Fair Health Information Practices Act of 1994 (H.R. 4077) Executive Summary The Fair Health Information Practices Act of 1994 (H.R. 4077) was introduced on March 17, 1994, by Rep. Gary Condit, Chairman of the Subcommittee on Information, Justice, Transportation, and Agriculture. The bill is intended to be considered as part of the Health Security Act (H.R. 3600). Subtitle B of Title V of the Health Security Act has been referred to the Subcommittee. The purpose of the Act is to establish a code of fair information practices for the use and disclosure of health information that originates in or becomes a part of the health treatment or payment system. The Act establishes uniform federal rules that will apply to covered health information in all states. There are two new basic concepts in the Act. First, identifiable health information relating to the provision of or payment for health care that is created or used during the medical treatment or payment process becomes protected health information. In general, protected health information remains subject to statutory restriction no matter how it is used or disclosed. The second basic concept is that of a health information trustee. Almost anyone who has access to protected health information becomes a health information trustee under the bill. There are three different types of trustees. Those directly involved in providing treatment and in paying for treatment are health use trustees. Those who use identifiable information for public health or health research purposes are public health trustees. Finally, others who have an occasional need for health information to accomplish a specific purpose authorized by law are special purpose trustees. Each class of trustee has a set of responsibilities and authorities that have been carefully defined to balance legitimate societal needs for data against each patient's right to privacy and the need for confidentiality in the health treatment process. Trustees are required to --  maintain appropriate administrative, technical, and physical safeguards to protect integrity and privacy of health information;  maintain an accounting of the date, nature, and purpose of any disclosure of protected health information;  use protected health information only for a purpose that is compatible with and related to the purpose for which the information was collected or obtained by the trustee;  limit use or disclosure of protected health information to the minimum necessary to accomplish the purpose;  disclose protected health information only for a purpose that is authorized by the Act. Permissible disclosures vary by trustee; health use trustees have the most authority and special purpose trustees the least. Patient rights vary slightly depending on which type of trustee maintains protected health information. For health information used in treatment or payment, patients have the right to --  inspect and to have a copy of medical information about themselves;  seek correction of health information about themselves that is not timely, accurate, relevant, or complete.  receive a notice of information practices describing their rights, the procedures for the exercise of those rights, and the disclosures of health information that are authorized. The Fair Health Information Practices Act of 1994 includes several different enforcement mechanisms. There are criminal penalties (up to ten year in prison), civil remedies for aggrieved patients, and civil money penalties that may be imposed by the Secretary of Health and Human Services. In addition, the Act provides for alternate dispute resolution as another mechanism for resolving disputes between patients and health information trustees. Hearings on the legislation are expected to begin in April.