Privacy advocates blast 21st Century Cures bill
May 14, 2015 in Medical Technology
Developing new cures for the thousands of diseases for which there is none may seem all well and good — but some patient advocates say the 21st Century Cures initiative launched by a House of Representatives panel is throwing privacy out the window.
After a year of testimony from various healthcare experts before a subcommittee of the House Energy and Commerce Committee, the bipartisan duo of Rep. Fred Upton, R-Mich, and Rep. Diana DeGette, D-Wash., were ready for prime time. On April 30, they held a hearing on legislation on their 21st Century Cures initiative. On May 12, they were ready for the bill’s markup, a process in which committee members offer amendments on the proposed legislation.
The bill calls for $10 billion in extra funding for the National Institutes of Health over five years. It’s the era of data analytics, and the idea is that NIH would collect patient data that could lead to the discovery of cures for the more than 6,000 diseases that are currently incurable
The legislation was inspired by a real-life example from Upton’s home state of Michigan: Brooke and Brielle Kennedy, 6- and 7-year-olds who live with the rare disease known as Spinal Muscular Atrophy, or SMA, for which there is no known cure.
The effort appears to have been widely well received. After Wednesday’s markup, the Upton and DeGette issued a news release showing a roster of backers, with supporting quotes.
“On behalf of the physician and medical student members of the American Medical Association, I applaud the dedication and leadership that you and the Committee have demonstrated by working in a bipartisan fashion and engaging stakeholders so that we are able to accelerate the discovery, development, and delivery cycle that will save lives,” wrote James Madara, MD, executive president and CEO of the American Medical Association, in the House committee’s news release.
Research America Coalition, which represents 200 groups, wrote: The deliberative process you have undertaken to arrive at the Innovation Fund has helped clarify the issue: We are sustaining our research enterprise with 20th Century resources in the face of 21st Century opportunities and challenges. … Thank you again for your leadership, vision and determination to speed medical progress.”
There were more, but privacy rights advocate Deborah Peele, MD, is not having it.
“This bill will massively expand the hidden US health data broker industry—it’s about CURES for REVENUE DEFICITS not cures for patients,” Peele wrote in response to the article, 21st Century Cures Bill set for markup, posted May 13 on the Healthcare IT News website.
“We need a law to end the massive hidden US health data broker industry,” she added. “The data brokers sell and trade EHR, claims, prescription data; AND info about our minds bodies on social media.”
Peele maintains that CURES would greatly expand corporate access and sales of the nation’s identifiable health data.
In her view, the best way to research data is to ask patients for access – patients should control their own health information.
Peele is not alone in raising concerns over patient privacy.
In an analysis posted on the wesbsite of the National Law Review, lawyers Anna Krause and Paige M. Jennings, note that the Cures legislation would change HIPAA laws. The draft bill, they write, would add a new section to the HITECH Act to permit covered entities to use or disclose personal health information, or PHI, to certain entities for “research purposes” without authorization from the subject individual or a waiver from an IRB or privacy board.
Also, they write, the changes would allow remote access to PHI for certain research purposes; allow one-time authorizations of the use and disclosure of PHI for research; eliminate limitations on remuneration for PHI disclosed for research purposes; and allow disclosure of PHI to FDA-regulated entities for research purposes such as comparative effectiveness analysis.
“Consistency in accurately identifying patients – must be addressed,” another commenter points out in response to that May 13 Healthcare IT News story. “And Congress and CMS wants to penalize vendors and providers that fail to be ‘interoperable’, yet legislators won’t step-up and allow for an unique patient identifier, even on an opt-in opt-out basis.
“Now that’s politics for ya,” he adds, “and any system/process designed via politics is doomed to fail – with or without penalties.”
In its response to the the House Energy and Commerce Committee’s 21st Century Cures Initiative request for comments, HIMSS touched on the topic of privacy in a July 22, 2014 letter. Under the heading, “HIMSS empasizes these essentials,” HIMSS wrote: “Promote public and private incentives that encourage patient and provider utilization of EHI, while also protecting the privacy and security of individual health information,” and also: “Support and enhance consumer engagement, health literacy, the use of social media in patient education, privacy and security of PHI, and healthcare coordination with publicly-funded and other health programs.”
In the letter signed by HIMSS Board Chair Paul Keeberg. MD, and HIMSS President and CEO H. Stephen Lieber, the organization also called for harmonizing varying federal and state privacy laws and regulations pertaining to PHI.
Read HIMSS’ full response here.
CHIME, too, weighed in on prvacy, when it commented on the House panel’s 21st Century Cures initiative in a May 7, 2015 letter.
“An information-rich record, supported by widely adopted standards, also should improve a patient’s ability to manage consent privileges and diminish privacy concerns related to the digitization of personal health information (PHI),” wrote CHIME Board Chair Charles Christian and CHIME President and CEO Russell P. Branzell.
“Further, as patient health data become digital, we must ensure stringent privacy and security standards are employed to protect health information as it becomes more fluid,” they added.
Read CHIME’s full letter here.