Protecting Patient Privacy: My Florida Senate Bill 1606 Testimony
By Elizabeth McElhiney, MHA, CHPS, CPHIMS, CDH-L, CRIS, CC
Director of Compliance and Government Affairs
Verisma
June 10, 2025
I had the opportunity this spring to appear before a Florida State Senate committee to share a personal story pulled from my nearly 20 years as a health information professional – emphasizing the importance of protecting patient privacy and opposing SB 1606 as written.
As I prepared my testimony, I remembered the countless individuals who entrusted me with their most sensitive information. The important story I shared underscores the critical need for maintaining patient privacy protection.
A little over ten years ago, a woman came to my office with her children. She was there to request medical records, which at first seemed routine. However, as she completed the necessary forms, she quietly pulled me aside and made a special request: she asked me to ensure any bills related to her records would be sent directly to her attorney instead of her home.
The records she needed were related to abuse evaluations. She feared if her husband saw an invoice for medical record copies, he would realize she had taken the children to see a doctor and would know she was planning to leave him. This brave mother was concerned not only for her own safety, but also for the wellbeing of her children.
Fortunately, under existing HIPAA regulations, she was able to narrowly select the information to be released and designate an alternate address for communication to protect her privacy. However, this protection could be jeopardized by proposed legislation, including Florida’s SB 1606.
If SB 1606 and other bills like it pass, it would allow a patient’s attorney – sometimes any attorney – access to their entire medical record, including sensitive information like domestic violence evaluations and behavioral health treatment. This unrestricted access would expose vulnerable individuals to greater risks. In this mother’s case, her abuser could gain access to her sensitive information and even learn about her upcoming appointments, putting her safety in jeopardy.
This story is not unique. Sadly, I have encountered many domestic violence survivors over the years who rely on the privacy protections guaranteed by HIPAA to keep them safe. These laws have been in place for over two decades, ensuring only patients have unfettered access to their medical records because they are best equipped to assess the risks associated with disclosing their health information.
The passage of SB 1606 would strip patients of this critical ability, harming the most vulnerable among us. While there are numerous other concerns regarding SB 1606, this story highlights the deep personal and significant impact such legislation could have.
It is easy to focus on the technical aspects of medical records requests, including turnaround times and compliance, but we must remember each request represents a real person facing a significant challenge. Very few people request their medical records unless something has gone wrong in their lives.
I know the critical importance of patients being able to access their medical records. At the same time, I know patient portals are not designed to limit the information released. If only a patient can access a portal, there is not a need to withhold HIV test results or substance abuse treatment.
The changes proposed by Florida’s SB 1606 would primarily benefit a select few, while causing significant harm to vulnerable patients. It is crucial we continue to uphold the privacy protections that have safeguarded patient information for so long.
Let us remain vigilant in protecting patient privacy and ensure every individual’s sensitive information remains secure.
