EFFector       Vol. 12, No. 2       Sep. 22, 1999       [email protected]


  A Publication of the Electronic Frontier Foundation     ISSN 1062-9424

 IN THE 146th ISSUE OF EFFECTOR (now with over 18,000 subscribers!):

    * ALERT: H.R. 10 "Confidentiality" Legislation Undermines Medical
      Privacy!
    * Administrivia

  For more information on EFF activities & alerts: http://www.eff.org
    _________________________________________________________________



  NOTE: We apologize to those of you who will not get this alert in
  time. Some will, some will not, depending on mail queue processing
  speeds, Net lag and intermediary server delays, etc. We've issued this
  as fast as possible after gathering the necessary info.

               Electronic Frontier Foundation ACTION ALERT:

                  H.R. 10 "Confidentiality" Legislation
                       Undermines Medical Privacy!

            (Issued: Sept. 22, 1999; deadline: Sept. 23, 1999)

  ACTION ALERT: Proposed law (US House bill H.R. 10, the "Financial
  Services Act of 1999") would allow insurance institutions to share
  your sensitive and personally identifiable medical information without
  your knowledge or consent, to a wide variety of agencies and financial
  and research entities. H.R. 10 would actually reduce existing medical
  privacy protections!

  WHY YOU SHOULD CARE: The language in the provision misleadingly named
  H.R. 10's "Subtitle E: Confidentiality" (and known colloquially as
  "the Ganske Amendment") is riddled with loopholes that make your
  private medical information available to law enforcement (with no
  requirements for a warrant, only a subpoena), to vaguely defined
  "research" projects, and to virtually all affiliates of insurance
  companies, even banks, credit agencies, and debt collectors. (See text
  and analysis at end for more detail.)
                   ___________________________________

  WHAT YOU CAN DO: Contact your own legislators and urge them to
  pressure the conference committee to oppose the Ganske Amendment to
  H.R. 10

  You can send a free fax to your Senators and Representatives (you
  don't even have to know who they are) about this issue, at:
  http://www.aclu.org/cgi-bin/take_action.pl?GetDoc=282&dir=aclu

  IMPORTANT: At this page you first enter your contact info, then select
  "CLICK to add the congressmembers for your zipcode". Next, please
  paste the following text into the middle section of the letter, where
  you can add your own comments:

    I urge you to IMMEDIATELY contact the conference committee and
    register your opposition to the Ganske Amendment to H.R. 10, before
    it is too late.

  (Then add your own comments, too, if you like.) The Web-to-fax sample
  letter is not up to date, and does not reflect the fact that the bill
  has passed both houses of Congress and is up for final conference
  committee vote on Thu., Sept. 23.

  Non-US activists: There's not much you can do at this point. Probably
  the best possible actions are to a) go to http://www.eff.org/congress
  and follow the contact information instructions there to send a letter
  to the White House (i.e., the US President), and ask that this bill be
  vetoed should it pass with the Ganske provisions intact. Secondly, you
  may wish to send a letter to your own national privacy commissioner,
  data protection agency or other similar entity, and ask them to send a
  critical communique to the US Administration regarding this
  legislation.
                   ___________________________________

    FULL TEXT: The text of the relevant section of the bill reads:

  Subtitle E--Confidentiality

  SEC. 351. CONFIDENTIALITY OF HEALTH AND MEDICAL INFORMATION.
  (a) IN GENERAL- A company which underwrites or sells annuities
  contracts or contracts insuring, guaranteeing, or indemnifying
  against loss, harm, damage, illness, disability, or death (other
  than credit-related insurance) and any subsidiary or affiliate
  thereof shall maintain a practice of protecting the
  confidentiality of individually identifiable customer health and
  medical and genetic information and may disclose such information
  only--

      (1) with the consent, or at the direction, of the customer;
      (2) for insurance underwriting and reinsuring policies, account
      administration, reporting, investigating, or preventing fraud or
      material misrepresentation, processing premium payments,
      processing insurance claims, administering insurance benefits
      (including utilization review activities), providing information
      to the customer's physician or other health care provider,
      participating in research projects, enabling the purchase,
      transfer, merger, or sale of any insurance-related business, or as
      otherwise required or specifically permitted by Federal or State
      law; or
      (3) in connection with--

       (A) the authorization, settlement, billing, processing, clearing,
       transferring, reconciling, or collection of amounts charged,
       debited, or otherwise paid using a debit, credit, or other payment
       card or account number, or by other payment means;
       (B) the transfer of receivables, accounts, or interest therein;
       (C) the audit of the debit, credit, or other payment information;
       (D) compliance with Federal, State, or local law;
       (E) compliance with a properly authorized civil, criminal, or
       regulatory investigation by Federal, State, or local authorities
       as governed by the requirements of this section; or
       (F) fraud protection, risk control, resolving customer disputes or
       inquiries, communicating with the person to whom the information
       relates, or reporting to consumer reporting agencies.

  (b) STATE ACTIONS FOR VIOLATIONS- In addition to such other remedies
  as are provided under State law, if the chief law enforcement officer
  of a State, State insurance regulator, or an official or agency
  designated by a State, has reason to believe that any person has
  violated or is violating this title, the State may bring an action to
  enjoin such violation in any appropriate United States district court
  or in any other court of competent jurisdiction.

  (c) EFFECTIVE DATE; SUNSET-
      (1) EFFECTIVE DATE- Except as provided in paragraph (2),
      subsection (a) shall take effect on February 1, 2000.
      (2) SUNSET- Subsection (a) shall not take effect if, or shall
      cease to be effective on and after the date on which, legislation
      is enacted that satisfies the requirements in section 264(c)(1) of
      the Health Insurance Portability and Accountability Act of 1996
      (Public Law 104-191; 110 Stat. 2033).

  (d) CONSULTATION- While subsection (a) is in effect, State insurance
  regulatory authorities, through the National Association of Insurance
  Commissioners, shall consult with the Secretary of Health and Human
  Services in connection with the administration of such subsection.

  [end excerpt]
                   ___________________________________

  ANALYSIS: Section (a) states that in general the confidentiality of
  medical and genetic information shall be protected. Exceptions follow.

  Subsection (a)(2) will allow medical information to be given out by
  insurers to virtually any affiliated or assisting entities and also
  provides for personally identifiable medical data to be used for
  "research projects" without the consent of the person to whom this
  intensely revealing information pertains.

  Subsubsections (a)(3)(A), (C) and (F) will allow private medical
  information to be given out by insurers to credit bureaus, banks, debt
  settlement entities.

  Subsubsection (a)(3)(E) will allow private medical information to be
  given out to law enforcement. No provisions are present that would
  require a warrant before the information is disclosed. A simple
  administrative subpoena or other display of supposed "authorization"
  would be sufficient to obtain medical information held by insurance
  companies.

    _________________________________________________________________

                                Administrivia

  EFFector is published by:

  The Electronic Frontier Foundation
  1550 Bryant St., Suite 725
  San Francisco CA 94103-4832 USA
  +1 415 436 9333 (voice)
  +1 415 436 9993 (fax)

  Editor: Stanton McCandlish, Program Director/Webmaster
  ([email protected])

  Membership & donations: [email protected]
  General EFF, legal, policy or online resources queries: [email protected]

  Reproduction of this publication in electronic media is encouraged.
  Signed articles do not necessarily represent the views of EFF. To
  reproduce signed articles individually, please contact the authors for
  their express permission. Press releases and EFF announcements may be
  reproduced individually at will.

  To subscribe to EFFector via email, send message BODY of:
  subscribe effector-online
  to [email protected], which will add you to a subscription list for
  EFFector. To unsubscribe, send a similar message body, like so:
  unsubscribe effector-online
  to the same address.

  Please ask [email protected] to manually add you to or remove you from
  the list if this does not work for some reason.

  Back issues are available at:
  http://www.eff.org/effector

  To get the latest issue, send any message to
  [email protected] (or [email protected]), and it will be mailed to
  you automagically. You can also get:
  http://www.eff.org/pub/EFF/Newsletters/EFFector/current.html

You are viewing proxied material from gopher.meulie.net. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.