HIPAA, HITECH & HIT :: Fox Rothschild LLP

On November 1, 2009, the "Statistical Reporting of Abortion Law" was scheduled to go into effect in Oklahoma. A temporary restraining order issued on October 20, 2009, however, has blocked enforcement of the law until at least December 4, 2009.* (Davis v. Edmondson, Okla. Dist. Ct. No. CJ-2009-9154). The Statistical Reporting of Abortion Law is just one aspect of a broad and controversial abortion law, which also bans abortions on the basis of "sex of the unborn child." The Statistical Reporting of Abortion Law requires doctors to obtain detailed information from patients seeking abortions that will then be posted publicly through the Oklahoma Department of Health's web site. Some of the required information includes:

• Date of abortion
• County in which abortion performed
• Age of mother
• Marital status of mother (married, divorced, separated, widowed, or never married)
• Race of mother
• Years of education of mother (specify highest year completed)
• State or foreign country of residence of mother
• Total number of previous pregnancies of the mother
• Total number of live births, miscarriages, induced abortions
• Whether the woman is employed by the State of Oklahoma

The ostensible purpose of the Statistical Reporting of Abortion Law is to collect data about abortions to inform lawmakers about abortion practices in the State. The Davis lawsuit alleges the law violates Oklahoma's constitution (for reasons unrelated to privacy concerns), but others have expressed concerns that the law violates the spirit, and perhaps the actual provisions, of HIPAA. Some commentators have noted that the information could be used to identify women who have obtained abortions, particularly when they live in small towns. Under HIPAA, "de-identified" protected health information ("PHI") may be used or disclosed for various purposes, including research. De-identified PHI (that is, information that is stripped of details that would identify the patient, such as name, street address, city, county, etc.) can be used or disclosed without restriction, however, HIPAA requires that entities have no actual knowledge that the remaining information could be used alone or in combination with other information to identify an individual. Opponents of the law's reporting provisions believe that under certain circumstances women can be identified based on the information requested, resulting in a violation of HIPAA. More to come as the lawsuit continues.

* Correction: An earlier version of the blog post stated that the law went into effect on November 1, 2009.

• Print
• Comments
• Trackbacks
• Share Link

Yesterday, the White House Office of the Press Secretary announced that President Bush signed the Genetic Information Nondiscrimination Act of 2008 ("GINA").  The intent of GINA is to protect individuals from employers and insurance companies denying employment, promotions or health coverage to people when genetic tests show they have a predisposition to cancer, heart disease, or other ailments.  But critics of the law are concerned that certain provisions are vague and may expose employers and insurers to frivolous lawsuits.  

The Genetic Information Nondiscrimination in Employment ("GINE") Coalition lobbied and prepared numerous letters to Congress to have certain provisions of GINA revised prior to enactment in order to protect employers' nondiscriminatory practices and legitimate collection and uses of genetic information.  According to Michael Eastman, executive director of labor law policy at the US Chamber of Commerce and a member of the GINE Coalition, the group remains concerned that GINA (1) will not preempt inconsistent state laws, (2)  will award “excessive” punitive and compensatory damages that will likely encourage “unmeritorious litigation," and (3) lacks exceptions to provisions barring the collection of genetic information.  

For a good review of the pros and cons of GINA, see an article published by GenomeWeb Daily News.  For a quick and dirty summary of  legal provisions of GINA, click and read on . . .

• Print
• Comments
• Trackbacks
• Share Link

ScienceDaily reports today that the U.S. Senate approved the Genetic Information Nondiscrimination Act of 2008 (GINA) yesterday, April 24, 2008, by unanimous consent of an amended version of H.R. 493, which passed the House last April 25, 2007 by a vote of 420-3.  The House is expected to take up the measure again quickly before sending it to President Bush to sign into law.  A copy of amended H.R.493 can be viewed on the Library of Congress’ Thomas website. 

Among other things, GINA directs the Secretary of DHSS to revise the HIPAA privacy regulation, within 60 days after the date of the enactment  of GINA, to include the following:

(a)(1) Genetic information shall be treated as health information described in [HIPAA].

     (2) The use or disclosure by a covered entity that is a group health plan, health insurance issuer that issues health insurance coverage, or issuer of a medicare supplemental policy of protected health information that is genetic information about an individual for underwriting purposes under the group health plan, health insurance coverage, or medicare supplemental policy shall not be a permitted use or disclosure. . . . .

(d) Enforcement - In addition to any other sanctions or remedies that may be available under law, a covered entity that is a group health plan, health insurance issuer, or issuer of a medicare supplemental policy and that violates the HIPAA privacy regulation (as revised under subsection (a) or otherwise) with respect to the use or disclosure of genetic information shall be subject to the penalties described in [the HIPAA Statute] in the same manner and to the same extent that such penalties apply to violations of this part. (Emphasis was added).

GINA aims to protect the privacy of all Americans’ genetic information and to establish a national and uniform basic standard necessary to fully protect the public from discrimination based on genetic information.  Until yesterday, genetic information has been protected specifically only by a handful of states.  In New Jersey, the New Jersey Genetic Privacy Act (N.J.S.A. §§10:5-43 et seq.) already provides that no person may disclose or be compelled to disclose the identity of an individual upon whom a genetic test has been performed, or individually identifiable genetic information, except pursuant to a few very limited exceptions. See N.J.S.A. §10:5-47.  However, any entity that or individual who uses or handles DNA in New Jersey should reevaluate its disclosure and consent procedures in light of GINA’s new standards.

• Print
• Comments
• Trackbacks
• Share Link