Health-care providers see smooth transition for privacy laws

April 28, 2003|by KATE COLEMAN

If the late comedian Gilda Radner was still performing on "Saturday Night Live," Emily Litella, her hard-of-hearing media critic character might be asking "What's all the fuss about hippos?"

She'd be talking - or trying to talk - about the privacy rules that went into effect April 14, part of the federal Health Insurance Portability and Accountability Act (HIPAA) of 1996.

So what is the fuss about HIPAA?

The regulations issued by the U.S. Department of Health and Human Services - the privacy rule - require "health plans, health care clearinghouses and certain health care providers (to) guard against misuse of individuals' identifiable health information and limit the sharing of such information," according to the Federal Register, the official daily publication of rules, proposed rules and notices of federal agencies and organizations.


"It's designed to give patients more control over how their information is controlled and disclosed," says Shana Wolfe, Washington County Health System Inc.'s director of business integrity and corporate compliance.

The regulations apply only to health information compiled electronically by health-care providers who bill for their services and to the providers' "business associates," those who provide clerical, financial or legal advice to the health-care providers. That includes accountants and billing services.

Members of Washington County Health System, including the hospital, associated labs, pharmacies and medical practices, were ready. A task force of 40 to 50 people prepared for the April 14 deadline since 1998, Wolfe says.

The regulations require that health-care providers provide patients with a notice of their privacy practices. Initially, the health system ordered 40,000 copies of the 12-page notice printed. There will be 50,000 printed in the second run, Wolfe says.

Patients are asked for their signature acknowledging that they received the information. They don't have to say they read it or understood it. They just have to acknowledge receipt of the notice.

"It's going more smoothly than I expected," Wolfe says.

So far, most of the questions have come from staff rather than patients.

There are some changes, but not everything is new. Maryland has had privacy of medical records regulations in effect for about 15 years, Wolfe says.

But HIPAA makes it a federal matter that could prevent past indiscretions.

"There have been some real horror stories," Wolfe says. She cites the case of the unauthorized release of tennis great Arthur Ashe's positive HIV test results, the sale of country music legend Tammy Wynette's medical records to a tabloid newspaper. Victims of domestic violence have good reasons for not wanting information about their hospitalization available. There are legitimate concerns that information could be used to deny employment. "We're looking a little more closely at how employers access information," she says.

In her employee HIPAA training sessions, Wolfe uses the image of a pyramid to describe how the health system operates.

The foundation of the pyramid is caring for the patient. Next asked is "what is the law?" Then, policies are determined.

"It's basic common sense," she says.

Linda Martin has worked at Waynesboro (Pa.) Family Medical Associates since 1977. The "very busy practice" had 10,000 privacy practice notices printed, says Martin, who is office manager. She attended HIPAA training offered by the Pennsylvania Medical Society.

Some of the patients were aware of the regulations, and all but one have signed to acknow-ledge that they have received the information.

HIPAA hasn't changed much for Martin's workplace, which includes three physicians, three physician assistants and a certified nurse practitioner.

"We don't use a sign-in sheet," Martin says. Patients are called by name - something that was rumored might be prohibited by the new regulations. It is not.

There's a big difference in calling a patient, saying "The doctor will see you, now Mr. Smith," and announcing "Mr. Smith, the doctor is ready for your prostate exam," Wolfe says. Again, it's common sense.

The office will continue to call patients and leave message reminders of upcoming appointments, Martin says. But names on medical charts now are turned to the wall in holders outside examining rooms.

"I don't see we're going to do anything very differently than we did before," Martin says. She says the office always has protected patients' privacy.

Not much has changed at 1st Priority Medical Choice, a Martinsburg, W.Va., health-care practice that offers traditional medical, chiropractic and physical therapy. "It really hasn't affected us in the way we do things," says Judy Honsaker, compliance/privacy officer. Front-desk staff has had to deal with handing out the notifications, getting them signed and labeling patient records folders so the process isn't repeated.

Honsaker went to HIPAA training seminars in Charleston, W.Va., and Pittsburgh.

She acknowledges that privacy of health-care information is important. People have lost children, people have lost jobs, she says. Protection is important.

But certain situations don't require authorization, Honsaker says. Payment is among them. Health-care providers are required to disclose information about issues of public health, Wolfe says.

Privacy rules won't prohibit necessary treatment. "It should never stand in the way of patient care," Wolfe says.

The Herald-Mail Articles