Friday, July 2, 1999
By ALISSA J. RUBIN, Times Staff Writer
WASHINGTON--Individual medical records, including patients' genetic information, could be disclosed by health insurers to credit card companies and other financial institutions under legislation overwhelmingly approved Thursday by the House.
The controversial provision is embedded in a massive bill overhauling the financial services industry, which passed, 343 to 86. The provision was slipped into the measure late in the legislative process and was advertised as a medical confidentiality provision by its sponsor, Rep. Greg Ganske (R- Iowa), who is a doctor.
Ganske said that his intention in adding the provision was to protect consumers' medical records and to allow their disclosure only for billing and other health care operations.
But privacy experts said that it is virtually a "publicity" provision that, because of the way it is worded, would allow broad disclosures of private medical information without a patient's permission.
"Under this legislation, a health insurer can send a patient's diagnosis to a credit agency. They can say, in effect, 'By the way, Joan Smith has a brain tumor; don't lend her any money,' " said Tim Westmoreland, a senior policy fellow at Georgetown University Law Center. A number of groups, including the American Medical Assn., the American Civil Liberties Union and the American Psychiatric Assn., oppose the provision.
Although the Clinton administration supports the bill as a whole, it urged Congress to drop the medical confidentiality section because it could undermine privacy protections. But lawmakers said that Clinton is unlikely to veto the bill over the medical privacy provision alone.
If the bill becomes law, it would mark the first time since the Great Depression that the nation's banking laws have been overhauled. The goal of the popular legislation is to allow financial services firms--banks, savings and loan associations, investment banking firms, brokerage companies and insurers--to compete in each other's lines of business. The Senate already has approved a financial services modernization bill but did not include any mention of medical privacy. It is unclear whether the medical privacy provision will remain part of the financial services bill. It could be removed in a House-Senate conference committee, which would have to work out differences between the two versions of the legislation.
Both houses of Congress are working on separate medical confidentiality legislation, which could come to votes later this summer. Currently there are no comprehensive federal laws protecting individual health information.
Lawmakers feel a need to move quickly. If they fail to act by late August, Health and Human Services Secretary Donna Shalala is required to issue regulations protecting the privacy of electronic medical records. The legislation approved Thursday would allow medical information held by insurance companies to be released for a variety of purposes, including to determine charges for premiums and for research projects of any kind-- medical and nonmedical.
Among the entities who could review individual medical data are credit card companies and banks. There is no restriction on how they could use the information. Ganske, author of the provision, and lobbyists for the banking industry, said that the privacy section was worded to make certain that insurers, banks and credit card companies had the information they need to pay patients' bills and that there was no intention to codify the use of private medical data for other purposes.
"This deals with the ability to bill and perform standard insurance functions," said Ganske. People "could pay for genetic tests with their Mastercards and then the credit card [company] would need information to pay for it." But privacy experts pointed out that there is no restriction on what the credit card companies could do with the information. The legislation makes no distinction between disclosures of debts or payment records--which might be necessary to process bills--and disclosures of diagnoses or treatments, they said.
"There is no need to disclose such sensitive records," said Jeff Crowley, who represents the Consortium of Citizens With Disabilities, a nonprofit group based in Washington. "If a credit agency or broker receives information from an insurer, there are no limits on how they may use it. . . . Once released, the recipient may send the information to newspapers, mortgage bankers, divorce lawyers." That was not the intention of the legislation, insisted John Byrne, senior counsel for the American Bankers Assn.
"From our perspective, we simply want the ability to process payments
. . . and that's all we're looking for," he said. Several members
of the California delegation have been particularly outspoken in their
opposition to the bill, in part because the state has strong medical privacy
protection laws, which might be preempted by the legislation.
* * * Times staff writer Robert A. Rosenblatt contributed to this story.