12 Reasons for House Reps to Vote 'No' on Intrusive 21st Century Cures Act

ST. PAUL, Minn.—Citizens’ Council for Health Freedom (CCHF, http://www.cchfreedom.org), a Minnesota-based national organization dedicated to preserving patient-centered health care and protecting patient and privacy rights, is urging members of the U.S. House of Representatives to vote “no” on H.R. 6—the 21st Century Cures Act.

While in Washington, D.C., recently for the announcement of the landmark King v. Burwell ruling, Twila Brase, CCHF co-founder and president, met with lawmakers and staffers to remind them that HIPAA does not protect privacy—and 21st Century Cures would expand HIPAA even further.

“A 2010 federal rule detailed more than 700,000 ‘covered entities’ and 1.5 million ‘business associates’ who may be given access to medical data without patient consent under HIPAA for payment, treatment and health care operations,” Brase said. “In addition, local, state, tribal and federal governments can access medical records without consent using the ‘public health activities’ authority in HIPAA’s Section 164.512(b).

“CCHF appreciates Congress’ desire for more rapid cures to health conditions patients face,” Brase continued. “However, the 352-page ‘Rules Committee Print 114-22’ for H.R. 6 shows increased costs, bureaucracy and a violation of basic principles and the human subjects and privacy rights of American citizens and patients.”

In a letter to members of the House, Speaker of the House John Boehner, House Majority Leader Kevin McCarthy, and bill sponsor Rep. Fred Upton, CCHF provided these 12 reasons to vote “no” on the bill:

New $80 Million Bureaucracy: H.R. 6 creates a Council for 21st Century Cures at a cost of $10 million from taxpayers for each year from 2016 through 2023 (Section 1141).

No Consent: Section 1124 of H.R. 6 classifies “health data research” as “health care operations” under HIPAA, allowing the patient’s private data to be used in identifiable form by more than 700,000 “covered entities” and at least 1.5 million “business associates” without consent, potentially including for control of the practice of the physician through payment reductions for failure to conform to government- or health plan-issued checklists and standardized treatment protocols. These are violations of patient rights, privacy rights, and human subjects rights. As Politico Pro reported June 30, Stanley Crosley, chair of Health IT policy committee is concerned about “the use of algorithms to make decisions” based on patient data gathered for Big Data projects.

Government Intrusion in Exam Room: Section 1124 also classifies “health data research” on the “quality, safety, or effectiveness of a product or activity” that is regulated by the FDA as “public health activities,” opening up every patient’s medical record and the confidential patient-doctor relationship to government intrusion—and with the authority to conduct “comparative research activities,” potentially allowing the FDA to become an agency with enforcement authority to restrict, impede or deny individualized medical treatment decisions.

No Consent Required—Despite Authorization Language: The language on page 38 (amendment to HIPAA, Sec. 13455) does not restrict access to private patient data for health data research under health care operations or public health purposes. Under HIPAA, no consent is required for these activities. This language only allows the use of an authorization process, but does not require it (Section 1124).

No Accounting of Disclosures: No disclosures for “health care operations” are subject to HIPAA’s accounting of disclosures provisions. These activities can be done in secret without the patient knowing.

Researchers Get Remote Access to Data: Section 1124 deletes a HIPAA restriction that prohibits removal of protected health information by a researcher so that researchers will be able to access patient data without patient consent from anywhere that online access is available.

Violation of Private Property and Contract Rights: The bill fails to acknowledge patient medical data (identified/deidentified/anonymous) as private property, instead viewing it as public property to be used for the unconsented and potentially objectionable purposes of outsiders, including the government. The Fourth Amendment prohibits unreasonable search and seizures of persons, houses, papers and effects without probable cause and a search warrant.

New National Neurological Surveillance System: No patient consent is required before individuals with neurological diseases and their private data (including genetic data) are entered into a new national surveillance system. The requirement that privacy and security protection “are at least as stringent as the privacy and security protections under HIPAA” is not comforting, since HIPAA allows broad sharing of information without patient consent (Section 1122).

No Consent for Using Disease Registries for Research: While a focus on rare diseases is mentioned, the bill does not limit it to such, creating the possibility of broad research on anyone with any “disease.” The requirement that the Secretary provide advice on “addressing associated patient privacy concerns” is insufficient, as neither the bill nor HIPAA require informed written patient consent (Section 1112).

Intrusive Interoperability Mandate: Section 3001 requires complete access to a patient’s medical record data without patient consent: “The technology allows access to the entirety of a patient’s available data for authorized use under applicable law without special effort…” Those practitioners who refuse or cannot comply for any number of reasons, including financial and ethical, may find themselves targets of the Inspector General of HHS, who is given enforcement powers in the bill (page 261, line 14).

Denial of Patient Consent: “It is the sense of Congress that ... (B) health care providers do not need the consent of their patients to share personal health information of such patients with other covered entities, in compliance with the HIPAA privacy regulations promulgated pursuant to section 264(c) of the Health Insurance Portability and Accountability Act of 1996 for the purposes of supporting patient care, except in situations where consent is specifically required under such regulations, such as in cases related to the psychiatric records of the patient” (Section 3001, page 287, line 19). This eliminates the right of patients to decide what clinics and hospitals see their data and which ones classify as “supporting patient care.” Again, HIPAA does not require patient consent or protect patient privacy.

No Consent for Clinical Investigations: “Section 2263 would amend sections 520(g)(3) and 505(i)(4) of the FFDCA to specify that informed consent is not required for clinical testing of devices and drugs that pose no more than minimal risk to the human subjects and includes appropriate safeguards as prescribed by the Secretary to protect the rights, safety, and welfare of the participants” (quote taken from 1,027-page conference report). Who decides “minimal risk”? This violates human subjects rights.

“The 21st Century Cures Act would authorize potentially millions of outsiders to have access to private patient records without patient consent,” Brase said. “The bill would define research using our private health data (e.g. medical, medication, behavioral, genetic, mental health) as ‘public health activities’ and ‘health care operations,’ meaning no patient consent would be required for access, per the HIPAA ‘no privacy’ rule.

“In short,” she continued, “hospitals, doctors, clinics, health plans and data clearinghouses, as well as 1.5 million business associates engaged in ‘health care operations’ and government officials at the engaged in ‘public health activities’ at the FDA would be given access to our medical records for analysis and research. It’s a boon for corporate and government interests. This is not progress as the title ‘21st Century Cures’ suggests; this would be a major step backward for privacy and consent rights. By eliminating certain limited protective requirements for research currently in HIPAA, this initiative essentially turns all Americans into involuntary research subjects.”

The American Hospital Association has also come out against the bill, with a representative telling Politico Pro that the proposed bill “is too broadly encompassing in allowing access to patient data for undefined research purposes; this undermines the trusted relationship between providers and their patients.”

“The Cures Act not only authorizes use of private data without patient consent, it also requires electronic health records to provide access to the ‘entirety’ of the patient’s data,” Brase said. “We’re calling on Representatives to vote ‘no’ on this bill that infringes on the freedoms and privacy of Americans and to require informed written consent before anyone sees our medical records for any purposes—research or otherwise. We are alarmed that Congress wants to classify health data research as ‘health care operations’ and ‘public health activities,’ which means all sorts of people could use this data without consent. If passed, the Cures bill would essentially create a free-for-all into everyone’s private health information.”

For more information about CCHF and its “5C” Solution for Health Care, visit its web site at http://www.cchfreedom.org, its Facebook page at http://www.facebook.com/cchfreedom or its Twitter feed, @CCHFreedom.

Citizens’ Council for Health Freedom, a patient-centered national health freedom organization based in St. Paul, Minn., exists to protect health care choices and patient privacy. CCHF sponsors the daily, 60-second radio feature, Health Freedom Minute, which airs on approximately 350 stations nationwide, including 200 on the American Family Radio Network and 100 on the Bott Radio Network. Listeners can learn more about the agenda behind health care initiatives and steps they can take to protect their health care choices, rights and privacy.

CCHF president and co-founder Twila Brase, R.N., has been called one of the “100 Most Powerful People in Health Care” and one of “Minnesota’s 100 Most Influential Health Care Leaders.” A public health nurse, Brase has been interviewed by CNN, Fox News, Minnesota Public Radio, NBC Nightly News, NBC’s Today Show, NPR, New York Public Radio, the Associated Press, Modern Healthcare, TIME, The Wall Street Journal, The Washington Post and The Washington Times, among others. She is at the forefront of informing the public of crucial health issues, such as intrusive wellness and prevention initiatives in Obamacare, patient privacy, informed consent, the dangers of “evidence-based medicine” and the implications of state and federal health care reform.