Rep. Markey said, "The development of a nationwide, interoperable infrastructure to store and share Americans' electronic medical records holds tremendous promise for improving patient care, reducing medical errors and lowering costs. But as paper records are put into electronic formats, patients must have control over how their information is being used. Further, we know all too well the danger of electronic file breaches by computer hackers.

"Efficient access must  not become ‘open-for-all' access. Now is the time, while these systems are in the early stages of development, to build in strong privacy standards and security safeguards that will protect patients and doctors alike."

Rep. Markey's amendments to H.R. 6357 both focused on ensuring that patients are fully informed and understand how their medical information may be used. Rep. Markey's amendment to require clear, patient-friendly language to be used in the consent form relating to how personal health information can be used for "health care operations" passed by a voice vote. Health care operations is an expansive category that includes such business-related activities as the sale or merger of a health plan; fundraising; and legal and auditing services.

Rep. Markey also secured a promise from the committee chairman, Rep. Dingell, to work on including language to require that patients be fully informed about, and be able to block, the offshoring of their personal health information to countries with weak data privacy protections.

Rep. Markey consulted with Energy and Commerce committee members and staff during the development of H.R. 6357 and was pleased to note that the legislation includes several provisions that are consistent with his health IT legislation, H.R. 5442, the TRUST Act. These include:

• Improvements to the marketing provision to make clear that marketing pitches can't masquerade as objective medical advice;
• The requirement that patients must give their consent before their personal health information can be used for so-called "health care operations";
• The mandate that consumers must be notified if their personal information is breached from health IT systems, and a requirement that the Department of Health and Human Services must post on its web site a list of health plans and health providers where significant breaches have occurred; and
• The ability for patients to receive a listing of who's accessed their personal health information, which could help trace how a breach occurred and whose responsible.

"Today's bill was an improvement compared to the earlier discussion draft, but there remain areas that need to be addressed and strengthened as this bill moves forward. The spread of health IT holds tremendous promise for improving patient care, reducing medical errors and lowering costs. With the right safeguards in place, consumers will be able to trust health IT systems and doctors and providers will be able to confidently use this infrastructure to improve patient care," concluded Rep. Markey.