In 2002, HHS redrafted the privacy rule of the Health Insurance Portability and Accountability Act, replacing its patient consent requirement for the sharing of most patient records with a new provision. The rewrite afforded “regulatory permission,” according to the rule, for hospitals, physicians, insurance companies, pharmacies, claims clearinghouses and other HIPAA-covered entities to use and disclose patient data for treatment, payment and a long list of other healthcare operations without patient consent.
“Let's face it,” Peel says, “HHS is the agency that eliminated patient control over electronic medical records and has remained hostile to patients' rights ever since.”
Days before the 2002 revision went into effect, a group of patients calling themselves Citizens for Health, and more than dozen other plaintiffs, including Peel, sued HHS Secretary Tommy Thompson in federal court, alleging the revisions violated patients' constitutional rights to privacy. They lost at both the trial and appeals-court levels and were denied a hearing on appeal to the U.S. Supreme Court in 2006.
Peel launched the not-for-profit Patient Privacy Rights Foundation in 2003.
She and her fledgling organization lobbied in 2006 against legislation offered by then-Rep. Nancy Johnson (R-Conn.) that the health IT industry strongly supported. Johnson's bill would have pre-empted “barriers” to health information technology in state privacy laws, which are often more stringent than those in HIPAA.
Federal pre-emption was stripped from the bill in committee and it died. Soon after, Johnson lost her seat.
“Where I'm coming from is, I've spent all this time in a profession with people being hurt,” Peel says. “Starting in the 1970s, when I first let out my shingle, people came to me and said, if I paid you in cash, would you keep my records private. Now, we've got a situation where you don't even know where all your records are. We don't have a chain of custody for our data, or have a data map” to track its location.