House Committee on Veterans' Affairs Banner. Click here for our home page.

About the Chairman | About the Committee | Committee News | Committee Hearings | Committee Documents | Committee Legislation | VA Benefits | VA Health Care | Veterans' Links | Democrat's Home Page | Contact the Committee

Majority Leader Dick Armey

Testimony before the Veterans Affairs Committee,

 Subcommittee on Oversight and Investigations

April 4, 2001

 

Chairman Buyer: 

            Thank you for conducting this important oversight hearing and for providing me the opportunity to present this testimony. 

Last fall, Veterans’ Affairs Oversight Subcommittee Chairman Terry Everett held a hearing which revealed that the Department of Veterans’ Affairs Inspector General was easily able to penetrate the Veterans Benefits Administration’s computer security systems and freely access its computer networks.  The personal records of individual veterans applying for benefits were potentially exposed – records that indicate disabilities, mental testing, and financial data.  The VA was unaware their systems had been penetrated and thus was unable to assure veterans that their privacy had not been compromised.  This despite the fact that the VA had spent well over $5 billion upgrading its computer systems in the last 5 years. 

            Unfortunately, the Department of Veterans’ Affairs is not the only agency with such a poor track record.  Government Oversight Subcommittee Chairman Steve Horn last year conducted a comprehensive review of the Clinton Administration’s computer security, which resulted in an overall score of D-.  Numerous departments and agencies, which collect volumes of personal information about each of us, received failing grades. 

            Similarly, a study released last year by the General Accounting Office (GAO), requested by Representative Tauzin and me, revealed that 97% of federal agency web sites failed to meet the privacy standards that the Federal Trade Commission had recommended that Congress impose on the private sector.  

            The Clinton Administration seemed to have a double standard when it came to protecting personal information.  While seeking to impose complicated and cumbersome rules on the private sector, the prior Administration ignored catastrophic problems in its own backyard. 

                A perfect example of this is the Clinton Administration’s eleventh hour imposition of new regulations addressing medical privacy issued under the Health Insurance Portability and Accountability Act (HIPAA).   The HIPAA regulations were drafted to address a concern that many Americans have about the privacy of their personal medical records.  The lengthy document outlines complicated new requirements for patients to sign authorizations for the release of personal information under specific circumstances. 

It is not entirely clear to me how the new rules will actually address real medical privacy harms currently suffered by patients not already covered by tort law or other remedies.  What is clear, however, is that these regulations may have entirely the opposite effect by putting even more private, personally identifiable medical information in the hands of health care bureaucrats.  

            What has not been widely reported are the rule’s new mandates requiring doctors, hospitals, and other health care providers to share patients’ personal medical records with the federal government, sometimes without notice or advance warning. (See, for example, Federal Register, Vol. 65, No. 250, December 28, 2000, p. 82802, Sec. 160.310.) 

            The federal government is probably the single largest collector and compiler of personally identifiable medical information in America.  Federal computer databanks are filled with intimate details about the medical histories of millions of Americans—and often the poor, who are least able to monitor and safeguard their own rights.  The Medicare and Medicaid systems, the Veterans Health Administration, and other government-run health care programs all collect the kinds of medical information the proposed privacy regulation is supposed to protect.  Far from protecting privacy, the proposed regulation actually provides the federal government with more access to personal medical records. 

            This “Trust me, I’m from the government” approach just won’t wash.  People who are concerned about having their medical histories wind up in the wrong hands don’t care whether it is their doctor or their government that threatens their privacy.  They want their privacy protected.  In short, this proposed regulation puts the medical privacy of millions of Americans at risk. 

            Handing sensitive medical records to federal departments and agencies which are ill-equipped to protect that information is not a solution; it is inviting abuse, errors, scandal, and tragedy. 

            Fortunately, the Bush Administration seems to be more willing to lead by example when it comes to protecting personal information.  I appreciate the fact that the problems with the VA computer system have reached the personal attention of Secretary Principi.  I am confident that he is committed to taking the steps necessary to correct the problems he inherited.  Likewise, Secretary Thompson has recently expressed his willingness to review and reconsider the Clinton Administration’s HIPAA regulations. 

            Thank you again, Chairman Buyer for your leadership on this important issue.  Figuring out how to protect sensitive personal information in today’s high-tech world is no easy task.  But one thing is certain, the federal government needs to improve its ability to protect the privacy of the American people.   

I look forward to working with you, Mr. Chairman, and Secretary Principi to ensure that America’s veterans can feel confident that their personal medical records are safe and secure.

Back to Witness List