Committees Outline Health IT Proposals for Stimulus
In addition to proposing an investment of $20 billion in health IT, the health IT portion of the economic stimulus package includes privacy and audit-trail provisions as well as prohibitions on the sale of an individual’s health information. The Health Information Technology for Economic and Clinical Health Act, or HITECH, is the result of collaboration among the chairs of the House Science, Commerce and Ways and Means Committees and Senate Health and Finance Committees, according to a statement by Science and Technology Committee Chair Rep. Bart Gordon, D-Tenn.
Sign up for a free preview to unlock the rest of this article
Timely, relevant coverage of court proceedings and agency rulings involving tariffs, classification, valuation, origin and antidumping and countervailing duties. Each day, Trade Law Daily subscribers receive a daily headline email, in-depth PDF edition and access to all relevant documents via our trade law source document library and website.
The bill establishes a federal breach notification requirement for breaches involving unencrypted health information held by providers. Patients would also be able to request an audit trail of all electronic disclosures of their health information. The bill requires breach notification to patients and the FTC for personal health records, generally offered by companies not covered by the Health Insurance Portability & Accountability Act. On the funding side, the bill includes a mix of grants, low-interest loans and financial incentives through Medicare and Medicaid.
Privacy advocates applauded the bill. The Center for Democracy and Technology said the bill’s provisions are similar to those approved by the House Commerce Committee in the last Congress. Deven McGraw, director of the Health Privacy Project at CDT, said in a statement that including privacy and security protections will encourage people to use health IT. The new administration still needs to flesh out the details, she said in an e-mail, and issue guidance and then enforce the rules, but the bill has “concrete, specific provisions that will go a long way to building public trust in health IT.”
The ACLU particularly singled out the provisions against sales of medical records for praise. “Health IT has the potential to take our healthcare system into the 21st century, but without the proper protections for the individual consumer, it also has the capacity to lead us into an era of ‘medical profiling,'” said ACLU Senior Legislative Counsel Timothy Sparapani. McGraw said HIPAA sets rules for disclosure of information, but doesn’t speak to the sale of information. “I believe the ‘no sale’ provision in the bill is designed to address the worst abuses that occur today -- as well as trying to ensure that a market for identifiable health data does not emerge in the future,” she said.
CDT also noted the bill’s stronger provisions against using health information for marketing. The bill requires providers to get patient authorization before using health information for marketing or fundraising.
The bill also codifies the position of the Office of the National Coordinator for Health IT, requires a chief privacy officer in the coordinator’s office within a year, and establishes health IT policy and standards committees. Both committees would be federal advisory committees. Under the bill, one or both of the committees would appear to subsume the eHealth Collaborative, formerly the AHIC Successor.