Consumer and privacy advocates are urging State Senators to defeat legislation sponsored by McKesson Corporation that would take the teeth out of California’s medical privacy law. AB 439 (Skinner) would weaken the nation’s strongest patient privacy law, California’s Confidentiality of Medical Information Act (CMIA). The bill will be heard in the Senate Judiciary Committee on Tuesday July 3.
AB 439 would immunize large health care corporations that commit massive patient privacy violations by eliminating a judge’s discretion to award damages based on a review of all the circumstances surrounding the breach. Instead, under AB 439, if the healthcare corporation met a checklist of defenses, the judge’s hands would be tied and the corporation would get off with no financial penalty. In its current form, AB 439 would allow health care giants to commit privacy violation after privacy violation and face no damage awards in a courtroom, as long as it met the same defense checklist each time.
“Patients need the deterrent effect of damage awards to have certainty that health care businesses will safeguard their privacy. AB 439 eliminates an important incentive for corporate boardrooms to establish tough security practices. AB 439 lets drug store chains, medical records companies, and hospitals off the hook for patient privacy breaches, as long as they can say to a judge, ‘oops, we goofed again, no harm done, sorry about that,’ each time they are hauled into court,” said Richard Holober, Executive Director of the Consumer Federation of California.
“California has long led the way in protecting our privacy, but AB 439 substantially undercuts current safeguards for health records,” said John M. Simpson, Director of Consumer Watchdog's Privacy Project. “It's a sell-out to big health business interests at our expense and the bill's sponsors should be ashamed of themselves. AB 439 must be stopped dead in its tracks.”
“In an era of rampant data breaches as well as the emergence of electronic medical records, this is not the time to weaken California's medical privacy law,” commented Beth Givens, Director, Privacy Rights Clearinghouse.
Opponents of AB 439 include: Consumer Federation of California, Consumer Action, Consumer Watchdog, CALPIRG, Privacy Rights Clearinghouse, California Alliance for Retired Americans, Electronic Frontiers Foundation and World Privacy Forum.
McKesson Corporation, the largest pharmaceutical distributor in North America, is a dominant player in healthcare information systems. McKesson reported revenues of $122 billion in its 2012 Annual Report, and the corporation ranked #15 on the Fortune 500. Last year, a Forbes columnist dubbed McKesson’s CEO “insanely overpaid” and the winner of the “tournament for the most rapacious pillage of shareholder property.” McKesson recently paid a $350 million penalty resulting from a class-action lawsuit for price fixing and $190 million to settle a lawsuit filed by the federal government for Medicare billing fraud. A December 2011 report by Citizens for Tax Justice and the Institute on Taxation and Economic Policy listed McKesson as the #1 Corporate Tax Dodger headquartered in California, with a net state tax rate in all 50 states of negative $46 million on $3.1 billion in profits during the 2008 – 2010 period.
Current California law (CMIA) allows patients to sue, and a judge to award nominal damages of $1000 for each medical record negligently released. Consumer groups are calling on State Senators to amend AB 439 to give a judge the discretion to award, reduce or even eliminate the $1000 damage award based on a review of the totality of the circumstances, but only for a health care provider’s first privacy breach. Unless the judge’s discretion is restored, consumer groups are asking Senators to vote “no” on AB 439.