Health Care Industry Prepares for New HIPAA Medical Privacy Rule
The health care industry in recent months has undergone a "quiet revolution" to meet requirements of the Federal Health Privacy Rule, which takes effect April 14, the New York Times reports (Pear, New York Times, 4/6). Last August, HHS issued the final Health Insurance Portability and Accountability Act medical privacy rule, which applies to electronic but not paper medical records and allows providers to share the records for the purposes of treatment and other "health care operations." Under the regulation, providers must obtain consent from patients before they can disclose medical records in "nonroutine" cases. However, providers do not have to obtain written consent before they disclose medical records. Providers only have to inform patients of their new rights and make a "good faith effort" to obtain written acknowledgment from patients that they have received the information (California Healthline, 3/5). Violators of the rule could face as much as $50,000 to $250,000 in fines and as many as one to 10 years in prison in the event that they use patient information for "commercial advantage, personal gain or malicious harm," the Philadelphia Inquirer reports. Rick Campanelli, director of the HHS Office for Civil Rights, said, "The rule sets standards for how patient information is to be protected, but it leaves the discretion to the organization to decide how it can be implemented" (Surendran, Philadelphia Inquirer, 4/6).
The rule requires providers to limit the release of patient information to the "minimum necessary," which in practice "means a number of changes," the Times reports. Although federal officials maintain that the regulation "should not interfere with the flow of information" required to treat patients and pay claims, providers in recent months have become "much more cautious about sharing or disclosing information," the Times reports. Some hospitals have constructed walls or placed partitions in reception areas to allow the private interview of patients; told physicians and nurses to lower their voices and to reduce the use of patient names in their conversations; and placed privacy screens on computers to prevent visitor access to patient information. Many Blue Cross and Blue Shield plans will not discuss claims with the spouses of members without written consent from members, the Times reports (New York Times, 4/6). In addition, many physicians no longer leave telephone messages for patients that include medical information. Some physicians maintain that the medical privacy rule has affected the physician-patient relationship. Dr. Martin Trichtinger, a Pennsylvania physician, said, "We were supposed to worry about humanizing people and not deal with them as if they were numbers," but the regulation "is trying to turn back the clock to that way." Janlori Goldman, director of the Health Privacy Project, said that the rule "will put some very critical protections in place that will hopefully improve the quality of care people get." However, she added, "There are still some major gaps," such as the lack of a provision to allow patients to file suit in federal court over alleged privacy violations (Philadelphia Inquirer, 4/6).
This is part of the California Healthline Daily Edition, a summary of health policy coverage from major news organizations. Sign up for an email subscription.