Providers, Patients ‘Figuring Out’ HIPAA Medical Privacy Rule, ‘All Things Considered’ Reports
Health care providers have begun "figuring things out" with the Health Insurance Portability and Accountability Act medical privacy rule, which took effect last April, but "some glitches remain," NPR's "All Things Considered" reports (Rovner, "All Things Considered," NPR, 4/13). The HIPAA Federal Privacy Rule allows providers to share patient records for the purposes of treatment and other "health care operations." Providers do not have to obtain written consent before they disclose medical records, but rather must inform patients of their new rights and make a "good faith effort" to obtain written acknowledgment from patients that they have received the information. Providers must obtain consent from patients before they can disclose medical records in "nonroutine" cases (California Healthline, 4/5). Inova Health Systems Chief Privacy Officer Neschla McCall said that the rule has made providers "more attentive" to the confidentiality of patient records. Janlori Goldman, director of Health Privacy Project, questioned the reliance of the rule on patient complaints for enforcement, a system that she called "certainly ineffective and weak" because many patients are unaware that they can complain about violations. However, Rick Campanelli, director of the HHS Office of Civil Rights, said that the agency has received 5,000 patient complaints -- more than one hundred per week on average -- since the rule took effect last year. Campanelli added that the agency has resolved almost half of the complaints and has issued no fines. The NPR segment also includes comments from American Health Information Management Association CEO Linda Kloss ("All Things Considered," NPR, 4/13). The complete segment is available online in RealPlayer.This is part of the California Healthline Daily Edition, a summary of health policy coverage from major news organizations. Sign up for an email subscription.