DMA Lauds Clinton Health-Privacy Proposals
President Clinton has proposed regulations to keep electronic medical records away from employers, marketers and others, and urged Congress to take further steps to safeguard privacy.
Clinton’s measures would prohibit release of medical information without the patient’s written consent unless related to treatment or payment. Violators would be subject to civil and criminal penalties.
“Please help protect American families from new abuses of their privacy,” Clinton said, according to wire service reports. “Every American has a right to know his or her medical records are protected at all times from falling into the wrong hands.”
The new DMA guidelines mirror these measures. They state that information cannot be transferred to a third party without the individual’s prior consent, a clear departure from the DMA’s usual preference for opt-out.
The proposed regulations would restrict the use and release of personal health information transmitted or maintained by computers. Congress debated the issue for years, but failed to meet a self-imposed Aug. 21 deadline for legislating new protections. Clinton said lawmakers should still seek to pass legislation, in order to cover records kept on paper. After Congress failed to meet the Aug. 21 deadline it set three years earlier, the 1996 law required the Department of Health and Human Services to write regulations on medical privacy.
For its part, the Direct Marketing Association praised the proposals, noting they largely fit in with its new self-regulatory practices adopted last week.
“The DMA believes that health information, gained in the context of a relationship between a consumer and a health care provider, is sensitive information that consumers have a reasonable expectation should be kept private and confidential,” said Pat Faley, vice president, consumer affairs, in a statement. “Therefore, the transfer of that data for marketing purposes should take place only with specific prior consent of consumers.”
In an interview, DMA president H. Robert Wientzen said that patient-doctor information deserves “a higher degree of protection. It cannot be transferred without the express permission of the consumer.”
But notification and opt-out are sufficient when a healthcare provider is using its own customer data for marketing purposes, or using data gathered or inferred outside the customer relationship, according to the new guidelines.
Existing laws protecting medical privacy vary widely from state to state. Currently, there are no federal guarantees that private information won’t be passed to employers, sold to pharmaceutical companies or talked about in insurance company offices.
The administration will publish the proposal next week for review. It has until next February to issue a final proposal, with the rules to take effect in 2002.
The new federal rules would reportedly go beyond the weaker protections of some states, but would not override those with more restrictive laws.
