Practical Impact of Legislation

Health Care and the American Recovery and Reinvestment Act by Robert Steinbrook, M.D., is an article which appears in The New England Journal of Medicine (10.1056/NEJMp0900665). The article discusses allotment of funds pertinent to the just passed stimulus bill which has the formal name of the American Recovery and Reinvestment Act of 2009. The last three paragraphs are particularly noteworthy. Quoting:

Improved safeguards for the privacy and security of individually identifiable health information and the prevention of commercial exploitation are critical to the success of a nationwide network. The Health Insurance Portability and Accountability Act of 1996 (HIPAA) was enacted before many of the online entities and communications that have become a routine part of health care had even been contemplated. Under HIPAA, every person has had "a right of access to inspect and obtain a copy of protected health information," with certain exceptions, such as psychotherapy notes. However, electronic medical records have typically been printed out and given to patients in paper form. Now, patients will have the right to obtain an electronic copy of their electronic medical records and to have it transmitted directly to a physician, a hospital, or another entity that they designate.

The routing of medical records now includes the right of patients to arrange the electronic transfer of their records to a designated entity which includes hospitals and physicians.

The stimulus act also incorporates other rule changes that privacy advocates and some lawmakers had been seeking for years. For example, it allows patients to request an "audit trail" showing all electronic disclosures of their health information and mandates that they be notified about any unauthorized disclosure or use. It extends protections to personally controlled electronic health data (such as those stored by Google Health, Microsoft HealthVault, and other online data repositories), as well as to companies that do work on behalf of health care providers, health plans, and health care clearinghouses (the entities covered under HIPAA). When individually identifiable health information is transmitted or physically transported, such as on a laptop computer, outside a health care entity, it must be encrypted or otherwise rendered indecipherable to unauthorized individuals. The act also includes limits on the sale of an individual patient's health information or its unauthorized use in marketing or fund-raising, increases penalties for violations, and strengthens enforcement and oversight.

Privacy protections are expanded and now encompass health data stored by Google Health, Microsoft HealthVault and other organizations. Transmission of identifiable health information, beyond a health care entity containing that information, can include requirements for encryption or other similar methods to safeguard it.

After he was named the White House chief of staff in November, Rahm Emanuel remarked, "You never want a serious crisis to go to waste." Clearly, the economic crisis has allowed the Obama administration to undertake far-reaching health care initiatives that it could not otherwise have launched quickly, if at all. The government will now have to determine how to spend the money promptly — and wisely.

The quoted remark indicates that the theme of a piece of legislation can be exploited to include goals not encompassed by that theme.