January 18, 2013

Markey Praises Privacy Rules for Health Records, Data

Contact: Eben Burnham-Snyder, Rep. Ed Markey, 202-225-2836

Congressman Authored Critical Privacy Provisions in Recovery Act Now Implemented by HHS

WASHINGTON (January 18, 2013) -- Representative Edward J. Markey (D-Mass.), co-chairman of the Congressional Bi-Partisan Privacy Caucus and author of critical privacy provisions included in the American Recovery and Reinvestment Act (ARRA) of 2009, today praised the release of a final rule by the Department of Health and Human Services (HHS) implementing these provisions to strengthen privacy and protect patients’ health data.

"The privacy protections implemented by today’s final rule are vitally important step in ensuring the privacy and security of our most personal information: our medical records,” said Rep. Markey. “Electronic health records are a double-edged sword, improving the quality of care while increasing the risk of prying eyes exposing vast amounts of sensitive health data. Doctors may have moved from note pads to iPads, but the responsibility to safeguard patient privacy remains as important as ever.”

In February 2008, Rep. Markey introduced H.R. 5442, the Technologies for Restoring Users' Security and Trust (TRUST) in Health Information Act of 2008, a bill both to promote the development of an interoperable health IT infrastructure for storing and sharing electronic medical records and ensure that these records are protected from unauthorized use or disclosure. The TRUST Act contained several of the significant health IT privacy and security requirements for patients' electronic medical records. These requirements were subsequently incorporated in the health IT portion of ARRA, known as the Health Information Technology for Economic and Clinical Health (HITECH) Act.

The final rule released yesterday by HHS implements several major provisions that originated from Rep. Markey’s TRUST Act, including:

--The requirement that HIPAA-covered entities and business associates provide notification of breaches of “unsecured protected health information”

--Limitations on the use of protected health information for marketing or fundraising purposes without the patient’s permission

--Allowing the Secretary of HHS to coordinate with State Attorneys General to enforce HIPAA’s privacy protections

“I appreciate the work that HHS has done in issuing this final rule, though areas for improvement remain – particularly when it comes to the sale of protected health information without a patient’s informed consent. I look forward to working with my colleagues, the Administration, and privacy advocates to ensure that our health data is truly private and secure," said Rep. Markey.

# # #