Michael Levin-Epstein
Washington Watch

The Medicare Commission couldn't cross the finish line. Patient-rights bills can't seem to get to the starting line. So there's not much chance of major health care legislation going far in this session of Congress, right?

Wrong. Think privacy. Legislation to protect the confidentiality of medical records is front and center on Capitol Hill, with prospects for passage better than they've been in years.

Of course, Congress has a built-in incentive to enact some sort of privacy measure. Under the Health Insurance Portability and Accountability Act, it has until August to pass legislation on the confidentiality of electronic health information — or suffer the consequences. If Congress can't get its act together, then the Department of Health and Human Services will promulgate privacy standards by February.

For policy analysts on the Hill, it's become a matter of pride, and there's no shortage of proud players at that end of Pennsylvania Avenue.

In the Senate, Jim Jeffords of Vermont, chairman of the Health, Education, Labor, and Pensions Committee, and Christopher Dodd of Connecticut have reintroduced essentially the same measure they sponsored last year (this time, it's called the Health Care Personal Information Nondisclosure Act of 1999). Jeffords's fellow Vermonter, Patrick Leahy, and Massachusetts's Edward Kennedy also have reintroduced their privacy-protection legislation. Also, with the support of the Healthcare Billing & Management Association, Bob Bennett of Utah is again pushing his pet bill, the Medical Information Protection Act.

On the House side, there's the Medical Information Privacy and Security Act, introduced March 10 by Edward Markey of Massachusetts.

The American Medical Association is reviewing all of the bills, but hasn't yet formulated a position, according to spokesman Mike Lynch. Last June, the AMA House of Delegates adopted a statement on patient-privacy protection, and any legislation will be judged against its principles, Lynch says.

Strategies differ

A General Accounting Office study concluded that "a considerable amount" of health research relies on information that can identify patients, and that existing safeguards on confidentiality are limited.

The Jeffords-Dodd measure — the presumptive leader at this point — would give individuals access to their medical records, prohibit disclosure of information without patient consent, and grant law-enforcement agencies access to information through subpoenas or warrants. It would not preempt existing state laws that provide stronger protection.

Dodd's main goal is to prevent data, including prescription records, from being sold. "Individuals should have control of this very personal information. It shouldn't be exploited to boost a company's bottom line," he says. The act creates incentives for those who would use a patient's health information to sanitize it — that is, remove references that would make it possible for a recipient to identify the patient. Hospitals and physicians turning over patient information would need to provide individuals with "clear written notice" of their rights, and develop procedures for granting and revoking authorization for others to make use of that information.

Bennett, former chairman of the Senate Republican Health Care Task Force, doesn't like the idea that state statutes could preempt federal law. State laws, he says, are "incomplete, inconsistent, and inadequate."

While most pharmaceutical companies do not want research efforts to be compromised by what they might consider to be restrictive privacy measures, one trade group, the Biotechnology Industry Organization, says federal legislation may be preferable to the hodgepodge of existing state laws.

Federal law doesn't regulate use of computerized patient medical information obtained in the course of clinical trials or in epidemiological and outcomes research. Janlori Goldman, director of the Health Privacy Project at the Institute for Health Care Research and Policy at Georgetown University, says a national health policy "should create incentives for researchers to use nonpersonally identifiable health care data," and should provide uniform protection for subjects in any research study.

Will DM be sacrificed?

Privacy legislation is hardly a slam-dunk. While it's not politically correct in this town to come out against confidentiality protections, as you read this, legislators are listening to arguments by health plan supporters who warn not to go overboard in the pursuit of privacy.

Al Lewis, president of the Disease Management Association of America, observes that medical records contain valuable data that can be used to benefit patients. "Our view is that unauthorized use of people's medical data should be strictly prohibited, with stiff penalties for anyone who violates that privacy."

On the other hand, says Lewis, disease management programs "require access to patient-care data to identify patients who stand to benefit from them, ensure compliance with recognized standards of care, and monitor patient outcomes."

Disease management, Lewis argues, has emerged as the most effective and efficient way to organize and deliver proactive programs that improve health.

Successful disease management programs, he says, have reduced the number of lost school days for children with asthma by 83 percent, reduced ER visits by asthma sufferers, and improved screening and lowered overall blood-sugar levels for diabetes patients.

Thanks in large measure to the threat of HHS regulation, inside-the-beltway gurus assess the odds of passing privacy legislation by August as about 2:1.

"Society as a whole will face higher health care costs resulting from a sicker population," says Lewis, who adds that access to patient data allows health plans, "for the first time, to manage diseases. They are finally doing what their critics have criticized them for not doing."

Look beyond Washington for illumination on this issue. Last year, Maine passed legislation last year that prohibited hospitals from releasing information without a patient's written authorization — with penalties of up to $50,000 per violation.

The situation created unintended effects: Clergy, florists, and reporters were denied data about a hospital's census, family members complained of problems getting information on relatives, and pharmacists refused to release medication to anyone other than the patient without a waiver.

What the state had hoped would be a model for privacy protection turned out to be an unmitigated legislative disaster.

In fact, the public outcry against the measure was so enormous that Maine legislators were forced to passed another bill in January, suspending the law until a new privacy measure could be crafted.

After last year's ennui, however, Congress probably will want to do something — anything — in the health care arena before the next millennium.

Michael Levin-Epstein

Managed Care’s Top Ten Articles of 2016

There’s a lot more going on in health care than mergers (Aetna-Humana, Anthem-Cigna) creating huge players. Hundreds of insurers operate in 50 different states. Self-insured employers, ACA public exchanges, Medicare Advantage, and Medicaid managed care plans crowd an increasingly complex market.

Major health care players are determined to make health information exchanges (HIEs) work. The push toward value-based payment alone almost guarantees that HIEs will be tweaked, poked, prodded, and overhauled until they deliver on their promise. The goal: straight talk from and among tech systems.

They bring a different mindset. They’re willing to work in teams and focus on the sort of evidence-based medicine that can guide health care’s transformation into a system based on value. One question: How well will this new generation of data-driven MDs deal with patients?

The surge of new MS treatments have been for the relapsing-remitting form of the disease. There’s hope for sufferers of a different form of MS. By homing in on CD20-positive B cells, ocrelizumab is able to knock them out and other aberrant B cells circulating in the bloodstream.

A flood of tests have insurers ramping up prior authorization and utilization review. Information overload is a problem. As doctors struggle to keep up, health plans need to get ahead of the development of the technology in order to successfully manage genetic testing appropriately.

Having the data is one thing. Knowing how to use it is another. Applying its computational power to the data, a company called RowdMap puts providers into high-, medium-, and low-value buckets compared with peers in their markets, using specific benchmarks to show why outliers differ from the norm.
Competition among manufacturers, industry consolidation, and capitalization on me-too drugs are cranking up generic and branded drug prices. This increase has compelled PBMs, health plan sponsors, and retail pharmacies to find novel ways to turn a profit, often at the expense of the consumer.
The development of recombinant DNA and other technologies has added a new dimension to care. These medications have revolutionized the treatment of rheumatoid arthritis and many of the other 80 or so autoimmune diseases. But they can be budget busters and have a tricky side effect profile.

Shelley Slade
Vogel, Slade & Goldstein

Hub programs have emerged as a profitable new line of business in the sales and distribution side of the pharmaceutical industry that has got more than its fair share of wheeling and dealing. But they spell trouble if they spark collusion, threaten patients, or waste federal dollars.

More companies are self-insuring—and it’s not just large employers that are striking out on their own. The percentage of employers who fully self-insure increased by 44% in 1999 to 63% in 2015. Self-insurance may give employers more control over benefit packages, and stop-loss protects them against uncapped liability.