N. Tucson Blvd. Suite 9
Tucson, AZ 85716-3450
Phone: (800) 635-1196
Hotline: (800) 419-4777
of American Physicians and Surgeons, Inc.
A Voice for Private Physicians Since 1943
Omnia pro aegroto
to the Committee on Government Reform and Oversight
Subcommittee on Government Management, Information and Technology
U.S. House of Representatives
The Health Information Protection Act
June 14, 1996
Submitted by the
Association of American Physicians and Surgeons, Inc
CONTACT: Jane M. Orient, M.D.
(520)327-4885; FAX: (520)326-3529
The Association of American Physicians and Surgeons (AAPS), founded in 1943 to
protect private medicine and the patient-physician relationship, represents physicians in all
The Association is deeply concerned that any Act that has the potential to alter or
impair long-standing ethical principles or traditional human relationships should be enacted
only after long and careful consideration, with many opportunities for wide public discussion.
Under no circumstances should such an Act be adopted in haste, with urgency to ``pass
something, anything'' in the hope that it can be amended later, after an infrastructure is
already set in concrete, as was suggested by one panelist testifying before the Committee
during the hearings on June 14, 1996.
Our specific concerns about the Health Information Privacy Protection Act include:
The creation of a new entity called a ``health information trustee,'' which subsumes
physicians and other ``health care providers,'' placing them in the same category as ``health
plans,'' ``health oversight agency,'' and ``public health authority.''
The destruction of the patient-physician relationship:
Under present private-practice arrangements, the patient's personal physician is
responsible to the patient for the confidentiality of the record and is bound by an ethical code.
The Oath of Hippocrates provides that: ``All that may come to my knowledge in the exercise
of my profession or outside of my profession or in daily commerce with men, which ought
not be spread abroad, I will keep secret and never reveal.'' It is only under exceptional
circumstances, such as direct and imminent danger to others, that the law of the state is held
to override this obligation.
Under the proposed new structure, the physician is but one of many ``trustees,'' and
his authority and discretion are denied under a broad and vague range of circumstances. He
may be prohibited by law from making disclosures necessary for the optimal treatment of his
patient (say by lack of written consent) and commanded, under threat of legal sanctions, to
release information to the detriment of his patient, for example, for a law enforcement
inquiry, which may involve ``a violation of, or failure to comply with, any criminal or civil
statute or any regulation, rule, or order issued pursuant to such a statute,'' [however trivial or
remotely related to the receipt of a medical service]. (See Section 211(b). The idea of using
medical information to track down witnesses in unrelated matters, as would be permitted by
Section 211(b)(1) is chilling. In addition, Section 211(a)(3) is far too broad.)
Most of the ``trustees'' have no direct responsibility to the patient, and no direct
knowledge of or contact with the patient. Yet their authority and discretion are equal to or
superior to that of the physician.
The potential for the conversion of the medical record into a tool for coercive central
planning and social engineering, without the patient's knowledge or consent.
The Act appears to assume extensive conversion of medical records into entries in a
networked computer system. It fails to guarantee and even undermines the single most
important safeguard: the right to keep one's private information out of such a system, in the
exclusive custody of the patient and his chosen agents such as his private physician and others
directly responsible for his care.
The potential for abuse of confidential records is highlighted by the recent collection
of security files on individuals possibly targeted by the White House for political reasons.
Penalties disproportionate to the seriousness of offenses and lack of requirement to prove
criminal intent for imposing civil penalties.
Any person ``who the Secretary determines has substantially and materially failed to
comply with this Act shall be subject'' to penalties. Inadvertent violations of obscure
regulations, even if no harm to an individual results, can be punished very severely ($10,000
fine per offense). Yet the sale of information, potentially for many millions of dollars, carries
a maximum civil penalty of $250,000. No distinction is made between individual physicians
involved in direct patient care and billion-dollar ``health plans,'' which have enormous
capabilities for diffusing responsibility and avoiding criminal sanctions (which, appropriately,
depend on proving criminal intent).
Loss of right to sue for damages resulting from disclosure of protected information.
The only protection that individuals have from harmful disclosures is through law
enforcement agencies. Offenders may be punished or deterred, but how is the victim to be
compensated if harmed by behavior that complies with the letter of the law as assessed by
bureaucratic agencies (which are by no means immune to influence from well-funded special
interests such as the information processing industry)?
A comparable law would deprive patients of the right to sue for medical malpractice
as long as the ``providers'' had complied with the letter of the law and avoided the commission
of an actual crime.
At a minimum, it is essential that the following provisions be included in any health
care information legislation:
- The right of all Americans to seek medical treatment outside of any medical
insurance plan in which they may be enrolled should be explicitly guaranteed-especially (but
not exclusively) if the plan requires or permits the compilation of or access to information,
which relates to a patient's medical condition or to physician-patient communications, by
anyone other than the patient's own physician or person acting under the direction of such
- Compilation of or access to information, which relates to a patient's medical
condition or to physician-patient communications, by anyone other than the patient's own
physician or person acting under the direction of such physician, must require the patient's
express, fully informed consent.
- No medical professional may be required to perform any act that violates his
conscience as a condition of being permitted to practice his profession or specialty.
- Patients should have a cause of civil action against any individual or entity, including
an agent or agency of the government, who causes him harm by the misuse of computerized
data. To this end, any electronic data processing system established under this Act should
include a mechanism for tracking all individuals who access identifiable records.
These essential requirements were presented in a similar form to the Senate Labor and
Human Resources Committee in a statement on the Medical Records Confidentiality Act of
1995 to the Senate Labor and Human Resources Committee, November 30, 1995.
We are deeply concerned that an Act that does not contain these protections will have
an effect opposite to the one suggested by titles that claim to protect privacy or confidentiality.
Congress should be alert to the danger of establishing procedures that permit and facilitate the
transmission of information for which disclosure is now either prohibited or practically