AHIMA Official Says HIPAA ‘Minimum’ Standards Need Strengthening
"Additional requirements" should be added to the Health Insurance Portability and Accountability Act's privacy provisions in order to keep patient health information from those who do not need access to all or part of it, a vice president of the American Health Information Management Association said yesterday. Testifying in Chicago before the Privacy and Confidentiality Subcommittee of HHS' National Committee of Vital and Health Statistics, Dan Rode said the following additions should be made to the HIPAA rule, which establishes the first comprehensive federal standards for medical privacy:
- Providers should use "professional judgement" when releasing information and should only grant requests with sufficient "justification."
- Certified health informational management professionals should handle all disclosures in order to "centralize" the process and to ensure that the release of information meets all legal requirements.
- Those requesting protected medical information should be required to sign for the use of such information and verify it will be "limited to the minimum necessary for the stated purpose."
- All released information should be destroyed once it has been used for its stated purpose.
- The right for patients to "request restrictions" on the disclosure of their information should either be removed or become an option for providers and health plans to extend to patients. Rode said that this right is "contrary to the medical, ethical and legal obligations that require providers to maintain accurate and complete medical records."
Rode concluded that while the association supports the "important ... protections" given to patients under HIPAA, the additional standards are "needed" (AHIMA release, 8/22).
This is part of the California Healthline Daily Edition, a summary of health policy coverage from major news organizations. Sign up for an email subscription.