HCFA to Collect Medicare Patient Data While Senate Seeks Privacy Protections

Legislation seeking to tighten personal medical information privacy was introduced Wednesday in the Senate. Meanwhile, the Health Care Financing Administration (HCFA) disclosed plans to begin collecting detailed medical and personal data about millions of homebound patients.

HCFA, the unit of the Health and Human Services Administration that oversees Medicare and Medicaid, said the data was needed to better track the performance of more than 9,000 Medicare-certified home-healthcare providers. The idea is to improve the care of more than four million home-healthcare recipients, while reducing fraud and inconsistent billing.

HCFA spokesman Chris Peacock said access to the information would be extremely limited in accordance with existing federal regulations and that medical researchers will not be allowed to see any identifiable information. Other government agencies will be denied access to the database.

There was no immediate comment on either the bill or HCFA’s plans from the Direct Marketing Association, which is studying the potential effects both would have on direct marketers.

Privacy advocate Robert Ellis Smith said the bill, which was introduced by Sen. Patrick Leahy (D-VT), “needs fine-tuning” to clarify access and use of personal medical data by direct marketers and law enforcement, and to determine whether permission to access that information is “meaningful or pro-forma.”

Smith, publisher of the Providence, RI-based Privacy Journal, was highly critical of HCFA’s plan, saying it was “far too intrusive,” delving into a person’s physical and mental health, suicidal tendencies and personal finances.

Jan Lori Goldman, director of the Health Privacy Project at Georgetown University in Washington, D.C., cited what she called “a tremendous risk” that the information collected by HCFA could be abused. “It’s a truly coerced collection of information,” she said. “There has to be a way to check [Medicare and Medicaid] abuse without intruding on patient privacy,” she added.

The Senate bill (S-573) is known as the Medical Information Privacy and Security Act.

Leahy said the bill “covers entities other than just healthcare providers and payers, such as life insurance companies, employers and marketers and others who may have access to sensitive personal health data,” allowing individuals to limit access to their medical records or any portion of them by anyone who is “not directly involved” in their care.

That includes warrantless access by law enforcement agents unless the information is needed in the “hot pursuit” of a suspected criminal. The measure, creating a National Office of Health Information within HHSA, allows states to enact tougher medical privacy safeguards.