The Senate Committees on Health Services and Economic Development examine privacy issues at the State Capitol
AUSTIN - The Senate Committee on Health Services and the Senate Committee on Economic Development met today, May 15th, 2000, for a joint interim hearing at the State Capitol. Committee members heard testimony about privacy issues and how to protect the public from abuses in the release of information by government and private institutions. As each of the invited representatives pointed out, the legislature has a hard and complex task ahead in its effort to create laws that balance openness and privacy.
Senator Jane Nelson of Flower Mound, chair of the Health Services Committee, opened the meeting with a statement about the seriousness of the issue. Public distrust about the privacy of the information given to health care providers and insurers, as well as other institutions, is pervasive. One in five Americans engage in privacy protection behavior, like lying when they fill out forms, asking doctors not to include information about treatments or medications in their files, or simply not seeking care at all to avoid having their health records released.
The first panel began with John Ryan, Vice President of Policy for the Conference of State Bank Supervisors. Ryan gave an overview of privacy provisions pertaining to the Gramm-Leach-Bliley Act (GLB). This is a federal act that will rule privacy issues starting in July of 2001. However, it can be supplemented by laws implemented by each state. The federal act allows more information to be shared but gives people more options to opt out. One of the provisions orders financial institutions to have a privacy policy and to make sure their customers know about it. The customers could then tell the institution not to share that information with third parties. But the institution will have the right to share the information with affiliates such as insurance companies, investment institutions, brokerage companies, credit card companies and even travel agencies.
Some of the senators present were concerned that the information telling the clients they can opt out is most often in fine print, buried under other information. If the individual doesn't read it, he may not inform the institution that he wants to opt out, allowing the institution to release the records. Only a small number of clients actually send the letter opting out.
Another problem is that the federal law will only cover certain institutions, such as banks and insurance companies. Elizabeth Rogers, from the firm of Vinson & Elkins, gave an overview of privacy provisions pertaining to the Health Insurance Portability and Accountability Act (HIPAA). She said that a recent poll found that 29 percent of Americans believe privacy will be the main issue of concern at the beginning of this millennium, similar to civil rights during the 1960's. Advances in technology, such as the Internet, make the sharing of private information very difficult to control. Health providers and health insurance companies currently need authorization from their clients to release information, unless it is for research purposes. The problem is that private businesses also engage in research studies, creating a gray area in privacy policy. Penalties for releasing private information without the client's authorization range from $50,000 to $250,000 plus one to ten years in prison. Senator Kenneth Armbrister of Victoria said that although health providers and health insurers cannot legally deny service to people who opt out of information sharing, it still happens quite often.
Rogers says although privacy laws are in their infancy and suffer from gaps and gray areas, HIPAA is a good start. She says we are in a wait-and-see period, and the public will be the watchdog of these laws. She recommends the Texas Legislature not act now, but wait until federal laws are final, which could take another two years. But the senators replied that Texans want action now.
Rebecca L. Payne from the Attorney General's Office gave an overview of Texas' privacy statutes, regarding how governmental bodies collect and release private information. One of the cases that provoked a public outcry concerns the Department of Public Safety selling lists of names and information from driver licenses, along with social security numbers. Texas does not have, as do nine other states, a statute that establishes specific information that cannot be shared. California and Minnesota are the states with the broadest, most complete privacy laws for government bodies. Texas has more than 700 provisions or statutes that rule privacy issues, but many different institutions are still not covered.
Carolyn Purcell, of the Department of Information Resources, gave an overview of e-commerce privacy. She pointed out how the Internet enables hundreds of institutions and businesses to have ready access to all kinds of private information. For example, the web sites that an individual visits are considered public information. And people leave all kinds of information at web pages, from who they vote for, to where they shop and how much they spend, to whether or not they live alone. To stop this kind of information sharing will be extremely difficult, since the web has no geographical limits. Purcell also commented about how more advanced Europe is in privacy issues.
The second panel made presentations about the situation of privacy issues in relation to health. Will Davis, from the Texas Association of Life and Health Insurers -an association of 175 companies, made a series of recommendations. Among them, the non-disclosure of information to non affiliate third parties for marketing purposes, nor to financial institutions even when they belong to the same company. He says they also support the individual right to sue any company for the illegal disclosure of information.
Nicole Cooper, a psychiatrist representing the Texas Medical Association, has seen patients that won't release information about, for example, their treatment for bulimia or drug abuse. This causes problems when they are admitted to a hospital and the attending doctor may not be made aware of medication they are already taking. Prozac, for example, can cause serious conditions when mixed with other drugs.
A.G. Breitenstein, from ChoosingHealth.com. based in Massachusetts, told the members they better start right now working on health's privacy laws, since HIPPA will cover only a small number of institutions. The information on the Internet, she says, is permanent and limitless. Combined with the new advances in genetic mapping, there is a lot of information that could be available to anyone on the web and that could damage or diminish life opportunities. She also said that many people would pay out of their pockets for mental health care, due to concern that information disclosed to health insurance companies could be disclosed to a current or future employer.
A representative from Pharmaceutical Research and Manufacturers of America and Lisa McGiffert from Consumers Union also testified in this panel.
The third panel dealt with privacy issues relative to industry and commerce. The witnesses included J. Bradley Johnston from Temple-Inland Financial Services, Inc., Karen Neeley from the General Counsel of the Independent Bankers Association of Texas, Rob Schneider from Consumers Union, and Jeff Clark of the Alliance for Responsible Information Practices. All these representatives referred to the Gramm-Leach-Bliley Act, which will rule how they handle privacy issues in the future. Nevertheless, each state in the nation could create stricter laws to complement the federal act.
The committees are holding hearings throughout the state to study interim charges issued by Lt. Governor Rick Perry. Today's hearing focused on charge 3 of the Health Services Committee. The charge asks the members to review the type, amount, availability, and use of patient-specific medical information, including prescription data, and current statutory and regulatory provisions governing its availability. The report will explore whether statutory and regulatory provisions are consistent and adequately enforced. The hearing also examined privacy issues related to government agencies and institutions, and private industries and commerce.
Members of the Senate Committee on Health Services include Senators Jane Nelson of Flower Mound serving as chair, Mike Moncrief of Fort Worth serving as vice-chair, Jon Lindsay of Houston, Frank Madla of San Antonio, and Drew Nixon of Carthage. Economic Development Committee members include Senators David Sibley of Waco serving as chair, Ken Armbrister of Victoria serving as vice-chair, John Carona of Dallas, Troy Fraser of Marble Falls, Mike Jackson of Houston, Frank L. Madla of San Antonio, and John Whitmire of Houston.
There was no public testimony in today's meeting. The committees will report their findings and issue recommendations to be presented to the 77th Legislature, which convenes in January of 2001.
###