Testimony: House Bill 300 by Rep. Lois Kolkhorst
Senate Health and Human Services Committee
Presented by: Matthew Murray, MD
May 17, 2011
Good afternoon, Madame Chair and members of the committee. My name is Dr. Matthew Murray, and I am a board certified pediatrician from Fort Worth. Today I am here representing the nearly 45,000 physicians of the Texas Medical Association (TMA).
As a citizen, I cannot think of anything that should be more private than one’s personal health information. Personal health information can contain “sensitive information” regarding conditions such as HIV, sexually transmitted diseases, psychiatric conditions, and domestic violence.
The Texas Medical Association is a strong proponent of protecting the privacy of Texas patients. For this reason, we voice our support for House Bill 300 by Rep. Lois Kolkhorst.
In developing statutory policy, the Texas Medical Association adheres to the following principles for protection of medical record privacy:
- Rules regarding the handling, including transmission, of medical information should apply to any entity in possession of or with access to such information regardless of the form in which the information exists or is transmitted (e.g., paper, electronic). Any penalties for the misuse of such information also shall apply to any entity violating privacy laws or regulations. Medical information should not be used for nonmedical purposes without the informed and noncoerced consent of the individual involved. The increasing horizontal and vertical integration of the financial services sector of the economy may provide nonmedical entities access to individual’s medical records.
- Consent for the use or release of medical information should meet specific standards. Individuals, and in some cases treating health care professionals, should be required to provide informed consent regarding the use or transfer of medical information.
- Research activities should be protected but not at the expense of individual privacy. Information should be required to be de-identified in an acceptable manner to support legitimate clinical research without unnecessary risk to the patient’s privacy.
- Penalties should be severe and readily enforceable. Databases are extremely valuable in today’s marketplace. Given the potential financial gains from selling medical information, penalties must be severe to deter these lucrative activities. There should be clear enforcement directives and the ability of an individual to seek redress in the courts should enforcement measures prove inadequate.
While TMA supports the bill as is, we do think the penalty section of this bill could reworded to clarify that penalties are meant to being tied to an incident rather than per record. As you can imagine, a simple mistake by a clerical worker could result in sending multliple files inadvertently. Thus a knowing disclosure vs. willful neglect is different from an intent to harm or intent to violate the statute.
Finally, one issue that was not discussed previously is the need for protection of physician prescriptions, which are used for identifying prescribing habits. Companies can gain access to prescription data through pharmacies and use this information for such things as analyzing prescribing patterns. This also opens the door for the abuse of health information.
In closing, the Texas Medical Association believes HB 300 meets our core principles for elevating and protecting patient privacy. We thank Chair Nelson and this committee for working with us and other organizations on privacy issues this session to create a product giving all parties in health care clear paths to participate safely and serve patients.
82nd Texas Legislature Testimonies