COL Legislature should reject bills to repeal privacy law
By Kip Sullivan
Early in April, with no notice to the public, committees in the House and Senate approved an amendment to a bill (SF 1998/HF2303) that would repeal Minnesota's medical privacy law. That law states that doctors may not release patient medical records to third parties (including health insurance companies) without patient consent.
The author of the House bill is Tim Wilkin, a Republican who hails from Eagan, which just happens to be Blue Cross Blue Shield's home town.
Late in April, Sen. Sheila Kiscaden, I-Rochester, introduced SF 2241, which contains a provision that gives HMOs authority to release patient medical records to third parties without patient consent.
The combined effect of these bills would be to permit HMOs to demand medical records from doctors without patient consent, and to turn those records over to hundreds of thousands of third parties without patient consent.
Since the advent of managed care three decades ago, Minnesota's health insurance companies have been practicing medicine. That is, they argue with doctors about decisions doctors have made on behalf of their patients. Because you can't practice medicine without access to patient medical records, Blue Cross and other companies have for decades required doctors to turn over patient medical records when asked. Many contracts between Minnesota insurers and doctors include provisions that require doctors to make medical records available to insurers without patient consent. Doctors who sign these contracts are, in effect, agreeing to violate state law.
About 10 years ago, the national health insurance industry began a campaign to get Congress to legitimize its relatively new habit of pawing through medical records without patient consent. Their efforts led to a provision in the 1996 Health Insurance Portability and Accountability Act (HIPAA) that authorized the president to promulgate a single national regulation governing access to medical records. In December 2001, President Clinton announced regulations that would require health plans to get patient consent before perusing medical records.
This was not the outcome the health insurance industry had in mind. The industry immediately set about lobbying the incoming Bush administration to reverse course. Two years later, the administration obliged. It announced new HIPAA regulations which said insurers did not have to get patient consent if the purpose for seizing the records fell into one of three laughably vague categories -- "payment, treatment, or health care operations." The new regulation took effect in April 2003.
However, the original 1996 HIPAA law stated that the HIPAA regulations could not supersede any state law that was more protective of patient privacy than the HIPAA regulations. That meant that Minnesota's strong medical privacy law was still in force. That meant, in other words, that the health plans' habit of seizing medical records without patient consent was still illegal in Minnesota. Hence, the 11th-hour effort by Medica and other companies to amend SF 1998/HF 2303 to repeal our medical privacy statute. In its new form, the bill repeals all Minnesota laws that are inconsistent with Mr. Bush's HIPAA regulation.
Sen. Kiscaden's bill puts icing on the HMOs' cake by making it clear that once HMOs get their hands on our medical records they are free to pass them on to third parties for "payment, treatment, or health care operations," that is to say, for all the reasons HMOs seize our files now.
If managed care had proven to be a boon to Minnesota, legislation granting HealthPartners and other companies the right to rifle through medical records might make sense. But managed care has been a disaster here and throughout the nation. There is no reason on earth for the Legislature to enact these awful bills.
Kip Sullivan of Minneapolis is a member of the steering committee of the Minnesota Universal Health Care Coalition.