Michael Levin-Epstein
Washington Watch

As fall settles over the capital, the Aug. 21 deadline for Congress to pass legislation regulating the use of personal medical data becomes a memory. Now, under the Health Insurance Portability and Accountability Act, the task of regulation development falls to the Department of Health and Human Services.

HHS would rather see Congress get its act together because HHS's authority under HIPAA is limited. "There's still hope that Congress will pass comprehensive legislation this fall," says Secretary Donna Shalala.

But the privacy issue is becoming entangled in that legislative nightmare known as patients' rights. Increasingly, insiders say, it looks like confidentiality will remain unresolved unless Congress agrees first on a package that addresses HMO liability. And legislators' track record on that score is convincingly unimpressive.

If you want something done...

HHS has no choice but to proceed. Spokeswoman Lorrie McHugh says HHS will release draft regulations for comment this fall. HHS is required, by law, to issue a final rule by Feb. 21.

HHS has been working internally to put together a proposal. Shalala has instructed staffers to follow five basic principles she set out in recommendations to Congress in 1997: boundaries, security, consumer control, accountability, and public responsibility.

In reaffirming those principles, Shalala commented that "With very few exceptions, a health care consumer's personal information should only be used for health-related activities."

A hospital should be able to use personal health information to provide care, teach, train, conduct research, and ensure quality, but employers should be barred from using the information for nonhealth purposes, such as hiring, firing, or promoting, Shalala contends. And, she says, insurers shouldn't be able to use it for underwriting.

Patients also are entitled to have their information protected from improper disclosure. However, Shalala notes, "In a democratic society, the right to privacy, like the right to free speech, is never absolute," so provisions will assure that information is available to entities when necessary to deal with emergencies — public health agencies using it to combat infectious-disease outbreaks, for instance.

President Clinton continues to trumpet patient privacy as a populist issue, urging Congress to include it either as part of a Patients Bill of Rights or as a stand-alone bill. At a White House meeting on health care priorities, Clinton laid out six "challenges" for Congress:

  • Pass a "strong and enforceable" Patients Bill of Rights for managed care enrollees;
  • Strengthen and modernize Medicare;
  • Assure that people with disabilities keep their health insurance when going to work;
  • Increase cigarette taxes to discourage teenage smoking;
  • Expand health coverage for children of working families; and
  • "Protect the sanctity of medical records."

Congressional possibilities

Earlier this year, the Senate Health, Education, Labor, and Pensions Committee was near agreement on a compromise privacy bill. But the panel scrubbed two meetings when members couldn't resolve some thorny areas of contention — including whether to allow lawsuits by patients whose information is disclosed improperly.

The original legislation, drafted by Vermont Republican Sen. James Jeffords, included provisions for lawsuits for compensatory and punitive damages. Those appear outside of the comfort zone of several committee members, but Jeffords is still hopeful an agreement on patient-privacy provisions can be reached this session.

On the House side, Republicans introduced, Sept. 9, a bill (HR 2824) to regulate HMOs, including provisions to allow patients to sue in federal court for "genuine injuries." The House is expected to debate the measure this month. While the Shadegg-Coburn measure doesn't specifically address privacy, it could wind up becoming the House's privacy vehicle.

Georgia Republican Rep. Charles Norwood, who, with Democrat John Dingell of Michigan has crafted his own managed care bill, says Coburn and Shadegg "have brought the Republican leadership a lot further along than anyone thought possible. They should be congratulated by everyone who's serious about reform."

But the insurance industry is unenthusiastic about any of the measures. Charles Kahn, president of the Health Insurance Association of America, says the beneficiaries of Shadegg-Coburn and other such legislation "would be trial lawyers — not to mention politicians on both sides grandstanding for their own benefit.

"The dirty little secret" of all of the bills, he continues, is that "consumers and employers would be stuck with the tab, and would struggle to shoulder higher health care costs."

An aide to Sen. Bill Frist, a Republican physician from Tennessee and chairman of the public health subcommittee, notes that the Senate managed care bill, passed in July, included privacy provisions. There's no telling when that will move forward, he says. "We're waiting now for the House. If they include something on patient privacy, it will make it easier when they take the bills to conference."

Privacy concerns also have come up in HR 10, the Financial Services Act of 1999, which is intended to remove Depression-era regulations that prevent affiliations among banks, securities firms, insurance companies, and other financial institutions. Some provisions would allow them to share a person's medical information for research, but AMA Trustee Donald Palmisano, M.D., worries this would allow institutions to use sensitive information for "a vast array of marketing evaluations or consumer-profiling ventures." He says such information should not be "an item of commerce."

The AMA favors an "opt-in" provision for medical records, arguing that the prudent course would be to prohibit the transfer of medical records — even among affiliated entities — without a patient's consent.

Such information can't be "unshared" later, Palmisano points out. "Once a financial institution has medical information, it becomes a permanent part of our consumer profile."

Patient consent

The confidentiality provisions of HR 10, as placed on the Senate calendar, provide that insurers and their affiliates "shall maintain a practice of protecting the confidentiality of individually identifiable customer health, medical, and genetic information," except in these instances with a person's consent:

  • Underwriting, premium processing, and investigations;
  • Providing information to the customer's physician or other provider;
  • Participating in research projects;
  • Enabling the purchase, sale or transfer of insurance-related business; and
  • Settlement of payments, investigations by legal or regulatory authorities, and fraud protection.

Another dicey managed care issue is up for grabs. In this case, the game is likely to continue until the new year — and maybe even beyond.

Michael Levin-Epstein

Managed Care’s Top Ten Articles of 2016

There’s a lot more going on in health care than mergers (Aetna-Humana, Anthem-Cigna) creating huge players. Hundreds of insurers operate in 50 different states. Self-insured employers, ACA public exchanges, Medicare Advantage, and Medicaid managed care plans crowd an increasingly complex market.

Major health care players are determined to make health information exchanges (HIEs) work. The push toward value-based payment alone almost guarantees that HIEs will be tweaked, poked, prodded, and overhauled until they deliver on their promise. The goal: straight talk from and among tech systems.

They bring a different mindset. They’re willing to work in teams and focus on the sort of evidence-based medicine that can guide health care’s transformation into a system based on value. One question: How well will this new generation of data-driven MDs deal with patients?

The surge of new MS treatments have been for the relapsing-remitting form of the disease. There’s hope for sufferers of a different form of MS. By homing in on CD20-positive B cells, ocrelizumab is able to knock them out and other aberrant B cells circulating in the bloodstream.

A flood of tests have insurers ramping up prior authorization and utilization review. Information overload is a problem. As doctors struggle to keep up, health plans need to get ahead of the development of the technology in order to successfully manage genetic testing appropriately.

Having the data is one thing. Knowing how to use it is another. Applying its computational power to the data, a company called RowdMap puts providers into high-, medium-, and low-value buckets compared with peers in their markets, using specific benchmarks to show why outliers differ from the norm.
Competition among manufacturers, industry consolidation, and capitalization on me-too drugs are cranking up generic and branded drug prices. This increase has compelled PBMs, health plan sponsors, and retail pharmacies to find novel ways to turn a profit, often at the expense of the consumer.
The development of recombinant DNA and other technologies has added a new dimension to care. These medications have revolutionized the treatment of rheumatoid arthritis and many of the other 80 or so autoimmune diseases. But they can be budget busters and have a tricky side effect profile.

Shelley Slade
Vogel, Slade & Goldstein

Hub programs have emerged as a profitable new line of business in the sales and distribution side of the pharmaceutical industry that has got more than its fair share of wheeling and dealing. But they spell trouble if they spark collusion, threaten patients, or waste federal dollars.

More companies are self-insuring—and it’s not just large employers that are striking out on their own. The percentage of employers who fully self-insure increased by 44% in 1999 to 63% in 2015. Self-insurance may give employers more control over benefit packages, and stop-loss protects them against uncapped liability.