WASHINGTON – Privacy issues took center stage Thursday during a congressional hearing on healthcare IT legislation that would create a uniform privacy standard to simplify the patchwork of state medical privacy protections.

Among its provisions, the bill (H.R. 4157) calls for HHS to recommend a single federal privacy standard. Witnesses at a House Energy and Commerce subcommittee on health hearing were split on how to deal with state laws that go further than the federal HIPAA privacy protections.

Several witnesses said that the bill, introduced by Reps. Nancy Johnson (R-Conn.) and Nathan Deal (R-Ga.), would eliminate the various state privacy laws that they say hamper healthcare data exchange. Alan Mertz, president of the American Clinical Laboratory Association, said privacy laws in Georgia and Florida prevent labs from sending results to anyone other than the physician who ordered the test.

“We need one, good strong federal standard,” Mertz said.

Other witnesses argued that the government should not weaken state privacy protections and argued that the federal HIPAA regulation does not do enough to protect patient privacy. Attorney James Pyles said HIPAA should provide “meaningful consent” to share patients’ medical information. Bill Vaughan, a senior policy analyst with Consumers Union, called HIPAA’s privacy provisions “terribly minimalist” and suggested that the federal government work with states to see if there is a stronger privacy law that could be agreed to.

Rep. Henry Waxman, D-Calif., said he was concerned about creating a national health information infrastructure without strong privacy protections in place. However, Rep. Deal wondered how health information exchange would be possible without uniformity in state privacy laws.

“We all want to protect our privacy, but we have to some degree allow the sharing of that [medical information],” Deal said.

Separately, Rep. Patrick Kennedy (D-R.I.), has argued for stronger privacy protections. “To ensure that IT enhances, rather than detracts, from patient privacy, however, we must modernize the Health Insurance and Portability and Accountability Act of 1996 for this new era. While nobody relishes re-opening the HIPAA debates about privacy, it is clear that our privacy law at least must be updated to meet the new realities of online, digital clinical health information,” Kennedy wrote in a recent opinion piece in Roll Call.

Kennedy has introduced a healthcare IT bill (H.R. 2234) with Rep. Tim Murphy (R-Pa.). However, the Johnson/Deal bill is widely thought to be the most likely vehicle for the House to pass healthcare IT legislation. The Senate late last year passed healthcare IT legislation (S. 1418) by unanimous consent.

Other provisions in H.R. 4157 would reform Stark and anti-kickback laws that impede healthcare providers from donating technology tools to physicians. The bill also codifies the Office of the National Coordinator for Health Information Technology to make it a permanent office and provides for the certification of IT tools to meet interoperability standards. In addition, the bill calls for updates to a diagnosis coding system from ICD-9 codes to ICD-10 codes. Many of the bill's provisions address initiatives already under way within the government.

Rep. Deal said the subcommittee would hold another hearing on the bill with witnesses from the federal government.

Federal employee EHR proposal examined

Earlier in the week, members of Congress held a hearing on proposed legislation (H.R. 4859) that would create electronic health records for millions of government employees and their families. The bill, sponsored by Rep. Jon C. Porter (R-Nev.), would encourage implementation of electronic health records through the Federal Employees Health Benefits Program. The program would leverage the government’s buying power to encourage insurers to create portable, electronic records for patients.

Some members of Congress suggested that the program should allow federal employees to opt-in to the program, rather than making them opt-out. Former House Speaker Newt Gingrich (R-Ga.) praised the bill but also suggested that participation be voluntary.
“Individuals have the right to control and must have the ability to control who can access their personal health information,” Gingrich told the House subcommittee on the federal workforce.

Gingrich praised the bill’s approach to using the federal government’s purchasing power to encourage healthcare IT adoption. However, he criticized a provision in the bill that would establish a trust fund that health plans could use to invest in healthcare IT. He said the approach was overly cumbersome and that reform to Stark and anti-kickback laws would be more helpful.

Report calls for HIT milestones

Separately, the Government Accountability Office, a government watchdog, released a report Wednesday calling for HHS to release detailed plans and milestones on the nation’s healthcare IT strategy. The report found that HHS has made progress toward development of a national health IT strategy.

“Given the billions of dollars the federal government spends annually towards healthcare and the potential for IT to save money and improve quality, it is important that coordination continue across the federal government and that federal resources are leveraged appropriately,” the report concluded.