This Transcript is Unedited
DEPARTMENT OF HEALTH AND HUMAN SERVICES
NATIONAL COMMITTEE ON VITAL AND HEALTH STATISTICS
Subcommittee on Privacy and Confidentiality
January 12, 2005
Hubert H. Humphrey Building
200 Independence Avenue, SW
Washington, D.C. 20201
CASET Associates, Ltd.
10201 Lee Highway, Suite 160
Fairfax, Virginia 22030
TABLE OF CONTENTS
Call to Order, Introductions
- Opening Remarks – Mark Rothstein, J.D.
- Introduction – Panel 1- Mark Rothstein, J.D.
- Employment – Panel 2
- Insurance – Panel 3
- Approaches – Panel 4
P R O C E E D I N G S [8:47 a.m.]
MR. ROTHSTEIN: Good morning, my name is Mark Rothstein and I’m the director
of the Institute for Bioethics, Health Policy and Law at the University of
Louisville School of Medicine and chair of the Subcommittee on Privacy and
Confidentiality of the National Committee on Vital and Health Statistics. NCVHS
is a federal advisory committee consisting of private citizens which makes
recommendations to the Secretary of HHS on matters of health information
On behalf of the subcommittee and its staff I want to welcome you to today’s
hearing on disclosures of protected health information to third parties
pursuant to authorizations. We are being broadcast live on the internet shortly
although not at this minute so we should plan on making sure that our, when we
speak we speak into the mics clearly and audibly. If any of you have cell
phones or pages I would ask that you turn them off at this time.
Because of our late start if you will take a look at your schedules and
simply add 15 minutes to each of the time breaks we’ll just move everything
back in the day 15 minutes. So today’s first panel for example will end at
10:15 and we’ll have our break at 10:15.
Dr. Richard Harding will chair the first panel of today’s hearing, which
will begin after our introductions and during the introductions I would ask
subcommittee members to disclose any conflicts of interest. I will begin by
merely observing that any of my conflicts I think should become apparent during
the first presentation this morning. Richard?
DR. HARDING: I’m Richard Harding, I’m chairman of neuropsychiatry at the
University of South Carolina School of Medicine and I have no conflicts that
I’m aware of at this time.
DR. COHN: I’m Simon Cohn, I’m the associate executive director for
information policy for Kaiser Permanente, I have no conflicts of interest to my
MR. BLAIR: I’m Jeff Blair, vice president of the Medical Records Institute
and I have no conflicts that I’m aware of.
MS. SUTER: I’m Sonia Suter, I’m associate professor of law at George
Washington University and I’m testifying today, not a member of the
MR. SWIRE: I’m Peter Swire, I’m a professor of law the Ohio State
University, I’m testifying today and I have no conflicts, I’m just testifying.
DR. RIPPEN: My name is Helga Rippen, I’m at the Office of the Assistant
Secretary for Planning and Evaluation and staff member to the subcommittee.
MS. GREENBERG: I’m Marjorie Greenberg from the National Center for Health
Statistics, CDC, and executive secretary to the committee.
MR. REYNOLDS: Harry Reynolds, Blue Cross/Blue Shield of North Carolina,
member of the committee and no conflicts.
MR. HOUSTON: I’m John Houston, I’m with the University of Pittsburgh
Medical Center, I am a member of the committee as well as the subcommittee and
I have no conflicts.
MR. ASMONGA(?): Don Asmonga, director of government relations for the
American Health Information Management Association, I’m in the audience and I’m
MS. TOWNSEND: Jessica Townsend from the Health Resources and Service
MS. MEYER: I’m Robbie Meyer with the American Council of Life Insurers and
I’m a presenter this afternoon.
DR. HUGUENARD: I’m Dr. Joseph Huguenard, I’m with Swiss Re Life and Health
North America and I’m here representing the ACLI, American Academy of Insurance
Medicine, and I’m a presenter.
DR. HARDING: Well, thank you, and we look forward to a very interesting
morning and afternoon and welcome to our guests as well as presenters.
We’re going to start this morning with Chairman Rothstein who will be
presenting, we’re going to ask that people present for about 15 to 20 minutes,
at 20 minutes I’ll kind of give you the high sign if you’re still going but
that will allow us time for questions and answers which I’m sure will be
forthcoming during that time. Mr. Rothstein.
Agenda Item: Introduction – Panel 1 – Mr. Rothstein
MR. ROTHSTEIN: Thank you, Mr. Chair. As everybody or most people know in
this room I have served as a member of NCVHS since 1999 and as chair of the
Subcommittee on Privacy and Confidentiality since 2000, and this is the first
time I have appeared in the role as a witness before the subcommittee. And I’ve
elected to do so because of the great importance that I attach to the topic of
today’s hearing and because I think the views that I’m going to present are not
widely expressed in the discourse of the NCVHS or elsewhere and I’m very
anxious to turn our attention to these issues. And I thank my colleagues and
the subcommittee staff and the other witnesses for indulging me.
Today’s hearing focuses on third party access to PHI via authorizations and
the first panel will attempt to provide an introduction to the topic. I have
titled my talk Reconceptualizing Health Privacy and Confidentiality and I hope
to focus on these three questions, what are health privacy and confidentiality,
why do people consider health privacy and confidentiality important, how
effective are current efforts to protect health privacy and confidentiality —
Let me just stop for a second, are we on the internet?
PARTICIPANT: We will be in a minute.
MR. ROTHSTEIN: Okay, well that effects whether I read the slides so I just
wanted to make sure so I don’t mean to insult you by reading what you can read
but the internet people can’t get them.
Okay, so the first is what are health privacy and confidentiality, the first
of the questions, and according to Anita Allen’s formulation it can involve
various dimensions including information, physical, decisional and proprietary
privacy, today I’m going to be talking about informational privacy.
Privacy and confidentiality are often used interchangeably when they refer
to two different concepts and I use the term privacy to refer to a two party
relationship, that is whether an individual can keep certain information
without being disclosed to anybody else, and that anybody else may be family,
friends, or in the health care setting a physician. So it’s the individual’s
option under privacy or right to privacy or however you want to phrase it to
disclose information and we all have certain facts and bits of information that
we don’t want to disclose to other people and privacy is a way of retaining
ones control over that information.
Now this is a quote from the introduction to the book by Ellen Alderman and
Caroline Kennedy about ten years ago that talks about why they view privacy as
important, it reads why we as Americans so cherish our privacy is not easy to
explain. Privacy covers many things. It protects the solitude necessary for
creative thought. It allows us the independence that is part of raising a
family. It protects our right to be secure in our homes and possessions assured
that the government cannot come barging in. Privacy also encompasses our right
to self-determination and to define who we are. Although we live in a world of
noisy self-confession privacy allows us to keep certain facts to ourselves if
we so choose. The right to privacy, it seems, is what makes us civilized.
In contrast to this two party relationship in privacy I believe that
confidentiality refers to a three party relationship so you start out with A,
who now I’ve termed the patient, and A gives information to B the physician and
now privacy, I’m sorry, confidentiality considers the issue of whether the
second party, B the physician, can re-disclose information that was originally
disclosed within the confines of a confidential relationship to some third
party. And this third party could be family or friends or an employer, an
insurer, a marketer, some entity that has more of a commercial relationship
with the individual patient.
Now I’ll be coming back to this three party diagram later in my talk when I
discuss the issues of how we attempt to regulate the control of information
from A to C through B.
Confidentiality is the source of professional obligations, legal liability,
and vibrant policy debate as we all know. And the basis of confidentiality we
can trace at least to the Hippocratic Oath, which provides in part and
whatsoever I shall see or hear in the course of my profession, as well as
outside my profession in my intercourse with men, if it be what should not be
published abroad, I will never divulge, and that relates to our discussion
yesterday on archival information, holding such things as holy secrets.
I think that professional pledges of confidentiality by health care
providers implicitly say to patients the following, it’s okay to accept a
lesser standard of secrecy going from privacy to confidentiality because
limited disclosure is essential to your health care and your information will
not be re-disclosed without your consent. I think that’s the implicit bargain
or premise of confidentiality.
Now why do people consider health privacy and confidentiality important? I
think that privacy and confidentiality have both an intrinsic and a
consequential value. So let’s do the following mental experiment, suppose that
before today’s hearing I asked you all to pick up a copy of your complete
medical records file and we all have in front of us a one foot high stack of
all of our medical records from our pediatrician onward. And then I said okay
what we’re now going to do is we’re going to exchange our medical records and
tomorrow we’ll bring them all back and return them to their owner and nothing
bad will happen to anybody as a result of this exchange, you’re not going to
lose your jobs, your insurance, or anything like that, but we’re just going to
pass them around. And I think that more then a few of us would have some
concerns about that and that is in my view goes to the intrinsic nature of
So there are certain health information that people do not want to share
irrespective of any possible adverse consequences, they may be concerned about
embarrassment, stigmatization, or the undermining of current or future
relationships. A study that was published in 2003 actually asked several
hundred patients with all sorts of conditions which of those conditions and
what health information they considered to be most sensitive and then they were
ranked. So the top six that I included on my list, which were responded in the
top six, were abortion history, mental health history, HIV/AIDS, genetic test
results, drug and alcohol history, and history of sexually transmitted disease.
And then lower down the list which I didn’t include on the slide are heart
disease, cancer, and so forth. The interesting thing I think is that the
sensitivities of individuals change over time and I think if you had a list
from 25 years ago, well it wouldn’t have had HIV/AIDS, it may not have had
genetic test results, it probably would have had cancer which was much more
stigmatized years ago and I don’t know what the conditions will be in the
future. So not only does it change over time but it varies by condition, that
is the sensitivity attached to the condition varies by condition.
Now there are also consequential elements of privacy, people are concerned
about the tangible consequences of disclosure including that they may be
subject to health based, and I put in quotes “discrimination” and
discrimination is a difficult word for us to get a handle on because we can use
it in the civil rights sense when all discrimination is invidious or we can use
it in the sense of making distinctions or drawing distinctions among people in
the insurance sense where they have different risks. So I believe that
discriminations means that it’s the concern of individuals about health based
discrimination can be one of two things, it can be either that inaccurate
conclusions or predictions based on the health information will be used to deny
them employment, insurance, or other opportunities, that this third party is
going to somehow misuse their information and draw erroneous conclusions.
Or it could be that accurate conclusions or predictions based on health
information will be used to deny them opportunities to which they believe they
are entitled notwithstanding the health information. So for example a health
insurer might accurately determine that they are at increased risk of becoming
sick in the future but nevertheless they believe that they have some sort of
entitlement or right or ought to have access to health insurance.
The third topic I want to take up is how effective are current efforts to
protect privacy and confidentiality and I want to use as examples the HIPAA
privacy rule which is near and dear to all of us, and also an example of
genetic nondiscrimination laws in employment and health insurance.
One of the things about HIPAA I think is that it is so misunderstood, what
it intends to do, how it does it, and so forth. Many people believe that HIPAA
is a comprehensive law designed to protect health privacy and confidentiality
and that it establishes a comprehensive system for doing so and that is of
course not the case. HIPAA does not establish a comprehensive system for
protecting the privacy and confidentiality of health information because HIPAA
only applies to covered entities, health care providers, health plans, health
clearinghouses and their business associates, HIPAA does not apply to
employers, insurers, schools, or other entities that may have health
information except to the extent that they perform as a covered entity.
HIPAA also only covers so-called protected health information which is
defined as individually identifiable information. There may be an ethical
obligation or a legal duty based on some other law to protect other forms of
health information such as preventing the group based harms associated with
anonymous but ethnically keyed genetic information but that is not covered by
HIPAA because it’s not individually identifiable.
HIPAA does not protect the privacy of health information if we define it in
the two party sense that we talked about earlier as being the right of
individuals to prevent the disclosure of health information to others. Under
HIPAA the failure to disclose health information may result in the refusal of
medical treatment or the refusal to reimburse providers for services. It would
be lawful and reasonable for a health care provider to say look, if you don’t
tell me your history or what medications you’re taking I can’t treat you, I’ll
be afraid to do anything. I need to have certain information and so there is no
right of privacy certainly under HIPAA to get medical care and withhold
I would also argue that HIPAA does not protect the confidentiality of health
information which we just defined as the re-disclosure of information
originally disclosed within a confidential relationship. Because even though an
authorization is required for most uses and disclosures beyond treatment,
payment, or health care operations such as marketing or research, HIPAA does
not prohibit third parties from requiring the execution of an authorization,
and I would add an unlimited authorization, as a condition of for example
obtaining employment or an insurance policy, issues that we’re going to be
focusing on today.
So what is HIPAA? I think for all its complexities and controversy HIPAA and
its privacy rule provide a limited system to protect the security of health
information by preventing the unauthorized use or disclosure of protected
health information as well as a series of fair information practices such as
the right of access to medication records, the right to request amendment, the
right to accounting for disclosures, etc. So I think HIPAA is not a privacy and
confidentiality rule so much as a rule that protects security, even in the
privacy rule not to mention in the security rule, and a series of fair
I would add parenthetically of course that I think that privacy rule has
perhaps an even more important symbolic value in that it raises for health care
providers around the country the notion that health privacy which always was a
part of the code of ethics of all the health professions is really important
and you need to take concrete steps to protect the privacy and confidentiality
of the information that you hold.
So the final of the four things I want to suggest is that how effective, or
consider, is the question of how effective are current efforts to protect
health privacy and confidentiality. So let me go back to the three party
relationship that I sketched out earlier for you where a patient gives
information to a health care provider, in this illustration a physician, and
then the physician or hospital or provider with the records then is faced with
a question of disclosure to some third party, an employer, an insurer, or a
How as a matter of policy have we attempted to keep “confidential”
or private information from A from being disclosed to C, the third party? And
it seems to me the way that we’ve gone about it is to try to erect barriers
between B and C. We set the conditions under which those in possession of the
health records, the providers, the hospitals, the physicians, the nurses, etc.,
may release information to C and to prevent the inadvertent or unauthorized
disclosure of information, or the wrongful disclosure of information. But that
does only a partial job of preventing the disclosure of information from A to
C. If we are serious about keeping unnecessarily broad and unnecessarily
voluminous amounts of irrelevant patient health care information from reaching
third parties we can’t do it that way because anyone with the economic
leverage, that is an employer or an insurer, can as a condition of employment
or insurance, C, the third party, can go to the patient and say if you want
this job sign this authorization releasing all of your medical records to us.
If you want this insurance policy sign this authorization. And then B, the hold
of the information is legally bound to disclose that information. So the model
that we’ve adopted for regulation does not really address the issue of
compelled authorized disclosures.
Now suppose we changed the law and said that information in the possession
of the health care provider, B, could never be disclosed to C even with an
authorization, would that help? And the answer of course is no because C would
say they just passed this crazy rule that says I can’t get your health
information from your provider even with an authorization but you can so go get
your health records from your hospital or your doc and bring them first thing
Monday morning if you want this job or this insurance policy.
Well, that wouldn’t help too much. Suppose we enacted a rule or a law that
said okay, any information that was obtained in the clinical setting can never
be disclosed to third parties who are not performing in the clinical setting.
So A couldn’t get the medical records, his own medical records from B and
disclose them to C or C couldn’t use those records, would that help, and the
answer is no because C would then say to A I can’t use any of the records that
you have given in the course of your medical treatment so if you want this job,
if you want this $10 million dollar life insurance policy, come in first thing
Monday morning and we’re going to do our own examinations and plan to be here
for the better part of the day.
So this paradigm is not amenable to regulation with the tools that we have,
the only way it seems to me that if we think that third parties are getting
more information then they need, the only way to address that issue is not a
procedural one, it’s a substantive one, what information can C access and use.
And that involves a whole series of much more difficult and complicated, and I
would argue if I had to, contentious issues such as who should have a right of
access to health insurance and health care? Under what terms should medical
underwriting be undertaken in life insurance or disability insurance or long
term care insurance?. What is the relative right of employers vis-à-vis
employees to make decisions about whether employment in a particular workplace
is in their best interest? And these are very difficult but they are
substantive questions and can’t be resolved by sort of procedural measures to
restrict access in one way or another.
I think genetics presents us with a very good case study of how we’ve
attempted to do this and how our efforts have failed. The starting point for
analyzing the success of genetics regulation or the applicability of genetics
regulation in the workplace setting is the Americans with Disabilities Act
which was never intended to be a privacy and confidentiality law, it’s a
nondiscrimination law, but in preventing discrimination against individuals
with disabilities Congress felt that it needed to control the amount of
information and the timing of the information that employers had access to.
So what was created was a three stage process and at the pre-employment
stage when you just walk in and say I’m here, I heard you’re looking to hire
law professors, the employer is not permitted to make any pre-employment
inquiries as to whether you have a disability or the nature of your disability,
whether you’ve filed worker’s compensation claims, etc. in the past. However,
after a conditional offer of employment, after the employer says you look
terrific, your resume is great, your references check out, I’m prepared to make
you an offer to start the 1st of March contingent on your getting a
satisfactory report on your medical examination, these post offer medication
examinations or pre-placement examinations are authorized by the statute and
they may be of unlimited scope regardless of the medical condition of the
individual, regardless of the nature of the job for which the individual
applies, and significantly they may require as part of that the release, or now
we call it authorization, to release all of the individual’s medical records.
By contrast medical examinations of current employees must be either job
related and consistent with business necessity or voluntary.
So the result of that is that post offer genetic testing is not prohibited
by the ADA. Post offer access to all health information is not prohibited by
the ADA. And for reasons that you can either trust me on or defer to later
because it’s complicated, genetic predisposition is not a disability under the
Now since the Human Genome Project, I wouldn’t trust me either but I’ll just
save that for now, since the Human Genome Project began in 1990 32 states have
enacted laws that purport to prohibit genetic discrimination in employment.
These laws address number one and number three above but not number two, which
I’m going to go back to and fill in. Number one being that post offer genetic
testing is now prohibited by these state laws, genetic predisposition which is
variously defined is now considered to be a disability or to otherwise violate
the law, but these laws, these 32 state laws, do not address the issue of post
offer access to all health information. As a result, and I believe that
Professor Suter will address this, many people decline genetic testing because
they are concerned that employers can have access to the results. Our surveys
have shown consistently that approximately 75 percent of people would be
reluctant to undergo genetic testing if their employer or insurer could get
access to the information.
So is their an alternative? Well, two states have enacted laws that say
that, and those states are Minnesota and California, that employers may obtain
access only to medical information that is job related and bears on the current
ability of the individual to perform essential job related functions. This is
the standard for current employees but what California and Minnesota have done
is they have now applied that to all stages of the employment relationship.
Notice that in attempting to regulate the flow of information the statues don’t
focus on genetic at all and therefore avoid that difficult definitional
problem, the assumption being that in virtually every situation genetic
information about future risks will not be job related and therefore if we
restrict the information only to job related matters you’ve now washed out the
But here is the problem, even in states such as California and Minnesota
there is currently no technologically or economically feasible way to separate
job related from non-job related health information and I would add
parenthetically genetic from non-genetic information and therefore health care
providers routinely send everything even where hospitals and other providers
get requests for limited information if it’s not easily segregated, that is can
you send me Joe’s records from the last year, they send everything because it
would take hours of time, be very expensive, and cause a nationwide white out
shortage if the hospitals were in the position of having to redact medical
records before they sent them to insurers and employers.
However we have a unique opportunity I think at this point, electronic
health record architecture could be developed to facilitate this limited
access, that is you can’t do it feasibly with a paper record but with an
electronic record if it were designed with enough fields built in so you could
isolate diagnoses, isolate the nature of the service provider, isolate the
nature of the services provided, etc., it would be difficult but it can be done
I think, having talked to a variety of health informatics people, if you could
create such a record you could promote a system where limited access were
feasible. However, there are no efforts underway either within the department
or at other institutions that I’m aware of.
Health insurance I’ll just go through very briefly, we’re not going to talk
about health insurance in today’s hearing but it certainly has been a fertile
area of legislation. Since 1990 at least 43 states have enacted laws
prohibiting genetic discrimination in health insurance, they don’t apply to
employer sponsored group health plans where 85 to 90 percent of people get
their coverage. Fortunately another provision of HIPAA does, that regulates a
group health insurance offered through employers, and the reason that state
genetic nondiscrimination laws in health insurance are ineffective is that they
apply only to people who are asymptomatic.
So if you apply for an individual life, sorry, an individual health
insurance policy, and you have a genetic test that shows you’re at increased
risk of breast cancer or colon cancer or something in the future, it’s unlawful
in those 43 states to deny you an individual health insurance policy. But six
months from now or next year when you get breast cancer or colon cancer or
whatever that condition was depending on state law they may be able to deny
renewal of your policy, or to increase your rates to rates that are no longer
So the issue then becomes well why should we focus on genetics, should they
be able to deny coverage to anyone who is in bad health or at a high risk? And
the question soon becomes it’s not an insurance issue, it’s not a genetics
issue, it’s a health care system issue, who should have a right of access to
health care. And I think that prohibiting commercial health insurers from
“discriminating” against individuals who are sick or more likely to
get sick would change the nature of health insurance and it would no longer be
insurance, it would be some sort of privately administered entitlement program
or privately administered group insurance scheme, which may be defensible but
it’s not certainly possible within our current framework.
So I have the following four conclusions for you. Number one, HIPAA
established security and fair health information practices to protect against
unauthorized access to health information. Number two, measures to prohibit
genetic discrimination are ineffective because they focus on procedural matters
rather then substantive issues such as the relative right of employers and
employees and the right of access to health insurance. Number three, there can
be no effective protection of health privacy and confidentiality without
focusing on the compelled authorized access to health information. And number
four, measures to limit third party access to certain health information could
be embedded in new electronic health records but no efforts are being taken at
the moment to do so.
So I thank you for your indulgence and I think that perhaps you might have a
question or two later.
DR. HARDING: We will and after each presentation we’ll have a period of open
discussion and questions and I’m looking forward to that.
The next speaker is Professor Sonia Suter, welcome, from George Washington
MS. SUTER: Thank you. Good morning, thank you for inviting me to testify
today. I think the NCVHS and the Privacy Subcommittee have addressed a number
of important issues and I’m pleased to be part of your discussion today about
third party disclosure or access to health information and I’m going to be
focusing on issues in the genetics context.
Let me give you some background, let me start with an overview of what I
want to talk about today. I want to briefly tell you about my background and
why it is that I’m focusing on genetics issues. I’ll talk briefly about the
value of privacy and some general approaches to protecting personal
information. And then I’m going to be focusing on some of what Professor
Rothstein addressed just a moment ago about concerns of third parties tying
benefits to the authorized release of health information using genetics as a
case study to describe some of the actual harmful health effects that result
from the ability of third parties to retrieve this information. And then I’ll
conclude by describing some of the legislative approaches and needs for further
My interest in genetics comes from the fact that I did graduate work in
human genetics in the research context and then I moved over to clinical
genetics as a genetic counsel, so I worked with obstetric and pediatric
patients in genetics. Just as I was leaving genetic counseling late onset
genetic testing was becoming increasingly possible, that is testing for
conditions that will develop later in life and this is where people have become
extremely concerned about genetic discrimination where are currently healthy
but have an increased risk of some genetic disease. So when I became a law
professor I had the opportunity to look at these issues from the ethical and
legal perspective in my writings on genetics and the law and bioethics.
Now why is health information privacy important? As Professor Rothstein
noted there’s intrinsic value and what he calls consequential or extrinsic
value. I described intrinsic value as honoring the ability to control
information or access to oneself, autonomy interests, and it’s based on the
idea of respecting the individual. But there’s also extrinsic value and I’ll be
looking at this more closely shortly, it protects, or at least we hope it
protects against discrimination and Professor Rothstein is right to point out
that there are a number of definitions of discrimination and I don’t tell
attempt in this talk to narrow my definition here but uses of the information
that we find problematic. It an build trust in the medical relationship and
increase patient care, and it encourages participation in research.
Now there are some general approaches to protecting personal information.
The first one that I think most people think of as privacy protections is to
protect against unauthorized access to ones information. But I think we’re also
concerned about protecting against particular uses and our particular users of
our health information, what I call nondiscrimination. The benefits of the
privacy approach is that it honors this control that we see in privacy, it
gives people at least theoretically the opportunity to decide who will receive
their information and under what circumstances. So it theoretically keeps
information from getting in the wrong hands as defined by the possessor of this
information. Nondiscrimination protections can focus on the harms that we
really worry about and so we can draft laws defining discrimination in the ways
that we see fit.
But there are limitations to these two approaches, both of the approaches
together or individually do not prevent third parties as Professor Rothstein
pointed out from making disclosure of information a condition of some benefit
so an insurer could say there may be laws against my discriminating based on
your genetic information and there may be requirements that you authorize my
access to your information. But please hand it over anyway as a condition of
your receiving insurance coverage, I know I can’t discriminate but sign the
Now the concerns regarding this compulsory disclosure are several, there’s
the concern that it becomes coercive, that we really don’t have the full
control over our information that the privacy statutes supposedly give us.
There’s another concern that once these third parties have this information
it’s hard to prove whether they’re using the information for discriminatory
purposes or not. So perhaps they decide that they’re not going to cover certain
kinds of medication treatments and they say no it’s not because we saw that you
were at risk of Huntington’s Disease, that’s just our policy, how do you prove
that it was actually a discriminatory use of the information.
What I’m going to focus on primarily today though is the negative effects
that this third party access can have in the area of individual health care,
research, and public health. I want to point out although I’m focusing on
genetics that our concerns regarding third party access to information cover a
broad spectrum of health information, cancer, HIV/AIDS, sexually transmitted
diseases, mental health information, reproductive health history, etc. I’m
focusing on genetics information today though as one example of sensitive
There’s been a great deal that’s been written on why genetic information is
so sensitive, it’s predictive, it can tell us about people’s increased risks to
inherited forms of cancer, to various neurological diseases, etc. It can be
stigmatizing, people may choose not to marry somebody because of their
increased risks of various diseases, and of course it can be the basis of
discrimination by employers, insurers, adoption agencies, financial
Genetic information is also uniquely personal, the genetic information that
each of us possesses is unique to each one of us and it’s information that
people think is highly personal whether or not it will be used as a basis of
discrimination. It’s also identifying information, we can use genetic tests to
identify tissue samples from one person as opposed to another. And it reveals
information about family members because we share much of our genetic
information with our blood relatives.
Now what are the concerns regarding third party access to genetic
information? One is, one of the primary concerns is the fear of discrimination
in this area and there are a lot of reasons why people are so concerned about
genetic discrimination. We have an unfortunate history of abuses in the area of
genetics, there was a strong eugenics movement in this country and in others.
Even in the ‘70s there was discrimination based on sickle cell testing,
and several studies beginning in the early ‘90s have suggested that there
are incidents of genetic discrimination today and the studies have focused
primarily on the employment and insurance context. AS a result of these studies
there’s been a great deal of media attention to genetic discrimination and the
popular culture reflects our fears in movies like GATTACA.
The data suggests that the fear of discrimination, that the risks of
discrimination have affected individual health care, research, and public
health. Before I tell you about the details there let me give you some
background about the studies on genetic discrimination. Probably the seminal
study and the one most widely cited is a study that was conducted by Dr.
Billings and others, Dr. Billings will be testifying later today, and in this
study they solicited responses from over 1,000 genetics professionals and
genetic disease associations. And after soliciting responses they found and
documented 32 incidents of employment discrimination and seven incidents of
insurance discrimination. And some of the incidents were rather unfortunate and
disturbing to the public and received a great deal of attention by the media.
A study four years later surveyed a number of individuals at risk for
genetic conditions and out of 917 responses found 455 cases of discrimination.
Another study interviewed or surveyed members of genetic support groups and
found that either the respondents or family members had experienced a fairly
high incidence of discrimination, 25 percent were denied life insurance, 22
percent were denied health insurance, and 13 percent were denied or lost
Now there have been other studies that suggest that genetic discrimination
is not so prevalent. One study found that only seven out of over 2,000 surveyed
employers actually conducted genetic tests. Of course this doesn’t tell us
whether they’re using genetic information from other sources for employment
One of the most rigorous recent studies is a study conducted by Mark Hall in
which he interested genetic counselors, insurance agents, insurance regulators,
and insurers themselves and found that although many people had heard about
genetic discrimination they couldn’t actually describe actual incidents of
genetic discrimination in health insurance and he concluded that there was
actually very little or non-existent discrimination in this context.
Now the studies that suggested genetic discrimination was so prevalent have
been criticized as not necessarily giving us a very good understanding of how
prevalent genetic discrimination actually is. Many of the accounts are
anecdotal, the results depend on self reporting, the sampling is not random,
and there is often a very small response rate. There’s also differing
definitions of what we mean by genetic discrimination. Are we discriminating
based on pre-symptomatic genetic information, in other words a genetic test
result that indicates that somebody is at an increased risk of a disease that
they don’t yet have, or does genetic discrimination mean discrimination based
on susceptibility to a disease as well as actually having a genetic disease.
And this is where we have to come to some agreement about whether we think both
kinds of discrimination are problematic or just one of them.
But whether or not genetic discrimination is prevalent today I think it’s
fair to say that it’s a very real and potential risk in the future. One study
showed that most surveyed life insurance companies are interested in knowing
about genetic testing results and I think most life insurers would want to know
the results of genetic tests that an individual applicant has taken. Most
insurance commissioners thought that insurers had a right to request genetic
tests and I’m sure that most insurers would also believe they had a right to
Health insurers, a significant number of them, half to two thirds in
Professor Hall’s study said that they would like to use predictive genetic
information if they were allowed to. And I think his last finding is probably
the most important one, many health insurers believe genetic information will
be more precise and therefore relevant to underwriting in the future.
So I think we can conclude that as the cost of genetic tests decrease and as
their accuracy increases third party interest in genetic tests will increase.
How big a concern discrimination will be in the future we don’t know but the
interest will increase.
What I think is most important is the public perception, whether
discrimination is rampant today or will be in the future, the public strongly
perceives it to be a real risk and this has affected the public’s behavior in
important ways. There is a great deal of fear of third party access to genetic
information, a majority of individuals want to prevent insurers from accessing
their genetic information. 75 percent of polled Americans wanted to prevent
this access and 83 percent of members of genetic support groups did not want
insurers to access their genetic information. The desire to prevent employer
access to genetic information is even greater, 85 percent of polled Americans
and 87 percent of surveyed support group members.
What is interesting is that there is not only a desire to avoid access but
there have been cases of actual refusal to disclose this information to third
parties. So 18 percent of genetic support group members refuse to reveal
genetic information to insurers and 17 percent refuse to reveal that
information to their employers.
In the area of genetic research because of these concerns we’ve seen some
real effects. Francis Collins has testified that nearly one third of women at
high risk for breast cancer or ovarian cancer refused to participate in a
genetic study and other researchers have had this experience. Because of
concerns of discrimination researchers often warn participants not to share
their genetic test results with their physicians and/or to keep the genetic
test results out of their medical record.
But I think what concerns people the most is how fears of discrimination may
lead to people refusing to actually undergo genetic testing. Now I want to
begin by emphasizing that genetic testing is not always appropriate for
everyone, we don’t necessarily want the entire population to undergo genetic
testing even if at risk for an inherited condition. Whether or not to undergo
genetic testing should be an informed decision by the individual based on their
personal values but I think we would hope that the decision isn’t based on
fears of discrimination but based on other, based on personal values.
Now there’s strong evidence that there’s a theoretical refusal to undergo
genetic testing, one study found that 63 percent of individuals probably or
definitely would not undergo genetic testing if third parties could access
their results. But what’s even more troubling are the data suggesting that
there is actual refusal to undergo genetic testing. One study found that nine
percent of surveyed genetic support group members actually refused genetic
testing for fear of discrimination. Another study and anecdotal accounts have
shown that roughly one third of people offered testing, these are at risk
individuals for colon or breast cancer, refused again for fear of
Another study found that 43 percent of women at risk for inherited breast
cancer refused genetic testing. Now there are many good reasons why they may
refuse that testing but the unfortunate data is that 84 percent of the refusals
were based on fears of discrimination which are not the reasons we want people
to be refusing testing.
Even more troubling is that some individuals are refusing the actual genetic
counseling let alone testing for fear of health insurance discrimination. One
study found that it was the most prevalent reason to avoid cancer genetic
counseling services. And this is disturbing because it means people aren’t even
getting in the door to talk to genetic counselors about the benefits and risks
of genetic testing, they’re not even getting the important information to make
It’s interesting to look at the attitudes of genetic professionals. We see a
fairly high percentage of genetic professionals who would actually like to have
genetic testing for inherited cancers, 85 percent would be tested if at risk
for breast cancer and 91 percent for colon cancer, not surprising since they’re
in a profession that offers genetic testing. But what is interesting is that 68
percent wouldn’t want to bill their charges to their insurer for fear of
discrimination and 26 percent would want to use an alias. Although 82 percent
would share their results with physicians many of them would not want their
results recorded in their medical record.
One interesting approach to this problem has been anonymous testing and
there are differing percentages of patients who are interested in anonymous
testing. One center in Cleveland that offers anonymous testing found that one
in five patients who were seeking testing for Huntington’s Disease, late onset
neurological disease, wanted to do so anonymously. Another clinic that does not
offer anonymous genetic testing found that only four percent of patients
requested such testing. And my genetic counseling friends who work in the area
of adult genetics find that there are frequently requests to use aliases when
undergoing genetic testing.
Some people have suggested that anonymous testing is a good way for dealing
with concerns about third party access to genetic information but there are
concerns. A number of genetic counselors think that it inhibits good genetic
counseling. Genetic counseling involves not only getting test results from an
individual but collecting a wealth of information about the individual and
their family history, it requires reviewing medical records of the patient and
medical records of family members. It also requires a confirmation of diagnosis
in affected family members. And if counselors are trying to anonymize all of
the records it becomes next to impossible to get all of this data.
Professor Rothstein has suggested that anonymous testing encourages fraud
because it implicitly suggests to patients come on in, we’ll give you the
information, but let’s keep it hidden so that you can then lie to your insurer
if they ask if you’ve ever had genetic testing. That’s not necessarily what’s
intended but there is that possibility of that implicit message.
There’s also a concern that it limits testing to those with the financial
resources, obviously your insurer is not going to be paying for your tests if
you’re doing so anonymously and only the most wealthy can afford tests that can
be fairly expensive.
So the summary of the effects of fears of third party access to genetic
information. There are a number of effects with respect to individual health
care. Physicians may not have full information to offer proper care to patients
if patients don’t disclose results. Obviously if people aren’t getting tested
for conditions for which there’s some kind of preventive measure, for various
cancers for example, then it’s difficult to prevent or ameliorate disease, that
can lead to premature death. There’s also a concern that family members may not
learn about their own risks and therefore may not get the counseling and
testing that they would seek.
And we worry about patients not getting counseling in the first place
because they don’t learn about the risks that they face and what their options
are. If people aren’t participating in research obviously there’s effects on
research, we may not be able to study certain diseases if there aren’t enough
participants, and we may end up with potentially skewed data. There are public
health effects as well, not only populations may be represented in studies, the
Ashkenazi Jewish population has expressed a great deal of concern about
discrimination against their ethic group because there have been findings that
a number of mutations are associated with that population. If they don’t
participate in research we don’t have well represented data. Poor data effect
our ability to educate the population and obviously if a lot of people are not
getting adequate health care that’s a public health concern.
So the solution is to protect authorization of access to information, to
require authorization, to protect against particular uses of information,
nondiscrimination, and to prohibit benefits from being conditioned on the
receipt of genetic information.
Since I’m short on time I will briefly go over the state legislation,
Professor Rothstein pointed out that we have privacy legislation in 29 states
and nondiscrimination in 32 states in the employment context and in different
numbers with respect to health insurance, life insurance, disability and long
term care. But some of the states are trying to prohibit this third party
collection by not allowing employers or insurers to actually request the
genetic information or to require the genetic information or to perform genetic
tests. This is one way of trying to deal with that third prong of protection.
Federal law, we still don’t have federal law in genetics and we have the
HIPAA privacy rules which cover a few aspects of genetic discrimination. So the
goal here is uniform federal prohibitions of unauthorized access to health
information, we have that to some extent with HIPAA. To have uniform federal
prohibitions of discriminatory uses of health information, however we define
that. And this is a bit too broad but prohibitions against compulsory
disclosure of health information by third parties as a condition of benefits.
That obviously needs to be nuanced because third parties will need some amount
of information but I think this is a goal that we should be working toward in
the legislation area.
DR. HARDING: Thank you very much. For those on the internet we are running
about 15 minutes behind, this panel will be concluding at 10:15 and then the
next panel beginning at 10:30, 15 minutes later then was in the original
We’re pleased to have Professor Swire back with the National Committee on
Vital and Health Statistics after a several year hiatus, we’re delighted that
you’re here and look forward to your presentation. Thank you Professor Swire.
MR. SWIRE: Good morning and thank you for that welcome. Just one comment on
Professor Suter’s presentation, one place that pulls together a lot of
information on the benefits of health privacy and confidentiality including
getting people into the health system is in the proposed and final HIPAA rule,
there was a regulatory impact analysis which is quite lengthy, over 100 pages,
and it has quite a bit of data on that subject.
I’m going to be focusing on the topic that Professor Rothstein asked me to
focus on, which is the sharing of medical records pursuant to an authorization.
In my talk I’ll briefly describe my background and I’ll discuss the history of
HIPAA as it relates to these authorizations. I’ll talk about what I’m
describing as the non-coercion rule in the HIPAA privacy rule for providers and
other covered entities and point out that there’s no similar rule for other
entities such as employers or insurers. And then at the end I’ll talk a little
bit about the FACT Act which has a series of new non-coercion provisions that
apply to financial institutions and might prove helpful as we’re considering
more broadly how to use medical data.
Today’s themes, I have three themes, a great deal of the sharing with third
parties with an authorization are to third parties who are not covered
entities, and for these non-covered entities the HIPAA process simply didn’t
address what public policy is appropriate where an authorization exists, it
wasn’t part of the HIPAA, that lengthy HIPAA process that many of you
participated in. And so this committee has an important role to play in
addressing the public policy issues about sharing with third parties pursuant
to an authorization.
My background includes the fact that from 1999 to the beginning of 2001 I
was the chief counselor for privacy in the Office of Management Budget. In that
role I had the great pleasure some days of being a coordinator for the proposed
HIPAA privacy rule in 1999 for the final rule that issued in 2000, in December
of 2000. Many of you know that Gary Claxton was my counterpart within HHS as we
were working so hard on this rule.
I’m currently a professor at the Moritz College of Law at the Ohio State
University, I live here in the D.C. area and a director of the D.C. program,
internship program, and we’re always looking for internships for students for
the summer, so volunteers are welcome. Since 2001 I’ve also been a consultant
in the law firm of Morrison & Forster working quite a bit on practical
client issues connected to health information and so have that government
perspective, academic and practical perspective. I’ve also worked quite a bit
with the Markle Foundation on their Connecting for Health initiative, testified
in front of part of this committee in connection with that, and that involves
electronic medical records that go beyond the payment records that are most
focused on in HIPAA.
So let’s look at the history of HIPAA as it applies to these authorization
because as Professor Rothstein said there’s certain things included and certain
things not included and the history helps explain why. Back in ’96 it wasn’t
called HIPAA with two PPs or two AAs, however you spell it, it was called the
Kennedy-Kassebaum bill. And this was a very high profile bill that was all
about preexisting medical conditions and whether or not if you had a problem
like that you could move to a new job. And that was about 99.5 percent of the
public debate that year.
And industry during the political debate said gee, this is an unfunded
mandate, it’s expensive on us, we’re industry, we’re going to have to hire all
these people who are going to cost us money in the health insurance system,
please Congress give us something good. And Congress tried to give them
something good, they gave them the transaction and code set rule. And that was
good because there were literally thousands of payment formats for people
passing around payment information and today that’s been reduced to fewer then
ten, which is really good, I’ve worked with clients who had over 2,000 payment
formats in the old days and it’s a whole lot easier to run their systems today
in many respects.
But then Congress and various people said if we’re going to make medication
transactions become electronic for all these payment purposes, all these
transactions, all these electronic records are going to be zipping around, what
about privacy, what about security, we ought to do that too. And that’s how
HIPAA privacy happened, it was preexisting conditions who became transaction
and code set which became security and privacy with relatively little idea of
what the HIPAA privacy rule would become.
So where did HIPAA privacy come from? Well, Congress had tried going back to
the ‘70s to write a medical privacy statute and in 1996 they tried to
write the statute and they didn’t come close. So they set themselves a deadline
because we know deadlines force action, and the deadline said Congress has to
write medical privacy law by August 1999 or else horror of horrors HHS is going
to have to do it for them. And of course there’s a political dimension because
you had a Republican Congress that was going to have Democrats write a rule.
But even with that enormous carrot in front of the Congress they couldn’t pass
a law, it was very contentious in Congress and not even a subcommittee passed a
medical privacy statute so HHS was given the job of writing the rule.
The proposed privacy rule came out in October 1999, just two months after
HHS had the power to work in this area. There was a moderate amount of public
comments, 52,000 rolled in by February, and that reflects the fact that this is
a bid deal, it was 14 percent, my latest figures show 15 percent of gross
domestic product involved in health care, there are many, many, many
stakeholders and so as we were trying to write this privacy rule we were trying
to have a workable regime, and that’s important to how the authorizations part
came out. There was a 70 person team from 15 agencies to review those comments
and respond to them, a final rule issue in December of 2000.
That winter in 2001 there were calls to cancel the rule, there were lots of
additional comments on whether to do that, 24,000, and then to many people’s
surprise President Bush in a White House meeting overruled from my
understanding Secretary Thompson and also his own staff and decided to keep the
HIPAA privacy rule. That led to the August 2002 revised final rule, there were
not important changes in authorizations, the topic that I’m talking about,
there were changes on marketing some other issues, but much of the HIPAA
privacy rule went into effect in April 2003.
Okay, so the focus today is what I’m calling the non-coercion rule, coercion
in connection, requirements in connection with authorizations, so outside of
the this scope are all the section 512 disclosures in HIPAA, such as research
and law enforcement, they don’t require the same kind of authorizations, that’s
not our topic.
The general rule for our topic is if there’s a valid HIPAA authorization
with all the right magic words in it that permits disclosure to third parties
and the data flows from the covered entities out to the rest of the world with
that authorization. But section 508(a)(4) of the HIPAA privacy rule, this
non-coercion rule is what I’m going to call it today, does exist with respect
to covered entities and authorizations.
And here’s what it says, it says a covered entity may not condition the
provision to an individual of treatment, payment, etc., cannot condition that
on the provision of an authorization. And here’s the logic, here’s the easy
sell politically, so you have the patient who’s being rolled in on the gurney
to the ER and the person is saying sure, we’ll treat you, but just sign this
form that lets us use your information for marketing and all other purposes.
And there was some idea that that wasn’t a truly voluntary moment, right, by
the individual, they’re being rolled in on the gurney, they’re in pain, they
want to get health care but no, no, no, let us market to you for the rest of
your natural life with all your health care records. And so with that as the
sort of vivid image we have this rule, covered entities can’t condition these
things on getting an authorization.
Now this provision in my experience has been widely accepted and has not
been controversial, I have not seen calls to repeal this, this has been just
part of the woodwork, part of HIPAA. Maybe some of you have seen otherwise but
basically you can’t condition treatment and payment, etc.
One reason it hasn’t been controversial is that there’s some important
exceptions in the HIPAA rule, so if you’re going to participate in a clinical
research trial then the data can be used for research, otherwise it doesn’t
really make sense to get into that trial. There’s an important exception for
eligibility for a health plan that’s somewhat complicated but basically
enrollment for a health plan has not been taken over by this non-coercion
provision. If protected health information is created specifically for a third
party, like a fitness exam for an employer, then it can be given to that third
party. And these illustrate I think, these exceptions illustrate the need for
practical exceptions that have to be thought about where we should permit the
authorization to be required, there’s some instances where the thing only makes
sense with an authorization and disclosure to third party and so there’s work
to be done if we’re going to do the substantive job to think about the
What’s the scope of this rule, the section 508 rule? As all of you HIPAA
aficionados know it applies only to covered entities. Why is that? Because the
statute applies only to covered entities, that was the group that could be
governed by the privacy rule, if HHS had tried to go broader then that it would
have been a simple result, it would have been struck down in the court of
appeals. And so in order to have an effective legal rule it applies to covered
entities with a little business associates on the side.
So the implication for today’s talk is HIPAA didn’t consider whether these
authorizations should be enough for employers or for insurers. There was no
real policy process to date about what is good policy for these other
recipients that get it subject to an authorization, it wasn’t part of the HIPAA
Briefly on employers, HIPAA allows an employer to condition employment on
giving authorization, there’s nothing in HIPAA that limits the employer saying
give me all your medical records or you’re fired. And that’s because we didn’t
have any statutory authority in HIPAA to talk about employers.
Now in California, I said I am told because I didn’t go and do the good
legal research but Professor Rothstein has done it fortunately, there’s
stricter state laws in Minnesota and California. Importantly in the European
Union it’s pretty much a blanket rule that employment relationships it’s not
considered voluntary, if you’re an employer in Europe and you say give up your
privacy so that I can see these records the basic rule for the data protection
regime is that’s not voluntary, you can’t condition the employment relationship
on giving up privacy, including for instance in France emails that you do at
work cannot typically be looked at by employer for many purposes. And so many
people I think would agree it’s not really voluntary when the employer tells
employees they must turn over their medical records, let’s say every week, as a
condition of employment.
Now when we think about coercion and employers I think employers do have
legitimate interests in testing for fitness for duty, can this worker lift this
weight, are they going to be harmed, are they going to be able to effectively
do the job. The easiest thing to think of, somebody has to lift 75 pound
packages, can they left them. But there’s a possible distinction, the
distinction that’s in the California and Minnesota laws, could lead to limits
on authorizations that go beyond the scope of what the employers need for
fitness or other important workplace purposes. Basically if you need it to run
the employment place then you get it, if you don’t you don’t get it, that’s the
basic distinction that I think the law would push to if you’re going to
regulate in this area.
Now let me talk about another place where this is currently, this
non-coercion idea is currently being hotly fought here in this very town, but
where probably most of the people here haven’t been watching as much. So the
Fair Credit Report Act was updated in 2003, it’s called the FACT Act. They had
a nice acronym but I forget it at the moment but these are facts in your credit
histories, wonderful town. Anyway, section 411 of the FACT Act prohibits
obtaining or using medication information in connection with the granting of
credit. This is a very broad very strict as written rule that prohibits
obtaining or using medical information in connection with the granting of
credit broadly understood. Even an authorization by an individual borrower is
not good enough and this is a version of the non-coercion rule, it’s a federal
Based on my participation with the Hill and agency staff that this has been
going through, here’s the rational, here’s what happened, use this kind of
information so that’s why it was okay to prohibit such a use. And there was a
political consensus that medical data shouldn’t be used for financial
underwriting, so that was our sort of good government, everyone sort of had
consensus that we shouldn’t do this.
Now what I want to say in a theme in all of these things is there’s a need
for exceptions, if you’re going to prohibit authorizations sometimes I think
you’re going to need them. And in practice a flat prohibition raises important
problems, here’s one example that’s being debated right now by the federal
regulatory agencies, the financial agencies. What about a lender who wants to
finance elective surgery, $2,000, $5,000, $10,000 dollars or whatever, so if
I’m a lender I’m going to make the loan. Well, I’d like to find out as part of
that whether the surgery was ever performed. Right, that’s just like an
important anti-fraud thing, otherwise I’m writing this $10,000 dollar check to
the borrower and I don’t know if they used it for it or whether they’re taking
it to go off on a vacation somewhere. Well, that is getting medication
information in the provision of credit under the plain terms of the fact that
that’s prohibited. So the agencies are trying to write a reg right now that
will allow it when it makes sense but not allow it otherwise.
There was a Federal Register Notice of Proposed Rule in April 28, 2004, the
agencies are still stuck on this and what other exceptions to do and they’re
fighting it out.
Okay, my concluding thoughts, sort of charge to the committee or ideas for
you to think about what to do here. Do not assume that the HIPAA policy
process, all those endless meetings, do not assume that the HIPAA policy
process worked out the issues of when an authorization is good enough. The
HIPAA provision only applies to HIPAA covered entities so when it talks about
disclosure to everyone else we didn’t have those debates, we didn’t have all
the stakeholders in the room and nuanced discussions of what to do. There’s
been no systematic process to date to consider other situations where
authorizations are good enough or not good enough. When they’re not covered
entities we just haven’t had those discussions. There’s been the genetic issues
that Professor Suter has talked about, there’s the FACT Act for some of these
lending sorts of things, but as a general matter we haven’t had the public
There likely are additional situations where the authorization isn’t really
voluntary, probably a lot of workplace settings is not really voluntary in the
eyes of most of the people who participate there. And I think it’s an important
thing to look for those situations and I commend Professor Rothstein for
helping get this debate going.
I would say it’s important to recognize the need for practical exceptions.
There’s at least two important reasons to do the homework on the exception
side. One reason is it’s good government policy, right, there’s some things
like having lending for the surgery where you want to have the data flow. And
the second is if you don’t have the exceptions there’s a simple prediction of
what will happen, the rule will never become law, all the people who need to
have, who have practical reasons to use the data for valid things will stop it
in the lobbying process. So for good government and for practical politics
reasons figure out the exceptions and figure out when the authorizations are
good or not good.
And that’s the importance of today’s hearing and your continuing work and I
thank you for asking me to come speak with you.
DR. HARDING: Thank you very much all three for excellent testimony and we
have some time for questions and comments and we’ll start with Mr. Houston.
MR. HOUSTON: Thank you very much. I thought this was very interesting and I
think as genetic testing becomes more mainstream and important in the diagnosis
and treatment of individuals I think the whole issue of how do you deal with
the privacy of information and how do you deal with information, well, the use
of genetic information and anonymization even of data is going to be more of a
sticky issue. Obviously if you take out the individual identifiers out of a
medical record today, the record is anonymized, I think now that we have
genetic information and as testing becomes more and more commonplace how do you
de-identify that information also but that’s sort of a topic for another day.
I do have a couple of questions though and I guess the first one is as it
relates to insurance. I have a fundamental problem insofar as an individual has
the right to decide whether he or she wants to pursue getting insurance or at
least, well, health insurance obviously is very important but just say we limit
the discussion to life insurance. And if somebody has a genetic condition that
predisposes them to die at an early age will they be more likely to pursue
getting life insurance because they know that they’re going to likely die at an
early age. And isn’t it then fair for the insurance companies to say if there’s
a, if people are more likely to pursue insurance if they know they’re going to
die early shouldn’t we have some right to know that information, that’s really
my first question.
And my second question is have there ever been any studies that indicate
that there is actually some impact on the workforce when employers do do
pre-employment screenings? Is there any outcome? Is the workforce then an
employer who does pre-employment screenings, medical screenings, is that
workforce a better workforce versus one where the employers just simply decided
to forego medical screening? I mean is there any impact actually in the
workforce and is that sort of a non-issue for that? Or is it an issue?
MR. ROTHSTEIN: Let me see if I can answer your questions, the first one on
insurance, it’s very important to distinguish the different types of insurance
products because the method of underwriting and the social impact of those
product lines are quite different. So you need to separate health, life,
disability, long term care, etc., etc. Now your question in the life insurance
context is a legitimate one and there have been many studies on the issue of
what might happen if individuals knew they were at higher risk, would they go
out and buy life insurance policies or increase the amounts and so on. And in
fact I have a book that I would commend for your reading on the issue of
genetics and life insurance. But the answer to your question is yes, of course
life insurance companies have an interest based on the way our current system
works. Now there are other life insurance models in other countries but the way
our current life insurance system is structured where it is mostly an
individual product they would have an interest in obtaining this information
but it’s much more complicated then that. And we do have a panel this afternoon
on life insurance where we have some experts from the industry who can address
The other part that you asked has to do with employment and medical
examinations by companies tend to depend on two factors, the size of the
company, larger companies are more likely to do them, and the type of work
involved, whether it’s hazardous exposure or strenuous work. Even some large,
and some large employers are required by law to give medical examinations, if
you think of transportation employees and so forth, but in other industries
it’s interesting, there have been studies showing that not using medical
screening is just as effective, or using a questionnaire, as conducting medical
examinations in certain industries. But it’s been a tradition and it’s just
MS. SUTER: Can I follow up? In the context of life insurance I think you’re
right, the public doesn’t view it quite the same way as health insurance and so
you see a lot less legislation prohibiting life insurance discrimination and as
I rushed through my last slides I didn’t point out that although there’s 16
states prohibiting life insurance discrimination in the context of genetics
seven of the states allow discrimination if actuarially justified. So getting
to what we mean by discrimination they’re saying you can make distinctions as
long as there’s an actuarial basis. Not everybody wants that, some people think
it should be used at all, and that gets to as Professor Rothstein pointed out
how we construe life insurance and its purpose. Is it a right, is it a
necessity, is it a luxury?
And I think one approach to take would be to say that small amounts of life
insurance maybe if not a necessity something very valuable and important to
people, but if you’re looking for huge policies maybe we do want some
actuarially based underwriting. You can make distinctions on that basis. But
it’s obviously a big policy issue of what we mean by life insurance and what
its goals should be.
MR. SWIRE: Just two sentences. When HIV was a newly emerging disease there
was a big issue of whether people could buy, who had been diagnosed with HIV
could buy life insurance. And the risk of adverse selection is enormous there
and eventually after there was some legislation I think in D.C. passed that
would allow it for a while, I think all that legislation got repealed because
it was just too expensive to the system.
DR. HARDING: Mr. Blair.
MR. BLAIR: Are we, I thought I recalled some years back when there was the
NPRM for privacy regs that it was still possible for an employer to go to the
medication information bureau of the insurance companies, or let’s put it this
way, to request, let me back up a sec. I’m trying to find out if we still have
this exposure where someone would go to a company that’s about to employ them
and the employer would be able to say well, you’re going to be covered by our
health care insurance but before I employ you I want to check with medication
information bureau to see if you have a preexisting condition and while the
insurance companies and the medication information bureau couldn’t release the
medical records they could indicate to the perspective employer that if you
hire this individual it would affect, it would raise your group insurance rates
which effectively is a way of achieving the same purpose, alerting the employer
that there is a health problem with that particular individual. Is that still,
is this situation still an exposure for an individual?
MR. ROTHSTEIN: Well, Jeff, it never was an exposure because the medical
information bureau is made up of insurance companies and they do not share that
information with employers at all, it’s only used for deciding the insurability
of people who apply for insurance. Now before the ADA was enacted employers
could use other kinds of sources to get information, not the MIB but other
sources to try to predict whether somebody would be a high cost user and now
that’s illegal under the ADA.
That’s why the ADA’s provision is so sort of strange, after a conditional
offer of employment an employer can get comprehensive unlimited medical
information about individuals but if the employer revokes one of these
conditional offers of employment it’s illegal if the reason is for a non-job
related medical reason. So the only legitimate reasons that an employer may
withdraw this conditional offer of employment are one, it has nothing to do
with medical at all, it’s we’ve had a business down turn in the last two weeks
or we had somebody better apply and we’re revoking your offer, or there is a
job related medical reason, your records demonstrate that you’re going to die
if you are exposed to this chemical because of some underlying condition you
have. Those are the only two legitimate reasons, you can’t refuse to hire
somebody because you make the prediction that they are a high cost user or that
they have even a family member who is going to be a high cost user.
Now your observation about the group plans is correct, for employers who
purchase group plans you can’t raise, because of another provision of HIPAA
that we’re not usually concerned about, you can’t raise the rates of any
individual in an employer sponsored group but the insurer based on claims
experience could raise the rates for the group and therefore employers still
have an incentive, depending on the size of the company, to exclude high cost
users. But that’s illegal, at least since 1990.
MR. BLAIR: That is illegal now?
MR. ROTHSTEIN: It is illegal, yes.
DR. HARDING: I have a question, a little bit about the policy issues that
you all have raised. Whenever I speak on HIPAA I always ask people what does
the P stand for and they always say privacy, always —
MR. ROTHSTEIN: Is that the first P or the second P?
DR. HARDING: You’re implying that privacy received a little bit of
shortchange in the process and that it doesn’t —
MR. SWIRE: In ’96, there’s been some attention paid to is since.
DR. HARDING: Yes, yes, and we’re delighted with that but there are still
holes in that policy and that there are other issues that need to be addressed
such as non-covered entities and so forth. What are your general thoughts of
what you feel should happen at this time that would help the process? Or who
would be the people to do that? Or what are some, you all have obviously had
some thoughts about how to improve genetic protections and other protections,
what kinds of things would you recommend just in large brushstrokes here as we
MR. SWIRE: That could be the subject of a multi-day conference obviously,
how to redo health confidentiality broadly in the United States. I think that
part of the focus of today’s panel as I understood it is a pretty big chunk of
its own which is for all those third parties who aren’t covered entities are
there situations where these authorizations aren’t working well. And one big
candidate is whether on the employment side there ought to be national
standards that are closer to the California approach or the European approach.
Another possibility is that for genetics or for insurance in various ways
there’s places where the authorizations are given in too required a way and
lead to various bad results. I think in some ways those problems of non-covered
entities, certain kinds of insurance companies that aren’t HIPAA plans and
those employers would probably be the two places where I’ve heard the most
concerns, that it’s just outside the framework and needs attention.
MS. SUTER: But I do think that there needs to be an inclusion of other
possible third parties, I mean financial institutions might have interests,
schools, I mean really to bring the stakeholders together to talk about what
sorts of limitations, there’s going to be an interesting debate about this
because obviously they’re going to say that their need for a great deal of
information is great and the individuals are going to say it’s small and trying
to tease out those exceptions that I don’t allow for in my conclusions, I just
sort of broadly say there shouldn’t be this coercive access. But there are
going to be important exceptions and a policy debate that tries to sort also
what our goals are with insurance for example because deciding what policy
you’re going to have is going to depend on what you think the purpose of
insurance is, is it really insurance in the true sense of insurance or is it a
way to allow people to get access to health care, to life insurance or
whatever. So I think bringing in those third parties and thinking broadly about
how the third parties might be as this information becomes more useful to third
parties in the future.
MR. ROTHSTEIN: I think certainly the discussion all today, by the end of the
day I think we should have a clear idea that the HIPAA law and its privacy rule
really do not address the whole range of issues especially raised by these
compelled authorizations and the fix is very complicated as I tried to suggest,
it’s more then procedural, it goes to the essence of who has a right to X, Y,
or Z and on what basis is it going to be financed so that is clearly an issue.
There is then the question of assuming we wanted to fix it legislatively or
legally how would we do it, I think it’s an interesting question based on
Peter’s talk, should HHS be so inclined to incorporate in the privacy rule
amendments, some sort of FACT Act statement that you can’t have these
authorizations, arguably that’s beyond the statutory authority of HHS in the
current version of HIPAA, even if the agency were so inclined to do that.
So then the question becomes how are we going to do that and I want to make
clear that even in California and Minnesota where they have tried to limit in
the employment setting access by employers to non-job related information there
is a very practical problem involving health information and the form that it’s
in that at the least I think we ought to put on the agenda for the health
informatics initiative to make sure that whatever system we come up with has
the capacity to segregate information so that we can make limited disclosures.
DR. HARDING: Well, thank you, with that comment we will take a 15 minute
break, we’ll thank Professor Rothstein, Suter and Swire for their testimony and
look forward to the next panel on employment that will start at 10:30 this
morning. Thank you.
MR. ROTHSTEIN: Thank you, everyone, and welcome back, we are now prepared to
begin panel number two which is on the issue of employment and I want to
welcome all of our three speakers and we are very much looking forward to your
testimony and after each of you has an opportunity to give your remarks then we
will have a question period at the end. And for those of you who are listening
on the internet because of the way our schedule has been rearranged lunch will
begin at noon today.
So our first panel member is Mr. Lewis Maltby.
MR. MALTBY: Thank you, Mark. I’m Lou Maltby, president of the National
Workrights Institute. The Institute is a not for profit organization that is
focused exclusively on the expansion of human rights in the context of the
workplace, particularly the private sector. And that missions Institute, it
reflects my own somewhat strange history, I began life as a lawyer, that’s an
interesting comment, in 1972 as a public defender, wanted to be part of the
Warrencore(?) Revolution, burned out after four years when I realized I wasn’t
emotionally cut out to deal with that kind of human trauma, took what I thought
was a brief hiatus as the general counsel of what was then a small high tech
corporation, and 12 years later woke up to find that I was the executive vice
president as well as general counsel of what was now developing into a small
multi-nation, which I was the chair of the Japanese subsidiary.
Then turned 40, realized that as much as I liked being in this role what I
really liked was the HR job, the director of HR happened to report to me in our
convoluted corporate structure and I’d always been a civil libertarian and I
was challenged by the idea of how can we run a corporation that makes a buck at
the end of the year that doesn’t make me feel like I have to put a bag over my
head when I go to meetings for the American Civil Liberties Union Board of
And at that time I had been pushing the ACLU to expand its mandate to
include the workplace, I finally succeeded, not alone of course, they set up a
new department within the national office of civil liberties in the workplace
and then executive director Ira Glasser(?) came to me and said to me in
essence, well you got us into this mess, we do want to do this, we don’t want
to make fools of ourselves, do you know anybody who’s a good civil libertarian
that knows something about the world of private sector management, and I said I
thought you’d never ask, and I left the private sector to start up this new
venture for the ACLU which five years ago spun off to become the Institute. So
I happen to be the only civil rights lawyer that I know who spent most of his
adult life as an senior exec in the private sector, which has come in
exceedingly handy when it comes to trying to do what Peter says of thinking
about how to come up with the exceptions and the nuances that you have to have
to apply a good principle to the workplace and actually have it work in the
real world and I thank you for inviting me here today.
If we’re talking about the disclosure of medication information to third
parties, the workplace is the number one issue because that is the most common
source of disclosure for almost all of us. If you have a job bottom line is
your employer has if not your entire medical history at least something very
close to it. And that happens in two principle ways, the first is when you get
the job the majority of people who apply for a job today have to go through a
pre-employment medical examination, which doesn’t mean just a 15 minute visit
to the doctor, it also includes the review and disclosure of your entire
And the way that happens as Mark alluded to is this, once the employer has
made a conditional job offer it can and will insist that as a condition of
further consideration you have to sign a waiver that will authorize your doctor
or doctors as the case may be to disclose every single medical fact about you
since the day you were born if not conceived. It doesn’t have to be job
related, it doesn’t have to be arguably job related, the employer doesn’t even
claim it’s job related, everything comes out. Drug and alcohol, STD, abortions,
vasectomy, psychiatric treatment, every personal painful thing about your past
that you don’t want anybody to know, you might not have even told your best
friends, your boss is going to know. And as Mark said because we don’t have a
way of separating what’s job relevant from what’s not job relevant, even if
employers were trying to do it right, it wouldn’t work right.
And as if that weren’t bad enough we also have disclosure of medical
information in the claims administration process. Most employers today
including relatively small employers are at least partially self insured which
means employers are paying for some significant portion of your medical care.
Now in most employers that process isn’t handled in house, it’s a specialty
most people would subcontract to what’s called a third party administrator. But
eventually the TPA is going to come back to the employer and say we paid out
$100,000 dollars in claims please replenish the fund, and someone in the
employer is going to say okay, I’m sure that’s true, we have to verify this,
show me the claims you’ve paid, who did you pay this claim for and what was the
medical treatment that you paid for. Now everything that’s happened to you
pretty much since the day you were hired is in the hands of your employer.
Now to some extent that’s unavoidable and perhaps it wouldn’t be too bad if
the information stayed in the hands of the physician who looked at your
pre-employment history, ostensibly and probably truly to see if you could do
the job, and if the information stayed in the hands of the internal person in
the accounting or HR department who checked the TPA records to make sure.
There’s only two people involved or maybe a handful of people and perhaps
that’s not so bad. But it doesn’t stay there, that’s the problem. For one thing
these people are only human and if you find out that someone’s got an STD or
somebody had an abortion or somebody is being treated for depression because
their wife or their mother died it’s sad but true that people just gossip. And
they particular gossip if there’s nothing restraining them from gossip.
Now there may be some debate about this, Peter Swire gave me some
information literally as I was coming up that we should be talking about, but
it’s not clear that, it’s my view at least and Mark and I have also discussed
this, that there’s any law broken if this person who was reviewing the records
from the TPA happens to say something they shouldn’t say in a company cafeteria
the next day. And it does happen.
The other way information gets out, which I think is more of a concern, is
compelled disclosure. After all health care costs are high, employers are
desperate is not too strong a word to hold them down, and some senior
executives may very well walk into the TPA liaison’s office someday and say I
want to see where all that money went. And if they see if one particular
employee has cost the company $100,000 dollars because of cancer treatment,
heart surgery, organ transplant, or something else, the employer has a very
strong incentive to get rid of them.
I have been in corporate offices and seen that happen, I have seen high
senior level executives walk in and tell the TPA, or perhaps an occupational
health nurse or a physician who works for the company, I want to see the
records. And that employee who has the records is an employee at will, if they
don’t disclose the records they’re going to get fired. And what do you think
they do? They protect their job and they give up the records. It happens.
There was very moving testimony by an occupational nurse named Joanne
Gass(?) before a Senate committee not that long ago where she talked about
being an occupational health care nurse at a corporation, she had sensitive
information, a higher ranking executive came to her office and said I want to
see the records, give me the keys to the file cabinet, she said no, I can’t do
that, it’s against the code of ethics of my profession, they said give me the
keys or you’re fired, she didn’t give them the keys and she got fired. And if
you talk to the people, the occupational medical professions like the
occupational health care nurses they will tell you this is a major concern for
them. Their members are consistently coerced into disclosing information they
know they shouldn’t disclose but what choice do they have, they’ve got families
to support and when push comes to shove they’ve got to save their jobs, you
can’t really blame them.
And to make this worse there really isn’t any legal protection that’s
worthwhile and effective to prevent this kind of disclosure. We already talked
about the ADA which never ceases to amaze me, as a former corporate general
counsel I could never understand why if I were building a skyscraper and I
wanted somebody to be walking down out eight inch wide girders 100 feet in the
air and some guy comes in in a wheelchair and wants to apply for that job, I
never understood why I can’t ask him excuse me Mr. Smith, exactly how do you
propose to do this, can’t do that, never made any sense that I had to take him
to a conditional job offer then have the doctor tell me that he couldn’t do the
job. And at the same time I never, never understood, it makes no sense why once
you make the conditional job offer why can you get information that is clearly
not job related, what sense does it make to allow an employer to collect
information that they would break the law if they used.
And again, we can debate this and I’m sure Peter should chime in, but in my
view there’s no legal protection for the information in the hands of the
occupational health care nurse or other medical professional who works for the
corporation or that TPA administrator. It’s clear that whatever protection
there is under exceptions to employment at will for public policy is really not
a consistent effective protection here.
Now Peter says there may be protection under HIPAA and when Mark and
discussed this yesterday that didn’t come up, I think that’s a subject we ought
to discuss, but there are really two things that are clear. One thing is that
the disclosure of information to employers in the hiring process ought to be
restricted to what’s relevant to the job. One could take a somewhat expansive
definition of what’s job relevant if you want to, that’s not really the issue.
The issue is the gynecological care, the psychiatric care, the care that is
highly sensitive and not job related in any sense of the word that consistently
gets revealed, that really ought to stop. And we need to determine if there is
any legal protection for the person who is a corporate employee who’s being
pressured to give up information, to determine if there is legal protection for
that and if not there really ought to be legal protection.
I could say a lot more but I don’t want to use up more then my share of time
and those are the two points I think are most critical from a human rights
lawyer’s perspective when it comes to medical information in the workplace.
MR. ROTHSTEIN: Thank you very much and we will have some questions for you
I’m sure. Our next witness is Dr. Ed Bernacki, representing, well, I’ll let you
describe who you’re representing. Thank you.
DR. BERNACKI: Well, I’m Ed Bernacki, director of the Division of
Occupational Medicine at Johns Hopkins University School of Medicine, and I’m
also the executive director of health, safety and environment for the
university and the medical system, they have about 43,000 employees for both
I’m here today however representing the American College of Occupational and
Environmental Medicine. On behalf of ACOEM and its members I thank you for this
opportunity to participate about the disclosure of health information to third
ACOEM represents about 6,000 physicians and that’s in contrast to the
occupational health nurses who comprise about 35,000, 40,000 individuals,
28,000 somewhere to 40,000. However we’re the largest organization of
physicians specializing in the practice of preventing, assessing, and treating
occupational and environmental health problems.
Now protecting confidentiality and privacy is imperative to preserving
patient trust and employee trust in the workplace, when to disclose and when
not to disclose an employee’s personal or family medical information to a third
party is a question that the occupational health physician faces everyday.
Basically as Lewis was talking about a lot of information can be transmitted to
a health professional, whether it be a physician or a nurse, and it basically
is up to us to know how to judiciously use that information to protect that
Now ACOEM’s Code of Ethics says that a physician should, and I quote, keep
confidential all individual medical information, releasing such information
only when required by law or overriding public health considerations, or to
other physicians according to accepted medical practice, or to others at the
request of the individual. And further more, I quote, recognize that all
employers may be entitled to counsel about an individual’s medical work fitness
but not diagnoses or specific details, except in compliance with laws and
Now the occupational physician differs from the rest of the medical
community because of the nature of his or her work, most physicians and
basically most of the physicians at Johns Hopkins, we have roughly 800 faculty
physicians, interact with patients and other physicians and insurance carriers
who are covered by HIPAA. In contract however occupational physicians interact
with employers, including CEOs, general counsel, human resources personnel,
plant managers, and supervisors, mainly the line supervisors, other health and
safety professionals, including nurses, industrial hygienists, safety
engineers, and workers compensation carriers. Now furthermore occupational
physicians practice in a variety of situations, some may be under contract to
employers which is by far the overwhelming number of our members, there are a
few employed by corporations but that number is diminishing all the time, very
small minority now.
In addition to clinical services an OEM physician as we call them may engage
in any or all of the following activities, and this really does take up most of
our time, disease and disability management programs, medical surveillance,
fitness for duty exams, independent medical exams, and the analysis of
aggregated information to pick up trends in a workplace, do we see an
increasing frequency of respiratory disease in a particular area. So our day is
spent in assessing all these things and pre-placement exams are really a small
part of the job.
Employer sponsored health promotion and wellness programs, occupational
illness prevention programs, employee assistance programs, and onsite emergency
care we feel are extremely valuable to both employees and employers. Now these
benefits can result in early diagnosis which I’ve been part of for many years,
in essence intervening early, getting an individual to a health care provider,
to interrupt that course of their illness, and it’s a great place to put on
these programs, employees are there, pretty much captive, and in essence where
they can’t get it in the general medical scene, if they choose they can engage
in these surveillance programs, of course they choose to do that. But for me
that is probably one of the most significant parts of my practice is in essence
for individuals for hypertension control programs, etc., really make a
difference in their lives.
Now if medical information gathered from such programs is not kept private
participation in these programs will be in jeopardy, the only reason they’re
going to be coming, an employee will be coming to you is because they know it’s
going to be kept confidential.
Now since 1994 ACOEM has, the confidentiality of medical records is an
absolute necessity. It is ACOEM’s position that physicians have an ethical
obligation to keep medical information strictly confidential with information
released only when required by law or by overriding public health concerns.
Each situation, however, is different. For example in a medical surveillance
exam a physician finds that a hazardous waste worker has a liver function
abnormality. If a work related illness or other occupational abnormality is
noted should the employer be informed? We believe that the employer should be
informed but should not be given specific diagnostic information and this
happens all the time, certainly in the worker comp situation where an
individual is out on worker’s compensation, has a limitation to their ability
to perform work, usually there’s a dialogue between, in our situation our
occupational health nurses and the supervisor on what that person can do so
that they do not harm themselves. And this goes on all the time, all workplaces
in the United States.
Now another example, if a liver function abnormality that results in alcohol
use, previous hepatitis, medications, or some other factors, something not work
related, in this case the employer should not be informed obviously. If a liver
function abnormality is permanent and reflective of a non-occupational hepatic
disorder should the employer be informed? Well, this is tricky, to share this
information with the employer may protect the employee from further liver
damage or exposure to hepatic toxins, however in essence we have to balance
what information we’re giving out so obviously we cannot give the diagnosis but
some way we have to prevent that situation from damaging that individual’s
Now unfortunately HIPAA does not address these, directly address the issue
of access by employers and other third parties about medical information that
could affect an individual’s ability to work to work safety. We have previously
recommended the following changes to HIPAA and you actually teed this whole
thing up for me. Specify that personal health information gathered or
maintained in connection with employment or employee health programs is within
the definition of protected health information. Prohibit individuals within the
company including those responsible for making personnel decisions from
unfettered access to protected health information. Make the physician, not
administrative or management personnel responsible for interpreting health
information and determining what information is relevant and what should be
disclosed to a third party. These recommendations if adopted would further
ensure that the employee’s medical information is kept confidential.
And thanks again for inviting me.
MR. ROTHSTEIN: Thank you very much, Dr. Bernacki, and we will have questions
for you after our third witness, Mr. McGarrah from the AFL-CIO.
MR. MCGARRAH: Thank you Chairman Rothstein. I appreciate the opportunity
and the AFL-CIO which I represent is very grateful to you for the opportunity
to be part of this discussion today because this is a major concern for the
over 13 and a half million working men and women that we represent all over the
country, and of course their family members, coming up to as many as 40 million
I have been at the present time working in the area of worker’s
compensation in health care for the past three years and prior to that I was
involved in all areas and aspects of health policy for the AFL-CIO as well as
the American Federation of State County Municipal Employees and then began my
career actually with helping Sidney Wolf and Ralph Nadar start the Health
Research Group way back in 1972 and in fact I remember coming here actually to
meetings with respect to confidentiality and disclosure of information with
respect to professional standard review organizations, it was an issue of great
concern. And as you know the department and the administration are making
significant strides in trying to make sure that the public has adequate
information on practitioners as well as providers of health care because these
are important decisions that people need to know.
So we’re meeting at a time and I’d like to just summarize my statement but
we’re meeting at a time when there’s an incredible ability to determine what is
in fact the best quality medical care and it can be in fact delivered to every
American, and we can prevent occupational injuries and disease with this data,
there are over five million injuries and diseases every year on the job in this
country so this data is critical.
But we also know, and the Institute of Medicine has carefully documented
this, that there are far too many medical errors and injuries and even deaths
in our system and Americans are well aware of this and have great concerns and
surveys by the Kaiser Family Foundation and others make this readily apparent,
in fact a majority of people are quite concerned that they could be harmed or
have in fact been harmed just by going to the doctor and hospital. And as
you’ve heard in the discussion this morning at the same time they’re quite
concerned that their records, their medical records, will in fact be disclosed
to their employers or to other individuals who could possibly deny them
employment or insurance which is an incredibly significant concern, not only in
getting adequate care but in maintaining your own employment.
Well, this is kind of a paradox and it’s possible I think because we’re now
in an era of what Professor James Robinson calls medical management after
managed care. Instead of the effort that we had in the early ‘90s to have
rather intrusive medical managed care, where we had doctors being second
guessed by medical algorithms or clerks and so on and patient’s rights
developed and I actually worked with the president on some of the development
of that effort, patients are now involved in a different framework altogether.
And in fact as Dr. Bernacki has described and I think he heads one of the more
laudable efforts in the country on this there are ways to integrate medical
information and create integrated disability management systems as he’s done at
Hopkins that can actually prevent diseases, prevent injuries, and work with
employees to keep them on the job and provide excellent quality medical care,
can save money, and his program in fact has been well documented in the effort
to save money and there’s significant initiatives that we’re attempting to
undertake throughout the country in this respect.
But there’s a darker side to this as we’ve already begun to hear in what
frankly we in labor are referring to as a Wal-Mart driven economy, which is of
course the race to reduce costs at every opportunity and to reduce corporate
exposure to diseases and disability and frankly to even eliminate the jobs of
people whose care is going to cost the company more then they can afford, or
that they deem that they can afford. Milt Freudenheim(?) of the New York Times
just reported in fact this past week that the new concern in health care costs
is literally leading companies throughout the country to remove group health
benefits from the control or authorization of human resources departments and
put directly under CFOs in major corporations because this is a significant
issue, we all know that it costs more money to provide health care now and pay
for it when you buy a car then it does the steel that goes into that car,
that’s been well documented going way back to Lee Iacocca.
We also know and it’s a fact that ten percent of the people in any given
health plan account for about 70 percent of the spending on that plan. And with
respect to worker’s compensation Governor Schwarzenegger found out when he took
over, just last year, that disability claims within worker’s compensation are
frequently due to improper or inadequate medical care at the time of injury and
that in itself dictates a much more thorough examination of the available
health care information on individuals who consume the most medical care.
Now Fortune 500 companies and their National Business Group on Health have
begun to develop and have already on their websites now metrics that actually
enable them to benchmark the costs of health care, absences, and lost
productivity. Companies like Ford, Verizon, and Quest, our union members and
contracts throughout the country, recognize this and work with these companies,
they separately measure all the costs associated with employee health, worker’s
compensation, absences, Family Medical Leave Act, short term and long term
disability, and then they aggregate the results. They can also measure what
they call presenteeism, which is understood to mean someone who comes to work,
is present on the job, but frankly is incapacitated through either illness or
disability and is not able to really do the job.
So this data allows companies to companies to manage the care and work of
each affected employee and frankly the bright side of this, preliminary
research is beginning to show that when this data is aggregated over an entire
work site or a company or an industry you can actually prevent accidents and
disease and it can save lives and money, so you can see there’s a constant
balancing that we’re dealing with here.
But really with respect to confidentiality an employer who knows about an
employee’s absence problems is only a database away from examining the
employee’s group health claims, worker’s compensation and disability insurance,
in order to come up with a profile of that employee’s costs to the company. And
in for intervention at that point is very clearly possible and you can even
deny important rights and benefits.
The most extreme kind of examples occurred in fact at the Polaroid
Corporation, it was sold in 2003, all of its employees on permanent disability
were terminated as a condition of the sale. And when Mercer Human Resources
Consulting did a survey on this issue they found they 27 percent of the 723
companies they surveyed dismiss employees as soon as they go on long term
disability. 24 percent dismiss them within six to 12 months.
Now property casualty insurers and many self insured employers take the
position with respect to worker’s compensation that the claimant has to
demonstrate that any disease or injuries entirely due to the employment on the
job. So that creates an adversarial system, as I say we saw it most apparently
in California, most of the cases were as they call it controverted, that became
a big battle ground between attorneys on each side, and had incredible amounts
of hearings and so on. Liberty Mutual has helped employers with respect to this
now, they are a significant provider of worker’s compensation insurance, they
recently announced that they’ll even use extensive claims diagnoses and even
credit scores to determine which claimants are likely to be significant
problems for employers and need to be isolated and handled in a much more
adversarial and contained fashion so privacy becomes almost an afterthought.
Now the dangers, we all know about the Burlington Northern Santa Fe Railroad
case, those are very significant dangers at the workplace, those were employees
who were seeking worker’s compensation for carpel tunnel syndrome, suddenly
they find that they’re being tested for a possible gene, bogus medical tests,
and fortunately that was dealt with but nothing really was done about it yet in
Congress the insurance industry as you well know has been working in hand and
frankly closely with the president as he has literally three days last week
been throughout the country on medical malpractice tort reform and asbestos, we
hope he devotes and the administration devotes similar attention to this issue.
We would like to see legislation enacted, it did pass the Senate as we all know
but it didn’t go anywhere after that.
Now we have cases right now with respect to the transportation industry
where we find that one of the major carriers requires consent forms, now this
is a fitness for duty issue but frankly these are employees who already have
passed their medical fitness for duty examinations, the employer says that we
just saw that you had a claim coming in for an unrelated injury, shoulder
injury, and we frankly now are going to demand that you disclose all your
medical records to us to any doctor that we deem appropriate. And you will be
suspended from duty unless you agree to provide those records, and you’re
suspended without pay I should point out. The union has this case in
arbitration at the moment but frankly we will remain vigilant on this issue
because we think it’s a growing concern, not just with respect to fitness for
Now this integrated benefits area as I said has great promise, we are in
discussions and have discussed this issue with Aetna which has a contract with
Active Health Management and I think it’s quite interesting the way it’s
described by Dr. Lenny Reeseman(?), the head of this company, they say they can
form an electronic medical record on a patient by patient basis, once they have
that data they relate it to evidence based clinical standards which have been
digitized and imbedded into the technology, they can actually call patients and
physicians up and suggest alternative treatments. Now that’s the good side of
all this, we think that’s appropriate because we want to get the best possible
clinical care and as Dr. Reeseman says they can do this because they’re
classified as a business associate to either the health plan or the self
insured employer who’s the covered entity.
Now what does that mean on the other side of the coin though when we have
the concern as I say with employers who are trying to hold down their costs.
Employers are beginning to be encouraged to roll out higher deductible plans,
various benefits, offer health savings accounts to people with chronic medical
conditions, we’ve got significant privacy concerns with all of those because
they involve this critical balance that we’re constantly coming up against on
provision of adequate medical care, and that’s been discussed today and
obviously the AFL-CIO will continue to maintain its position and call for and
rally Americans around the issue of universal health insurance, it’s got to be
done, it’s part of the solution.
We think that Congress and the administration ought to make legislation
possible not only to protect Americans from genetic discrimination but that
there ought to be protections, protective health information should extend to
worker’s compensation programs and what employers and unions need is of course
the aggregate medication management and integrate benefits information, it will
help them make the best decisions on how to pay for the right care and create
the safest possible workplaces. So this is the sort of balance that we’re
prepared to achieve and work with business, insurance, and the administration,
and make quality care available to everyone.
MR. ROTHSTEIN: Thank you very much and thanks to all of you. The floor is
now open for questions from the subcommittee members. Mr. Houston?
MR. HOUSTON: I was unclear with Dr. Bernacki, is that how you pronounce your
name? When you were talking about pre-employment screenings, is it possible
that there could be a standard that the employer is only entitled to know that
the employee is actually fit for duty versus having any specific information
regarding the employee? And should maybe the physician be sort of the
gatekeeper, at least on a pre-employment basis, to say based upon the
employer’s criteria for a qualified employee that they give the thumbs up or
thumbs down rather then I think, I sense that they get a lot more information
DR. BERNACKI: In workplaces I’ve worked at no, but there’s a potential for
that to happen. And quite frankly we as occupational physicians write
restrictions and it’s basically up to the supervisor to determine if the person
can work within those restrictions or limitations so the idea is is we don’t
make an employment decision, it’s the employer that makes the decision, we
pretty much set what the bounds of that that individual is capable of doing at
that moment. Now that could change, I mean I think that’s the tricky part —
MR. HOUSTON: Would it be a workable process to put more authority in the
hands of the physician who does, or the health care professional who does the
DR. BERNACKI: Oh, we would love it, I mean —
MR. HOUSTON: But is that workable?
DR. BERNACKI: Yes, I think so, because if someone does pre-placement
examinations or questionnaires, whatever it is, quite frankly I wouldn’t trust
the employer to do it, a non-medical person to do it because basically you’ve
got to balance a whole host of facts, we’re talking about chronological
history. Well, it may have some relevance inter-digitating with another problem
that a physician assesses and that could have an impact on the workplace. But
there is no way that a non-medical person would come up with that diagnosis or
an idea that that has any relevance. So quite frankly I would definitely say
that that’s necessary.
MR. HOUSTON: But it doesn’t happen necessarily today in any frequency is
also I’m assuming from your —
DR. BERNACKI: Large companies for the most part, the practice is let the
occupational physician, nurse practitioners, make those assessments, they don’t
want the information. But the problem is many workplaces that isn’t true and I
think there should be some provision in HIPAA.
MR. HOUSTON: So it’s reasonable to make a recommendation sort of a standard
that that be the case?
DR. BERNACKI: Yes.
MR. REYNOLDS: The HIPAA privacy rule requires that there be a health plan
designation of who in a company is the health plan, I know for example working
for an insurance company when you make them designate who the health plan is,
who can get the records. If it’s not a company that is self funded then most of
that data never goes to them except, even to the company at all in an
aggregated form. But I think I’m hearing from you that you don’t feel that that
designation by these employers of health plans really does give enough
protection to the employee about how data is or is not access.
MR. MALTBY: Well, I will confess that I’m not a real HIPAA expert and if we
get into hard HIPAA questions I may have to defer to Mark. But let me tell you
what I’ve seen, I have seen the reports that come from third party
administrators back to the corporation and they are not aggregate. And I don’t
know how they could be because the company is not going to pay an aggregate
bill, the company wants to know if you want $175,000 dollars from us because
you’ve granted claims for that much for our employees who were they. And the
reports that I have seen have never been aggregated, they’ve all been
MR. REYNOLDS: And again, any time there’s a third party administrator
usually that company is self funded and is setting it up themselves, and then
the rule designates who the health plan is and then you have to file other
documentation if you’re going to give it to other people other then who you
have specified as the health plan. So my question continues to be, the
information goes back because obviously the employer is completely funding it
but there are laws where you have, the HIPAA law says you have to designate
only certain people to see that, they are under certain jurisdiction, and if
anybody else in that company, whether it be the CEO or any other executives of
that company wants to see it, they have to have filed some other, fill out
other forms and file some other information. So I’m trying to understand, now
whether people are following that is questionable —
MR. MALTBY: It’s another issue.
MR. REYNOLDS: Whether or not what is in place allows the appropriate
jurisdiction, I mean obviously people can do what they want to do in a lot of
cases, that’s what I’m trying to get a sense from you as to whether or not —
MR. MALTBY: Harry, I’m glad you raised that question because that is
precisely the question/comment that Peter made before he had to leave. Peter
seems to be of the impression that the HIPAA rules do at least in theory
prohibit this corporate bigwig from walking into the clerk’s office and say I
want to see where the money went. Mark and I talked about yesterday, that point
did not come up so I think I’m going to punt the ball to Mark and Mark, what do
you think, do you think that the HIPAA rules at least in theory prohibit this
MR. ROTHSTEIN: No, you’re supposed to be answering the question. You guys
had your chance in the last session.
We will look into exactly what the rules are with regard to third party
administrators, Helga, do you have that?
DR. RIPPEN: No, but I guess I’d like to parse it because there’s a
difference between claims that go to the third party but then there’s a
difference between what nurse practitioners usually obtain which is if they’re
doing a disease management program, if they’re able to collect different types
of information because of the course of someone being on site and sharing
information. And so those are two different pieces.
MR. ROTHSTEIN: But there’s also a related issue, not to, I really don’t want
to spend too much time on claims because that’s really not the focus of the
committee hearing today. With third party, with self insured and self
administered employers, and the question is in what form does the claimant
information get back to the company, now HIPAA permits the use of individual
names as with third party administrators but tries to build a fire wall between
the claims functions and all the other functions. And it seems to me we have
not investigated enough the possibility of not using names, I mean we don’t
have to use names there, if we wanted we could use employee numbers and it
would go through somebody to make sure that employee 275 is still employed,
entitled to benefits, and so forth, and then you could have the information but
somebody’s coworker wouldn’t necessarily know all the ins and outs of their
case. But we chose not, we meaning HIPAA chose not to go that route in terms of
a requirement which is I think just a different option that was taken, I would
have preferred the former obviously. John?
MR. HOUSTON: Tell me if I’m wrong, the self funded employer who acts as a
self funded insurance company, they have all the rights of an insurance company
which means they have the right to look at the entire medical record if it’s
related to somebody they want to interview, which means that in the case of the
example where the executive walks into, even if the office is fire walled off
for HIPAA purposes and they’re separated from the rest of the functioning of
the HR department or the company, if the executive walks into that office and
there’s a complete medical record of an employee and the executive demands to
see the record, the record is there. And I guess that’s sort of the —
MR. ROTHSTEIN: But there are separate benefits, there are benefits files and
there are occupational medicine files and they’re not the same and they’re not
supposed to be. And then there are personnel files and they’re not supposed to
MR. HOUSTON: They’re not supposed to be commingled but the point is that if
the employer acts in all those different capacities and even if they indicate
that they have set up these barriers to restrict the commingling of files and
in theory everything is supposed to be separate and protected, the example of
the abuse is one that could be very telling because all they do is walk down
the hall to each individual functional area and say okay, I need this record on
John Doe because for whatever purpose and they could in theory based on what
has been collected, which is permitted, they could see every scrap of medical
information related to that employee. I think that sort of sounds to me like
that’s the beef, tell me if I’m wrong —
MR. MALTBY: And Mark, with all due respect, I don’t know that users numbers
instead of names is really going to help because if I’m the executive VP who
wants to ax the guy who had the heart surgery and is costing us a lot of money,
I’m going to go to the person who has all the codes and say I want to say that
too and if you don’t give it to me I’ll fire you. It’s really not a problem of
commingling, at least to my understanding commingling and having information
get in the wrong hands in the normal process of doing business isn’t the big
problem, the problem is the employer who wants to fire the guy who had heart
surgery and is going to strong arm who ever has the information into giving it
up so they can fire the guy. And I think Harry’s raised a critical question
which is is there some protection at least in theory under HIPAA against that
sort of coercion because I know there isn’t any protection anywhere else.
MR. ROTHSTEIN: We will check —
DR. RIPPEN: We’re going to get a reading on that.
MR. HOUSTON: Mine was as much a question as to what’s permitted because I
don’t know the bounds of it and Kathleen and I were speaking and I think we
should ask OCR what are the bounds here.
MR. REYNOLDS: That was my comment, I’m not sure I agree with John’s position
and so I think we do need to have OCR take a look at it.
MR. HOUSTON: I don’t know if I agree with it or not, I was sort of bringing
it up —
MR. ROTHSTEIN: We will check on that. I want to change topics and get to one
of the suggestions that Mr. Maltby made earlier and that was we need to limit
disclosure to job related information, that is what the ADA calls the
employment entrance exam or pre-placement exams. And I in my comments earlier
said that we ought to explore the possibility of designing an electronic health
record system that would enable us to do that and I want to ask the three of
you what you would think in theory of the following sort of framework for a
Somebody applies for a job and we have a dictionary, an encyclopedia of job
classifications that hasn’t been updated maybe in a while but it would be, you
would assign a number to it so somebody is applying to do 218 functions, they
may have 15 other functions, but they would be limited. The job classifications
would then be tied to the physical demands of the job and the physical demands
would then be tied to a medical determination all in place of what kinds of
health information would bear on the ability to do that job, and then that
information would be keyed to the electronic health records that people have so
that in theory you would just be able to punch in 218 and only that information
would then flow to the company.
Now I recognize the million sort of technological and economic problems. In
theory is that, and I’ll ask all three of you to comment, is that the kind of
system that you had in mind Lou?
MR. MALTBY: Mark, I’m just a human rights lawyer, I can barely send my email
without screwing up so you may be asking the wrong person. But in terms of
feasibility I’m way over my head but in terms of desirability it’s a
no-brainer, that’s exactly what we need. As you said yourself right now with
the paper record even if the employer wanted to do the right thing and they go
to the doctor, I don’t want the psychiatric records, I don’t want the
gynecological records, I just want the stuff that’s job relevant.
I think a doctor could do it that way but the doctor would have to
personally sit down and go through every page of the file, yes, no, yes, no,
it’s not going to happen that way. From a desirability standpoint the system
you described is exactly what’s needed.
MR. ROTHSTEIN: Ed, keeping in mind we’re not going to consider what you say
binding on ACOEM or you or anybody else.
DR. BERNACKI: Well, I mean obviously it’s a technologic problem so —
MR. ROTHSTEIN: It might be an employment bill for occupational physicians.
DR. BERNACKI: Yeah, right. I mean most situations that I’ve ever encountered
in my career you don’t know any information about the job or very little
information and sometimes you have to call a supervisor and say what is that
person going to do and then you won’t catch the supervisor so basically as an
occupational physician it’s wonderful if you know what the heck the demands of
the job in that particular industry and over time you really pick it up. So if
a person is going to this particular part of the plant and you know what those
jobs entail, you’ve got all this fuzzy logic in there and you know more or less
what they’re going to do, then you have this information, they pull out this
questionnaire and you take it and in your brain you come up with some sort of
an assessment and it isn’t perfect. And more or less you come up with something
that the person can do that or they can do that with some restrictions. So I
would say it’s impractical, that it would be wonderful but things change so
much and that’s my assessment.
MR. ROTHSTEIN: Well, and companies may want to have individuals who are
cross trained and cross qualified and so on but presumably that could be taken
into account if you were transferring departments and so on, just an attempt to
try to keep the most sensitive information from routinely being disclosed. Mr.
MR. MCGARRAH: I see some promise in this, Dr. Reeseman’s efforts at Active
Health Management I think has a digitized medical record system that is clearly
able to, assuming the records are all available and that’s what they seek, to
intervene directly based on the medical algorithms and clinical evidence based
medicine standards, I would think this could be done, I mean I doubt that
they’ve done it yet but it’s clearly feasible and it’s a desirable objective I
think with respect to confidentiality and privacy, it’s something that we would
like to see move forward.
The issue of cross training that you just touched on is something that’s
going on all the time now and we’re finding that there’s really no way that we
can, in fact that’s been probably the single biggest issue in some of the
downsizing and changes is that we’re cross training employees for all sorts of
occupations so you would need a fairly expansive or at least flexible
definition that you could put into this effort. But I think it’s worth
exploring and I would urge you to speak with Dr. Reeseman and others to see how
this might be done.
MR. ROTHSTEIN: Another part of your testimony, Lou, you recommended that we
need to somehow protect occupational health professionals from firing and
adverse consequences who refuse to turn over medical records that are
irrelevant and so forth. How would you propose to do that? Are you recommending
state law, federal law, regulation?
MR. MALTBY: My fast answer which is probably too flip is anybody who will
pass it. And as to whether state legislatures or Congress is more likely to act
on that I can give you an informed answer but I can’t do it now. My fast sense
is that this might follow the typical model that I least I see in the
employment world which is a few states try something out, they get it enacted,
they find out what they did wrong and then some other states do it right and
ultimately it percolates up to the federal government. That’s certainly the
model we’ve seen in genetic testing legislation as you and I have discussed
many times. The early state statutes prohibiting discrimination based on
genetics were probably totally ineffective, would really solve the problem and
my fast reaction is that that’s probably the model that would work best here
but that’s a fast reaction.
MR. ROTHSTEIN: Okay, let me call on Jeff Blair.
MR. BLAIR: If I recall the HIPAA legislation indicated that, and I don’t
know if it was exclusive to when health care information is in electronic form
or whether it’s broader then that, that the covered entities who were
custodians of the record had to keep an audit trail, and correct me Mark or
anyone else if I’m misstating these things because I’m trying to set down the
premise to see if this could be a tool that could help protect the individual
from inadvertent employer access to information that could be used in a
My understanding is that the covered entities have to keep an audit log of
all individuals who request information whether or not that information,
medical information was provided or not, but just the request or attempts to
access the record. And that that log of attempts to access the record is then
also available to the employee, in this case the patient. If that is the
correct statement then maybe a little bit of strengthening of those audit
requirements could be a little bit of a deterrent to somebody inadvertently
going to an employee such as for example, in the example that you gave, instead
of having this in a file drawer when an employee could just simply give that
information to someone else, the system tends to provide protection and it
becomes more difficult for an employer to intimidate an individual because the
system is keeping the log of all requests for access.
So I guess my first question is did I state my understanding of HIPAA
provisions correctly with respect to the audit logs and the rights of the
patient to review the audit logs? And secondly can this be a deterrent for any
kind of employer abuse of access to the records?
MR. HOUSTON: I think in theory that is a deterrent, in fact my example which
I maybe make a little clearer which is that if the employer is also the insurer
clearly they’re supposed, the insurance component of that employer is supposed
to be a separate covered entity which has an obligation to account for any
disclosures, inappropriate disclosures of information and in theory if the
executive walks into the office and demands a record that would be an
inappropriate disclosure because the executive doesn’t have the right to do so
and if the employee, if the employee who had to disclose the records decided
that was the case and put it into the record and then it would be available for
the aggrieved employee to be able to look at and so oh my gosh, this particular
executive looked at my record and that was inappropriate and why did it occur
and it would be I think evidence of some type of inappropriate use by the
The question is going to be though in that scenario is the employee going to
make note of that, is it going to occur, and I guess in a perfect world I would
argue that it should, or it would. But whether that would occur I guess is
really sort of at the basis or the center of really the issue —
MR. ROTHSTEIN: Well, actually I think there’s a larger issue that was
raised, not only by Jeff’s question but also in Dr. Bernacki’s testimony and
that is whether it is a good idea to expand the coverage of HIPAA to include
protected health information or the HIPAA term protected health information in
the workplace. And that is, I mean I would have to give that a great deal of
thought, I can see some advantages because we’re familiar with the privacy
protections, on the other hand I can see some possible disadvantages of
considering employer as a covered entity, covering employer, it may be just
more practical if there’s the will to have privacy confidentiality protections
on employers, maybe we ought to do it through some sort of separate legislation
rather then trying to sort of fit that in under HIPAA which was really never
designed to do that.
I’m just not sure because when one thinks of all the things that come with
being covered under HIPAA I’m not sure that that would work necessarily in the
workplace setting. And an analogous problem that I think is raising from Dr.
Bernacki’s testimony regarding ACOEM policy is that we have a very unusual
hybrid sort of professional relationship in occupational health where there are
dual loyalties of the professionals, and from the, as I understand the
recommendations there are, it would in some ways move the occupational
physician/employee relationship closer to the physician/patient relationship in
the non-employment world in terms of privacy and confidentiality and so forth.
And yet I think if anyone would do that part of the price for that would be
saying that there is a physician/patient relationship and that price would
change the way occupational medicine is now practiced. I would support this but
I doubt ACOEM would because that would then mean that there is duty of informed
consent, etc., etc., etc., all the things we expect in the normal
physician/patient relationship. Even if we had agreement on the goals it’s very
difficult I think to steer this course because the workplace situation is so
unusual, it just doesn’t fit into our normal paradigm.
MR. MCGARRAH: If I could just interject, California as part of is worker’s
compensation reforms that were enacted and signed into law just this past April
now provides, and I know that Safeway and a number of other companies are
actively pursuing this, that an employer and a union can agree that if they
have a group health benefits plan that that plan in effect will become the sole
source of medical care for all worker’s compensation claims. In other words
that this is the single provider, all the data is all, it’s a unified
integrated benefits program, it’s seamless, the intention is that you would
effectively provide the best possible medical care and at the same time you’ve
reduced all the transaction costs that are involved in worker’s compensation
From our perspective, and we supported this effort and we are pursuing this,
we’ve actually been doing it for quite a few years in the construction
industry, but as you can see when you have the adversarial worker’s
compensation system and disputes over claims all this data becomes a matter of
public record. Not public record, well, in fact yes it does, it goes right to
the worker’s compensation commission and the employer is in a position to try
to contest it. Employers are well aware that there’s great seepage back and
forth, in fact there’s a recent study that’s just come out in the Milbank
Quarterly that describes as much as 80 percent of occupational disease seeps
over into the group health side, that employers are increasingly concerned
I really think that what we’re aiming at is much more akin to uniform
application of a physician/patient relationship in the entire delivery system
with respect to occupational worker’s comp and so on and we would advocate
making worker’s compensation making a part of this. In other words all medical
care delivered with respect to any individual, whether it’s occupational or
under a group health or just traditional medical care be part of the same
protected standard. I don’t think you can work it any other way.
MR. ROTHSTEIN: Well, your point is well taken and I think it complements my
point that picking out one or two issues in a system that is sort of suey(?)
generous, unusual, is problematic and I don’t know where’s whether there’s the
will for a more comprehensive approach. I’ve got Kathleen and Helga and then
back to John.
MS. FYFFE: Mr. McGarrah, I think you said something during your testimony
that I’d like to ask you about, I might have misheard, but did you say
something along the lines of worker’s compensation claims turn out to be
related to bad medical care?
MR. MCGARRAH: Well, frankly that is an issue, yes, it’s often of great
concern, in fact I can suggest, I think Dr. Bernacki and I are working on this
with respect to some states right now, there is an issue of the adequacy, the
qualifications of practitioners, and just the issue of mirrored provision of
the medical care is at issue, in other words because this is an adversarial
system carriers will often interpose objections and people will be delayed even
Then there’s the issue is this totally work related, ACOEM we believe has
the best standards for clinicians but you don’t have to be an ACOEM
practitioner or even adhere to ACOEM guidelines in most of the states to
provide adequate medical care and that of course drives up the cost because you
don’t get good medical care immediately to the injured worker the person is
going to need remedial treatment, be out of work longer, and possibly become
one of these cases that I described where Liberty Mutual, well aware of these
kinds of concerns realizes this and they have profiles to identify these
individuals and even use as I said credit scores to determine if this person is
a likely person to be essentially isolated and dealt with accordingly, in other
words to terminate provision of care and benefits, and possibly employment as
part of the settlement agreement.
MR. FYFFE: Thanks for clarifying.
MR. ROTHSTEIN: Helga?
DR. RIPPEN: As we all know there are lots of different mechanisms to pursue
things that aren’t done right, HIPAA is one if it falls within the HIPAA
categorization but many times employers may have a written agreement with
regards to not accessing personal health information especially when you talk
about disease preventive services or health promotion at the work site. What
are the legal, how well are the legal resource then for an employee then with
regards to if there is a violation that someone did access that information?
MR. MALTBY: I haven’t seen cases on exactly on point with what you’re
bringing up, Helga, but in general if an employer makes a written promise to do
something or not to do something that promise is enforceable even if there was
no legal obligation in the absence of the contract but once in a while you see
judges who just won’t go along with it. There is a very famous case in the area
of electronic monitoring called Smythe(?) v. Pillsbury where the Pillsbury
Company told the employees your email is personal and confidential, no one is
going to read it, told them how to select a personal code number that no one
would know but them and an access code.
And so Mr. Smythe went ahead and he did exactly what they told him to do and
he sent some message to a coworker that was badmouthing his boss, you know
what, his boss, I don’t know but his boss just, I guess a little gremlin
whispered in his ear and he went and he read Mr. Smythe’s email and he saw with
Smythe has said about him and he said Smythe you’re fired, and Smythe went all
the way to the Third Circuit Court of Appeals and said you can’t do that, they
made a written promise not to read my email and the judge said basically
promise shomise, the employer has a right to read the email, they own the
system and Smythe go suck an egg. So in general, Helga, I think those things
are enforceable but you just have to keep a certain grain of perspective that
sometimes judges are just going to follow their own instincts on what employers
are allowed to do and not enforce the promises.
MR. MCGARRAH: I just comment to you, in fact Business Week this week has a
piece about should you tell your employer if you have some cancer or some
chronic disease and they point out that sure, you can challenge an employer if
they take adverse action against you but it will probably cost you at least
$50,000 dollars to litigate the case and few people really have those resources
available, they’re much more concerned with getting the proper treatment and
getting adequate insurance just to get through the ordeal.
MR. ROTHSTEIN: And unless some adverse action were taken chances are you’d
never even know that it were disclosed more broadly.
MR. MALTBY: Mark, if I could just throw on point in there, this is sort of a
mega point that colors everything in employment law today, which is what Rob
just brought up. The bottom line for most people is if, even if you lose your
job in some egregious manner the chances are you’re never going to get justice
if you have to go to court because of reason of simple economics, you don’t
have the money, regular people can’t afford lawyers anymore, it’s just, you
might as well try to win the Kentucky Derby.
And if we’re concerned about any sort of substantive area of the rights of
employees one thing you always have to consider is how is this right going to
be enforced and just taking the standard language from federal statues that
says oh you can sue and if you win you get damages and even attorney’s fees
isn’t going to get the job done, there has to be some thought to less expensive
ways for people to vindicate their rights, an administrative remedy with a
federal agency, arbitration has proven to be remarkably effective, both in the
union and the non-union context of giving people a way to get some justice
without spending money they don’t have. And whatever substantive issue we’re
thinking about those economic enforcement issues have always go to be the next
MR. ROTHSTEIN: Mr. Houston.
MR. HOUSTON: Mr. McGarrah, you indicated before that there’s, that profiling
occurs as it relates to worker’s compensation claims and employees and their
credit, and I’m assuming that the basis for that is that employees who have bad
credit may be more likely to game in the system or to inappropriately file
worker’s comp claims or that they would try to make more out of them then there
are, which I guess the question I have is if that is in fact the purpose in the
case what’s wrong with an employer trying to ensure that it fairly applies its
worker’s compensation rules and that you don’t have workers who aren’t trying
to game the system. And I guess, are you also indicating that some employers
maybe trying to reduce bona fide worker’s compensation claims through that
MR. MCGARRAH: Well, very definitely, I mean the whole purpose of worker’s
compensation, I mean it was the first tort reform at the turn of the
20th century, it was literally employees gave up their right to
bring an action in tort against the employer and the employer then got the
exclusive remedy and is to provide and this became an issue actually in the
California reforms to provide all necessary medical care for the workplace
injury or disease. And because of the definitions of the system and because
this has become, I mean as an attorney I’ll say this candidly, there are far
too many lawyers, far too many claims in the worker’s compensation system to
make it an adversarial process. And as the costs of Medicare, again driving the
system, we have all the worst elements brought to bear, employers, and I think
in this instance Liberty Mutual seeking for its own purposes, how are we going
to deal with these kinds of claims as you say, what do we have if we have
somebody who’s a malingerer, what’s a malingerer look like, do they have bad
credit rating? I suppose the theory that Liberty Mutual had was yeah, they
probably do and so we’re going to use that to flag these claims, they were
describing this at a conference in fact in San Francisco just this past year.
This is one of the elements that they use to try to set up these profiles.
From the perspective of workers and from our point of view what we’re
seeking is that the person gets all the adequate medical care, all the
necessary medical care to deal with the problem that is caused by the injury on
the job. If they didn’t get proper medical care for back injury and got
improper treatment they may need repeated medical care, worker’s compensation
medical care is a lifetime requirement, it’s called the long tailed claim. I
don’t think that your credit rating really has a heck of a lot to do with your
medical status and I think that in that instance it should be an impermissible
element of the insurers consideration or the employer’s consideration and I
think it’s a great invasion of that individual’s privacy to bring it to bear on
their medical needs. But I don’t believe at the moment there’s any statutory
vision to prevent Liberty Mutual from using this.
MR. HOUSTON: I guess my point is is if clearly the intent is to weed out the
malingerers from bona fide claims and that the intent is not to try to reduce
bona fide claims through this process I guess I would react one way. But if the
intent of Liberty Mutual is also to try to coerce people into settlements that
maybe were less, that were inadequate to address their long term disability
because they recognized they had bad credit and maybe boy if I give them a
settlement they’ll go and pay off their credit card debt and the settlement may
be pennies on a dollar and understand, I guess the question is is what is the
intent and —
MR. MCGARRAH: Well, settlements, you’ve hit on I think a very important
point here. Settlements within the worker’s compensation industry are the
preferred and desirable approach to take, in fact this department and CMS are
right now struggling with a very significant issue with respect to worker’s
compensation claimants who are about to become Medicare eligible because the
vast majority as I say of these claims are put to a settlement and Medicare has
discovered, the GAO has made quite pointed criticism of CMS on this point, that
look, you cannot allow insurers to settle these claims and then slough the
claims off to the Medicare system for what really are occupational or injuries
or diseases. And CMS is taking a very aggressive role in trying to profile
these claims, determine the adequacy of the settlements, because this is the
easiest surest way for a property casualty insurer to wall off liability and
for the employer for that matter too. So I think these are elements that really
need to be brought to bear in the consideration of privacy and confidentiality
too, are they relevant.
MR. ROTHSTEIN: Mr. Reynolds?
MR. REYNOLDS: It would seem to me if you look at the trend of employers and
health insurance right now you’re seeing more of the defined contribution, or
they’re only going to put in X amount of money and then the employee has to
pick up the rest, you’re going to see extremely high deductibles, which are
real, you’re going to see more companies getting completely out of offering
health insurance, they may give people more money and they don’t do it, which
would seem to me to throw more onto this environment that you’re talking about,
whether it’s an employer owned clinic, more people are going to show up there
because if they’ve got a $3,000 to $5,000 dollar deductible they’re not
necessarily going to go into the regular health care program, and that’s real
on the street all those kind of numbers.
When you start seeing people that don’t get care and they end up, if my knee
hurts and I can’t pay the deductible in some of these things I’m going to stay
on the job longer and then my knee is going to hurt on the job and then I’m
going to be in worker’s comp. So are you starting to see those things occur?
And I know some of the unions you may have contracts but as you look at others
who aren’t influenced by that they are making those kinds of decisions so our
earlier problem as to what the company might want to see if they get out of the
health insurance business, it won’t be an issue anymore.
But the issue that you’re bringing up I think maybe becomes, Mark, from the
standpoint of our committee, more of a prevalent situation where if they can
control their health care costs from a standpoint of what they do and don’t
offer as benefits, as long as they’re competitive they can still get employees,
but then when it moves over to these other environments that right now may not
be as protected then I think the individual employee is probably more exposed
then they would even be currently.
So I’d love an opinion as whether you agree with that or not.
MR. MALTBY: Well, Harry, we’re talking about very, very broad brush strokes
here obviously but I think you’re pinpointing what may be the most serious
problem from the standpoint of worker’s being able to get health care to begin
with. We’ve had a model of for several decades now that says if you get a job
you get health care through the job and at the time it seemed like a good idea
because the world was not as competitive, well, we didn’t have a global economy
and employers could afford to do it and there were tax advantages and
everything worked out just fine. And what we see year after year after year is
employers being under more and more competitive pressure and more need to cut
costs, they’ve got to cut costs if they’re going to stay in business because if
they don’t stay in business the employee doesn’t have a job and that sure isn’t
helping them any. But every year because of this inescapable financial pressure
employers keep backing up more and more and more from giving real comprehensive
health care to their workers. If there’s anything on the horizon that indicates
a change in that trend I sure don’t see it. And we ask ourselves well, if
people can’t pay for it on an individual basis and certainly we can’t, I mean
whose got $100,000 dollars to pay for heart surgery, not even most of us
professionals can afford that much less working people, well, then, where’s the
health care going to come from. The inescapable answer seems to be that we’re
going to have to move more toward a model of the government picking up the
slack but clearly at this point there’s no political consensus or I think even
political awareness that we have to go in that direction.
DR. BERNACKI: I’d like to make a comment, I think there is a lot of pressure
on worker’s compensation from employers raising deductibles, a shift to the
worker’s compensation system to pick up those employees who submit a claim,
whether it’s work related or not. So I think that there’s going to be a lot
more pressure for that to happen and there’s some evidence that that is
occurring already although the frequency of claims in the United States is
dropping and its continued to drop over the last 20 years. We’ll have to
monitor it but certainly —
MS. FYFFE: The frequency of worker’s compensation claims.
DR. BERNACKI: Yes, and the cost per $100 dollars of payroll in worker’s comp
keeps dropping, 37 percent in the last 20 years. But the severity, i.e., the
cost per claim, is increasing astronomically, 13, 14 percent a year, so that’s
a real problem now, obviously heavy industry is emigrating from the United
States to other areas and so there’s a lighter industry so that could be a
reason for the reduction in the cost per $100 dollars of payroll. But the
severity cost befuddles me because theoretically if you have less risk out
there why are the injuries getting more severe and Rob and I have some theories
MR. ROTHSTEIN: Well, I think you make a very good point about the privacy
implications of different coverage levels in different systems so if you have
first dollar coverage in worker’s comp there is an incentive to get out of your
high co-pay deductible area and be covered elsewhere and what does that do to
the medical records and the like.
Are there further questions for members of this panel?
Before we adjourn for lunch I want to notify members of the subcommittee
about the necessity of submitting by the end of lunch your comments, if any, to
either John or me about the letter, the revised letter on legacy medical
devices that was submitted yesterday because a final version has to be
submitted to the executive committee for consideration on the 21st,
so it’s the letter that we distributed at the end of the day with John’s
MR. HOUSTON: There’s one typo at the bottom of the first page —
MR. ROTHSTEIN: There is a typo on the next to the last line after the word
devices there should be a period and a new sentence beginning further.
MR. HOUSTON: We decided the delete was on the next paragraph so I
inadvertently deleted it in both paragraphs.
MR. ROTHSTEIN: The result is that if you have no additional changes to make
that will be the version that will be submitted to the executive committee in
advance of the January 21st conference call and presumably then will
come to the full committee at our March meeting.
So if there’s nothing else we will adjourn until 1:00 and then we will hear
from panel number three on life insurance. I want to thank the members of this
panel very much for your excellent testimony.
[Whereupon at 12:00 p.m. the meeting was adjourned, to reconvene at 1:00
p.m., the same afternoon, January 12, 2005.]
A F T E R N
O O N S E S S I
O N [1:04 p.m.]
MR. ROTHSTEIN: Good afternoon, we are back in session on our hearing on the
issue of disclosure of protected health information to third parties pursuant
to authorizations. This morning we heard an introductory panel setting the
stage for the framework in which these disclosures are made and in late
morning, panel two talked about employment.
This afternoon’s first panel is on life insurance and as we mentioned this
morning just to remind all of the subcommittee members and our guests there are
many applications and life insurance is being used as an example not
necessarily as the end all of the insurance industry because as they will point
out there are quite distinct differences between different product lines. So
this is an example and we don’t mean to slight other insurance lines or to
assume that what we’re talking about here has general applicability.
So I want to thank the three members of the panel for coming, I appreciate
it very much, and we’ll begin with Ms. Meyer.
MS. MEYER: Thank you and actually Dr. Huguenard and I are going to present,
or make our presentations together, so I’m going to defer to Dr. Huguenard to
MR. ROTHSTEIN: So it’s a tag team presentation.
MS. MEYER: Exactly, exactly.
MR. ROTHSTEIN: Well then welcome to you Joe as well.
DR. HUGUENARD: Thank you. Good afternoon, first off I’d like to say we
really appreciate being here, we always like to talk about what we do because
it seems somewhat arcane to a number of people so it’s an opportunity for us to
kind of tell the story, as people go oh, so that’s what it’s about. So thank
you very much for that opportunity.
The question or issue that we want to address this afternoon is how life
insurers use health information and how that benefits the consumer, so we’re
going to focus on that. I’m Dr. Joe Huguenard, I’m with Swiss Re Life &
Health, I also work with ACLI so I’m speaking on their behalf today, and I’m a
member of the American Academy of Insurance Medicine and as an individual
represent kind of a typical or opinion that they have about this.
MR. ROTHSTEIN: Joe, just for the benefits of our internet listeners could
you say what ACLI stands for?
DR. HUGUENARD: We’re going to do that in a moment. And with me is again
Robbie Meyer from the ACLI and she’s staff person, and then I’m going to turn
it over to Robbie who will explain what that stuff means.
MS. MEYER: Well, Mark, that was such a good question, the American Council
of Life Insurers is the ACLI, it’s the primary trade association for life
insurance companies. We represent about 370 life insurance companies that
represent about 70 percent of life insurance premiums in the United States. Our
primary role is a role of advocacy on behalf of the life insurance industry so
we lobby on behalf of life insurers both on the state and federal levels, both
before state legislatures and the Congress and before various regulatory
DR. HUGUENARD: And then I’m going to explain what the American Academy of
Insurance Medicine is, it’s also known as AAIM, A A I M, and this is a
professional association for education and other support for physicians who
happen to serve as medical directors or in the role of medical directors for
insurance companies so it’s a separate professional organization. Also I’m here
obviously from Swiss Re and just so you know what that is, it’s a re-insurer,
what we primarily do is insure insurance companies who take risks in life.
We’re also the largest life re-insurer in the world and we re-insure and insure
other kinds of business and have been active in the United States and probably
best known for covering major property casualty damages such as the 1906
earthquakes, so even though the name is Swiss they’ve been in the U.S. a long
MS. MEYER: The goal of our presentation today is to give you a very broad
overview of the very significant benefits that consumers derive from life
insurers receipt of information, medical information, directly from the
individual and also pursuant to the authorization of the individual, so
hopefully this will respond to a number of the issues that were raised in the
presentations this morning as to why in fact it is so very important at least
in the context of life insurers to be able to continue to receive individual’s
protected health information and how indeed this is very, very important to
American consumers and American families.
Life insurance, the primary goal of life insurance is to provide financial
security for American families. Life insurers provide literally millions of
life insurance policies yearly, in fact when I checked in the ACLI fact book,
the last year for which we currently have statistics which was 2002
approximately 55 million policies were sold. So in fact most Americans do
depend on some form of life insurance either individual or group to provide
their families with long term financial protection for their families and to
protect against financial hardship in the event of death, particularly of a
breadwinner of the family. Indeed in 2001 69 percent of American families owned
some type of life insurance and by the end of 2002 total life insurance in
force actually reached 16.3 trillion.
Individual life insurance is a critical form of insurance, it is purchased
and underwritten on an individual basis so the process of risk classification
and medical underwriting that we’re going to talk about in a minute is
critically important to these products. And these individual products
represented 61 percent of all life insurance policies in force by the end of
It’s also important to realize particularly as we talk about underwriting
and the concept of adverse selection that Dr. Huguenard is going to address in
a moment, it’s very important to recognize that individual life insurance
products are voluntary products, in other words American consumers are not
required to buy individual life insurance policies. By contrast in Great
Britain individuals are required to buy mortgage insurance whenever they buy a
home. As a result of that the fact that American consumers choose whether to
buy, what type of product to buy, when to buy, they can choose to buy it when
they’re young, they can wait until they’re older or until they’re sicker, and
the fact that it is a voluntary product subject to the wishes and the needs of
the particular individual is particularly important to the risk classification
process and how that works and how that process ultimately works to the
advantage of American consumers.
When we life insurance companies begin to work with consumers who are, or
who want to purchase life insurance contracts we need to obtain lots of
information. Some of it is non-medical information, we need to know the
individual’s age, we need to know their occupation, often their income, their
net worth, what other insurance they have in force, just basic information such
as their beneficiary information. And in addition to that we need basic medical
information in most cases and as Dr. Huguenard will explain the nature and the
amount of that information and the source of that information does vary
somewhat but for almost all life insurance policies, particularly individual
policies, we do need information about individual’s current health, their
health history, their past illnesses, their injuries, their various medical
treatments, and doctors that they may have or the names of doctors and other
health care providers that they may have consulted in the past.
DR. HUGUENARD: Now probably more pertinent to what this committee is
considering, the sources of that information, where do we get the information
that we use when somebody applies for life insurance. And most information that
we use in underwriting life insurance comes directly from the application, it’s
something that the applicant tells us when they fill out that form, that’s
where the bulk of the information comes from. In certain cases for older ages
and higher amounts of insurance we also will do a medical examination of the
individual and oftentimes laboratory testing, screening tests, so that some of
the information is actually medical information that’s obtained at the time of
More information and in particular more health information is obtained in
those cases or those circumstances such as advanced ages, particularly large
sized policies, where the individual declares a medical history that’s of
importance, and some of our own exam results when we’re doing an exam on the
person maybe abnormal. Those are the cases where we seek more medical
information but it’s the last thing we look at.
Now the medical information that we’re talking about, when we do go outside
to request medical information we do use, though this is one of those double P
HIPAA’s here, sorry about that, missed it, we really use the single P HIPAA,
applied authorized, not because we come under that regulation as you know but
all of the individuals and health care providers that we seek information from
do, so what we try and make sure of course is that we use the authorization
that those individuals that hold that information will recognize and can use
and need. During that process we also inform the applicant of course of how
it’s going to be used, which is usually fairly simple in life insurance because
if you’ve applied for life insurance you probably have a high suspicion if we
ask for your medication information it has something to do with your life
insurance and that’s correct.
The underwriting process, when an insurer gets an application from an
individual what they try and do is group individuals into pools of similar
mortality risk, easy one to say is people aged 20 have a different mortality
risk then people age 60, but there are many criteria but the idea is to group
people into roughly the kind of mortality risk the same for the whole group.
The price of life insurance is primarily based on the risk of death, the
applicant’s gender, age, present and past state of health, health risk factors
separate from being sick, you sometimes have factor’s risk such as blood
pressure, job, hobby, other activities, all may affect mortality and also may
affect how you get entered into a risk pool.
The system overall is called risk classification and we’re going to talk a
little bit about risk classification. As we said insurers group together people
with similar characteristics and then they take and calculate a premium based
on that group level of risk. We don’t insure individuals, we insure groups to
which we attach the individual and then attach a premium. Those with similar
risks pay the same premium so if you’re in the same risk pool you pay the same
This does two important things to us. When we determine a premium using risk
classification we know that they’ll be adequate funds to ensure the ability to
pay future premiums. Premiums are paid hopefully years later after you apply
for life insurance —
MS. FYFFE: Benefits or premiums?
DR. HUGUENARD: Pardon me, benefits. The benefits that are paid for your
premium are hopefully years after you buy it and so the money has to be there
for a long period of time and that may extend 50, 60 years depending on your
age when you enter the pool. The other thing is we want to keep that fair, fair
to the existing people in the pool and fair to prospective customers seeking to
enter those risk pools.
The value that risk classification provides, is the fundamental framework
that we use in the United States at least for the current private voluntary
life insurance system. It enables life insurance companies to make produces
widely available at affordable prices. If you look at people applying for life
insurance 98 percent of the individuals who apply for life insurance are
approved for coverage, so we’re talking about most people can be fit into some
risk level. 81 percent of those offered life insurance are at standard rates,
in other words the rates that would be standard for your age and gender. 15
percent are actually offered prices at better then standard rates, these are
called preferred rates, because some of your risk factors actually make you, we
can put you in a pool that is even better then the general standard.
The medical information and the risk classification process. Life insurers
rely on the applicants health statements, the examination results that we
referred to, and the information from health care providers to determine the
appropriate risk classification with respect to all medical issues. It’s
critical that the insurers have this information in order to set premiums that
are fair and prudent, prudent in the sense that we’ll have enough money to pay
those benefits when they come due. The information that’s obtained from health
care providers oftentimes actually allows us to classify somebody as a better
Let me give you an example of that. If you come in and when you’re filling
out your life insurance application it asks have you had medical care, surgery,
etc., and you put down I had surgery and it was two years ago. If we go for
information on that and find out that your surgery was an appendectomy or gall
bladder, you’ve been back to the doctor and you’ve had no complications, that
particular health event has no bearing on your risk classification because we
don’t expect it to come back and be any cause of mortality. So knowing the
Sometimes if for instance you’ve had a heart attack, I use vernacular
myocardial infarction for the physicians, you’ll admit that in your application
because it’s asked. Now that does put you at a higher risk but there are very
many different types of risks associated with that depending on how many
coronary arteries involved, how much heart function is left and such, going for
medical information will usually allow us to take most people into a lower risk
class because most people who have had myocardial infarctions actually have
fairly mild ones, at least as a first one. The supplemental information allows
us to put that person in the best risk classification for somebody that has
More examples if you’re interested on questions, just to give you an idea of
why we particularly, the medical directors, like to see that information, we
can usually do better with somebody.
Adverse selection, this was raised this morning I heard and it is an issue
in life insurance and we have had some bad experiences with this as was
referenced at least in the case of one disease this morning. It occurs
basically when an individual fails to disclose information about a condition
and as a result receives standard coverage or better coverage then they would
have if we knew about that condition. It not only means that they get coverage
but oftentimes the individual who knows they have a medical condition that may
influence their longevity will seek more life insurance then the individual who
doesn’t know that. If you just had a myocardial infarction and you’re 45 years
old and you’ve got two dependents at home and you did not have to tell somebody
that you would likely buy more insurance then the person who hadn’t. Now who
knows who’s going to die first but at least as a group the people who have had
a myocardial infarction, they’re making a better bet, they’re betting against
themselves but it’s out there.
The problem for the life insurer really depends in adverse selection on the
number of cases that we see and the total amount of coverage. If this occurred
once in a thousand it may not do much but if it’s occurring several times in
every thousand applicants it starts having an impact. If people choose much
higher amounts of coverage then that also can have an effect, it can be
relatively few cases but many dollars involved and it also has an effect.
The major negative consequences, increased cost for future customers because
the experience continually leads us to reprise the risk pool so that if the
experience goes up in mortality if we don’t expect the risk pool cost goes up.
As prices increase fewer Americans can afford coverage, indeed over the last
several years we’ve actually been able to reduce prices in life insurance and
what we see is also then more people buying insurance, so we’ve kind of run
that test in reverse.
MS. MEYER: As I indicated before life insurance provides financial
protection, life insurance policies are likely to be in force for decades, many
companies have policies that are in force ten, 20, 30, 40, 50 years. So this
process of risk classification occurs at the very beginning of the life
insurance contract and we like to say we get one bite of the apple, we get one
opportunity at the beginning of this contract that can last literally for
decades to make a risk assessment that’s going to provide for premiums that are
financially sound so we can pay consumer’s and customer’s claims down the road,
and also fair, so this process at the beginning of the contract is critical.
And it’s particularly critical because life insurance contracts cannot be
canceled, and this is an issue that often comes up when I’m testifying, people
will say oh well, if someone finds out they have a very serious condition or
disease and the life insurance company is going to cancel their policy or raise
their premiums, this is not possible, the only circumstances under which a life
insurance policy can be cancelled by the insurer is if the policy owner stops
paying the premiums. It doesn’t matter how sick the insured gets.
MR. HOUSTON: — fraudulent applications for insurance?
MS. MEYER: There is, we can cancel for fraud but that —
MR. HOUSTON: I’m sorry, the question was even if there’s a fraudulent
application or something was purposely —
MS. MEYER: Let me address that point, if indeed, for one thing, from a
practical standpoint it is very, very difficult for an insurer to establish
fraud but what they would do in that case actually is establish that there was
fraud at the beginning of the contract so actually there was no real contract
in the first place because of the fraud. What does happen which is a lesser
degree of disagreement is insurers do have two years within which to contest
the validity of the contract because of a material misrepresentation. And
that’s a misrepresentation by the applicant at the beginning of the contact,
may or may not have been intentional, it does not rise to the level of fraud,
but in fact even when an issue of material misrepresentation comes up, when the
insurer does establish that in that case too what happens is the insurer shows
that there was a material misrepresentation so that they wouldn’t have issued
the coverage at all, or they wouldn’t have issued it at that price, so again
they establish then if material misrepresentation is established it voids the
contract so there is no agreement.
So I guess getting back to the broader point if in fact there is an actual
contract it cannot be canceled if the individual gets sick. Probably more then
you wanted to know.
But another interesting point is, and I think this is unique to life
insurance policies, we can’t increase the premiums either. I like to say it
sounds trite but it’s true, once we’ve got you we’ve got you for life and the
only thing that can change I understand and Dr. Huguenard would know the
details of this better then I would, it’s my understanding that if in fact
you’re in poor health when you apply for a life policy and you’re issued a
policy at lower then standard rates, in some circumstances you can actually
come back and have your premiums reduced. But the overall important point is is
that for those 61 percent of the individually underwritten policies that I told
you about this process of risk classification is critical because it is the
mechanism that we use to make sure that we can, we get enough money in premium
so we can serve our customers down the road and it may be decades down the
road, and it also the mechanism that we use to be sure that what we’re charging
each individual is fair to them and it’s fair to other policy holders and
insurants so that everyone is paying the appropriate amount.
DR. HUGUENARD: Just coming back to the benefits of risk classification
again, it’s based on medical information, makes life insurance more widely
available and affordable, actually more affordable and therefore more widely
Medical advances in the last 50 years have been and continue to be reflected
in the risk pools we set up, I was talking to Dr. Billings just before we
started here and telling him that what we’ve seen over the last 50 years is our
basic life table, that’s for the standard risk for your age and gender, have
all reflected increased longevity and therefore decreased premiums over this
period of time. And we also attempt to anticipate future improvements too, we
base it on our experience but where we see trends we try to build those in too.
All of this helps keep that premium down and still allows us to be prudent
in putting aside the money that’s needed for the benefits to be paid later. It
also means that as coverage is less expensive, obviously people can either
afford more coverage depending on whether they need that, or more people who
wouldn’t have afforded the coverage to begin with are able to enter the market.
MS. MEYER: Dr. Huguenard, before we leave that particular slide I think one
point that you can probably address better then I can, a very good example of
the way medical advances have improved the affordability and availability of
life insurance in the last 50 years, it’s my understanding that 50 years ago
individuals with heard disease had a very hard time being able to get coverage
at all and medical advances in the last 50 years have not only made it so that
these individuals thankfully can live much longer and much healthier lives but
indeed a lot of these individuals now can get coverage who could never get
coverage before and/or they can get coverage at a much cheaper rate then they
could have before.
So these medical advances, and this comes up a lot in the context of
genetics and discussions about genetics, as you all would guess we see the
glass as half full rather then half empty, we like to believe that the
historical improvements in science that have made insurance more widely
available at better rates then the past, the same is going to be born out with
future advances in medical science.
DR. HUGUENARD: And Robbie is correct, before World War II it was virtually
impossible if you’d had a myocardial infarction to be able to go out and buy
life insurance, you were considered too great a risk. Through the ‘50s and
then on into the current time we’ve been able to include most people who’ve had
a myocardial infarction are insurable, you’re not insurable the same as
somebody who didn’t because obviously you have a different risk but you are
Another great story is diabetes, diabetes was an insurable event, actually
it was unsurvivable event back in the ‘20s and ‘30s pretty much. Now
it is survivable, there’s still implications for your longevity but diabetics
in almost all cases in the United States are able to find coverage at some cost
today and more in the past.
MS. MEYER: Now we’re going to talk a little bit about the whole issue of our
protecting customer’s health information once we get it and often experts on
the HIPAA rule look at life insurers and they say that’s, life insurance
represents one of the gaps in the coverage of the HIPAA rule because life
insurers aren’t covered entities. But in fact life insurers may only obtain
information from entities other then the individual themselves or from medical
testing, the only way we can get information from third party health care
providers if in fact our authorizations forms are HIPAA compliant.
So our ability to obtain protected health information from covered entities
is very much governed by the HIPAA rule and indeed we wrote several hundred
page letters to HHS explaining how the HIPAA rule very much and very
significantly could impact life insurers so we could only get information from
providers as provided under the HIPAA rule and then our ability to use the
information and disclose it while not subject to the HIPAA rule is subject to a
host of other privacy rules, subject to Title V of Gramm-Leach-Bliley, subject
to the Fair Credit Reporting Act and I’ll circle back to that in a few minutes,
significantly impacted by the changes to the Fair Credit Reporting Act made by
the FACT Act which was talked about earlier today.
We are subject to a host of state privacy laws and regulations that were
enacted and promulgated as a result of Gramm-Leach-Bliley, these laws deal with
both the confidentiality and the security of consumer information. And oh by
the way, we’re subject to a host of state laws and regulations that were also
referenced this morning that deal with our ability to obtain and disclose
information relating to particular diseases, to AIDS, to genetic testing,
genetic information, domestic violence.
So I like to look at it, it was perceived particularly during the
discussions about the HIPAA rule and I hear this all the time that well, what
governs life insurers, well, I think there’s really a fit here, it’s not at all
that we are getting a free ride here because our ability to get it is subject
to HIPAA and then our ability to use and disclose it is subject to a whole host
of other laws that provide for a continuing and affirmative obligation to
protect not only the confidentiality of this information but the security of
this information. And these laws also require that we have written policies and
procedures to protect that information.
But not only that, even if you all didn’t think that we were a reputable
industry or nice people, the trust of the matter is is that it’s not only in
our customer’s best interest to keep their information secure, it’s in our best
interest too because the bottom line is is that we have been obtaining
customer’s very, very personal information for decades and if our customers did
not feel comfortable that we were going to keep that information confidential
and secure they would go elsewhere. So it’s not only in our customer’s best
interest to keep the information secure and confidential, it’s in our best
And life insurers are and have been for decades strongly committed to the
principle that we have a tremendous obligation to protect our customer’s very,
very legitimate concerns with respect to their personal information and we very
much recognize that there are particular concerns with respect to the
confidentiality of health information.
At the same time I think I should point out that we had to use this
information, most significantly in the risk classification process which works
to the benefit of our customers, but also for other basic insurance functions.
We use health information in evaluation of claims or payment of claims once
people submit their claims, the information is also part of the insurance
contract, so we have to use it to perform basic insurance functions or
insurance business activities. And it was mentioned today that there need to be
exceptions to the prohibitions on disclosures of information even with
And the privacy laws that have been enacted, both on Capitol Hill and in the
states in the last several years, indeed HIPAA itself provides for the
exception for the limits on uses and disclosure for the performance of health
care operations. And similarly the Gramm-Leach-Bliley privacy provisions, the
recently amended provisions of the Fair Credit Reporting Act, in section 604(G)
that Professor Swire talked about today, those laws as well as the new state
laws that have been enacted as a result of Gramm-Leach-Bliley all recognize the
fact that consumer’s privacy has to be protected but at the same time financial
institution insurers have to use that information to do the very thing that our
customers come to us to do in the first place. So they all pretty uniformly
recognize this very careful balance between life insurers’ need to protect the
confidentiality of their customer’s information and their need to use that
information in order to serve their customers.
So in conclusion consumers benefit significantly from life insurers ability
to obtain and use their information, information that the life insurers obtain
directly from the individual and information that they receive pursuant to the
expressed authorization of the individuals. This information makes risk
classification possible and because of risk classification life insurance is
more widely available, more affordable then it would be otherwise. Premiums are
fair and they are financially sound so that insurers have the ability to pay
claims that they may have to pay decades, ten, 20, 30, or 40 years after the
individual comes to us for coverage.
And in conclusion we are also very proud of our historic record of very
carefully protecting that information once we get it.
DR. HUGUENARD: along with the handout that you received today we have a
couple of supplemental pieces of information, we have the ACLI Confidentiality
of Medical Information Principles, that is just sort of where we stand as an
industry, I’ve included information on the American Academy of Insurance
Medicine from their information sheet if you’re interested in that.
And another good source if you’re interested in medical underwriting,
medical underwriting by one of my colleagues, Dr. Robert Gleason, Genetics and
Life Insurance, Medical Underwriting and Social Policy, the editor is a Mark
MR. ROTHSTEIN: I think no home should be without a copy.
DR. HUGUENARD: If you don’t want to look at the book for anything else this
particular chapter does a good summary of medical underwriting and how
information is used there and how it effects things.
MR. HOUSTON: He testified this morning and I think he could give us a free
copy if we asked.
MS. FYFFE: The question is will they be autographed.
MR. ROTHSTEIN: Thank you both very much and I know we’ll have some serious
questions for you at the end of Dr. Billings’ presentation. Paul?
DR. BILLINGS: Thank you, Professor Rothstein and Dr. Rippen and members of
the subcommittee for inviting me here to speak today. I’m going to make some
general comments which are a part of my written testimony and then I thought I
would turn specifically to a couple of issues in the life insurance sector.
The Council for Responsible Genetics, which was founded by scientists
representative of labor and consumers, is the oldest non-profit unaligned
biotechnology watchdog organization in this country. For more then 20 years CRG
has provided informed criticism, and with others engaged in political action,
to highlight examples of genetic determinism and reductionism, and the use of
biotechnology as a form of social control. I appear here as a member of the CRG
Board of Directors and as a practicing human and clinical geneticist. I do not
here represent my employer, Laboratory Corporation of America Holdings, and
none of my views expressed are policies or positions endorsed by the company.
LabCorp is a major provider of health care and genetic testing in the United
States, it has adopted a policy that support protecting individuals against
discriminatory uses of genetic test information and federal anti-discrimination
legislation. If the subcommittee wishes to have this policy that LabCorp has
adopted which I think is actually rather visionary I can supply it.
Genetic or genomic testing is primarily conducted to identify health risks,
make diagnoses, or for other medical purposes. While forensic or public safety
uses of DNA methods, including DNA fingerprinting of all inhabitants in this
country, may soon outstrip medically directed genetic testing, now the results
of these types of analyses primarily become a component of health information.
For important reasons health data are increasingly digital, technology has made
it increasingly easy and inexpensive to accumulate, store, and share health
related data. This obviously has significant implications for the individuals
and when considering genetic information for their relatives.
In addition technology has made it possible to assess an increasing number
of factors that impact health, some of which are associated with genetics.
Risks conferred by the genome, by mRNA expression in diseased tissues, or by
arrays of protein levels in the blood are becoming accessible, validated by
biostatistical methods and affordable by individuals. Soon many of these
approaches applied to human conditions will be deemed cost beneficial or of
significant public interest so that third party payers will make decisions to
cover these tests as benefits and pay for them. Obviously this comment is
primarily about life insurance, I mean about health insurance and the health
insurance industry, but as that information enters the record and then flows
through the application, the application process to the life insurance
industry, this information will migrate into the life insurance industry as
A founder of CRG, the labor leader Tony Mazzocchi, said many years ago the
problem with any screening and surveillance program is that it depends on who
controls it and who administers it. In a perfect world genetic screening might
be a very adequate surveillance measure, however this is not a perfect world.
With our view of the growing acceptance and digitization of genetic and genomic
testing, along with other important trends in biotechnology arising in our
social and economic milieu, CRG began in 1999 a review and project in order to
define a Genetic Bill of Rights.
After many years of study and political labor the organization adopted a set
of statements that we believe are essential to support individualism,
community, and freedom in the 21st century. A text reviewing this
work, edited by Peter Shorett and Sheldon Krimsky, will soon be published and
is entitled Rights and Liberties in the Biotech Age: Why We Need a Genetic Bill
of Rights. It’s going to be published by Littlefield. Article 7 of the genetic
bill of rights adopted by the CRG Board of Directors states all people have the
right to genetic privacy including the right to prevent the taking or storing
of bodily samples for genetic information without their voluntary informed
If we lived in a world where bad things did not happen and where the fear of
such outcomes did not materially affect individual’s lives, much of our
discussion about privacy and confidentiality would be mute. But we do not.
Discriminatory uses of genetic test results, and fears and perceptions of
adverse outcomes as a result of genetic information, are very real and affect
the conduct of genetic testing. They also limit the growth of the biotechnology
industry that has recently turned to the development of diagnostics and other
types of tests as an important early source of business revenue.
Individual autonomy surrounding personal information is central. Privacy is
essential to exert control over one’s life and is an important component of
normal human development. The presumption of confidentiality is essential to
the functioning of many professions and to balancing the power of social
agencies and their agenda against that of individual autonomy. We live in a
time when the primacy of the market, national defense, and the war on crime,
and I might add health considerations, are frequently used as justifications
for what might be perceived as intrusions into the traditional sphere of
personal liberty and the right to be let alone.
Technology, including that which enables genomics and its related
disciplines, is increasing the number of personal issues and social/cultural
venues where conflict may arise between the personal use of information,
including the right to keep it private and to ignore it, and social agencies’
wishes to use it for their own stated or hidden purposes. The key points are to
establish the importance of the individual right, to defend with policy and
interpreted law that tenet, and then to seek a balance of influences so that
individual lives are improved as our society evolves and encumbers technology
driven social change.
The importance of personal freedom in decision making around health matters
is undeniable. The role of confidentiality and privacy, along with enhanced
access to high quality reliable information, is essential to moving the right
to health, which is in fact a state right in the Universal Declaration of Human
Rights, into the 21st century. It is important to the improvement of
medicine and medical genetics. Our method of financing health care in the
United States and the movement to improve quality of care by relying on
evidence based medicine and the assessment of practice data, along with
enhanced public health information collections for many purposes, poses real
problems in balancing legitimate goals.
CRG believes that a restatement and proper enforcement of protections of
privacy, and the identification and lessening of coercive powers applied to
individuals that reflect social control and agendas not necessarily in the
individual’s interest are necessary now and will be in the future to properly
resolve in all areas of concern conflicts between individual and non-individual
Thomas Jefferson said vigilance is the eternal price of liberty. Protecting
the individual against the group will always be part of the American policy
landscape and deserves our diligent attention. For health and health care to
improve in an age of more and better health and genetic information a statement
and reinforcement of privacy rights, along with others, is essential.
Now let me just turn then briefly to the life insurance industry. The life
insurance industry has historically functioned I think rather well, it was up
until very recently more or less, unless you’re talking about very small death
benefits to cover funeral expenses, for the most part a luxury for many
Americans. And because there was very little personal health information
available was generally done with lack of information on both sides that was
personal and related to health. But we are at a moment of stress here in this
system, technology as I’ve indicated in my testimony is changing that balance,
we are generating reams, lots, both at the level of the genome and of personal
health as well as in the storage, a lot more personal related information
including personal health related information.
What I think is fascinating about this discussion is that our focus then
turns to what part of individual personal privacy, that particular liberty and
right, should we give up so that we can continue to have a functioning let’s
say life insurance industry, or other kind of benefit. And we are not really
considering what other kinds of information that’s held as private or protected
and asking to understand and reveal more of that information.
For instance the life insurance industry holds much of its business practice
entirely private and it’s patented and copyrighted and is not available for
scrutiny. This has to do with its underwriting practices of individual
companies and many of its sales practices. And we actually only understand some
of these practices when problems occur, we recently had a problem with the sale
of policies to people in the military for instance. And I would suggest even, I
did a little back of the envelope math, if in fact there is $16 trillion
dollars of face value of life insurance in the United States currently and we
have 200 or 300 million people in the United States, that’s a lot, that’s a lot
of life insurance per person. Now that may mean that we do have a lot of
individuals holding hundreds of thousands of dollars of life insurance policy,
or it may mean that there is over insurance or multiple policies being sold,
more then we actually know. The fact is is that’s private information and it’s
very difficult for the states or for that matter for the federal government to
have access to that information.
So I would only suggest that if we’re going to have a discussion about what
kinds of information which are important to be held private or confidential are
then by act of how the system works having to be revealed to a business entity.
And of course that business entity then shares that information with other
business entities because much of the life insurance industry obviously
involves re-insurance, that some consideration as to what needs to be revealed
about that as well as what needs to be revealed by the private individual ought
to be considered.
MR. ROTHSTEIN: Thank you very much and thank you to Ms. Meyer and Dr.
Huguenard. The floor is open for questions. Harry?
MR. REYNOLDS: Ms. Meyer and Dr. Huguenard, obviously you mentioned that the
life insurance companies are not covered under HIPAA and that you do get your
information through an appropriate authorization to get that. One of the things
this committee has heard testimony on in the past is the whole idea of
marketing, using data to market. Since you’re not under the protected health
information scenario of HIPAA that’s clearly defined and since you’re not under
the clear definition of how data can be used to market, as well as, and I’ll
add one other thing, this whole idea of a business associate.
So as you mentioned on one of your slides you have to be able to do
business. More and more as people do business not with themselves, not just
themselves, they build a network of people who do the business for them. So now
you start becoming more and more and more removed from the HIPAA law in the
fact that you’re not a covered entity, now you don’t have a business associate
agreement, now you start, so based on some other testimony we had and some of
the issues that’s where I’d like to at least have you maybe, you mentioned
these other states laws and everything else you’re covered under but I don’t, I
didn’t get a sense of exactly how those close the marketing door, how they
close the business associate door, and by having a slide that you want to do
business but with outsourcing and everything else going on the world is a
different place in today’s world so if you could comment on that please.
MS. MEYER: Yes, I can comment on that. For one thing if you look at the ACLI
principles of support, the ACLI supports legislation that would actually
prohibit a sharing of medical information for marketing purposes, we recognize
that there is this heightened concern with respect to particularly the sharing
of medical information for marketing purposes. The NAIC model GOB
confidentiality law has specific health provisions that have been enacted and
I’m not sure how many states, I would say roughly 20 states, 25 states, that
provide that if in fact medical information is going to be used for insurance
purposes it may be disclosed without authorization when used for insurance
functions but authorization is required when in fact the medical information is
being required for purposes of marketing and that operates by process of
And similarly the old NAIC Model Privacy Act, which is in effect in another
20 or so states, provides when in fact there is sharing of medical information
with an entity other then an affiliate, an insurance affiliate, for marketing,
authorization has to be obtained.
So there is no one set rule, the recent amendment to the Fair Credit
Reporting Act which Professor Swire talked about today recognizes that in fact
there need to be disclosures of medical information for insurance function and
does not specify a particular rule for disclosure of medical information in
that section, however there is a new section of the FCRA, another section at
the end that requires that when there is sharing of any customer information
for purposes of marketing the individual has to be given notice of the fact
that the information is being shared and an opportunity to opt out of that
sharing and there are some exceptions to that general rule.
So there are a number of different rules out there that address marketing in
different ways but the fact is is that the life insurance industry recognizes
that there is this particular concern about sharing of medical information for
marketing purposes and in fact strongly supported the enactment of the National
Association of Insurance Commissioners, NAIC Model in the various states where
its been adopted.
DR. HUGUENARD: Let me comment on business associates, a lot of the impetus
to put business associate language in there is because in practice it was not a
priority, people practiced, they didn’t think about that, they were small
entities or small groups. Groups such as life insurers who have contracted with
people for years to do certain specific things, system development and research
and such have had very similar kind of language, confidentiality language in
all their contracts because they were businesses to begin with and appreciated
how crucial it was to them staying in business to have those. So if you went
back and looked today you’d find agreements that have been in standing with
business associates, i.e., those outsourced if you will, kind of arrangements
have been in place for years and years and all from the very beginning included
very stiff language about confidentiality because it’s been a sensitive issue
since we’ve been in the business.
MR. ROTHSTEIN: Jeff?
MR. BLAIR: It’s possible I may have missed this but does the life insurance
industry have a policy towards either obtaining, storing, or using genetic
information for either any purpose or specifically for the purpose of helping
determine risk for insurance coverage?
MS. MEYER: The policy of the life insurance industry with respect to
challenges concerning use of genetic information is that we recognize that
consumers have a particular concern about life insurers’ use of the results of
genetic tests and genetic information. To our knowledge and for antitrust
reasons we do not get into individual company underwriting practices. We’re
aware of no company however that requires individuals to undergo genetic tests.
So for that reason we do not feel that there is any need for and in fact feel
that it’s premature given the state of the science to enact laws that would
limit life insurers’ use of the information.
Our biggest concern with these proposals is that they not either
intentionally or inadvertently jeopardize life insurers’ ability to underwrite
based on traditional medical information and medical tests and it was discussed
earlier today that it is very difficult to often distinguish between what is
traditional medical information and traditional medical tests and what is
genetic information and genetics tests. So we’re very concerned that the
ability, that these proposals not jeopardize traditional underwriting.
We are also concerned that if in fact there should be any limit that there
be nothing that jeopardizes our ability, insurers’ ability to know what a
proposed insured knows when they come to us for coverage, in other words that
we be able to underwrite based on information or genetic test results known to
the applicant when they come to us for coverage, again so that we can have
appropriate underwriting and our underwriting can be fair and we can determine
financially sound premiums.
With respect to the confidentiality of genetic information we feel like
genetic information in that respect is like all medical information and we feel
very strongly as I said earlier that all medical information of our customers
should be kept confidential and secure and that the level of that
confidentiality and security should not be determined by the source of the
information and by the nature of the information or whether or not the
information may be characterized as genetic or not depending upon the source of
the information or the particular definition.
MR. ROTHSTEIN: Dr. Billings, would you like to comment?
DR. BILLINGS: Yeah, I just, I made the comment earlier that the underwriting
practices of individual life insurance companies are largely unknown. While
some state law prohibits certain kinds of underwriting practices, whether it be
race based underwriting or by geographic area or other kinds of
characteristics, many of the practices, much of the individual detail of how
life insurance policies are handled really aren’t known. And I think the
operative word here is what is required in an application to proceed with the
consideration of a contract for life insurance. What is currently required in
most contracts is that much of the list that we saw just presented, MIB, five
years of past medical history, consultation with treating physicians, things
like that. Exactly whether other things are then required for the contract to
proceed, including in some cases comments like we will reconsider your
application if we know the result of a particular medical test and that medical
test may be a genetic test, is individual underwriting practice and again we
really don’t know the frequency of those kinds of events.
MR. BLAIR: I sort of need a little background information for me to
determine whether my actual question is relevant or not. I have the impression
that most folks that apply for life insurance are the principal providers of
finance for their families and that they’re doing so especially at the times
when their children are being raised and maybe up through college. And then
after that they are protecting, trying to provide financial security for their
spouse, and then as they begin to approach retirement age the need for the
insurance drops off and I guess I’m thinking of of course in terms of term life
insurance and I’m almost assuming that all of your testimony has been in terms
of term life, not full life. Is my impression of the profile of use of
insurance, if it’s what I said or am I wrong?
DR. HUGUENARD: I think that that traditionally has been true, I think we
need to recognize today bread winners are usually two in a family rather then
one so that’s important. There’s also been even the wife who’s working at home
rather then out has a financial value to the family and so we recognize that
for life insurance. Certainly dependents, whether they be spouse in some cases
or more commonly children, are one of the drivers that lead people to want to
provide financial protection, so that’s absolutely correct.
Later in life you’re right, there’s the surviving spouse, whichever, husband
or wife, is one of the drivers. And then of course we see at least under the
previous tax laws a need for what’s been called estate planning and such for
individuals that have high net worth will purchase life insurance to help with
costs of settling an estate and the taxes involved in that. So those are the
common drivers on an individual basis but we have many small companies in this
country which are run by two or three individuals and it’s very key to those
companies that at the time one of those individuals dies what happens to that
company, is there money to buy out if you will the other partners, is another
important thing. There are also companies in this country that depend on one or
two key individuals, even though they may be larger companies, for the product
or for their ideas and it becomes very important for those usually relatively
small companies to have protection against the loss of the individual that
makes that company what it is so those are other drivers and there’s a whole
host of others.
MR. BLAIR: Thank you. Given your response then I’d express my concern, and
my concern is that with the information that’s been available so far the health
insurance industry I think has been able to serve people at risk reasonably
MR. ROTHSTEIN: Jeff, do you mean life insurance?
MR. BLAIR: Life insurance, I’m sorry, I said health insurance, I meant life
insurance, thank you. My concern is that if life insurance companies have
access to genetic information and they are using that for risk purposes the
individuals most at risk, that need insurance coverage for their families the
most, will be those that will be first to be left without protection. Where is
my thinking wrong?
DR. HUGUENARD: Well, I think the first thing and I think Dr. Billings can
speak to this too, there are relatively little predictive genetic information
that is right at the level of I would call deterministic, very few genetic
findings will actually somebody is going to die. So for most of the genetic
information we’re talking about may have nothing to do with mortality at all,
if it does have something to do with mortality it may be some small contributor
in your lifestyle and a whole host of other things come into play. So that as a
practical matter at this point the amount of predictive genetic information
that one would say you’re just not insurable is minimal and likely given my
understanding at least of the genome in humans not going to be a whole lot of
new findings there. So the overall impact of predictive genetic information on
denying people for life insurance is going to be very small.
MR. BLAIR: If I may see if I understand you correctly, when you say it’s
small you mean the number of individuals that would be affected is small? In
terms of there being either a significant rise in the cost of health care to
those individuals or them denied coverage, is that correct?
DR. HUGUENARD: Well, I’m not speaking to their health care right now, the
cost of health care —
MR. BLAIR: I’m sorry, I still meant life insurance.
DR. HUGUENARD: With respect to life insurance there are a small number of
genetic, gene line genetic conditions for which one could say that the very
presence of that is predictive of mortality —
DR. BILLINGS: If you don’t mind, unfortunately, I mean the statement of the
science is in fact true, which is that on a population basis the ability for a
single gene or even a multi-gene array to accurately predict with very high
degrees of certainty a mortality outcome or even a range of morbidity outcomes
is yet, very poorly established for basically everything in the genome. That
said if you look at the actual practice in life insurance underwriting of the
use of shall we say not very good predictive information the fact is that it
gets used. Take for instance hemochromatosis, there’s a perfectly nice genetic
disease where there in fact now exists predictive, pretty good predictive DNA
based tests, which is also treatable and in which when treated has a normal
life expectancy. Now there were many years, and this has been known for many
years, there were many years where if you had hemochromatosis, whether you were
treated or not, you were uninsurable as a life insurance risk. Now that’s
changed for the most part in the industry but it didn’t change immediately and
the fact is is we really don’t even know that it’s changed because as I said we
don’t really understand the underwriting practices very well.
MR. ROTHSTEIN: Well, it’s interesting, this morning we talked about, at
least I did, two different kinds of discrimination, one is discrimination in
which people feel that their health information is going to be used
inaccurately by the decision maker and certainly the misuse of hemochromatosis
historically is a good example of that. I think Jeff raised initially however
the issue of the unfair accurate use of information by an insurance company to
deny coverage and I would answer that, Jeff, by saying that’s the nature of
life insurance because taking it out of the genetics context, to use your
example, the people who need life insurance the most are the people who are in
the ICU and the people who have fatal untreatable disorders, and I don’t think
anyone is suggesting that life insurance companies in the, they wouldn’t even
be life insurance companies anymore, they would be just sort of like a social
welfare agency, should offer them life insurance at standard or even affordable
rates when someone has hours or months to live.
MR. BLAIR: Actually if I can, I wouldn’t argue with the scenario that you
just offered, what concerns me is that somebody who is in their 20’s and just
starting a family and with the need for life insurance coverage for their
family might be denied life insurance because they have a genetic disposition
to something that might hit them in ten, 15, 20 years and they have a special
need and in this case they’re exactly the ones who will be denied. And I’m just
wondering, I think that from a business standpoint I understand that life
insurance companies want to be able to reduce their risks, I’m just thinking
though that this is a dramatic change —
DR. BILLINGS: One aspect of the dramatic change, another aspect of what
you’re calling a dramatic change is the focus of this technology on childhood,
newborns, the expansion of the number of tests that states are running on
newborns, much less private companies are offering in the newborn and pediatric
period, is breathtaking. And in fact that makes sense because the probability
that you can prevent some risk that you identify through a genetic test in
childhood, you have a longer period of time to prevent the outcome in many
cases. So what we’re going to see and what we are seeing slowly but which will
pick up as the cost points come down and the technology gets a little better is
an explosion of risk and predictive information present in kids, done for
health purposes or for other kinds of social engineering purposes, on children
by their parents with great glee. And I think that that’s going to then have a
lot of younger adults starting to buy contracts for all sorts of things where
that information may actually have some legitimate business purpose or maybe
not such a legitimate business purpose.
MR. ROTHSTEIN: Robbie, did you want to respond? And I would ask you to make
it brief please.
MS. MEYER: Absolutely. I think I would just try to reiterate the fact that
as I said earlier, indeed 98 percent of the people who apply for life insurance
actually are offered coverage, 96 percent of those individuals at standard or
better rates. So unfortunately while we’d like to be able to insure everyone 98
percent of those who apply are approved for coverage. There are thousands of
life insurance companies all over the country that offer different types of
coverage and there are a number of companies that specialize in certain risks
and I would conclude with yes, we are ready to have dramatic change but as we
said earlier a lot of the dramatic change in science has actually made it
possible historically to insure more people at better rates. And even though
more and more tests may be done on children it’s very likely that those tests
are going to tell us good things and not necessarily adverse things about their
health. But in conclusion the vast, vast, vast majority of individuals who
apply for life insurance are offered coverage under the system.
MR. ROTHSTEIN: Ms. Fyffe?
MS. FYFFE: Just as a point of information, I recall reading in my past I
believe that in some other countries there’s a tiered system by federal law
whereby everyone is entitled to a base level life insurance policy without
having to submit medical information, and then if you want to buy something
above that then you do have to submit, can anyone comment about that just so
that folks are aware of that?
DR. HUGUENARD: I’ve heard the same thing sometime but those countries that
you’re referring to tend to be part of the European Union and they have a very
different approach to life insurance as a social good rather then a financial
product sometimes. And so yes, it might be true, I have heard about that —
MR. ROTHSTEIN: Yes, it is true, those are indicated —
DR. HUGUENARD: — but it’s also in a very different system then we have here
and certainly today we have if you will a life insurance product in Social
Security that most people totally ignore and that is that if you are one of
these young people that Jeff referred to over here as having a genetic problem
and you are working your dependents have life insurance coverage under Social
Security that will run until they’re age 18. And certainly in a system where
everyone is required to participate almost anything is coverable when it’s in
small amounts like this, no question.
MS. MEYER: And to that point also years ago —
MR. BLAIR: That’s kind of what I was looking to hear a little bit so thank
you for that point.
MS. MEYER: In England as I think I alluded to the fact that I believe
individuals are required to purchase mortgage insurance when they buy a house
and so insurers were required years ago I think to issue up to 100 pounds of
life insurance without underwriting. The fact that the
MR. ROTHSTEIN: 100,000 —
MS. MEYER: 100,000 pounds, so the fact that the system there is different
which was Joe’s point, the fact that the purchase was or is required there
while it’s voluntary in this country, it makes it so you can’t compare apples
to apples because it’s just a different system and the vulnerability to adverse
selection is different.
MR. ROTHSTEIN: I’d like to switch gears a little bit and move off genetics
for a second and go back to some of the discussion that we held this morning,
and this morning in the introduction session and to some extent in the
employment session we focused on whether it would be possible, feasible, to
develop a way in which the end users of the health information could still get
enough information to do their job but yet not necessarily disclose everything
in the medical file that would include material that was irrelevant for them to
do their job.
And so I would like to ask you, Joe, if you would accept in principle
limitations on the disclosure of medical information to you in your role as a
medical director, in other words to do medical underwriting, and I’ll give you
an example. If you wanted to do this, restrict the way, the amount of
information that insurance companies got you could do it in one of two ways.
You could come up with a list of stuff they can use or a list of stuff they
Just for example I want to go to the list of stuff that they can’t use,
because I think that’s easier, and this morning I mentioned that in a study
that was published in 2003 the number one thing on the list in terms of the
most sensitive medical information according to various patient was abortion
history. And in my knowledge and correct me if I’m wrong, a history of having
an uncomplicated abortion is not a mortality risk for the woman, so the
question is if we could do it somehow would you support some sort of scheme in
which you now get this authorization and you get information, the medical
record, but certain things that by agreement are sensitive and not necessary
for you in your underwriting process just don’t get there.
DR. HUGUENARD: That’s a lot of questions but let me kind of —
MR. ROTHSTEIN: Well, pick two or three.
DR. HUGUENARD: Let me kind of step down here a little bit. First of off just
to reflect back, one of my problems as a medical director if I’m looking at a
case and trying to classify the risk is I have to look at information on
somebody who’s maybe 25 or 30 years old knowing that we’re going to be on that
risk for the next 50 years. Therefore it’s very difficult for me to think of a
list of things, just purely on medical, leaving the social medical things out,
medical things that I wouldn’t want to have access to in certain situations,
not all, most 25 year olds we don’t even go out for extra information. But if
there was a medical problem, they said they saw a doctor and they had some
problem, I’m trying to think of something that I could actually say would not
have an effect on their life over the next 50 years that I might want to look
at on an individual case, so it’s very difficult that way.
I do agree with your conclusion that coming up with a list if we had to have
a list of some type, it’d be much better to be doing it on what cannot rather
then what can, because the can would go like a Webster’s dictionary of all the
things that you might have reason to look at because they have a mortality
effect that you could show somewhere. So if we then go to that question, is
there a list of cannot, what I’d say is insurance today already has a short
list of cannots, we do not ask on the insurance application your racial
background, though that’s always hard to tell anyway, but by public policy it’s
not allowed to be used in insurance at this time. We accept that, we endorse
that and it’s a good public policy position. That’s just not usable.
Now if you’re saying are there certain public policy things that do not have
anything to do —
MR. ROTHSTEIN: No, actually I’m saying something different because in the
area of race we say notwithstanding a demonstrable difference in mortality risk
for policy reasons you can’t use that. In my example I’m saying that because
there are no mortality risks associated with a certain medical condition you
can’t have that, so I think it’s a little different.
DR. HUGUENARD: Well, I agree that your example, would I ever consider a
woman who had an abortion to have a significant mortality effect from that?
Barring some complication which would no longer be the abortion, some infection
or something else, that no, there isn’t. But I would say as a practical matter
you could sit and go through lists and say how many of those will there be and
you know what was on the list as well as I do 15 years ago, it was HIV, so we
could say well that’s the most sensitive thing so we shouldn’t have that. But
that does have —
MR. ROTHSTEIN: Well, the argument was made for other reasons, not because
there was no mortality risk. I recognize that you don’t want the nose of the
camel under the tent and I recognize that there is a sort of a practical
medical problem with what you’re going to put on the list but I’m just trying
to find some level of willingness to accept less then perfect information in
the furtherance of an important privacy goal. I want to ask Dr. Billings if he
wanted to respond —
DR. HUGUENARD: Let me come back, I think the practical limitation that I’m
talking about is not on the life insurer, the practical implication as a
physician I’m thinking about is that me keeping my records in such a way that
that information never gets attached to anything else that’s released, it
becomes almost impossible.
MR. ROTHSTEIN: We talked this morning about a new electronic health record
system in which that information would be in the system but it would not be in
a field that would be released to life insurers.
DR. HUGUENARD: Let me give you a for example, if you are a woman and you go
in for your routine physical quite often your obstetrician will note this is a
woman whose gravita(?) 2, para(?) 1 means she’s had pregnant twice, had one
child, abortus(?) one, means she’s aborted one. It’s just a little note, not on
the abortion but on your overall health care. To go through and cleanse the
record of all those references I think puts just an enormous burden on the
MR. ROTHSTEIN: That’s why we need to do it via an electronic health record
system if that could be developed. Paul?
DR. BILLINGS: I have a couple of responses to your hypothetical, Mark. First
of all as you know whenever studies have been done about the privacy of the
medical record or that privacy has been assessed in medical settings or in
non-medical settings, the privacy of medical record is a kind of a myth right,
in a typical hospitalization, whatever it is, 80 or 90 people assess the
medical record, some of who have good reason to assess it and some of whom have
less then good reasons to assess it. So it would seem to me, and in the limited
way that it’s been done in non-medical settings the same is true, so it would
seem to me that one principle of your system would be consumer notification
each and every time the record is assessed. And I think that what you might
then find is that some companies would then begin to compete on the basis that
they intrude or assess it less, that is they make one assessment and they sort
of respect the privacy of the medical record more. So I would think that built
into an electronic system would be very accurate and timely consumer
notification of assessment of personal information.
The second thing I would say is that rather then listing all the things that
might be excluded from appropriate assessment by a non-covered entity third
party whatever you want to call it, that you might also want to include that
those things that are assess have some evidentiary basis for their assessment.
There are examples within the insurance testing industry of tests which are
used, either as surrogates for other tests or because the cost of the primary
test is too expensive to do on a bulk basis or whatever, where the evidentiary
basis for the use of that test is poor or the test has other informative
capabilities which were not revealed or known. So I would think that you might
hold the industry to an evidentiary basis.
MR. ROTHSTEIN: Okay, I have one quick question and then we’ve got a question
from Dr. Rippen and that is, and I guess this goes to either Robbie or Joe, is
it possible that medical underwriting now involving the use of personal health
information could be done offshore by contractors hired by life insurance
companies? Do you know whether that’s taken place?
MS. MEYER: I don’t know, I mean, Joe, do you? Can you respond to that?
DR. HUGUENARD: If your question is do I know if it’s being done offshore,
no, I haven’t heard of that. Could it possibly be done offshore? Well, there
are people whose jobs have been outsourced in the last year who didn’t think it
was possible, such as some friends that I know that are radiologists whose
x-rays are now being read in India, so I think the answer is could it be, yes,
but I think that might apply to everything every one of us is doing in the
room, could we be offshored, I think ultimately yes.
MR. ROTHSTEIN: The reason I raise that is because of the obvious privacy
concerns when you’re going to someone who’s not even working for a covered
entity and maybe working ten levels down.
MS. MEYER: I can respond to that. I don’t know whether or not and I’d have
to look at whether or not the Unfair Trade Practices Act would extend to
activities performed by a third party contractor and I think they would. But I
have looked into whether or not the privacy obligations under
Gramm-Leach-Bliley to keep information, customer information secure and
confidential we believe very strongly that those obligations extend to
activities by third party service providers. So it doesn’t matter where the
information goes, if an insurance company shares the information outside the
country with a service provider, either an affiliate or non-affiliate outside
the country, they continue to have their Gramm-Leach-Bliley security obligation
MR. ROTHSTEIN: In theory.
MS. MEYER: Well, I think the regulators could come after us to the same
extent they could for violations in this country if in fact they could prove
that it happened, I mean I recognize that’s an issue. But we do feel strongly
that those security obligations that we’re subject to under Gramm-Leach-Bliley
and all the state laws that implement the GLB security obligations continue
regardless of where the activity is taking place.
MR. ROTHSTEIN: Thank you. Dr. Rippen had a question and then Harry.
DR. RIPPEN: One question and just one observation. If you have a member gets
genetic tests and you have that record and they die and their child then wants
to get insurance from your organization, is it possible or would you have
access to the father’s genetic profile?
DR. HUGUENARD: It doesn’t happen I’m sure very often at all but the reality
is that we would have access to what the child gave us in terms of family
history, in other words that a parent died at a certain age. We would not that
I know of be able to access the parent’s medical record because the child
cannot release that —
DR. RIPPEN: No, you already have it though, in theory —
DR. HUGUENARD: You’re saying would it be in our old files? Well, number one,
I doubt, even if we had an inclination we could never find that. And number two
we do not underwrite people from other people’s records, the only person we
underwrite are on the records on that individual.
MR. ROTHSTEIN: So there are states in the United States, Kansas for example
has enacted a law that prohibits insurers doing business in Kansas from
underwriting X on the basis of Y’s records. And so I take it you support that
DR. HUGUENARD: Not only support, I think that’s always been the practice.
And then there was a question off to the side about MIB, MIB does not contain
medical information in the sense that it’s at all usable for underwriting, what
it includes is flags that says somebody was in and had some problem and we
never underwrite from MIB, we simply say ah and then we go back to the
applicant and say can you tell us about this.
DR. RIPPEN: The other observation was there was a discussion about the
usefulness of having genetic information in underwriting in general and then
the perception of the public that they don’t want you to have information,
genetic information and actually would not even have it done because they were
concerned that it might wind up in life insurance. And then we also know that
that information may actually benefit the individual in the future with regard
to treatment which then result in a reduced risk for life insurance. So I guess
in situations like that are there ever approaches to say well this is
information that we would say we wouldn’t, we’d exclude?
DR. HUGUENARD: It would be difficult to say that because I think in order to
keep the system in balance, if you as the applicant know something about your
health and you’re entering into a contract and we’re saying essentially that
we’re going to write a contract that says oh, you’re as healthy as the next
person but you know that isn’t true, there’s a misbalance —
DR. RIPPEN: No, I’m saying before, I mean you decide not to get tested
because you’re concerned, I’m not talking about fraud or implied —
DR. HUGUENARD: You’re talking about behavior in individuals —
DR. RIPPEN: And the implications downstream.
DR. HUGUENARD: My impression is that despite some of the information this
morning most people who do not get genetic testing do not get that because they
don’t want the results, or their family brings pressure, I know a number of
women who have not had breast cancer genetic testing because their sisters
don’t want them to know because it would have implications for them. And I
think there’s many, many things operating and even though I think life
insurance is important I really don’t think it makes the top list of reasons
people don’t get genetic testing today.
MR. ROTHSTEIN: Mr. Reynolds, last question.
MR. REYNOLDS: In the HIPAA privacy rule at least we have covered entities
minimum necessary, I haven’t heard those words come out of your mouth at all, I
haven’t heard those, and especially since we heard some testimony this morning
and in my regular job, when you ask for a medical record, even if you, in other
words you listed for example that you don’t ask for race on an application but
I’m more —
DR. HUGUENARD: — medical record, that’s just something I’ve seen in the
last 30 years.
MR. REYNOLDS: You tend to get a complete record, hospital notes and
everything else —
DR. HUGUENARD: For the period of time and if you’ve told us something —
MR. REYNOLDS: I guess back to Mark’s earlier comments, whether it’s minimum
necessary or whether it’s a list of exclusions or whether it’s the other
things, especially as you, because minimum necessary has at least required
people that are covered under HIPAA —
MS. MEYER: We’re subject to that. Because we, don’t forget we can only get
the information as permitted under HIPAA —
MR. ROTHSTEIN: No, actually you’re not, Robbie, because when you get
pursuant to an authorization the minimum necessary doesn’t apply.
MR. REYNOLDS: Once you get it, there’s a difference between what somebody
sent you because if you ask for, if you get an authorization you are more or
less asking for a particular situation because they wrote down I have this, so
you say okay I want authorization to get your medical information. Most people
don’t know that you’re not just getting the information on that particular
DR. HUGUENARD: No, no, actually when, we’ll tell people that essentially
we’re after, we do not say we’re only going to get the information on your skin
cancer, we say we’ll go after the medical information, because it’s too limited
for us —
MR. REYNOLDS: But as you look at most medical records now tend to deal with
diagnosis and procedures and things that have gone on, when you get into this
genetic testing and everything now you’re starting to get into dramatic future
indicators and those a lot of times will come forward with it.
DR. HUGUENARD: I think I’d use the word potentially dramatic future
indicators because the actual number that are really dramatic indicators in the
future are relatively rare.
MR. REYNOLDS: Well, at this time. And again, you can with technology and
everything now you can stamp a point in time, whether or not that point in time
stays is what we’re trying to oversee, we’re not just making this decision for
today, we’re also hoping to put things in place and put positions in place that
are going to hold for more then an hour and a half of the technology changes
that are going on.
MR. ROTHSTEIN: Well, I want to thank both of you for your fine testimony and
Dr. Billings had a plane to catch and had to leave just a minute ago, it was
very enlightening, appreciate your coming here, we will take a ten minute break
and begin at 2:50 with panel number four and I apologize to the panel four
members for the late start.
MR. ROTHSTEIN: Good afternoon everyone, we are back for the fourth of our
panel discussions today and throughout the day I know our last panel members
didn’t necessarily hear our prior hearings but one of the frustrations that we
had all day was we spotted problems that we would have liked to have been able
to solve and yet we weren’t able to solve them and we were sort of continually
flailing around and working to try to solve them, but fortunately you will
solve all of the problems that we have identified today.
So our first problem solver of the day is Amy Bergner, welcome.
MS. BERGNER: Thank you. I’m Amy Bergner, I’m an attorney with the law firm
of Reed Smith here in Washington but I’m here today on behalf of the Society
for Human Resource Management.
SHRM is the world’s largest association devoted to HR management, it
represents more then 190,000 individual members and the Society’s mission is to
serve the needs of HR professionals by providing the most essential and
comprehensive resources available. As an influential voice the Society’s
mission is also to advance the human resource profession to ensure that HR is
recognized as an essential partner in developing and executing organizational
SHRM is well position to provide unique insight on the issues surrounding
the disclosure of health information in the workplace. HR professionals are at
the forefront of employer benefits in designing and administering health care
plans to recruit and retain employees. In this capacity HR professionals
confront numerous challenges organization face as they strive to balance
legitimate business needs of the organization while maintaining the
confidentiality of personal medical information.
It’s understandable that individuals worry about their health information
being accessed by third parties. Some fear that the unauthorized disclosure of
their medical information will be used to deny them employment or health care
coverage. Some have expressed concerns about protecting their privacy where the
disclosure is made with the individual’s authorization. First let me underscore
that SHRM strongly supports efforts to protect the privacy of medical records
and health information in the workplace. However, there are certain disclosures
of health information that are legitimate and necessary for the employer in the
process of administering benefits.
SHRM believes that protecting the confidentiality of medical information in
the workplace is a high priority yet employers must negotiate the balance
between an employee’s right to privacy and the employer’s legitimate need for
essential health related information. SHRM recognizes that health information
should not be disclosed to an employer for unlawful reasons, such as decisions
to hire or to terminate employment because of a disability.
Employers already have to comply with numerous laws, including the Americans
with Disabilities Act, the Family and Medical Leave Act, worker’s compensation
laws, and the HIPAA privacy rules. A fundamental element of each is the
collection and use of an employee’s medical information.
My remarks will focus on the following areas, fist, the legitimate need for
health information by employers, second, the challenges for employers in
protecting employee health information, and third, the steps or approaches
employers are taking to safeguard this sensitive information.
Probably the primary area in which HR professionals come across employee
health information is in the area of health care plan design and
administration. Of course a motivated and productive workforce is key to the
success of any organization and employee benefits are a critical component of
that. Health care coverage is one of the most important but also the most
expensive benefits that employers provide. In designing, implementing and
administering this benefit HR professionals and their outside consultants need
access to individual health information.
In designing the appropriate health care benefits for its workforce HR
professionals depend on access to plan beneficiaries’ health information to
determine the features and levels of benefits offered in their plans. For
example, in setting annual out of pocket limits the employer needs to have
health claim data on expenses based on its particular workforce. Similarly HR
professionals need health information to assess plan design and operation and
make changes where appropriate. While most of this data is in aggregate form
individual data is at times also necessary and should be readily available to
the HR staff who need it.
In health care plan administration HR professionals frequently engage
outside consultants to provide them with methods and programs for among other
things identifying and treating high risk, chronically ill or seriously ill
employees more effectively then can be done under their existing health plan
programs. In those circumstances HR managers and others will often need access
to relevant health information from employees, their families, and their
providers, and share that information with consultants. They may also need to
receive health information from the consultants directly.
An HR professional in many instances will also need and use summary health
information and that sort of information is already governed by HIPAA which
permits the use and disclosure of health information and permits limited
disclosure without authorization.
Finally employers use health information to assess an employee’s eligibility
for other non-health benefits, including disability, worker’s comp, wellness
benefits, and some employee assistance plan functions such as tracking
compliance with substance abuse treatment programs. In those programs employee
information often must be shared among the different benefit programs in order
to allow an employer to design, manage, and tailor their health benefit plans
more appropriately to meet the needs of the employee population, to improve
health benefits effectiveness and quality, and to manage the various programs
more cost efficiently.
Of course the HIPAA privacy rule already permits a group health plan to
disclose individually identifiable health information to an employer that
sponsors the health plan provided the information is used for plan
administration purposes. In order for a group health plan to disclose
information to the employer there are a number of administrative steps that
have to be taken including amendment of the plan documents and certification by
the employer. The employer is also required to establish firewalls so that only
employees who need health information to perform functions on behalf of the
group health plan have access to such information. And of course the minimum
necessary standards of the HIPAA privacy rule also apply.
One of HIPAA’s main objectives is to ensure that employers don’t misuse
employee’s private health information available to the employer through the
sponsorship of the group health plans. So of course it would be illegal for a
supervisor to ask someone in the HR department whether an employee who’s up for
a promotion has a chronic health problem that might interfere with
HR professionals also obtain health information in the process of advocating
on behalf of plan participants with benefit questions, disputes, or appeals.
And this is one of the areas that has probably caused the greatest challenge
post HIPAA to HR professionals. It’s not uncommon for an employee to ask HR to
contact the health plan on the employee’s behalf to get a claim paid or to
inquire about a covered benefit. Administering the health care benefits from an
HR professional’s perspective also includes helping employees understand the
benefits and the processes. And in many ways HIPAA has made administering
health care benefits more challenging. In practical terms compliance with the
HIPAA privacy rule in the context of an employer’s group health plan tends to
delay the resolution of certain issues and can create confusion and frustration
Turning to disease management and wellness programs, which are also kind of
cutting edge programs that a lot of companies are implementing now, employers
are embracing disease management programs to improve the health of their
workforce. We help a patient work with physicians to manage chronic conditions
like asthma, diabetes, heart disease, to improve quality of life, and can
potentially help prevent emergency care or hospitalization needs. Disease
management programs increase productivity and reduce medical insurance costs,
both of which can have a dramatic effect on the bottom line.
But in determining whether their organization is a good candidate for a
disease management program HR professionals and their outside consultants start
by gathering data on the frequency, severity and consequences of diseases and
illnesses among their workforce. The information is often gathered from claims
data provided by the health insurance plan or the insurance company that is
administering the plan and the prescription drug plan. In most instances, and
as many HR professionals would prefer, this information has no individual
identifiers but rather reflects population based data. Information is then used
to structure a disease management program that best meets the needs of the
workforce. So in analyzing the claims data the HR professional and outside
consultants can determine the workforce’s disease profile, for example they may
decide that the disease management program should focus on chronic diseases
like diabetes or asthma rather then conditions that are not as prevalent in
this particular workforce like hypertension or allergies.
Employer sponsored wellness programs are another instance where employers
may uncover health information. Faced with continued increases in premiums many
employers have implemented wellness programs to improve the overall health of
their workforce and control costs. According to a recent SHRM study 56 percent
of organizations are providing wellness programs for their employees.
Establishing a wellness program often involves a confidential individualized
health risk assessment done by an outside consultant for each individual who
signs up for it and provides him or her with a roadmap of how best to lower his
or her individual health risks. In conducting the risk assessment information
is collected that may include family history, blood samples for cholesterol
screening, and other health information. Employers that are offering wellness
programs aren’t conducting these programs to gather health information on
employees, but rather simply trying to improve the health and safety of their
workforce and plan beneficiaries.
In most instances employers don’t receive the results of these individual
risk assessments and therefore they don’t receive or maintain individual health
information. However, in order for employers to measure the value of such
programs they need access to aggregate level health information such as
utilization rates or treatment outcomes. This type of analysis assists
employers in determining the appropriate programs to implement as well as to
determine if the wellness program is meeting the goal of a healthier employee
Employee assistance programs have been around a little bit longer and they
provide services that allow organizations to help employees and their families
identifying and resolving personal concerns that may include health, alcohol,
drug, legal, and other issues that can affect job performance. In most cases HR
professionals only learn of an employee accessing these EAP type benefits when
the employee voluntarily requests information. In this context the HR
professional will protect the employee’s privacy by keeping the information
volunteered by the employee confidential and indeed most contracts between EAP
providers and employers specifically state that the information the employee
provides to the EAP is confidential and not accessible to the employer.
In other cases there may be mandatory referrals to an EAP in the event of a
substance abuse situation, many companies require a mandatory referral to an
EAP after an employee has turned up with a substance abuse program. The EAP
would have authorization to disclose limited information to specific
individuals at the employer who have responsibility for monitoring the
employee’s adherence to the EAP program. For example the EAP might report that
the employee had attended three out of five sessions but they wouldn’t
necessarily report any particular individual health information or treatment.
In some cases these disclosures are already subject to the HIPAA privacy
rule, or as I mentioned the contract between the EAP provider and the employer
already contains confidentiality provisions. In other cases internal procedures
of the company would require the HR or other internal staff to protect the
employee’s privacy. Other areas where HR professionals come into employee
health information in the work context would involve pre-employment screenings,
worker’s compensation, workplace safety, and family and medical leave requests.
I’m just going to touch briefly on the Family and Medical Leave Act
situation because that’s probably the most prevalent situation where HR
professionals would come into medical, more detailed medical information. As
you know the FMLA allows an employee to take up to 12 weeks of unpaid leave for
a serious health condition of the employee or a family member. In order for an
organization to determine whether an employee qualified for this type of leave
the employer has to collect relevant medical information on the nature of the
serious health condition. An employer may and often does require a doctor’s
written certification before an employee takes medical leave for a serious
The documentation received in the form of this certification is considered
an employment record, not a health care record, and is technically not subject
to HIPAA. Nevertheless in practice employers treat such records as confidential
and use them solely to verify the need for leave, the extent of the leave, the
employee’s fitness to return to work, or any schedule accommodations that might
be required after an employee’s return. Requiring any additional layers of
screening of health information could delay an employer’s ability to grant the
medical leave, which would negatively impact the employee and would fail to
secure additional protections.
I know that you’re anxious to have us solve the problem so I’m going to skip
over some of the prepared remarks and if you have questions about some of those
areas we can go to them later.
Now I’d like to briefly summarize the challenges for employers in protecting
employee health information. The administrative burden, including oversight,
reporting, disclosure, tracking, legal and staff training activities and the
expense of compliance with the numerous federal and state laws that govern
employer’s use of health information may be overwhelming for employers. HIPAA
has already resulted in major new expenditures for employers, including
expenses for redirection of staff time to compliance activities, software and
hardware acquisitions, and lost business opportunities. Now employers are in
the process of complying with the adjunct HIPAA security regulations, also a
time consuming and costly effort.
Ensuring legal compliance with the vast array of federal and state human
resource laws is growing increasingly complex. According to the SHRM 2004-2005
workplace forecast strategic outlook the most important HR trend that impacts
the workplace is the growing complexity of legal compliance. Moreover penalties
for violating HIPAA’s privacy regulations loom large over employers, civil
penalties of course can be assessed up to $100 dollars per day per violation to
$25,000 dollars per violation.
SHRM believes that a voluntary common sense approach built on best practices
and current law represents the most appropriate approach to the issues
surrounding third party disclosures of health information in the workplace.
SHRM members already are subject to numerous laws and regulations governing the
privacy and confidentiality of health information. Aside from these mandatory
approaches most HR professionals have adopted policies or procedures that are
designed to safeguard individual health information. Even prior to the HIPAA
privacy rule employers had taken numerous steps to safeguard employee health
information. For example employers never allow health information to be
reviewed by employees that do not have a need to know.
In complying with the HIPAA privacy rule many employers have already looked
at their policies and procedures with respect to all types of health
information. For example under HIPAA in order to protect employee health
information employers must develop appropriate safeguards to protect against
unintended disclosures of private health information in their group health
plans. In conjunction with that activity many employers extended the same or
similar safeguards to non-group health plan health information. Employers have
implemented internal policies governing access to medical records, including
keeping a log to record when an employee’s health information is disclosed.
Employers must provide and document the training of employees who have access
to health information as well as develop a system of sanction for those
individuals who violate the privacy policies and safeguards. It’s safe to say
that the level of understanding and sensitivity to the confidentiality of
health information in the workplace has been much heightened since HIPAA.
While SHRM sees safeguarding employee health information in the workplace as
a high priority SHRM believes that current law adequately protects the privacy
of employee health information. Any proposal that would mandate new laws for
employers regarding the privacy of health information would be a serious
concern to SHRM and its members. In addition SHRM would caution against any
approach that would add to the time and cost of compliance with the existing
protections for health information as the ability to respond to the needs of
both the employer and the employee in a timely manner is critical.
Further, any third party involvement would likely result in more frustration
and inaccuracies for all involved and would be counterproductive and may
increase the probability of unauthorized disclosures of health information.
In conclusion it’s important to keep in mind when this body is providing
recommendations to public policy makers that the collection and flow of
employee information is an important issue for employers. In many respects
employment information is a double edged sword, with proper information
employers can make informed employment related decisions and provide wonderful
benefits for their employees, improving the quality of their life. As a general
rule employers should only collect information that they may legally use in
making employment decisions, ensure such information is properly retained, and
limit access to the information.
I’d like to thank the committee for the opportunity to appear before you
today and will be pleased to respond to any of your questions regarding my
MR. ROTHSTEIN: Thank you very much, I know we’re going to have some
questions for you but we will defer for a few minutes until we hear from the
rest of our panelists, Dr. Baker, please.
DR. BAKER: My name is Dixie Baker and I’m group vice president for
technology and the chief technology officer for the health and life sciences
practices at Science Applications International Corporation. I’ve worked in the
areas of information protection and high assurance architecture for over two
decades and for the past six years I’ve applied my knowledge and expertise to
the areas of health care and public health. Today I am representing the
Healthcare Information and Management Systems Society, or HIMSS, the large
membership organization representing health care information systems, users,
vendors, and consultants.
We applaud the subcommittee’s recognition of the privacy risks posed by the
release of electronic health records to third parties. Clearly given today’s
technology and business environment limiting the exposure of electronic health
information released to third parties is a daunting challenge. Yet some
emerging and existing technologies offer potential solutions. I will begin my
testimony today by describing the prevailing security model. Then I will set
forth the business and personal imperatives that drive a set of requirements.
Then finally I will describe what I see as the most promising technology
The historical and currently prevailing security model is based on the
granting and denying of subjects’ requests to access objects. Security
mediation and enforcement within this model consists of four steps, the
authentication of the subject’s identity, mapping the subject’s identity to a
set of access rules relating to the requested object or privileged action,
allowing or denying access to the requested object or privileged action, and
finally auditing the access or action.
This model is designed to keep the bad guys out, it’s not very useful for
allowing controlled sharing and collaboration. The first problem is that this
model assumes and requires that all subjects and objects be under the control
of a single trusted mediator. Secondly, this model is too rigid, it does not
allow context-specific flexibility. For example, the model does not allow for
emergency access as required by the Health Insurance Portability and
Accountability Act security rule. Third, this model enforces security policies
on protected objects at a uniform level of granularity throughout the system
with protected objects usually taking the form of files, folders, database
tables, and file systems.
Finally, this model does not enable security policy to persist throughout
the life of the object, when a subject is granted read access to an object she
is also able to copy that object and can then share it with others. For
example, if I’m able to read a file I can save it to another name and email a
copy to whomever I choose. Today, the ease with which digital files can be
copied and transmitted is resulting in serious breaches of copyright laws,
particularly in the entertainment industry, we see that in the paper daily.
Cryptographic schemes follow this same basic model with two important
exceptions. First, encryption is applied to data and not to the objects in
which those data are stored. The bad buy might have access to a file containing
secret data but if those data are encrypted then the information is still
protected. Secondly, cryptographic solutions control access to information
through the distribution of secret keys rather then by mediating each subject’s
access to an object. That is at some point someone, or something, authorizes a
subject to access encrypted data by giving them a secret cryptographic key.
Once they have this key they can unlock the data whenever they want with no
further mediation required.
Public-key cryptography adds a new twist by eliminating the need for the two
people to share a single secret key. Public-key cryptography uses two keys that
are mathematically related in a way that if one is used to encrypt data the
other is needed to decrypt those data. One key is made public and the other is
kept private. So if I want to give someone access to my data I simply encrypt
the data using the person’s public key so that the only person who can decrypt
the data is the person holding the associated private key.
The business imperative we are addressing today is the need for third
parties, such as employers and insurance companies, to review individual’s
health information in order to effectively manage business risks that might be
accrued in a relation with that individual. Naturally the third parties’ desire
is to have as much of the individual’s health information as possible so that
they can construct a complete picture of associated risks, and I think you’ve
heard multiple instances of that today.
The personal imperative is to protect personal privacy by releasing a
minimal set of information to as few people as possible. Further, we want
assurance that the rules we place on our information will be enforced into
perpetuity, not just for the initial release. We do not want our insurer to be
able to pass our health information on to other business partners. Because
privacy is values-based no consistent set of rules will work for every person
or with every third party.
These conflicting business and personal imperatives present a significant
challenge from both social and technological perspectives. Addressing these
imperatives is clearly beyond the reach of today’s security technology model
and clearly beyond what is required by the HIPAA security regulation.
To effectively and safely share information with third parties requires a
solution capable of operating across multiple organizations governed by
different security policies and controls. The solution must enable the owner of
an electronic health record to assign privacy attributes in accordance with his
own value system, within the bounds of law and regulations. These attributes,
captured as metadata, must persist with the information throughout its
lifecycle and must be uniformly interpreted and translated into security rules
that are enforced across enterprises, organizations, applications, and systems.
This will require the specification and adoption of uniform metadata standards
for representing privacy attributes.
To assure the integrity of the rules captured the solution must be capable
of authenticating the identity of the owner of the information, that is the
individual or system authorized to establish the security rules to be enforced
with respect to that information and the third party to which the information
is authorized for release. The solution almost must be capable of
authenticating the data. That is, assurance must be provided that the data that
are shared, and the rules governing their release, are authentic and have not
been corrupted or modified in any unauthorized way. The specific granularity of
protection must be flexible enough to be applied to a complete medical record
or to an ICD-9 code or to anything in between.
We also need for the security solution to be able to evolve with technology.
For example, encryption historically has struggled to keep one step ahead of
the speed of processors. As processors have gotten faster and more recently as
processors have begun to collude with each other, both the complexity of
encryption algorithms and the length of encryption keys have had to be
I want now to address the feasibility of using technology to address the
challenge of providing continuing protection of personal privacy when
electronic health records are released to third parties. My objective here is
not to recommend a particular solution but to assure you that this is not an
intractable problem. Existing and emerging technologies can be applied to
effectively manage the risks associated with third party release of electronic
The technology that I believe is the most capable of meeting the
requirements we’ve discussed is digital rights management, commonly called DRM.
DRM is a highly controversial technology developed primarily to enforce
copyright protection on digital content distributed over the internet such as
eBooks, music, and movies. Ironically the controversy around DRM stems from the
perception that the very features that make DRM attractive for controlling
electronic health records released to third parties are in fact serious threats
to individual privacy. Specifically DRM systems enforce restrictions on what
individuals can do with copies of works they have purchased, and collect
information about purchasers’ activities and report back to the copyright
owner, both viewed by many as infringements on personal privacy.
The first generation of DRM emerged in the mid-1990s and used access control
and encryption to lock content and to limit its distribution to only those who
had paid for it. The second generation has greatly expanded the capabilities of
DRM to include a broad range of technologies that give parties varying degrees
of control over how digital content and services are used, including by whom
and under what conditions. A DRM system enforces usage rights based on
originator-controlled policies addressing permissions, constraints,
obligations, and rights holders, and automates a workflow that includes the
First, a user obtains an encrypted resource, such as an eBook, a video, or
an electronic health record, and attempts some use of it.
Second, a trusted DRM client sends the attributes of the user’s request to a
license server, which checks applicable policies to determine whether the
requested use is allowed.
Third, a financial transaction may be conducted, if required, for example in
the case of movies.
Fourth, a license server constructs a license package consisting of a rights
specification, identifies, revocation information and cryptographic keys to the
content and returns it to the DRM client over a secure connection.
Fifth, the DRM client authenticates the license package, evaluates the
policies, decrypts the content, and issues an authorization to a viewing
And finally the client, the content is rendered in accordance with the
First generation DRM solutions were proprietary, client applications that
offered very weak assurance. However, as trusted computing principles are
migrating into end-user systems DRM is being implemented at the operating
system level, increasing its practical application and its market demand. DRM
policies are explicit, conditional statements written using standard policy
language to specify how to handle actions that authenticated users attempt on
protected resources. For example, a DRM policy applies to an electronic health
record might enable an insurance company to review those portions of the record
necessary for coverage authorization purposes, but not allow the record to be
saved on the company’s server. Sound familiar, Mark?
MR. ROTHSTEIN: My head is spinning —
DR. BAKER: A number of vendors, industry groups, and standards bodies are
involved in DRM standardization efforts. A proposed XML based Rights Expression
Language, REL, standard called eXtensible rights Markup Language, or XrML, is
widely considered the most technically capable rights expression language. The
Motion Picture Experts Group, or MPEG, a working group of the International
Standards Organization, used XrML as the basis for its own REL. The MPEG REL
and its associated Rights Data Dictionary establish standards for managing the
consumption rights of all forms of content. Although the MPEG REL is targeted
toward the protection of rights for coded representations of digital audio and
video the Open eBook Forum is using the MPEG REL specification as the basis for
its REL specification for digital text, and I believe it could serve as the
basis for developing an REL specification for electronic health records.
DRM Technology could be useful in defining rights associated with electronic
health records and in enforcing those rights as these records are passed to
third parties. The ability to control and to receive reports on what third
parties do with the records released to them would indeed be highly valuable in
protecting individual privacy while enabling sharing. A DRM solution could
enable the direct transfer of electronic health records from health care
providers to third parties, with assurance that privacy rules would be enforced
throughout the lifetime of that information. This solution would require that
the health care provider implement a DRM server and that third parties
implement DRM clients, something that is likely to become a standard feature of
personal computer operating systems in the relatively near future.
Unfortunately, at this point, DRM is mired in controversy and plagued by
accusations of patent infringements, which would thwart efforts to develop and
implement open standards.
A more immediately feasible, though less capable, approach the health care
industry could consider is the use of a trusted intermediary to manage the
sharing of electronic health records with third parties in accordance with
privacy rules prescribed by the information owners. In this solution the
trusted third party could use the prevailing security model, that I discussed
earlier, and existing technology to enable a patient to authorize the sharing
of specific information with a designated third party. Many, though not all, of
the functions provided by DRM could be implemented using this model.
For example, the trusted intermediary could provide a user interface that
would enable an individual to request and authorize the sharing of her
electronic health record and to prescribe specific permissions, constraints,
and obligations relating to that information. These rules could be managed in a
relational database management system and enforced at the time the third party
requested access. Screen sharing technology could be used to prevent third
parties from making copies of the information and sharing it in unauthorized
ways. That is, third parties would be able to display an image of the
information on their screens but the data would not persist as a file on the
client machine. While disabling the print screen capability would require a
more complex solution simply replacing a file transfer with a shared screen
image would greatly increase the privacy protection afforded to the patient.
More complex rules that DRM technology enables, such as enforcing a limit on
the number of digital copies that can be made, would not be possible using this
Of course the trusted intermediary itself would need to gain the trust of
record owners that their health information would be managed safety and
responsibly. In order to do that the intermediary would need to be perceived as
independent and trustworthy. The intermediary would need to implement very
strong security protection and to communicate these protections in a way that
would provide users assurance that their information was safe. Also, depending
upon the business model, the trusted intermediary might need to execute
business associate agreements with the health care organizations that provided
protected health information to them.
Both DRM and trusted intermediary solutions assume the availability of a
security infrastructure that includes user authentication, metadata management,
cryptography, and auditing. Authentication is required to irrefutably establish
the identity of the health record owner and the third party to whom the
information is being released. Metadata will be needed to specify the rules in
XrML and to specify confidentiality attributes. The evolving HL7 clinical
document architecture standard could be useful in standardizing the metadata
used for electronic health record sharing.
Cryptographic capabilities will be needed to protect data confidentiality,
data integrity, and data authenticity. A trusted intermediary will want to
encrypt data stored in its repository. Both DRM and trusted intermediary
solutions will require an encrypted communication link, such as secure sockets
layer, or SSL, to protect information exchanged between the information
provider and the third party to whom that information is being released. SSL
protection will be required for exchanges between the information provider and
the information owner, for example, for enabling the owner to specify rules to
be enforced. Also, both solutions could potentially use public key encryption
as part of their user authentication strategies.
In conclusion, thank you very much for the opportunity to present this
testimony and to get me thinking about these problems. I hope that I’ve given
you useful information about some of the existing and emerging technologies
that could be applied to the protection of electronic health records released
to third parties. As a strong advocate of initiatives and standards to advance
the implementation and use of electronic health records HIMSS is gratified to
have the opportunity to contribute to your work. As an organization recognized
for its expertise in health care information legislation, regulations,
policies, standards, technologies, and practices HIMSS continues to dedicate
resources toward activities that contribute to the advancement of the safe
exchange of electronic health records. Uniform adoption of data standards in
health care is critical to our vision of advancing the best use of information
and management systems for the betterment of human health. We look forward to
working with other industry leaders and the Subcommittee on Privacy and
Confidentiality to further this cause.
MR. ROTHSTEIN: Thank you very much, I do have several questions for you but
they will wait until after Mr. Tayloe’s presentation, thank you for joining us.
MR. TAYLOE: Thank you. Good afternoon, I’m Keith Tayloe, president of Portal
Dynamics, thank you for the opportunity to address the subcommittee today on
the topic of third party disclosure of health information. My comments today do
not represent a specific position of Portal Dynamics, rather my comments
represent the convergence of more then two decades of experience providing IT
solutions to government organizations and for-profit entities with my
experience buying and administering health care benefits for employees, with my
experience implementing health care legislation for the federal government,
with my experience as a doctoral student pursuing the future of computing, and
my personal experiences as a health care consumer and caregiver.
Throughout my comments I will refer to the phrase personal health
information. I use this phrase to refer to any and all data about the past,
present, and future physical or mental health of an individual.
Any discussion or comment on third party disclosure of health information
needs to have context. In today’s post-HIPAA world personal health information
is owned and controlled by the health care provider by default though HIPAA
provides recognition that consumers have an ownership stake in their personal
health information. In this bilateral context a discussion of when and how
personal health information can be disclosed to a third party for any purpose
However, I believe that current and future discussions of third party
disclosure need to be focused in a different context, one that is the current
and future reality where consumers exercise ownership responsibility for their
personal health information and any question of disclosure is a two party
question and not a three party question. The Framework for Strategic Action
formulated by HHS in response to the President’s April 2004 Executive Order
promotes a vision of a customer centered and information rich health care
industry. Engaging the consumer is increasingly positioned as a fix for a
health care system in need of repair. Unfortunately, consumer driven health
care will only be a panacea unless the consumer is allowed to drive.
Engaging the consumer as a catalyst to improve the quality and efficiency of
health care requires the simple recognition that the consumer is the owner of
and controller of their personal health information. HIPAA implies as much and
there is nascent agreement across a broad population of individuals and
organizations that the consumer owns their personal health information. The
Confidentiality, Ethics, Privacy AND Access Breakout Group at the 2004 National
Health Information Infrastructure Conference recommended that a regulation be
established that will “assign ownership of the electronic health record to
the consumer.” I salute this group’s intent and suggest that the wording
should be changed to read acknowledge ownership of the electronic health record
by the consumer.
What I am suggesting today is more then a token declaration acknowledging
that ownership of personal health information rests with the consumer. I am
suggesting that consumers initiate and maintain their electronic health record
based on government and health care industry standards. This consumer managed
electronic health record provides a summary picture of the past, present, and
future physical and mental health of the consumer, and it provides the pointer
to the detailed records that reside with the individual health care providers.
When a consumer seeks health care services they grant access to or unlock their
electronic health record at the time of service. Consumers can choose to
support studies or other requests for health care information by making
information available from their electronic health record without including
identifying information. This keeps the consumer in complete control of their
personal health information. With consumer managed electronic health records
the question of disclosure is a direct, addressable question.
There are many potential objections to putting electronic health records in
the hands of consumers. Many of these potential objections stem from current
mental models that promote assigning ownership versus acknowledging ownership.
Other potential objections stem from misconceptions that a vast national
infrastructure is needed to store and forward health care information.
Technically there are no barriers to putting electronic health records in the
hands of consumers. Advances in peer to peer computing that do not require
servers or central administration and leverage the current internet
infrastructure can support this approach to consumer centered health care
today. Practically speaking consumers do not need a vast national
infrastructure to begin management their personal health information.
Putting electronic health records in the hands of consumers is not a silver
bullet that will improve the quality and efficiency of health care overnight.
Putting electronic health records in the hands of the consumers will begin to
improve the quality and efficiency of health care tomorrow. More importantly it
will unleash the inherent innovation in the marketplace and force the health
care industry to be responsive. The lessons of the internet provide the best
testimony to the potential of the consumer. We can now place our own orders,
track our shipments, book travel arrangements, get home loans, and manage our
stock portfolios when and where we want to thanks to consumer demand and
Within the health care industry the pharmaceutical industry offers two
strong testimonials about the power of the consumer. First, pharmaceutical
companies clearly believe consumers can and will influence their doctors, as
demonstrated by the unending barrage of drug commercials that dominate
television advertising. Second, every bus load of senior citizens heading to a
Canadian pharmacy is a bus load of consumers driving health care.
In closing I recommend that the topic of third party disclosure be deferred
to the consumer. Let consumer demand drive the quality and efficiency of health
care by letting the consumer drive their electronic health records. Let the
consumer decide whether or not personal health care information should be
disclosed. Let the consumer decide the terms for that disclosure. Consumer
managed electronic health records will provide more information. More
information will lead to better diagnoses, better decisions, and fewer errors.
MR. ROTHSTEIN: Thank you for a very provocative presentation and I’m sure if
no one else maybe some of your other panel members would have some remarks to
make. The floor is open for questions. Harry?
MR. REYNOLDS: Excellent. First I’d like to thank you Ms. Bergner because
that’s, I’ve been looking at HIPAA for a long time and that’s one of the best
summaries of how employers ought to look at health data and I’m glad it’s
public now, I think it’s nicely usable for others.
MS. BERGNER: Thank you.
MR. REYNOLDS: Ms. Baker, really interesting, I was really interested in your
approach. Also wonder if you’ve extrapolated it, once you have the situation
where a third party could get the information, let’s say that the health record
was in the hospital and a payer got it. Obviously they can’t copy it, I’m
looking at page nine of your testimony, have you extrapolated that if at that
point anything that they extracted off there they would have to capture?
Because obviously what’s going to happen, anybody that asks for records
obviously when they make a decision using those records they’re going to have
to show some idea that what information they used to decide what they’re going
to do, they’re going to have to document something because obviously you don’t,
you don’t look at a screen, look at a medical record and then go I’m going to
deny it, or anybody, I’m going to change coverage if you’re somebody else, what
treatment is or any of that, regardless of who gets it. So somebody has to keep
some documentation as to what they did, didn’t do, how they did or didn’t do
it, and so what would be your thought process on how that might be done.
DR. BAKER: Well, first of all exactly what they can do with the information
looking at the DRM solution is defined in the policy that is included with the
data in terms, in the form of metadata. So depending on what the rules were
industry wise, like I heard some rules from the life insurance industry here,
it may be that you would have to include rules where they could in fact make a
copy of some piece of the information.
In other cases you may just want them to be able to look at the information
and check a box and say yes, I’ve looked at this, this person does qualify for
health insurance through our employee health plan let’s say. And that employer
does not, I’m no HR expert but I wouldn’t think the employer would have to
retain a whole lot of information about that, I would think that that would be
more of a matter of reviewing some information against some criteria that the
employer had and say yes, they qualify or no they don’t.
So it would depend on the situation what you really had to capture but the
technology would allow you to either capture it or not.
MR. REYNOLDS: Mr. Tayloe, with your idea of the consumer owning their own
record with, the internet to many of us in certain segment of the country and
certain segments of business and everything else have access to things like the
internet and others, how do you see it working for those people who really
don’t have quite the access and with the fact that medical records are still in
many disparate locations, and yes, at some point we may get a central one but
they’re still in a lot of disparate locations, how would you see?
MR. TAYLOE: Well, the key organizational unit that needs to have access to
the internet would be the health care providers, the individual, all they would
need depending on how it would be implemented would be the physical key, the
physical device, whatever that they had that stored, some restored the index of
providers. What I’m promoting through the internet is exactly that, leave those
records distributed, it’s a question of how much information do you need at
what point in time and by whom, that information would then be viewed,
accessed, at the point it’s needed without bringing them together. So it is in
fact possible for an individual with no computer and no internet access to
still manage their own electronic health record depending on the media chosen
to do that.
MR. REYNOLDS: So you’re recommending, they’re kind of building an index.
MR. TAYLOE: They’re building an index, correct.
MR. ROTHSTEIN: I have a question for each of you and let me start with Ms.
Bergner. On the last page of your testimony you say, this is the second to the
last sentence, thus as a general rule employers should only collect information
that they may legally use in making employment decisions. Okay, I’ll just stop
there because that’s what I want to focus on. The way the law currently stands
now, and we talked about this in the employment panel earlier, after a
conditional offer of employment as a condition of employment the prospective
employee can be required to sign an authorization releasing to the company all
of their medical records of any type without restriction. All of that
information cannot be used however because if a job offer is withdrawn, etc.,
etc., etc. So do I, am I correct in drawing from that sentence of yours some
support for the notion that employment entrance examinations as used in Section
102(D)(3) of the Americans with Disabilities Act, or pre-placement
examinations, which are now unlimited in 48 states, you might not object to
having a job relatedness condition imposed on that because that is information
that can be legally used, in other words we’ll get in a minute to the issue of
how you might get that information segregated but in theory at least is it
SHRM’s position that restriction post offer examinations and inquiries to job
related information would be acceptable?
MS. BERGNER: I don’t think SHRM has a definitive position on that right now,
I don’t think there’s any specific proposal out there to amend the ADA in that
way. But certainly I think it’s, as a general rule employers aren’t anxious to
have a lot of extraneous health information about their employees.
MR. ROTHSTEIN: Actually about five years ago, maybe a few years more then
that, I was actually working with SHRM on a proposal to do as I described as an
alternative to enacting all these what I consider to be ill-conceived state
genetic non-discrimination laws. Because if you had a law that said you could
only get job related information you wouldn’t get any genetic information to
begin with and you wouldn’t have to face all the definitional questions and it
would then be the same standard that applies to current employees when it’s
only job related. And it seemed to me that would be easier for everybody
concerned but that never went anywhere either, like most of my ideas. And I
just wanted to see if you were in general support of that.
MR. BERGNER: Well, I think it bears further discussion certainly.
MR. ROTHSTEIN: Okay, I want to skip Dr. Baker for a second because I think
logically, the way my mind works at least, I want to go to Mr. Tayloe first
with a question. If the individual maintained control over his or her
electronic health record, and incidentally that’s the topic of our February
hearings on patient control of health information, what would stop an insurance
company from saying to that individual if you want to apply for life insurance
or disability insurance I want all of your health records, send me everything.
MR. TAYLOE: It is the free market so that’s what puts the consumer at that
risk if it in fact it was done that way.
MR. ROTHSTEIN: So changing the “ownership” from the health care
providers to the patient or the individual really in your model still doesn’t
get around the question of how much information they can use their economic
leverage to require to be disclosed to them. So we would need to do something
MR. TAYLOE: Correct.
MR. ROTHSTEIN: So now I’m to Dr. Baker and the question is what is that
something else to. Under either the DRM technology or the trusted intermediary
model wouldn’t we still need to come up with some way, somebody, some
algorithm, we’d have to make a decision as to which, where to make the cuts of
the information that’s disclosable versus non-disclosable to any particular
DR. BAKER: I’m not sure we have to make —
MR. ROTHSTEIN: Somebody does.
DR. BAKER: I suspect, well, I think, this is an area, a point I kind of
agree with Keith on, I think the default should be that the consumer decides
that, if it’s your health record. And privacy, privacy as I mentioned in my
statement, it’s a value based concept and what one person thinks is absolutely
not disclosable to anybody under any circumstances may be totally open for
public scrutiny to another individual. So it’s really hard, yeah, we have the
technology that if somebody gives me a list of things that they want protected
and things that can be released I certainly can implement a system that will do
that. But I think coming up with a single set of rules that is acceptable to
every patient and every provider, organization, across the board I think is a
really difficult challenge.
I also think that the whole issue of even giving patients authority to
decide what to share and what to not, that will vary on the capability of the
MR. ROTHSTEIN: Well, I mean just as a guess, our friends from the life
insurance industry might not be crazy about the idea of the applicant deciding
how much health information they want to send to the life insurance company.
And so what we’ve been searching for is a way that we can protect the sensitive
non-essential health information in some sort of objective way from getting to
third parties who can compel these authorizations for broad disclosure. And I
recognize that the trusted intermediary model and the DRM may be sort of a
technical solution but that’s I think a downstream sort of issue from the
fundamental question of what information gets through that system.
I also think that, I have some concerns about whether it might be too
expensive or too complicated for like small employers to use that. For a large
hospital chain they might be, they’ve spent a zillion dollars to comply with
HIPAA, this might not be that much more but for a small mom and pop operation I
just, I have some questions about that.
So I’ve asked too many —
DR. BAKER: Let me, I think, I’m sorry I missed your question, what you were
really talking about is how do you come up with this low water mark of what is
the minimum, maximum that can be disclosed to —
MR. ROTHSTEIN: Right, and see in the employment context we already have this
standard of job relatedness, it’s part of the ADA, it’s I think what HR people
are accustomed to in other contexts, if we could only deliver that, I don’t
know that we can yet, they might be satisfied with that, I don’t know what
would satisfy the insurance companies. But what I think you’re giving us is a
very interesting suggestion about the technology that might deliver that after
we make this sort of substantive call.
DR. BAKER: Which is what I was asked to do.
MR. ROTHSTEIN: Which I appreciate your doing that. So we’ll go to Kathleen,
then Marjorie, and then Helga.
MS. FYFFE: Everyone, thank you very much for providing very informative
testimony. Dr. Baker, you say that you’ve worked in information protection and
high assurance architecture for over two decades, I am under the impression,
and it could be that my impression is not accurate, that the security
architectures and security protections for data have vastly improved over the
past several years. And the reason I say that is because I don’t remember
reading in the newspaper recently that some big hacker was caught, the last one
I remember, and this was several years ago, was Matnick(?) I think his name
DR. BAKER: Metnick(?), yes.
MS. FYFFE: I used to refer to this as sort of technological leapfrogging,
the good guys in the white hat like you would set up protective systems and the
bad guys in the black hats would hack in and then you would have to get out in
front of them to counteract what they did and sort of technically leapfrogging
into the future so that you would develop better and better protections. Is my
sense correct that really things are a lot more secure then they were just ten
years ago or not?
DR. BAKER: No.
MS. FYFFE: No, okay.
DR. BAKER: The reason you don’t see it in the paper is it happens too often.
MS. FYFFE: Okay, well, thank you.
DR. BAKER: It used to be, I remember when my father bought a TV it was in
the newspaper. Things happen too often it doesn’t make it anymore.
I think that personal, the security, first of all security is directly
related to complexity, so as our systems become more and more complex they
become less and less secure, that’s a given. And years ago when we didn’t have
personal computers in every home, those systems were, well, Unix which came out
in the last ‘70s I think, has the same security, had the same security
when it came out that XP just implemented. So there was a little glitch in the
development of information technology where when personal computers came out
they had zero security at all and now they’ve finally caught up to where Unix
was in the early ‘70s —
MS. FYFFE: 30 years ago, yeah.
DR. BAKER: Right, so I think the vulnerability of technology is, technology
is more, computer systems are more vulnerable then they’ve ever been, there are
new vulnerabilities coming up, the spy ware, the viruses, Trojan horses have
been around forever and ever and ever, but also computer systems are much more
ubiquitous, I also think that, from a health care perspective I think that the
risk is getting higher, not lower. For example they’re starting, things that
have always been self contained medical devices they’re starting to host on
personal computers, that clearly introduces vulnerabilities that were not there
before. So the situation is changing, on the other side there are things that
we can do with technology today in health care that are highly beneficial too
so I don’t want to paint this as one way street but to say that our systems are
much more secure then they used to be is not correct.
MR. ROTHSTEIN: Marjorie.
MS. GREENBERG: Well, after that cheery, thank you to all of you. I have a
question for Mr. Tayloe and then also a suggestion to the subcommittee or a
thought I had. Mr. Tayloe when your, I guess it’s on page three here, well,
you’re talking about the consumer driven electronic health record and the
consumer basically having ownership of the electronic health record and then in
that regard complete control over to whom he or she released it. But on page,
I’m not quite sure what you’re defining here as an electronic health record
because on page three you say this consumer managed electronic health record
provides a summary picture of the past, etc., and it provides the pointer to
the detailed records that reside with the individual health care providers. Now
would those detailed records that reside with the individual health care
providers also be owned by the consumer?
MR. TAYLOE: No, actually it perpetuates the current model where the health
care provider has his records of what they have performed and so what they’ve
done, the details they write on the chart now that may still be written on the
chart, so the detail is there and it is really a joint ownership of that
record. But the summary and the key to that can’t be released it’s authorized
by the consumer.
MS. GREENBERG: So you’re saying that the individual health care providers
might also have electronic health records —
MR. TAYLOE: Correct.
MS. GREENBERG: But that they would not be allowed to release anything from
MR. TAYLOE: Correct.
MS. GREENBERG: Zero, without the consumers —
MR. TAYLOE: Informed consent, right.
MS. GREENBERG: Agreement. So that would be public health information, I mean
if you think of all the kind of exceptions now that are under HIPAA or
research, if there’s an IRB, etc., none of that would be possible without the
active action of the consumer.
MR. TAYLOE: Correct.
MS. GREENBERG: Okay. And is that really what the Confidentiality, Ethics,
Privacy and Access Breakout Group recommended?
MR. TAYLOE: No, I wouldn’t put those words in their mouth. I think it’s
important to recognize the concept of the electronic health record, can it
improve health care, it can if it gets adopted, so the way to begin adoption is
to let the consumers take it and run with it and of course that’s a compromise,
it’s a tradeoff between things that make government uncomfortable. However, if
you look at the internet today and the willingness of people to volunteer
information and resources for research, there are cancer research projects
based on grid computing that use the computers of three million citizens, I
think people for their own health would gladly participate, provide anonymous
information, for such things as studies and other information. The issue of
monitoring diseases and outbreaks needs to be addressed, I mean I understand
the sensitivity to that and the need to do that.
MS. GREENBERG: Okay, thanks. And then I had a suggestion, you’ve been, I
want one of your ideas to actually —
— [Laughter.] —
MS. GREENBERG: You’ve talked about this idea of segregating or really being
able to kind of segment information in a way that now even if people wanted to,
or providers wanted to really limit what they provided it’s so difficult to do
so and so impractical and they don’t have the resources to do so that it
doesn’t happen and so possibly coming up with a way that it would, through
electronic health records that it would be easy to do so, at least
technologically easy. Now the hard part seems to be, none of it’s easy really
but certainly a hard part is saying what really is relevant and what isn’t and
when you pressed the life insurance group understandably, because they are not
required to make those limitations, they are at this point unprepared to say
that anything might not be relevant because this is why people go on fishing
expeditions all the time, certain things you don’t think are relevant and they
turn out to be. On the other hand there is this job related requirement under
ADA and is that defined somewhere?
MR. ROTHSTEIN: Well, it’s based on a whole long history of case law but that
standard is currently used for medical examinations of current employees, they
have to be either job related or voluntary, that standard does not apply to
these sort of post offer examinations where anything goes except in Minnesota
MS. GREENBERG: But I mean is there case law that information was provided to
an employer for an already existing employee and someone could make the case
that wasn’t really job related?
MR. ROTHSTEIN: Well, there was a famous case that raised that issue but it
wasn’t actually tried, if you remember the Burlington Northern case where the
employer surreptitiously performed testing to try to determine whether these
claimants for carpel tunnel syndrome were genetically predisposed to carpel
tunnel syndrome. The theory of the EEOC in bringing that case was that because
these were current employees they could only perform tests that were job
related and consistent with business necessity. That has not been ever tried by
the court, EEOC might have lost on that case because, for reasons that I’ll
spare you, but I think that it’s an easier way to go then certainly with the
insurance industry where we have sort of nothing to go on.
MS. GREENBERG: Well, it strikes me that when you asked the life insurance
folks they weren’t going to bite on that but at least the people —
MR. ROTHSTEIN: It would have shocked the heck out of me if they —
MS. GREENBERG: Of course. But also even when you asked something similar to
the occupational health physician he said he didn’t think that was practical
either. And to me this is potentially an opportunity for health services
research, epidemiologic research. I mean there is no way in life that you can
avoid every possible risk so what you try to do is avoid the major risks or
your prioritize risks. And I think that there is information, large databases
certainly on mortality, but morbidity, etc., where analysis could be done to
identify, to try to parse out what maybe some of these things are that are of
much lower risk in an evidence sort of way rather then people speculating about
it. And to me this is something that might be useful.
MR. ROTHSTEIN: Marjorie, I couldn’t agree more and I can supply you with
various grant applications I’ve filed over the years to do that.
I think one of the problems that we run into is that we’re not going to make
any progress in this area unless we have sort of a societal understanding that
privacy is not free, it costs, not only in terms of the compliance costs that
people but everybody wants, everybody, the employers, the insurers, they all
want sort of the most information that they can, the perfect information. Well,
we don’t have perfect information now, it depends on the memory and selective
whatever of a whole bunch of people and it may be that we need to push a little
bit for them to say okay I’m willing to make my decisions based on, you can’t
have maximum everything and privacy as well. Dr. Rippen?
DR. RIPPEN: Again, thank you all, I thought it was really great information
and Dixie actually your ideas are pretty exciting, I’m a little biased because
I kind of thought it was actually very interesting. And actually I would like
to say that there are two, at least two if not three questions, one is what is
the scope, okay, that’s one of the questions that we talked a lot about which
you can’t address with technology because that’s a policy decision.
The second actually has to do with if you’ve agreed on the scope well how
long does the information stay and what’s a secondary or tertiary uses of that
information which is of significant concern to many people, not only to make
the initial decision for employment or insurance but also for other issues that
may be related to business.
And then the third problem of if you do make a decision, that initial
decision, how do you document that initial, that decision so that you can
actually reconstruct for a lot of different reasons that decision and actually
tying it into then this consumer issue and the technologies.
And let me kind of vocalize a concept, the first one we can’t address here,
I mean the policy issue. The second with regard to some of the new technology
of being able to limit or at least track the information flow, and maybe even
to have it expire which is actually an interesting concept too, would allow
then the ability to have someone informed with regards to how information is
being used and some level of assurance of the use of that information.
Now if it goes to the consumer for example the consumer then would be able
to get that report with regards to when someone accesses it and some of the
implications depending on what the agreement is. And it could in theory also
potentially document what information pieces were used in making the decision.
So again, I think some of the technology has some interesting implications
of addressing at least the secondary uses and potentially the documentation
issue because you always have to document on what you based your decision on.
It will be an interesting discussion as far as well where should that
MR. REYNOLDS: The reason I find this, as I’ve tried to, since I’m in systems
as well as operations as well as taking care of elderly parents I can see all
this up close and personal
But the reason I like the mix of all the discussions are, and I’ll just use
mine as an example, I’ve been with Blue Cross for 27 years so there’s only one
place in the United States that has my index of what’s actually occurred to me
and that’s Blue Cross and Blue Shield of North Carolina because all my
procedures, all my drugs, not over the counter, but mostly everything I’ve done
is there. So setting up a personal health record where I could establish here’s
the doctor’s I’ve seen and here’s what I agree to and here’s what I agree to be
on there is one thing.
Obviously as we’ve talked earlier about the life insurance and everything
else the fact that I’ve had orthopedic surgeries may not be important in life
insurance. The fact that I’ve seen these kind of doctors may be. And so as you
look at this whole idea, the whole idea of trying to put something together
that allows a clear definition of everything about me, at least in categories,
high categories, because right now we go all the way from an index where you
get it all, and we’ve heard that clearly today, you either get a little snippet
or you get a phone call and ask for a specific thing or you get the whole deal.
And automating that whole deal to me in the longevity of that whole deal
being out there and whether it’s got every result or everything else is still I
think a significant debate and I feel personally that there does need to be
some kind of an overall infrastructure because again being somebody that sat
over there and testified about the HIPAA, the fact now that there is a standard
format means that we can communicate data a whole lot better regardless of
which of the three ideas we have from each of you, whether you’re getting it as
an employer or anybody else.
So I think obviously the debate still rages but I think the idea is that
people are coming much closer to having at least an idea as to the fact that we
need to do something, but that something and who gets added is still the
ongoing struggle that I think we face and I’d like any comments any of you
would have on this.
MR. TAYLOE: Well, I think again if you do nothing life goes on and we all
get our health care what it is, it’s not a matter of it all has to be there and
in fact I don’t think it will work that way, it has to incrementally roll out.
So you actually have the luxury of maybe piloting different things in different
places given the different populations to see if it will work, which is like
anything from consumer side, it’s those folks who have, as the life insurance
people said, who have a need, will be the first to step up and want to
participate. So starting with something and incrementally growing it offers the
opportunity to learn and factor back in the lessons.
I’ve had some spirited discussion around the electronic health record in a
consumer’s hand and what happens if they lose it. What happens if they do lose
is? Assuming it’s destructed and nobody gets their hands on it, it would be
encrypted, it would be secure as long as they had it, no different then today
going into the emergency room, you start from scratch and the doctor asks you
the same questions. So it’s not something that has to be there, it doesn’t
exist today, so we can’t, I don’t want to say getting any worse is not, it can
only get better so adding some information gets closer, the more information
the better, the better it can grown on.
DR. BAKER: I think it’s, I agree with you, Mark, it’s always a matter of
trades and I don’t think that’s ever been as dramatically demonstrated as when
all the anti-terrorist activity and the privacy act came to the forefront and
people really started thinking about, and that may help us deal with this in
health care too because people are becoming very, very aware that they can’t
have complete privacy and protection at the same time. That might be a more
dramatic example for them then life insurance or any particular thing, and you
know our whole society is facing that right now so we may be getting some help.
MR. ROTHSTEIN: Well, I want to thank all of you for your comments, just for
the record I want to note that this was not an action item type of hearing
where we contemplated a letter to the Secretary in a month or two, this was
really a background hearing of issues that are obviously very important to me
and I hope increasingly so to the other members of the subcommittee and perhaps
even to the full committee. And it’s something that we are going to be
continuing to follow and hope to work toward proposals and solutions and
So I want to thank Dr. Helga Rippen for her fine work in putting today’s
program together and as always our wonderful staff and AV people and we will be
meeting again in February to consider the issue of patient control of health
care records, we like to take on these easy projects, and until then we are
adjourned. Thank you.
[Whereupon at 4:15 p.m. the meeting was adjourned.]