Congress drops the ball.HHS HHS Department of Health and Human Services. begins drafting health privacy regulations THE FEDERAL AND STATE LAWS AND REGULATIONS GOVERNING the collection, use, and transmission of the minimum data set and other health information are a patchwork of protections that are insufficient in this age of electronic media. HCFA's creation of electronic transmission requirements for the MDS MDS, n See temporomandibular pain-dysfunction syndrome. MDS 1 Maternal deprivation syndrome, see there 2 Myelodysplastic syndrome, see there in December 1997 did not acknowledge the groundswell ground·swell n. 1. A sudden gathering of force, as of public opinion: a groundswell of antiwar sentiment. 2. within HHS and Congress for new national privacy standards and legislation to protect health information. Instead, HCFA's policy documents focus on the general authorities and justifications for the collection of MDS information, including the agency's "general rulemaking authority to the extent that the information will be used for general monitoring of care and beneficiary needs." However, public accountability needs must be balanced against the significant threats to personal privacy inherent in an electronic health information infrastructure. Acting on these concerns, Congress, in 1996, passed the Health Insurance Portability and Accountability Act The Health Insurance Portability and Accountability Act (HIPAA) was enacted by the U.S. Congress in 1996. According to the Centers for Medicare and Medicaid Services (CMS) website, Title I of HIPAA protects health insurance coverage for workers and their families when , which contains stiff penalties for wrongful wrongful Forensic medicine An adjective with considerable medico-legal currency, used in several contexts. See Negligence. Wrongful Wrongful death An event that is usually regarded as negligent. See Negligence. disclosure of identifiable health information. HIPAA (Health Insurance Portability & Accountability Act of 1996, Public Law 104-191) Also known as the "Kennedy-Kassebaum Act," this U.S. law protects employees' health insurance coverage when they change or lose their jobs (Title I) and provides standards for patient health, also required that if Congress failed to pass health privacy legislation by August 21, 1999, then HHS must issue regulations by February 21, 2000. Having missed its August deadline, HHS is drafting contingency regulations, but most observers believe Congress will pass legislation soon. Because the MDS is federal data, it is subject to the confidentiality requirements in the Federal Privacy Act of 1974, which prohibits federal agencies from disclosing individually identifiable information contained in a "system of records" to any person or agency without the individual's prior written consent, unless the disclosure was foreseeable when the information was collected. Unfortunately, the act falls short in several respects. First, the burden is on the individual to protect his or her own interests: The only way to know if your rights were violated is to inquire and then follow up to determine if the agency was in noncompliance noncompliance failure of the owner to follow instructions, particularly in administering medication as prescribed; a cause of a less than expected response to treatment. noncompliance . Second, remedies are available only after misuse has occurred. And third, the act is not sensitive to the imbalance of power between individuals and federal agencies. HCFA HCFA abbr. Health Care Financing Administration HCFA, n.pr See Health Care Financing Administration. views the act as establishing a floor of minimal federal protections. But a study conducted by the General Accounting Office in July faulted the agency for relying on the disclosure provisions contained in it. What's more, HCFA does not inform its beneficiaries in nursing facilities of their rights under the act as the law requires. Instead, it delegates this function to the facility manager by distributing a notice to be given out at admission. And even with these notices, the vast majority of facilities, residents, legal representatives, and families remain uninformed as to their rights. For example, residents are unlikely to be aware that they can ask to see their individual data, request a correction, or seek an accounting of all releases of personal information. Despite HCFA's assertion that, "[t]here is no reason to believe that collection and analysis of MDS information will not ... be used in the interests of the general public," most experts agree that the biggest threat to the privacy of health information stems from the widespread dissemination dissemination Medtalk The spread of a pernicious process–eg, CA, acute infection Oncology Metastasis, see there of information that HCFA is planning with electronic transmission of the MDS. The potential chain of access includes the facility that collects and enters the data, the software vendors that produce systems and provide system support, multiple state agencies, multiple departments within HFCA HFCA High Frequency Chin Array (mine detection SONAR; US Navy) HFCA Helicopter Flight Coordination Area and the enforcement agencies with whom it works, and whomever whom·ev·er pron. The objective case of whoever. See Usage Note at who. whomever pron the objective form of whoever: HCFA decides to grant access to in response to requests brought under the privacy act or the Freedom of Information Act. Although MDS transmission involves the use of commercial software vendors and the telephone transmission of non-encrypted data, there are not even minimal government assurances for protecting this sensitive information, such as provisions mandating limited access and vigorous maintenance of audit trails. Such failures, combined with the expanding uses of health information and the inability to assure privacy in an electronic environment, resulted in HIPAA's requirements for national privacy standards. Several bills are pending in both houses of Congress. Common features include authorized uses of identifiable medical data, the need to obtain informed consent before disclosures, the right of patients to review and supplement their medical records, civil and criminal penalties for wrongful disclosure, and mandatory safeguards for the storage, transmission, and secondary disclosure of identifiable health information. Much work is needed to reach consensus on some essential issues, such as whether federal privacy law will preempt pre·empt or pre-empt v. pre·empt·ed, pre·empt·ing, pre·empts v.tr. 1. To appropriate, seize, or take for oneself before others. See Synonyms at appropriate. 2. a. state laws with stronger privacy protections, whether individuals will have a private right of action to sue for privacy violations, whether identifiable health information can be given to law enforcement officials without a subpoena subpoena (səpē`nə) [Lat.,=under penalty], in law, an order to a witness to appear before a court. A subpoena ad testificandum [Lat. , and who should have access to juvenile medical records. In preparing for the forthcoming law or regulations, you might want to consider these issues. A contributing writer to Contemporary Long Term Care, Marie Infante in·fan·te n. A son of a Spanish or Portuguese king other than the heir to the throne. [Spanish and Portuguese, both from Latin is an attorney with the Washington, D.C.-based law firm of Powers, Pyles, Sutter & Verville. |
|
||||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion