WASHINGTON, D.C. -- Representative Edward J. Markey (D-MA), a senior member of the House Energy and Commerce Committee, today introduced an amendment to H.R. 4157 the “Better Health Information System Act,” during the legislation’s mark-up session to strengthen privacy protections for personal medical records, including sensitive health, prescription and Social Security data. Rep. Lois Capps (D-CA) introduced a similar privacy amendment last week in the bills subcommittee. In light of recent information breaches at the Veterans Administration one month ago, Rep Markey insisted that information technology storing medical records for millions of Americans requires that we modernize privacy safeguards regarding consent and notice that will help prevent the compromise of identity and data stored in these massive databases.

Rep. Markey’s Statement follows:

I will be offering an amendment along with Congresswoman Capps during consideration of H.R. 4157, the “Better Health Information System Act”. 

We believe, Mr. Chairman, that the Better Health Information System Act can be, and should be, made even better.

Our amendment would insert in the bill essential, urgently needed privacy protections for patients’ personal medical information and private data such as Social Security numbers.

Mr. Chairman, as you know, since this Committee began its work, under your leadership, to craft legislation to respond to the massive breach of consumers’ personal records at information broker ChoicePoint, a deluge of data containing Americans’ most sensitive information has leaked from companies, government departments, hospitals, universities, banks and other entities.

Since the ChoicePoint data breach in February 2005, more than 84 million Americans have had their personal information compromised.

Last month, the Veterans Administration announced that the theft of a lap top computer triggered a massive breach of personal information belonging to millions of veterans and active duty personnel.

All American veterans who were discharged since 1975 – more than 28 million veterans – were affected.  Their names, Social Security numbers, dates of birth and in many cases phone numbers and addresses were stolen.

And an estimated 1.1 million active-duty personnel from all the Armed Forces - 80 percent of all active-duty members - are also believed to have been included in this breach, along with 430,000 members of the National Guard and 645,000 members of the Reserves.  This is unacceptable.

I am proud that two of our nation’s leading veterans and active duty military organizations have endorsed our privacy amendment:

    o    The Enlisted Association of the National Guard of the United States – which represents every enlisted soldier and airman in the           Army and Air National Guard has endorsed our privacy amendment.
   
    o    Korean War Veterans

These organizations – whose members have been victimized by this latest data breach – recognize the gaping hole in this bill - there are no privacy protections.

The bill is designed to encourage the creation of massive databases and networks of Americans’ personal information – Social Security numbers, prescription drug histories, diagnoses of medical conditions and other extremely private data.

While health IT systems hold great promise for improvements in patient care, there is also the potential for tremendous peril when it comes to the privacy of patients’ medical information.

Creating the building blocks for huge information systems to store and exchange the medical secrets of millions of Americans WITHOUT building in privacy from the start is incredibly reckless and risky.

It’s sort of like hopping on a super-charged motorcycle without considering the need for a helmet until AFTER crashing into the car. It’s too risky, as I’m sure my colleagues from Pennsylvania and Steelers’ fans everywhere would agree.

The DATA bill that this Committee crafted after the ChoicePoint data breach and reported out earlier this year contained important privacy safeguards, including a requirement that individuals must be notified if their personal information is breached.  Notification in the event of a data breach is also one of the protections our amendment would establish as a requirement for health IT systems.

Our amendment also would require the use of reasonable data protection safeguards in these systems - such as encryption - so if information leaked from the system, it would be essentially useless in the hands of identity thieves or fraudsters. The DATA bill also encouraged the use of encryption.

Our amendment contains common-sense privacy protections, including:
        o    Giving patients the power to keep their medical records out of these electronic databases unless they first give their                       permission.
        o    Requiring patients to be notified if their health information in the system was lost, stolen or used for an unauthorized                       purpose; and 
        o    Requiring the use of data security safeguards such as encryption

Americans want strong medical privacy protections.  According to a Public Opinion Strategies survey last October, more than three-quarters of Americans – 79 percent – would only allow sharing of their medical information through a network with their permission. 

To achieve the benefits of health IT systems, we need to hard-wire health IT systems with strong privacy protections.  Now is the time to take action – I urge support of the Markey-Capps privacy amendment.