Santa Rosa Press Democrat Examines Provider Compliance with New Federal Medical Privacy Rule
The Santa Rosa Press Democrat on Monday examined the steps that health care providers have taken to comply with a new federal medical privacy rule that takes effect April 14 (Rose, Santa Rosa Press Democrat, 3/3). Last August, the Bush administration issued the final Health Insurance Portability and Accountability Act medical privacy rule, which applies to electronic but not paper medical records, that allows providers to share the records for the purposes of treatment and other "health care operations." Under the regulation, providers must obtain consent from patients before they can disclose medical records in "nonroutine" cases. However, providers do not have to obtain written consent before they disclose medical records, a provision included in an earlier version of the rule issued by the Clinton administration. Providers only have to inform patients of their new rights and make a "good faith effort" to obtain written acknowledgment from patients that they have received the information (California Healthline, 8/12/02). Across the nation, "medical service providers are scrambling to fathom, as well as comply with" the rule, according to the Press Democrat. The "complexity and breadth" of the regulation has prompted some hospitals to hire compliance officers to help enact reforms required to adhere the rule, such as physical modifications to the facilities and instruction of staff members, the Press Democrat reports. "For a small community clinic, the administrative burden is very high," Richard Duffin, operations director for the Southwest Community Health Center in Santa Rosa, said. He added, "It will add paperwork because we will need to show we are in compliance." Penalties for noncompliance include $50,000 in fines and one year in prison for disclosure of patient information and $250,000 in fines and as many as 10 years in prison for disclosure with the intent to sell the information for commercial use.
Steven Fleisher, a legal consultant based in Alamo who conducts seminars on the privacy rule for the California Medical Association, said that civil lawsuits that result from privacy complaints, not penalties imposed by federal regulators, pose the most risk to providers related to the regulation. "The new federal medical privacy law is generating tales of compliance measures that approach urban myths," he said (Santa Rosa Press Democrat, 3/3).This is part of the California Healthline Daily Edition, a summary of health policy coverage from major news organizations. Sign up for an email subscription.