WHEREAS, on October 24, 1995, the proposed Medical Records Confidentiality Act, S. 1360, was introduced in the U.S. Senate;

WHEREAS, computer-based health data systems and electronic networks have enhanced and will increasingly enhance in the future the ability of health care providers, insurers, employers, and others to maintain, access, and transfer health data;

WHEREAS, the control and use of health data can provide significant benefits to health care consumers but also presents a significant threat to their right to privacy;

WHEREAS, uniform, national standards are needed to effectively regulate health data collection and control, given that state law confidentiality standards are frequently inconsistent and inadequate;

WHEREAS, S. 1360, would provide such a national standard and contains many salutary provisions such as a broad definition of health information trustee and significant enforcement standards for violations, but also contains many provisions that should be amended, including provisions that

  • authorize the disclosure of personal health information, without the subject's knowledge or consent, to health researchers acting with the approval of only Institutional Review Boards;
  • authorize access to personal medical records by law enforcement agencies on the basis of a warrant issued with less than traditional probable cause;
  • apply only to health information obtained after the Act's effective date, 12 months after enactment, and thus fail to regulate the use of health information already possessed by health care providers and others prior to the effective date;
  • allow disclosure, without the subject's knowledge or consent, of personal health information from health information trustees (e.g., health care providers, health plans, health oversight agencies, employers, and insurers) to certified health information services for the purpose of creating non-identifiable records; and
  • fail to provide incentives for insiders to disclose violations of the law (whistle blowing) and fail to protect against retaliation for whistle blowing;

NOW, THEREFORE, BE IT RESOLVED that the Philadelphia Bar Association urges that before passage of the Medical Records Confidentiality Act, Congress amend the provisions set forth above to strengthen the right to confidentiality of medical consumers and better protect their right to privacy.

AND BE IT FURTHER RESOLVED that the Philadelphia Bar Association authorizes its Chancellor to communicate its concerns regarding the Medical Records Confidentiality Act, as currently drafted, to its members, to legislators, to the public at large, and to the media.

ADOPTED: April 25, 1996