companies that violate the law. But instead of spot checks and audits, HHS waits for a complaint and then investigates. There have been well over I think 35,000 complaints at the last count and not a single civil monetary penalty has been imposed. This is clearly not working. And because of lax enforcement, we’re now seeing compliance with HIPAA on the decline because people know they won’t be held responsible.

What is more, the Department of Justice ruled last year that employees of HIPAA-covered entities, like hospitals for example, are not themselves automatically liable, and therefore may not be held accountable for illegally accessing or misusing private information. And hackers who break into computer systems that are covered in institutions that are accountable to HIPAA may also not be liable.

Now, this penalizes those businesses that are serious about protecting privacy – and it penalizes Americans when they are most vulnerable. We need to get back into balance on protecting medical information and enforcing the rules we do have.

Now, consumers have all kinds of new on-line options in healthcare. They can go to sites like WebMD for medical advice. They can create Internet-based personal health records that keep all their information in one place. But HIPAA doesn’t protect you, if these new services violate their privacy. We need to strengthen the federal protections so there is no debate – everyone who traffics in your health care information is accountable. Period. No exceptions.

With the rapid growth of DNA databases, and the many uses of genetic information on the horizon, we must also ensure that this information is protected to prevent genetic discrimination. In 2000, my husband issued an executive order banning genetic discrimination in the Federal workplace. I have been working with my colleagues in the Senate to enact legislation to ensure that these protections apply to the private sector. Developments in science should move us forward, not reverse progress. And discrimination based on genetic information to get a job, to get insurance would be a devastating blow to people if this is left unchecked.

Clinton’s American Health Choices Plan [pdf] of September 2007 contains only one passage specifically referencing privacy, and that reference is in the heading. There is no reference to privacy protection or how it will be accomplished anywhere in the plan:

Ensure That All Providers and Plans Use Privacy-Protected Information

The proposal will give doctors financial incentives to adopt health information technology and facilitate adoption of a system where high quality care and better patient outcomes can be rewarded. The RAND Corporation estimates net savings from the use of information technology to be $77 billion per year.

Recently, the Business Roundtable, SEIU,and AARP estimated that “widespread adoption such IT reforms raises the potential savings to $165 billion annually.” Hillary Clinton has been a leader on this issue in the Senate and will get it done as President.

In a February 2008 statement in response to President Bush’s proposed changes in the Family and Medical Leave Act, Clinton stated:

The Bush Administration is seeking to make it more difficult for employees to claim paid leave when it is available to them by requiring the employers leave policies to take precedent over the FMLA; requiring employees with chronic health conditions to obtain an annual certification that they are able to do their job or risk being transferred to a different job; allowing employers to communicate directly with medical providers, which raises privacy concerns; and much more. The proposed regulation is 500 pages long.

If you know of statements or information on this candidate with respect to the issue of privacy of health care information or records, please post it in the comments section for this entry. I will update the files if/when I find more.

Comments are closed