New California Privacy Law Seen as Major Threat to DM

California Medical Association lobbyist Norm Plotkin will tell you that the language he managed to add to California Senate Bill 19 is necessary to protect physicians from stiff fines under the state’s new privacy law, and to keep them in the loop when patients are enrolled in disease management programs. But his last-minute amendment has health plans and DM companies up in arms.

Plotkin represented the CMA in the frantic final negotiations on SB19, the “Confidentiality of Medical Information Act,” one of 20 bills that made up the health care reform package signed by Gov. Gray Davis on Sept. 27.

Described by its author, Sen. Liz Figueroa, as the strongest medical confidentiality law in the nation, SB19 affects all parties who have access to confidential medical records, bans the sale of confidential medical information, prohibits HMOs from requiring enrollees to waive their privacy rights, and increases penalties to a maximum of $250,000.

When the dust started to settle, the California Association of Health Plans and disease management companies noticed language in SB19 they say they don’t remember discussing — specifically, the last 14 words of this section: “For purposes of chronic-disease management programs, information may be disclosed to any entity contracting with a health care service plan to monitor or administer care of enrollees for a covered benefit, provided that the disease management services and care are authorized by a treating physician [italics added].”

The bill lists the entities that are entitled to receive patient information. The above language, ending with “covered benefit,” had been in the bill for months. Then, shortly before final legislative action, the last 14 words appeared.

Didn’t see it coming

“We were blind-sided by this,” says Cornelia Tilney, vice president for business development at CorSolutions (formerly Cardiac Solutions), an Illinois-based DM company. “It’s unfortunate that most of us weren’t able to weigh in on this. I think that would have been helpful.”

California health plans, DM companies, and the Disease Management Association of America interpret the added words to mean that no patient-identifying information (e.g., name, address) can be given to a DM or any other vendor without the consent of either the patient or the treating physician. DM programs, which use patient-specific information to contact members and to design appropriate interventions, are prevented from doing so until health plans can give them that information — which can’t happen without authorization.

“It creates an administrative hurdle,” explains CAHP Executive Vice President Maureen O’Haren. If a patient or physician is unwilling to authorize disclosure, or won’t do the paperwork, then, she says, “A health plan is effectively precluded from providing DM services — even if it’s contractually obligated to.”

“That’s nonsense,” responds Plotkin. “They see hurdles I don’t believe exist in the bill. Is there some question about whether they can disclose medical information without some kind of written permission from the treating physician? I don’t think we need to go that far.”

But Plotkin concedes that the bill doesn’t spell out exactly how a physician would authorize a patient’s enrollment in a disease management program. “Obviously we’re going to have to address that,” he says.

What’s not at issue is that strong patient privacy legislation is necessary — especially in light of recent revelations that patients’ medical information was used in a New England direct marketing campaign — and that DM programs are a cost-effective way to achieve primary and secondary disease prevention.

Some California health plans, such as Aetna, have internal DM programs. But most others subcontract with such vendors as CorSolutions. Typically, a vendor provides the plan with data parameters to identify members whose health status qualifies them for DM enrollment.

In population-based DM programs, plan members who fit the risk profiles for a disease or who are in the early stages of a disease typically receive educational materials and information about resources in the mail or by E-mail, or may be monitored with an interactive voice-recognition system. To comply with the bill’s language, health plans would have to get patient or physician authorization before, say, a DM company could mail an educational brochure about diabetes to a plan member.

“If we can’t get some language changes, it’s going to cause a significant delay in consumers receiving services from DM companies,” says Tilney. “There are real programs that are going to have to be changed, and in some cases, they may be dropped. Ultimately, the people who are going to lose out are patients and consumers.”

For its acute programs, including COPD, diabetes, cardiovascular-risk reduction, and CHF, Tilney says CorSolutions already asks patients to sign a consent form, and develops treatment plans under the treating physician’s orders.

Prospect for change

Because the California health care reform package is likely to be viewed as a model by other states, SB19 has attracted DMAA’s attention. The association has been an effective presence for the $340 million DM industry in the current patient rights debate in Congress.

DMAA general counsel and legal adviser Jim Jacobson, who practices in the Washington office of Gardner, Carton, & Douglas, sees other inconsistencies in SB19, in addition to those problematic 14 words.

For instance, the words “any entity contracting with a health care service plan” do not reflect the reality that in California, DM vendors often contract with physician groups, hospital systems, or employers — not just health plans.

In addition, Jacobson notes, important terms like “chronic,” “disease management,” “treatment,” and “treating physician” are not defined.

“We’re already seeing a tremendous impact on potential deals in the state,” says Jacobson. “If nothing’s done with this inconsistent language, we are going to see a major chilling effect on disease management.”

Current prospects for SB19 clean-up legislation are iffy. But that may change as DMAA, CAHP, and their constituents plead their case. Jacobson made SB19 a prominent topic in his address at the DMAA Inaugural Conference in San Francisco last month. He suggested a variety of ways to fix the major problem with SB19, including an administrative directive from the California Department of Corporations or the new Department of Managed Care.

Figueroa, the bill’s author, says she is willing to consider rewriting the DM provision in SB19 if the DM industry can provide assurances that patient privacy will be protected. Figueroa, who chairs the Senate Committee on Business and Professions, says the intent of the language was to ensure that physicians are informed of any care their patients receive, and to know what’s being done with their patients’ records.

“We think the language is being misinterpreted,” says Figueroa. “This legislation wasn’t drafted to tie the hands of disease management programs. But any time there’s major legislation, there’s always clean-up legislation afterwards, and SB19 might be one of those that need it.”

Meanwhile, SB19 goes into effect on Jan. 1, and that puts California health plans in a bind. Do they comply with the language and prepare to contact thousands of physicians or patients for millions of authorizations — at considerable cost? Do they wait for clean-up legislation to be enacted sometime next year? Or do they drop DM because it’s not worth the hassle?

MANAGED CARE November 1999. ©1999 MediMedia USA

Our most popular topics on