VaccineInfo.net

About Us 

Parents Requesting Open Vaccine Education
    PROVE Home    |     Donations     |     Subscribe     |     Other Resources

Issues
Your Rights and the Law
Vaccines: A Closer Look
Other Resources

Physician Statement Against Texas Registry


August 21, 1998

From:
William M. Chop Jr. MD
McLennan County Medical Education & Research Foundation
An Affiliate of The Univ. of Texas Southwestern Medical Center
Waco, Texas

To:
Robert D. Crider, Jr., M.S., M.P.A.
Director, Immunization Division
Texas Department of Health
1100 West 49th Street
Austin, TX 78756
Tel: (512) 458-7284
Fax: (512) 458-7288
Email: bob.crider@tdh.state.tx.us

Subject:
Public Comments on TDH's Proposed Rules for Implementing a Childhood Immunization Registry

Dear Mr. Crider:

I am officially submitting this letter to you and the Texas Department of Health (TDH) in response to TDH's request for public comments on its latest proposed rules for implementing an immunization registry. Please make this letter a part of the official public record and officially respond to all of the comments in writing. I am also forwarding copies of this and additional supporting documentation to Senator David Sibley, Representative Kip Averitt, Representative Dianne White Delisi, the Texas Board of Health, and Governor Bush.

Taken as whole, I feel that the law establishing the registry is flawed and goes beyond the proper role of government, and that it should be completely repealed. Hopefully that will happen soon and render moot the need for TDH to accurately and legally produce a set of rules to implement the strictly limited provisions of the law. However, until that happens, TDH must try to produce appropriate rules. The current rules are replete with multiple gross errors and illegalities, most of which if they were legal would serve to advance the cause of statist government. The rules also fail to address a number of critical points that the TDH specifically is required to address by the law, particularly the defense of the confidentiality of the immunization records. Read Phyllis Schlafly's column "Congress's Secret Plans to Get Our Medical Records" hot off the Internet (Appendix 5) and resolve yourself not to be a contributing partner to the creeping strangulation of the public's unalienable right to privacy. The proposed rules must not be implemented.

Within my comments in numerous places I refer to the proposed rules being "illegal" or "unauthorized" or other terms or phrases meaning the same thing. In each and every case I assert that Texas law does not authorize some power assumed in a particular rule. If TDH agrees with me, great, remove that rule. If not, then for each one of my assertions of illegality your response and newly drafted rules should cite the specific portion of Texas law that authorizes the rule in question. This will prevent the generation of another set of rules that assume so many unauthorized powers.

1. General Comments

1.1 Preamble

      My comments are divided into several sections beginning with this one. All are necessary in order to understand the basis for my comments. In particular, this preamble section contains important general background information that applies to all of the subsequent comments. It amplifies the seriousness nature of the subsequent item-by-item objections. Moreover, it contains comments about the objective process and the underlying philosophy through which the TDH has attempted to create the immunization registry. It is important to include the comments, including these general ones, as an integral part of the entire discussion because, quite frankly, the TDH has been playing fast and loose with implementation of the law; therefore there is a real possibility that the TDH in later day-to-day operations will attempt to exploit the numerous ambiguities and outright illegalities in the proposed rules. As such, it is necessary to consider the underlying drives and philosophy of the TDH so that the risk of future adverse interpretations of these rules can be assessed. I insist that this preamble material is integral to my item-by-item comments and that it be included and addressed in the public record.

      Five appendices are also provided. They includes articles from the United States Center for Disease Control (CDC) publication called "Immunization Action News" that provide extensive insight into the underlying TDH plans for an immunization registry in Texas (appendices 1 and 2). Also, in my research I have found a text called "Written Public Testimony for the Sunset Review of the Texas Department of Health," dated 7/1/98, authored by Dawn Richardson, Alison Mullins, and Rebecca Rex, and submitted to the Texas Sunset Advisory Committee. It is an extensive, credible, understandable summary of TDH's present and past refusal to limit itself to powers properly delegated to it by We the People through the Texas legislature (appendix 3). I have investigated it and agree with it, and I choose to appropriate every one of its arguments and objections as an integral part of my official comments on the TDH proposed registry rules. An article from Human Events documenting the current push toward a National Health ID Number is also appended that serves to amplify the reality of the need for vigilance against illegal state activities that tend to support such a national effort (appendix 4); and I appropriate the arguments in this article as my own for my public comments on the registry. Finally and perhaps most importantly of all, a late-breaking column documents INCREDIBLY totalitarian bills and new laws being pushed by the US Congress that seek to unconstitutionally override state health laws, and even to permit companies to literally buy and sell internationally every American's most private medical secrets WITHOUT ANY CONSENT (appendix 5); I also appropriate all the comments and arguments in appendix 5 column as my own for purposes of commenting on the public immunization registry rules. EVERY PART OF EVERY APPENDIX IS AN INTEGRAL PART OF MY OFFICIAL PUBLIC COMMENTS, AND SHOULD BE KEPT WITH MY COMMENTS, AND OFFICIALLY ADDRESSED.

1.2 My Qualifications to Comment

      Of course I am a citizen of Texas and it is my right and duty to comment. I actually tried to comment in the previous period, but the notification of both Texas physicians and the public on such a potentially invasive issue as this was done in such a low profile manner that by the time I could work on it, the comment period was up. I am thankful to the vigilant citizens who caught the huge problems with the previous rules and made their views known. I also have four children in public schools whose privacy is at risk under the proposed rules. However, I also have other qualifications and reason for interest in this subject.

      I am a family physician. After 3 years in rural full-service private practice I entered full-time academic medicine. In 1991 I returned to Texas to teach on the faculty of a large and capable family practice residency program affiliated with the University of Texas Southwestern Medical Center, through which I hold the title of Associate Professor. I am the Associate Director of Research at the McLennan County Education and Research Foundation, which is the parent corporation for our residency program. In addition to teaching residents and students, I and all of our faculty engage in part time practice. We primarily care for indigent patients.

      In addition, I have been a computer programmer since 1970. I have held commercial jobs programming, and have sold my own medical software in the past. Moreover, I have been extensively involved in the field of Medical Informatics, which primarily involves the application of computer technology to the practice of medicine and to public health. Our residency program now operates a fully computerized patient record system which I use regularly and which I helped acquire. I therefore am demonstrably able to understand both medicine and computer systems. Therefore do not discount my objections to these rules, the poorly fettered public computerization of the health records of Texas' children, as the result of some sort of naiveté on my part.

1.3 General principles: Freedom is more important than health care; we're serious about limited government!

      TDH needs to hear this so that it can understand how We the People who oppose large government registries are not against good health: it's just that Freedom is vastly more important than health care. For the sake of freedom our forefathers pledged their lives, their fortunes, and their sacred honor. And the prime genius of American government is that it is strictly limited. For example, in the name of freedom we will let a known criminal go unpunished simply because our government technically overstepped its legal authority in his arrest! So I think that in the name of all the benefits of freedom we can forego the lesser hypothetical benefits of a supercharged immunization registry.

      Why do I mention this? It is because if the TDH is like most groups advocating centralized control mechanisms, then it is has only the best intentions in its proposals, so it is absolutely mystified that anyone would oppose the good things it thinks it is offering. It therefore views opponents of the plan as backward, anti-progress types who should be ignored as much as possible. The TDH must truly come to grips the with degree to which the public values strong limitation of government-by its failure to honor the expected limitations on government it has lost 5+ years and millions of dollars pursuing a course unacceptable to the public. I personally view the effect of TDH's pursuit of its "dream" (ImmTrac) as the use of my own tax dollars against me to create an unauthorized infrastructure that will then be touted as "an offer we can't refuse."

      The TDH appears to have started down the road toward the immunization registry in SUMMER 1993. Previous investigations of TDH's behavior have cited 1995, but as evidenced by the attached article "Congratulations Texas!" from a CDC publication called Immunization Action News (August 1997, Vol 4, No 1, Page 11-see appendix 1) the TDH started collecting data for the registry in 1993, by no coincidence during the national frenzy over health care that was concocted by the Clinton administration. TDH was so far along with its unauthorized public-private consortium project, "ImmTrac," that by 1996 it had won "The 1996 Computerworld Smithsonian Award" for innovative use of technology for society.

      The Immunization Action News article is instructive in that it proves ImmTrac obviously was not "vaporware," but had by 1996 already become "a system you can't refuse." The article is important in understanding where TDH actually plans to take this system: voice-response, BBS, free PC software, batch updates and extracts, and uploads and downloads of entire files containing data on multiple patients. Moreover, ImmTrac's "Application Program Interface (API) can be used with existing health-related software, allowing other commercial or public software products to incorporate ImmTrac functionality to be directly accessed by their applications." THAT SOUNDS LIKE A SYSTEM INTENDED TO BE MASSIVELY INTERCONNECTED WITH A WOMB-TO-TOMB NATIONAL HEALTH CARE NETWORK. When you also read about "Suzy" in "Immunization Registry Strategies" on page 8 in the same in the same newsletter (see appendix 2) you hear that "what is remarkable about this particular scenario is that Suzy has never been to this doctor's office before. In fact, she only recently moved to this state. In generating her immunization history, the computer in the doctor's office was able to access records that were entered by Suzy's previous health care providers and remained stored in another state."-then you know that the TDH vision, without a doubt, is for transparent connections across state and national boundaries. Perhaps this explains their many indiscretions with the law in formulating the proposed rules.

      I am a member of and have in the past held leadership positions within in a large national organization called the American Medical Informatics Association (AMIA). I also belong to the Society of Teachers of Family Medicine (STFM). Conferences held by both organizations were routinely attended by and topically dominated by government employees and liberal academicians who constantly bemoaned the lack of a standardized single identification number for patients. They laughed at any suggestion that the US Constitution according to the Tenth Amendment does not permit any federal mandates in health care. And they planned to start with immunization registries in order to get a handle on the entire health care industry. Why? Because the public had already become comfortable with limited powers for state public health agencies. Immunizations would be the foot-in-the-door for a unique medical identification number that through interconnection of public schools, daycare centers, public health agencies, and so-called "managed care" would initially be used to track immunizations. But then, with just the addition of more data fields and connectivity, "ImmTrac" becomes "AllTrac," and entire patient records could be maintained in an unnecessary, abuse-prone national database-with little overall benefit to the patients compared to the huge advantage imparted to those who would exert control over an entire population. Registries laws also desensitize the public and set a precedent for the idea that it's normal for private records to routinely be sent by third parties to the government.

      Many groups like the Computer-Based Patient Record Institute (CPRI), AMIA, and the STFM are utterly dominated by statists (people who advocate centralized government control mechanisms) and multinational businesses who retain few true allegiances to the US. These groups continue to support the development and implementation of systems of womb-to-tomb medical tracking of the public at large. Pseudo-governmental entities like the Robert Wood Johnson Foundation (RWJF) illegally collude with the government, as evidenced by RWJF's preeminence in the disgraced and punished "Health Care Task Force." And they continue to virtually bribe governmental and professional organizations with their offers of money and support, always with strings attached. If RWJF likes something, then I always look carefully for a poison pill!

      These groups, of course, were devastated when We the People chose freedom over fascism and rejected the nationalized health care plans in 1993-94. Since that time they have learned that the public will never accept most of what they advocate unless it is imposed "under the radar," with stealth-slowly, and incrementally: and this change in their approach is objectively demonstrable, and not just rhetoric.

      So Americans esteem limited government. We want regulatory agencies like TDH to agree in spirit and in action with the principle that government powers are strictly limited. Beyond required reporting to the legislature and executive, state agencies should not lobby for specific legislation using resources derived from taxes. I also vigorously object to having corporations like Electronic Data Systems (EDS) and Robert Wood Johnson Foundation and many others through their donations in effect bribing a state agency to work and push for the adoption of certain positions favorable to them, and then to build with them an unauthorized infrastructure that can later be foisted on the public as something done, something free, something too good to pass up!-but a poison pill to freedom.

1.4 More creeping incrementalism: I object that the de facto contract with the public that the legislature created through HB 3054 is not protected in the proposed rules.

      In HB No. 3054 the changes in law create a de facto contract with the public. Under the law as written and the rules implementing the law, the public is extended a right to decide whether or not to participate in a public health database system, a decision that has both advantages and disadvantages. It is therefore morally impermissible for the law itself or the rules ever to be modified without giving registry participants the option to back out. In other words, NEITHER TDH NOR THE LEGISLATURE MAY "RAID THE REGISTRY" BY PASSING A NEW LAW OR RULE that, for example, suddenly permits the registry data to be uploaded to an international database without there being a serious opportunity for people in the registry to remove their names BEFORE the registry is uploaded.

      Since the Texas legislature always intends to deal morally with the public, and even because any future change in the registry laws could be argued to be illegal ex post facto laws, the TDH should MEMORIALIZE THE DE FACTO CONTRACT IN THE RULES TO ASSURE ALL PEOPLE WHO AGREE TO PARTICIPATE IN THE REGISTRY THAT IF THE LAWS OR RULES ARE EVER CHANGED, THEN THEY WILL HAVE AMPLE NOTICE AND OPPORTUNITY TO REMOVE THEIR INFORMATION FROM THE REGISTRY BEFORE THE CHANGE IS IMPLEMENTED. Freedom from ex post facto impositions is an unalienable right retained by We the People and expressly protected in the Ninth Amendment of the US Constitution. It is nothing more than any credit card company changing its rules would do for its card holders when it gives them adequate notice that they can close their accounts if they disagree with the change. We demand the same common-law morality from our government. TDH must explicitly describe how it intends to protect our right to opt out of the registry if any of the laws or rules relating to the registry change

1.5 The TDH has no legal authority to interpret or to implement Federal Laws and Regulations related to the Immunization Registry; this lack of authority must be codified in the rules so that no person or entity, through inappropriate acquiescence to their supposition of Federal preeminence, commits the following offenses against the public: (1) a small breach of confidentiality; (2) a massive breach of confidentiality; (3) a violation of the de facto contract with the public that the legislature created through HB 3054 (addressed in section 1.4 in this letter).

      TDH works for the people of the State of Texas, not for the Federal Government. If the Federal Government oversteps its legal authority, as it is currently trying to do in health care, the State of Texas has the legal right to oppose it, and if necessary in order to prevent irrevocable damages, to seek restraining orders against it.

      THE TDH APPEARS TO HAVE COLLUDED WITH THE FEDERAL AGENCIES AND DESIGNS, and very likely will jump at any chance it gets to rationalize that Federal laws that it favors override the Texas laws under which it operates. If it does this, THE TDH ITSELF MIGHT MASSIVELY RELEASE CONFIDENTIAL DATA OUTSIDE THE STATE TO WHO KNOWS WHO, AND THEN TRY TO CLAIM AFTER THE IRREVOCABLE DAMAGE IS DONE, THAT "IT ACTED IN GOOD FAITH" SO IS NOT RESPONSIBLE. And yet there is no legal authority granted in the immunization registry law and the de facto contract with the public it invokes for the TDH to displace the Texas registry law with Federal law. Moreover, the immunization registry laws are constrained, specific state laws. The US Constitution in recognizing We the People's unalienable rights in the Ninth and Tenth Amendments specifically, clearly, and emphatically protects the power of local and state governments and limits the powers of the Federal government. It is patently unconstitutional for the Federal Government to regulate-in any way-any of the issues covered by the Texas immunization registry law. It is therefore extremely appropriate that no Federal law appearing to TDH to conflict with or to override the Texas immunization registry laws be honored or observed without a direct legal order of a Federal judge, and even in that case rather than completely acquiescing, restraining orders should be obtained to protect Texans in the registry. If it comes to the order of a Federal Judge, then other appropriate legal resources of the State of Texas, including the legislature and the governor, will of course become involved.

      The TDH is charged with protecting the confidentiality of the immunization records. This includes specific protections against illegal Federal raids on the registry. This is a very real risk as you can see from the articles in appendix 4 and 5. The lack of this very basic protection in the proposed rules disqualifies the rules in their present form, and requires that rules appropriately protecting the public from Federal raids on the registry be written.

1.6 I object that the proposed rules assume authority that was not granted in the authorizing law.

      I obviously favor repeal of the underlying law authorizing the registry in the first place. And unless I perceive an amazing turn around in TDH's good faith efforts to adhere to the principles of limited government in rule-drafting, I will support the current call for curtailing TDH's independent rule making powers.

      However, assuming that the law expressed in HB 3054 is not repealed, I obviously want to minimize the damage by insisting that any rules implementing it are absolutely strictly limited to the powers granted by the legislature in law. Time after time after time the TDH rules as proposed place requirements and burdens on people and entities that were specifically not authorized by the law, and I object strenuously to this attempted usurpation. Specific objections are cited below concerning individual items in the proposed rules, and all these objections are based in the overriding principle of strictly limited government.

1.7 Massive Mistakes Permitted: I object that rules for (1) reducing the risk of, (2) responding to, and (3) assigning accountability for a massive privacy breech is not addressed in the rules.

      Point Number One in establishing the immunization registry as stated in Texas Health and Safety Code Section 161.007 (a) (1) is the PROTECTION OF CONFIDENTIALITY. The rules fail to adequate provide for this. When paper records are used, there is no audit trail of a person glancing at them or photocopying them, but there is also no significant risk of a massive breech of confidentiality because each record must be individually physically accessed. When records are kept electronically, audit trails and backups and other security measures can reduce the risk of a single-record breech below that of paper, especially with computer systems located physically within a single building with no outside computerized access. However, when a network the size of Texas is proposed, the risk of both individual breech and massive breech of confidentiality is considerably increased. It's like the killer bees-once they get out, there is no calling them back, no matter how much you yell at the beekeeper. The same thing is true with government-mandated databases. One hacker, one thief or disgruntled employee with backup tape or CD, or even one "true believer" who disagrees with the security measures the public cherishes can copy or upload the data to an international database and if it spreads, we will never get it back.

      The very serious lack of nearly any rules insuring that confidentiality be assured, the number one mandate of the law, disqualifies these proposed rules from implementation. The rules need to specify what steps will be taken to keep this database from being raided and from being propagated to other computer systems, especially corporate, private, out of state, and out of country systems.

2. Itemized Comments and Objections

2.1 TDH will collect and keep unauthorized data according to the proposed rules, and this is illegal, so the rules should not be adopted.

      The law (Texas Health and Safety Code Section 161.008 (b)) says that this data can be collected for an IMMUNIZATION RECORD:

    • the name and date of birth of the person immunized;
    • the dates of immunization
    • the types of immunization administered [and logically to me this may include lot numbers, etc.]; and
    • the name and address of the health care provider administering the immunization

      There is simply no authorization for the collection or the storage of any other data in ImmTrac, including "voluntary" data. NONE-with the exception of a data field to positively indicate that permission has been granted by a parent to include information in ImmTrac. The legislature went out of its way through amendments to make sure there were limits on this system! The rules indicate that TDH intends to collect a lot of other data both "voluntary" and "if available" and in such a manner that they will consistently get more information than the legislature authorized. WE DID NOT AUTHORIZE TDH TO COLLECT THIS ADDITIONAL DATA, SO WHY IS TDH TRYING TO BURDEN THE PUBLIC WITH ILLEGAL, UNAUTHORIZED DATA COLLECTION AND SUBMISSION, AND TRYING TO ILLEGALLY MAINTAIN A LARGER DATABASE THAN AUTHORIZED? Stop it and stick to the law.

      Moreover, the 4 authorized items above, along with the "gender" is all that TDH needs to uniquely identify the particular record. We know this because the rules (section 100.4(c)) specify that a parent may withdraw consent and have his or her "entire child's record" (badly worded and needs revised also) completely "removed" from the registry. [By the way, this means PHYSICALLY DELETED and NOT "flagged as deleted" or "unmarked" or "backed up" or "moved to another system," etc., any of which would be outright fraud. Better to revise the wording and remove all doubt.] To authorize withdrawal from the registry, the rules drafted by TDH say the parent must specify child's name, date of birth, "gender," name of parent, parent and child's address for confirmation notice, and signature and date of signature; and THAT'S ALL THE TDH REQUIRES.

      Obviously if you can permanently and irrevocably delete an "entire child's" record by the receipt of such information, than you can uniquely identify the record. THIS RENDERS COMPLETELY MOOT ANY ARGUMENT THAT ADDITIONAL INFORMATION IS NEEDED TO UNIQUELY IDENTIFY IMMUNIZATION RECORDS IN THE TEXAS REGISTRY. This point should be remembered during all the comments below about TDH overstepping its authority to collect and keep data. If the TDH insists that (oops!) it really needs more information, then I will suggest that TDH was never worried about accidentally deleting wrong records because they never intended to delete them in the first place, but instead intended to just mark them or copy them to "another system," transparently connected to their ImmTrac software, and just as easily queried whenever they want in the future. TDH has already proven is it willing to rationalize its manipulation of public data without authorization.

      As another point, "industrial strength" computer systems typically are designed NOT to lose data, and it is DIFFICULT to completely delete all information on a given patient. Data is stored REDUNDANTLY. Backups are done to other systems and media. Deleted records can end up right back in the database when backups are restored unless detailed, up to date "journaled" transactions like deletes are kept and then posted on top of the restored system. Often deleted records are not really deleted, but are simply marked as deleted, so that unless the database is "compacted" the actual data remains and can be restored. Specific rules for permanently destroying old backups must be made, and for insuring that recent backups cannot be accidentally restored with unauthorized names or data. Even if the TDH thinks that very few people will request removal from the database, about 300,000 people per year will turn 18 years old and their records must be permanently deleted from the database because the legislature did not authorize the maintenance of a registry of names of anyone 18 years old or older. GUARANTEES OF AUTOMATIC DELETING FROM IMMTRAC AND THE REGISTRY AT 18 YEARS OF AGE MUST BE SPECIFIED IN THE RULES.

      I am particularly upset that the TDH actually was going to try to collect and enter social security numbers and the mothers maiden names! What potential for abuse in a system that is so far-flung! What a target for hackers! With such vouching identification a con-man can gain access to bank accounts, credit card accounts, stock funds, etc. And it's just one stop shopping if the White House wants to query ImmTrac with a unique key number (like the social security number) to pull a record and go branching from there on an Filegate-like escapade. If relationships and relatives (like mothers of children) have social security numbers on-line along with the legal data, with a complex query you could literally pull up an entire family tree if you wanted to track an entire family. Just what epidemiologists drool over, but just what the public knows better than to accept.

2.2 Illegal release to people and entities could occur under these rules.

      The law (Health and Safety Code Section 161.008 (c) (2)) authorizes data to be released only to:

    • a public health district
    • a local health department
    • the child's physician
    • a school or child care facility in which the child is enrolled

      THAT'S ALL.

      Why are these rules stating that data can be released to "the Commissioner of Health or designee" (section 100.2 (a) (2) (E))? Even if that was permitted, what do you mean by designee? Designee of the commissioner of health? Or TDH's designee? It's an illegal release, but even if were legal, the rule is ambiguously written and would be certain to be abused in the future after the original meaning of the clause had been forgotten. And the ENTIRE DATABASE can be released by such a clause-and re-release after that is very poorly protected-YET CERTAINLY NO RE-RELEASE WAS AUTHORIZED OR INTENDED BY LAW.

      And your rules (section 100.2 (a) (2) (G)) propose to give illegal registry access to past and current health care plans, too! These plans already by law are required to get reports from "providers." They are not permitted to practice medicine, and if they already have all the information about immunizations given to their enrollees, then why would they want to access the registry? Insurance companies may not legally access the registry, period.

      HMO physicians should not get a competitive advantage over private doctors, either. If some providers are required to report immunizations given to properly consented patients, then all should be required to report, even the providers for HMOs and insured patients. The silly step of providers reporting to insurance companies and HMOs should be scrapped. The insurance companies and "managed care" megacorporations should be 100% out of the loop. There is no earthly legitimate reason why insurance companies are involved AT ALL in this scheme-except that their involvement is what permits you to create a computer network from "provider" to "managed care" to "TDH" and back to "provider." With both TDH and "managed care" having extensive network connections nationally and internationally.

      Additionally it is illegal for the Texas Department of Human Services (DHS) (except direct immunization providers) to access the registry, but your rules (section 100.2 (a) (2) (D)) would let them. You are charged with CONFIDENTIALITY, so why provide global access to such a huge and potentially invasive agency as DHS? The registry would be highly tempting for abuse, cross-correlations to locate people, etc. Anyone who needs to prove their immunizations to the DHS can simply request a report from the registry and then provide a copy to the DHS.

2.3 Illegal re-release of information is authorized by the rules, so the rules should not be implemented.

      The whole point of a registry is to create a controlled, central access point so that everyone knows where to look if they need information, right? So WHY would the TDH want ANYONE else to be able to re-release that information, especially en mass or electronically, much less to be able to release it across state lines? Yet that is exactly what Section 100.2 (a) illegally permits. TDH is not authorized by the legislature to restrict the use of this registry only to those people who are willing to forgo their legal privacy protections and agree that their records may be bandied about freely, including across state lines.

      Under Texas law, only the Health Department is authorized to release a child's confidential immunization record. Release is authorized only to a public health district, a local health department, the child's physician, the child's school or child care facility, or a parent. Period. This rule even tries to give re-release privileges to "the Commissioner of Health or designee" for whom access to the registry in the first place is illegal! And once re-released, particularly across states lines, the recipients of the records do not necessarily fall under any regulations at all. This data can propagate from system to system through various channels, and eventually copies can end up in data banks that are off shore and completely unregulated. You cannot recall data that has been launched irresponsibly into cyberspace no matter how many mea culpas are issued. These illegal rules cannot remain, and I am shocked that the TDH would try to permit such re-release of data.

2.4 I OBJECT TO TDH'S INADEQUATE EFFORTS TO OBTAIN THE STATUTORILY REQUIRED WRITTEN INFORMED CONSENT FROM THE PARENT FOR REGISTRY INCLUSION AND RELEASE OF RECORDS.

      2.4.1 I object to the use of a permanent document like the birth certificate for consent.

      The following is from a commendable and valuable assessment of the proposed rules done by an organization called Parents Requesting Open Vaccine Education (PROVE). I investigated the statement, agree with it completely, and have adopted it as my own view which I now present for inclusion in the official public record to be addressed as required by Texas law:

      The proposed rules and current practice of TDH having a consent "check box" on birth certificates forces parents to make an unrelated decision at a very inappropriate time. (Section 100.2 (b)). Not only are many women emotionally and physically exhausted during and after labor, but most are under the physical and mind-altering effects of pain management drugs and anesthesia. In addition, birth certificates are retyped by hospital staff, and there are documented instances of hospital staff changing a parent's registry consent status from "no" to "yes". This has lifetime repercussions for families who did not want their children's confidential information released. An immunization registry has nothing to do with vital statistic data. Birth certificate consent appears to be an attempt of TDH to push inclusion by catching families at a vulnerable time when they are unlikely to give truly informed consent. Consent at birth is inappropriate and should not be allowed to continue now or in the future.

      Moreover, what are parents who want to revoke consent supposed to do, have their child's birth certificate amended? Future abuses could easily occur where consent was presumed "in good faith" via a permanent document like the birth certificate that carries the checkbox forever, even though consent has been revoked.

      2.4.2 Current Forms Force Inclusion, Violating the Law that Participation in the Registry be Voluntary.

      The following is from a commendable and valuable assessment of the proposed rules done by an organization called Parents Requesting Open Vaccine Education (PROVE). I investigated the statement, agree with it completely, and have adopted it as my own view which I now present for inclusion in the official public record to be addressed as required by Texas law:

      HB 3054 initiated the statewide immunization registry on September 1, 1997. Even though this law authorizes only a purely voluntary registry, the consent forms TDH continues to use today (C-90, C-97, C-106, etc.) bundle immunization consent with registry consent under one signature. In other words, all parents who consent to having their child immunized are forced by default into the registry. This puts the burden on parents to discover they have the right to withdraw consent and to contact TDH to withdraw. There are documented instances of families being bullied and misled by doctors, nurses and school health staff into believing they had no choice because their consent to the administration of vaccine automatically would include them in the registry. Additionally, the current consent forms do not inform the parent of everyone who will have access to their child's personal information or about their right to later withdraw consent and how to do so. Not only should current consent forms be replaced immediately, but TDH should be required to contact every family forced to be included in the registry in this manner since September 1, 1997 with a new separate registry consent form that includes withdrawal information and release disclosures.

      At least as I discuss below there is no legal requirement that providers or insurance companies solicit patients to participate in the registry.

      2.4.3 No "Grandfathering" of Data

      The following is from a commendable and valuable assessment of the proposed rules done by an organization called Parents Requesting Open Vaccine Education (PROVE). I investigated the statement, agree with it completely, and have adopted it as my own view which I now present for inclusion in the official public record to be addressed as required by Texas law:

      The legislative basis for the registry, HB 3054, which reads "An Act relating to the creation of an immunization registry", did not authorize the registry to be initiated until September 1, 1997. In fact, TDH implemented the registry years before it was authorized to do so by the Texas Legislature. None of the statute's privacy protections were in place during that time. For example, the Texas Health and Safety Code expressly states in Section 161.008 (a) (3) that TDH must have parents' consent before it may add their children to the registry. In fact, since 1995 TDH has entered at least 3.3 million children into its registry wholly or largely without any parental consent whatever. Despite these unauthorized and abusive actions, and although TDH has admitted that it cannot verify the required consent for these records, the proposed rules in section 100.6 (a) state that TDH will keep information in the registry that was entered prior to September 1, 1997. TDH's half-hearted proposal for contacting the parents of these children is to post notices in doctor's offices which state that they may already be in the registry. This is unacceptable. TDH should instead be required to directly contact those families and either obtain truly informed consent in writing or delete those records from the registry."

      Overall, however, the law is quite clear that the honest and proper thing to do is for the TDH to just go ahead and delete those records that it should never have obtained in the first place.

      Since none of these illegally enrolled patients have given proper consent (unless subsequent consent has been given), providers are free to immunize them without providing reports to the registry, and their insurance companies are also free not to provide reports. Additional discussion appears below.

      2.4.4 Not One Time Only

      The following is from a commendable and valuable assessment of the proposed rules done by an organization called Parents Requesting Open Vaccine Education (PROVE). I investigated the statement, agree with it completely, and have adopted it as my own view which I now present for inclusion in the official public record to be addressed as required by Texas law:

      Federal law and the Vaccine Injury Compensation Program (VICP) require parents to be provided with printed information about the benefits and risks of a vaccine before it is administered to their child, as well as how to monitor and report an adverse vaccine reaction. Section 161.008 (c) of the Texas Health and Safety Code requires that TDH may obtain or release registry data only with the prior written consent of a parent. However, the proposed rules state that "consent must be obtained one time only and is valid until the child attains 21 years of age" (Section 100.1 (10)). Further, this one-time consent is to include "past, present, and future information" concerning the child's immunizations (Section 100.2 (a) (2)). This proposed rule appears to be an attempt by TDH to force inclusion by default rather than to obtain true informed consent. A "one time only" consent is not adequate as children change providers many times. How will a new doctor know whether consent was obtained at birth or from another provider, or was denied? Since other federally mandated forms are already being distributed at the time of vaccination, it is convenient and necessary for the protection of our children's information that written consent for the registry be obtained at the time of each vaccination. There are over 200 new vaccines being developed, and since no parent knows what future vaccines will be required, consent for registry inclusion and release should be obtained with each new vaccine being administered.

      As a physician I would prefer that patients give or refuse consent on a case-by-case basis. I would be very uncomfortable sending data based only on the parent thinking that the child had a consent form on file, so not knowing whether or not consent was signed or evoked, I would generally choose to require a new form each time. Perhaps if one was on file in my office I would let it stand until the patient revoked it with me.

      The age of 21 should be changed to 18 since records must be purged from the system after the patient reaches 18 years of age.

      2.4.5 Inadequate Data Security

      The following is from a commendable and valuable assessment of the proposed rules done by an organization called Parents Requesting Open Vaccine Education (PROVE). I investigated the statement, agree with it completely, and have adopted it as my own view which I now present for inclusion in the official public record to be addressed as required by Texas law:

      Immunization registry records are confidential medical information (Health and Safety Code Section 161.007 (a) (1)). However, the proposed rules require only "immunization providers, health plans, and TDH" to "maintain the confidentiality of all immunization reports" (Section 100.9 (b)). In addition, the rules require only providers to sign confidentiality statements, register, and be provided with security levels, a user ID, and a password (Section 100.11 (a-c)). Why has TDH left out schools, day care facilities, and other registry users from these security and confidentiality requirements? The way this section of the proposed rules is written allows virtually anyone at a registry user's location to have unsecured access to the personal information in any child's record. All registry users, not just providers, must be required to maintain the confidentiality of an immunization record.

      See section 1.7 above about the risk of massive breech of confidentiality.

      2.4.6 Missing Protections for Patients Not Participating and for Providers Serving Only Non-Participants

      The following is from a commendable and valuable assessment of the proposed rules done by an organization called Parents Requesting Open Vaccine Education (PROVE). I investigated the statement, agree with it completely, and have adopted it as my own view which I now present for inclusion in the official public record to be addressed as required by Texas law:

          Since inclusion in the registry is voluntary, the rules should state that parents who refuse consent will not be penalized, retaliated against, or in any way harassed. Families choosing not to participate in the registry must be protected from any backlash by registry users, including, but not limited to: insurance companies, health maintenance organizations, other organizations that pay or reimburse claims for immunizations, physicians, public health offices, employers, schools, or child care establishments.

      I will also add something to this point: The TDH is supposed to inform patients and their parents about the registry (Health and Safety Code Section 161.007 (a) (2). Patients might choose to participate or they might not. However, THERE IS NO LEGAL REQUIREMENT THAT ANY PROVIDER OR INSURANCE COMPANY PROACTIVELY OBTAIN CONSENT FOR PARTICIPATION IN THE REGISTRY. This should emphasize that participation in the registry is VOLUNTARY. If your birth-certificate check-boxes and one-time-consent provisions stand, and they should not, then perhaps some patients will come for immunizations for which consent has "been obtained in accordance with guidelines," and if those people are immunized, then providers and insurance companies will be legally required to report those immunizations to the registry. If the patient has not consented, however, there is no legal obligation to ask them whether or not they wish to participate. Moreover, there are currently over 3 million names in the database for whom legal consent have not been obtained by TDH. Since these people have not consented to the registry, and there is no legal obligation to solicit such consent, it is possible to immunize these people legally without either obtaining consent for the registry or reporting it.

      Moreover, there is no law prohibiting "providers" from requiring their patients to refuse to participate in the registry if they want to receive immunization in their practice. There is also no law prohibiting insurance companies from requiring their enrollees to refuse to participate in the registry. Since through this law the legislature has created even more unfunded burdens on private business- vastly in excess of the meager TDH estimates, and unfortunately once again falling disproportionately on physicians who serve patients who pay cash-it is natural that some physicians will choose to avoid becoming "agents" of the TDH, and will require their patients to either refuse participation in the registry, or to seek immunization elsewhere.

      Because of the points above, I wish to see rules propagated to validate and protect the legal right of providers and insurance companies NOT to solicit consent for the database, and to validate and protect the right of immunization providers to provide immunizations only to those patients not in the registry or who refuse to participate in the registry. The right of insurance companies (if otherwise legally permitted to refuse immunization coverage) who only wish to provide immunization coverage for patients who refuse participation in the registry should also be protected. TDH is INCREDIBLY mistaken in its assertion in the preamble to the rules that "the average insurer will incur costs equivalent to $500 per year of participation." It will cost more, and I think that companies that can legally avoid one more unfunded mandate by the government will jump at the chance to do so, and I don't blame them.

2.5 The TDH rules illegally restrict the format that providers are required to use in submitting reports, and No National and International Monitoring of Vaccination Status

      Under the law (Health and Safety Code Section 161.007 (d)) providers are permitted to submit immunization reports to TDH "in writing, by electronic means, or by voice." The TDH is permitted to specify the format of each of these reports, but the TDH is not permitted to limit telephone reporting to providers that administer less than 25 immunizations per month. Even if this were legal, it needs revised because immunizations are seasonal-do you mean averages? Does "immunizations" mean how many are reported to the registry, or how many are done per month including adult flu shots, etc.?

      PROVE says "The proposed rules state the HL7 format will be used by the registry for automated data exchange (Section 100.8 (b)). HL7 format has a format specific to immunizations that allows for the sharing of records and monitoring of vaccine status nationally and internationally. This data exchange format was chosen by TDH because of their intentions to release our children's records to databases outside of Texas despite strong parental objections and absence of statutory authority. The HL7 format promotes this."

      The proposed rule permitting insurance companies to access the registry is illegal, so it will be illegal for them to have read-access to the registry, so no specifications that they will accept information from the registry in HL7 format can be legally made.

      The law making insurance companies middlemen between providers and the registry is poorly conceived and should either be amended or repealed with the entire registry law, but if it is not, then the protocol which TDH mandates be used to send it reports does not particularly concern me. It would be illegal for the insurance companies to send the information anywhere else, whether the company uses HL7 or not. But I am VERY concerned that the choice of HL7 is yet another sign that once again TDH plans to move data around without authorization, to fudge and try to change the laws or rules, and in effect to perform a "bait and switch" wherein the registry is suddenly connected directly or indirectly to databases or networks that were never specifically authorized in current law. The defacto contract with the public created through the registry law may not be violated-see section 1.4 above for additional explanation of this.

2.6 No Agents of the TDH

      I object to the defining of all providers as agents for the Texas Department of Health for the purposes of the immunization registry. PROVE states the following, and I am concerned also:

      There is no statutory authority for making providers the agents of TDH for registry purposes, and the implications of so doing are unclear. Defining providers as agents of TDH could shield them from legal liability under their statutory obligation to maintain doctor/patient confidentiality as well as other wrongful uses of the registry, such as reporting or disclosing private information without securing written consent (Section 100.1 (3)). I request that TDH explain its intentions and the potential ramifications of making providers its agents for registry purposes.

      In Section 100.1 (3) TDH states that "all providers are eligible to participate in the registry" in a manner suggesting that participation is voluntary, but then states that "all providers become agents of the Texas Department of Health for the purposes of the immunization registry." Of course the legal authority of the TDH to declare "providers" to be its agents for immunization purposes is very doubtful. Are you are trying to make a case for it via some other portion of law (and if that is the case it should have been cross referenced in the rules)? But I want to know why you felt you had to do this. Is there some problem in the rest of the law and/or rules that falls apart if providers are not considered agents? Please delete the agent part and clarify!

2.7 The rules state that providers are required to permit the TDH to inspect immunization records. This appears to be illegal and I object to it.

      The rules (Section 100.7 (a) and (b)) do not appear to be legal impositions on providers. In my experience, it is practically impossible for medical records to be reviewed properly in this manner-often it ends up being a "fishing expedition" and records to which the inspector had no right end up getting viewed. Moreover, there are no limits expressed-the potential for constant impositions by an overzealous local TDH representative remains. Controls would be needed even if this section could legally stand. Also, the language is not specific here-providers are not required to submit reports when patients have not consented to inclusion in the registry, but the wording suggests that all immunization records, even adults and children's records not in the registry, are at risk for review. Knowing how public health officials love to get denominators it would be very likely that this clause would be misinterpreted. So even is this section were legal, it would need reworded. If this section is supported in other law, then the rules should cite the supporting law. I urge the legislature to keep the government out of private medical records!

Very sincerely,

William M. Chop Jr. MD
Associate Professor and Associate Director of Research
McLennan County Medical Education and Research Foundation
. Waco Family Practice Residency Program
. Family Practice Faculty Development Center of Texas
. Affiliated with University of Texas Southwestern Medical Center

Attachments:
Appendix 1: 1 page
Appendix 2: 1 page
Appendix 3: 10 pages
Appendix 4: 1 page
Appendix 5: 1 page


Appendix 1

From the CDC's National Immunization Program (NIP) publication called

"Immunization Action News"
August 1997, Vol 4, No 1, Page 11

Dotted underline and [ ] added by me for emphasis and clarification.

Congratulations Texas!

Congratulations to the Texas Department of Health (TDH) staff and partners involved in the development of ImmTrac. TDH won the 1996 Computerworld Smithsonian Award (CWSA) for innovative use of technology for society in the medicine category, for the development of the ImmTrac immunization registry. Robert Crider, Immunization Division Director, and Ann Syptak, ImmTrac Project Director, accepted the award in Washington, D.C., on June 4, 1996.

ImmTrac, along with nine other winners in other information technology categories, will be added to a permanent Smithsonian exhibit called 'The Information Age: People, Information, and Technology.' This exhibit has already been visited by over 3 million visitors to the Smithsonian. The winners were chosen from among 341 nominations, in 10 categories. To be considered, a project must he nominated by the Chairman's Committee of CWSA, which is made up of representatives of 100 leading information technology companies. A listing of these committee members is available through the Innovation Network at CWSA (URL: http:// innovate.si.edu).

The ImmTrac system was developed through a public/private partnership that has been very successful. The TDH worked with its contractor, Electronic Data Systems (EDS), and contractors from Historically Underutilized Businesses (HUBs), which are minority and women-owned businesses. They worked together to define, analyze, and implement the requirements and specifications, and then test the resulting application. They have also worked with the Bureau of Vital Statistics (BVS) and have successfully imported 2 years of data previously collected by BVS. Private industry and non-profit foundations also contributed to the registry's development by providing equipment and financial support. Their best advice: "Build and educate a team of leaders, analysts, programmers, and subject matter experts from diverse backgrounds and work cultures to be a highly productive and cohesive team, and choose technology that would support a statewide system now and many years into the future..."

In addition to managing the child's immunization history, the ImmTrac system can also generate reminder notices for upcoming vaccinations that are due, and recall notices for missed or overdue vaccinations. It provides customized reporting by facility or geographic region, including coverage levels, and can pinpoint demographic or geographic problem areas, allowing for special outreach activities.

ImmTrac will import and export information from local databases, and assist other programs such as the Women, Infants, and Children (WIC) program. In addition to the TDH and medical providers, other users, such as school administrators and nurses, daycare facilities, and parents all have access to certain features of the system. Users can access the ImmTrac system through several methods:

(1) a Voice Response System (VRS), which allows parents and other users to call in for a current history and what's upcoming or past due, using a touch-tone phone; (2) by a modem and Bulletin Board System (BBS) combination by the private sector; and (3) by free PC software. Responses are available through voice, fax, mail, or download from the BBS. There are two 800 numbers, funded by TDH: one allows priority access for providers, schools, and daycare facilities; the second is for the parents' use. The VRS also can provide special messages from the TDH about any special news that needs to be disseminated, options for receiving immunizations and histories, and the TDH immunization schedule. Because of confidentiality issues, these access methods are protected by a sophisticated security subsystem.

Two interfaces are available for integrating ImmTrac with other automated systems: (1) An Import/Export feature that provides a standard format for other medical related applications and automated city or county systems, allowing import and export of data to and from ImmTrac. This will accommodate batch updates and extracts. One example is the State's Integrated Client Encounter System (ICES) which currently exports data about clients that have had immunizations at regional clinics; ImmTrac then imports this information into its more complete database. (2) The Application Program Interface (API) can be used with existing health-related software, allowing other commercial or public software products to incorporate ImmTrac functionality to be directly accessed by their applications.

In addition to receiving immediate information online, the provider can request information, log off, and then return later to download the processed request from the TDH WAN or BBS. This saves time and frees the staff and computer for other tasks, and also saves money by reducing costs to the 800 number. A good example of this would be a doctor's office requesting either a data file or a report of all patients needing reminder notices of immunizations in the coming week. Another time-saving feature is an automated report scheduling mechanism so the user can request customized parameters for a report and then have it run automatically as often as needed (e.g.. daily, weekly, monthly).

The system will become available to public health personnel in stages. The system will be installed in all TDH regional administrative sites by the end of the summer [1997]. The first local health department installation is scheduled for September Regional and local health department staff will recruit and provide some local support for private physicians in their area. Texas has been collecting immunization data in public health clinics throughout the State since the summer of 1993. That data was loaded into ImmTrac along with current immunization data. There are currently 1,200,000 clients, with 4,775,000 immunizations in ImmTrac. The Texas birth cohort is approximately 350,000.

Though not in the public domain, this software application can be made available to other states as a foundation for their own immunization information systems, replacing the technology of the user interface or database as needed to support their own technology strategy without rewriting the entire application. In addition, this application can be easily enhanced or modified to support other health care applications.

For more information on ImmTrac, contact:
Bob Crider, Director, TDH Immunization Program, or
Ann Syptak, ImmTrac Project Director, at (512) 458-7284.

Contributed by:
Cathy Stout, Clearinghouse Team, Data Management Division, NIP, CDC


Appendix 2

From the CDC's National Immunization Program (NIP) publication called

"Immunization Action News"
August 1997, Vol 4, No 1, Page 8

Dotted underline and added by me for emphasis and clarification.

Immunization registry strategies

The year is 2005. Six-month-old Suzy Jones is seeing her pediatrician today. Her father made an appointment for her when he received a post card in the mail reminding him that Suzy was due for her next series of shots.

At the doctor's office a staff member accesses Suzy's computerized immunization record. The computer compares her immunization history with the latest ACIP recommendations, and suggests the shots that Suzy needs. The doctor examines Suzy and administers the appropriate vaccinations after referring again to the computer to see if Suzy's upper respiratory infection represents a true contraindication to vaccination. An updated copy of Suzy's immunization record and information on when she is next due, is given to Suzy's dad as he and his daughter leave the office.

Immunization registries make this scenario possible. Such registries are currently in various stages of development in cities and states throughout the country. What is remarkable about this particular scenario is that Suzy has never been to this doctor's office before. In fact, she only recently moved to this state. In generating her immunization history, the computer in the doctor's office was able to access records that were entered by Suzy's previous health care providers and remained stored in another state.

This scenario represents an important goal of the National Immunization Program - the development of community and state-based immunization registries that can communicate information with each other when necessary. NIP recognizes immunization registries as the principal tool in fulfilling the mission to improve and sustain high levels of vaccine coverage in the U.S. and thus prevent the transmission of vaccine-preventable diseases.

NIP's National Immunization Registry Clearinghouse provides technical and programmatic assistance to the developers and users of immunization registries.


Appendix 3

See TEXT of Written Public Testimony for the Sunset Review of The Texas Department of Health.


Appendix 4

"HHS Plans to Tag Every American With a Medical ID"
from Human Events August 21, 1998
August 21, 1998, Vol 54, No 32, Page 4

Dotted underline and added by me for emphasis and clarification.

Gore and Shalala Want Your Number, But Promise Privacy
HHS Plans to Tag Every American With a Medical ID
BY JOSEPH A. D'AGOSTINO

The U.S. Department of Health and Human Services (HHS) is forging ahead with a controversial plan to assign every American citizen a health information identification number.

These numbers will allow every government bureaucrat, HMO executive, and anyone else with access to a widespread computer network to pull up all the health care information available on any American.

A little-noticed proposal by Rep. David Hobson (R. -Ohio) that mandated the new program was rolled into the massive 1996 Kassebaum-Kennedy health care reform legislation. The provision allows HHS to implement the idea of a national medical identification number as it sees fit, if Congress fails to pass its own version of an ID system by the end of 1999.

HMOs and other health care industry companies favor the proposal as an aid to efficiency.

As HHS began formulating plans this year to implement the system, an uproar ensued when congressmen and privacy activists realized what was happening. Ten days after legislation was introduced July 21 to kill any national health ID, Vice President Gore said that strict privacy protections would be implemented as part of the program.

"Privacy is a basic American value, in the Information Age and in every age," Gore said.

HHS Secretary Donna Shalala announced the administration's privacy protections on August 11. "The proposals we are making today set a national standard for protecting the security and integrity of medical records when they are kept in electronic form," Shalala said.

She then called on Congress to pass into law some privacy protections of its own. "It is crucial to have these standards, as we move increasingly toward electronic medical records. But it is also not enough. In addition, we urgently need new legal protections to safeguard the privacy of medical records in all forms."

Any 14-Year-Old With a Modem

HHS's protections are designed to limit access to a patient's records to doctors and health care personnel who need them, as well as the patient's insurance company executives. Researchers would be allowed access to records only with information that could identify a patient deleted.

But a spokeswoman for HHS admitted that with someone's ID number and access to any of hundreds of thousands of computer terminals across the country, someone with just little knowledge of computers could read anyone's physical and mental health care records.

"Any 14-year-old with a modem could access your information," complained Michael Sullivan, spokesman for Rep. Ron Paul (R.-Tex.), who was the sponsor of the July 21 legislation to forbid the federal government from implementing any kind of ID system. A week later, the House GOP leadership inserted similar language into the Patient Protection Act, which the House then passed, despite the objections of Paul and many other conservatives that it is unwarranted government interference in the market that will only shore up HMOs.

The Senate, however, will almost certainly not take up Patient Protection this year, meaning that passage of Paul's bill, or one of four other weaker proposals, would be needed to stop HHS's plans. Yet no hearings have been scheduled on any of these measures for the rest of this session.

The push for medical ID numbers-originally included in Hillary Clinton's massive health care reform proposal-is actually part of the Clinton Administration's plan to implement piece by piece that 1993 scheme that failed so miserably.

The government has never mandated a national ID system since Social Security numbers were first assigned in 1935.

"The federal government has no authority to endanger the privacy of personal medical information by forcing all citizens to adopt a uniform health identifier for use in a national database," said Paul on July 21. "A uniform health ID endangers constitutional liberties, threatens doctor-patient relationships, and opens the door to federal officials' accessing deeply personal medical information for political purposes."


Appendix 5

Dotted underline and added by me for emphasis and clarification.

Date: Thu, 20 Aug 1998 11:12:30 -0500
To: Column@eagleforum.org
From: Eagle Forum <eagle@eagleforum.org>

Congress's Secret Plans
to Get Our Medical Records

August 19, 1998

By Phyllis Schlafly

Americans were outraged to learn about the Federal Government's plans to assign a personal identification number to every medical patient. But Congress nevertheless passed HR 4250, the so-called Patient Protection Act, which allows anyone who maintains your personal medical records to gather, exchange and distribute them.

The only condition on distribution is that the information be used for "health care operations," which is a vague and meaningless limitation that does not even exclude marketing. Even worse, HR 4250 preempts state laws that currently protect patients from unauthorized distribution of their medical records.

While the sponsors of HR 4250 claim that they did not intend for the information to be circulated for "just anything," their spokesman confirmed that personal medical records would be used for future programs concerning health quality and disease management.

When the Kennedy-Kassebaum law was passed in 1996, we were told it was to improve access to health insurance. The law became explosively controversial last month when the Department of Health and Human Services (HHS) began to implement the Kennedy-Kassebaum "unique health care identifiers" so that government can electronically tag, track and monitor every citizen's personal medical records.

After this news broke on July 18, embarrassed Congressmen inserted a line in HR 4250, which passed July 24, ordering HHS not to promulgate "a final standard" without Congressional authorization.

That language is a total phony; it doesn't prevent HHS from issuing proposed or interim standards (which will become de facto standards) or from collecting medical data.

So much money is involved in accessing and controlling personal information that the Washington lobbyists are moving rapidly to lock in the extraordinary powers conferred by the Kennedy-Kassebaum law. That explains these sneaky eleventh-hour inserts in pending legislation.

On August 4, the House passed yet another bill to protect the gathering of personal information on private citizens. To paraphrase Ronald Reagan, there they go again.

Just before passing HR 2281, a bill about copyrights on the Internet, the House quietly attached a separate and dangerous bill deceptively entitled the "Collections of Information Antipiracy Act."

No one, of course, is in favor of "piracy," but the impact of this bill goes far beyond any reasonable definition of piracy. By the legerdemain of inserting it in another bill, it will go straight to a House-Senate conference committee under a procedure designed to avoid debate or amendments in the Senate.

This Collections of Information bill (now part of HR 2281), in effect, creates a new federal property right to own, manage and control personal information about you, including your name, address, telephone number, medical records, and "any other intangible material capable of being collected and organized in a systematic way." This new property right provides a powerful incentive for corporations to build nationwide databases of the personal medical information envisioned by the Kennedy-Kassebaum law and the Patient Protection bill.

Under the Collections of Information bill, any information about you can be owned and controlled by others under protection of Federal law. Your medical chart detailing your visits to your doctor, for example, would suddenly become the federally protected property of other persons or corporations, and their rights (not your rights) would be protected by Federal police power.

This bill will encourage health care corporations to assign a unique national health identifier to each patient. The government can then simply agree to use a privately-assigned national identifier, and Clinton's longtime goal of government control of health care will be achieved.

This bill creates a new federal crime that penalizes a first offense by a fine of up to $250,000 or imprisonment for up to 5 years, or both, for interfering with this new property right. It even authorizes Federal judges to order seizure of property before a finding of wrongdoing.

HR 2281 grants these new Federal rights only to private databases, and pretends to exclude the government's own efforts to collect information about citizens. But a loophole in the bill permits private firms to share their Federally protected data with the government so long as the information is not collected under a specific government agency or license agreement.

This loophole will encourage corporations, foundations, Washington insiders and political donors, to build massive databases of citizens' medical and other personal records, and then share that data with the government. And, under the House-passed bill cynically called the Patient Protection Act, patients would be unable to invoke state privacy laws to protect their personal records.

Meanwhile, in another aspect of the Federal takeover of all Americans' health care, the Centers for Disease Control is aggressively building a national database of all children's medical records through the ruse of tracking immunizations.

Tell your Congressman and Senators you won't vote for them in the upcoming elections unless they immediately stop all Federal plans to track and monitor our health or immunization records.

Phyllis Schlafly column 8-19-98
Eagle Forum PO Box 618
Alton, IL 62002

Phone: 618-462-5415 eagle@eagleforum.org
Fax: 618-462-8909 http://www.eagleforum.org

To subscribe to Eagle E-mail please e-mail eagle@eagleforum.org
with SUBSCRIBE in the subject line.

  Contact Us  |  Membership  |  Related Sites

October 19, 2009

 ©2011 Parents Requesting Open Vaccine Education. All rights reserved. Terms of Use | Privacy Statement