Washington Highlights Home
About Washington Highlights
Previous Issues
Government Affairs and Advocacy
AAMC News Room
AAMC Home
Subscribe to Washington Headlines via e-mail		   Washington Highlights Association of American Medical Colleges, Jordan J. Cohen, M.D. - President

February 9, 2001

AAMC Expresses Concerns on Privacy Regulations for Medical Research and Health Education

Testifying Feb. 8 before the Senate Health, Education, Labor, and Pensions Committee, G. Richard Smith, Jr., M.D., professor of psychiatry and medicine, University of Arkansas for Medical Sciences, presented the AAMC's concerns about the effects on medical research and health education of the final medical records privacy regulations issued by the Department of Health and Human Services in December.

He reiterated the AAMC's belief "that a great majority of retrospective research with archived medical records could and should be performed with de-identified medical information." "Unfortunately, HHS has persisted in setting a single bar for 'de-identification,' and that bar is much too high," he stated, and urged the committee to direct HHS to rethink its approach to de-identification, and to create a standard that "more appropriately reflects the realities of health research and the motivations and capabilities of health researchers."

Dr. Smith also expressed the AAMC's concerns about some of the new criteria for obtaining a waiver of the requirement for specific authorization for research access to protected health information contained in archived medical records. He questioned the ability of Institutional Review Boards (IRBs) or the newly created Privacy Boards (PBs) to measure "privacy rights" or "privacy risks."

Dr. Smith told the committee that because of these issues and "the generally forbidding tenor of the rule, its complexity, ambiguities, burdens, and costs, the AAMC is very concerned that a particularly unfortunate outcome may well be to encourage any covered entity for whom research is not part of the core mission to 'lock down' its medical archives and refuse to make them accessible for research of any kind."

Dr. Smith noted a troubling lack of clarity regarding health professions education within the final rule, and urged the committee to direct HHS to clarify the regulations with respect to the ambiguities associated with training health professions students.

He also expressed the AAMC's support for the position of others in the health community that the 2-year implementation schedule is overly ambitious given the state of electronic information technology now in place in the health care delivery system and should be extended. Finally, irrespective of whether federal regulation or legislation is the chosen mechanism for protecting the privacy of medical information, the AAMC is convinced that the capital costs of developing and implementing nationwide the information technology systems required to bring the health care system into compliance will demand resources far beyond the capacity of the system to generate. Therefore, the AAMC suggests that a creative federal- state-private sector initiative, perhaps analogous to the post World War II Hill-Burton Act, will be necessary to reach this goal.

John Houston, information systems director, data security officer, and assistant counsel for the University of Pittsburgh Medical Center (UPMC) Health System, testified on behalf of the American Hospital Association. He also noted that some of the provisions in the final rule are "either completely new or dramatically different" from the proposed rules, including "potentially confusing and burdensome consent requirements." He told the committee, "it is essential to fix requirements … that could impede patient care or disrupt essential hospital operations," and urged Congress to encourage HHS to re-open portions of the new rule for comment. He also urged Congress to establish HIPAA as "the national standard for protecting medical privacy by exempting state law."

The AHA testimony also stressed the "significant and costly changes to hospital's current information systems" required by the final rule, which "in many cases will require hospitals to build or acquire expensive new information technology solely to meet HIPAA requirements, including tracking disclosures of information."

In contrast, Janlori Goldman, director of Georgetown University's Health Privacy Project, praised the final rule, telling the committee she did not believe it was as complicated or vague as it has been characterized. She rejected re-opening the rule for further comment or extending the implementation period and called on Congress:

  • to broaden HIPAA's scope to cover directly other entities, such as insurers, that collect and use personal health information,
  • to require consumer consent before medical education can be used for marketing and fund-raising;
  • to strengthen the limits on law enforcement access to medical records; and
  • to provide individuals with a federal right of private action if their privacy is violated.

Information: Dave Moore, AAMC Office of Governmental Relations, 202-828-0525.

AAMC Home  |  Comments  |  © 1995-2005 AAMC Terms and Conditions  |  Privacy Statement