Cutting to the chase: what physician executives need to know about HIPAA. (Implementing HIPAA and Other Compliance Programs).WHEN A PATIENT WALKS into a drug store to purchase a prescribed medication, the swipe of a card enters his or her insurance and personal identification information into the pharmacists' information system. The pharmacist keys in the drug information and the system determines the patient's eligibility, coverage for that drug, and co-payment responsibility. The pharmacist later receives electronic payment for the portion of the prescription costs not paid by the patient. Why are such benefits not available for transactions in a physician's office, hospital, or ambulatory clinic? Imagine the benefits--the savings in billing costs and time, and the greater certainty of coverage and payment responsibility--if, with the push of a button, a physician's claim was sent to the right insurance company with all the information necessary to process it and payment was promptly made electronically. With hundreds of different insurance claim formats and data content requirement variations, it is no wonder that these benefits have been slow in coming. Traveling around the United States United States, officially United States of America, republic (2005 est. pop. 295,734,000), 3,539,227 sq mi (9,166,598 sq km), North America. The United States is the world's third largest country in population and the fourth largest country in area. to inform audiences about Health Insurance Portability and Accountability Act The Health Insurance Portability and Accountability Act (HIPAA) was enacted by the U.S. Congress in 1996. According to the Centers for Medicare and Medicaid Services (CMS) website, Title I of HIPAA protects health insurance coverage for workers and their families when (HIPAA (Health Insurance Portability & Accountability Act of 1996, Public Law 104-191) Also known as the "Kennedy-Kassebaum Act," this U.S. law protects employees' health insurance coverage when they change or lose their jobs (Title I) and provides standards for patient health, ), the authors have experienced two predominant reactions: grave concern or abject ignorance. Among those who are aware of the legislation, strong opinions exist about the likelihood that the mandated standards will actually come to pass and the ability of the government and the health industry to monitor and enforce the 'rules.' Great anxiety is expressed about the practical and financial impact of implementing the standards and the benefits to be received. Controversy rages over the possible consequences of the law on health information privacy and confidentiality. Those in the 'unaware' category seem surprised to hear that within two years many customary methods in health care will change markedly and that failing to comply with the new practices can bring significant penalties. Reading the HIPAA legislation and the 'notices of proposed rule making' (NPRM (Notice of Proposed Rule Making) An announcement by an agency of the U.S. government that proposes a change in regulations. It is followed up by a final ruling. ) that are published for public commentary before final regulations are issued gives little comfort and an incomplete understanding to both the alarmists and the Panglossian optimists. Many questions remain. Physician executives generally fall somewhere between these extremes. They are uneasily hoping that the 'health plan,' 'information technology division,' or 'billing and claims department' will handle the issue, but they remain properly concerned that, since medical practice and health care management fundamentally hinges on information about patients, ignorance in this arena will be far from bliss. Administrative simplification Over the past three decades the health industry has found itself drowning in an increasingly expensive and confusing morass of idiosyncratic id·i·o·syn·cra·sy n. pl. id·i·o·syn·cra·sies 1. A structural or behavioral characteristic peculiar to an individual or group. 2. A physiological or temperamental peculiarity. 3. data and 'form' submissions required for insurance claim processing and reimbursement. By 1990, leaders in health care were asking Congress to charge the Secretary of Health and Human Services Noun 1. Secretary of Health and Human Services - the person who holds the secretaryship of the Department of Health and Human Services; "the first Secretary of Health and Human Services was Patricia Roberts Harris who was appointed by Carter" (HHS HHS Department of Health and Human Services. ) with choosing administrative transaction standards to streamline, simplify, and economize e·con·o·mize v. e·con·o·mized, e·con·o·miz·ing, e·con·o·miz·es v.intr. 1. To practice economy, as by avoiding waste or reducing expenditures. 2. the payment process and mandating their implementation by providers, plans, and clearinghouses. The result was the Kassebaum-Kennedy Bill Kassebaum-Kennedy bill Health Insurance Portability & Accountability Act of 1996, see there , entitled the Health Insurance Portability and Accountability Act (HIPAA), signed into law (Public Law 104-191) by President Clinton on August 21, 1996. The "Administrative Simplification" section of HIPAA is intended to improve the efficiency and effectiveness of the health care system, as well as to increase the protection and confidentiality of individually identifiable health information. This is to be accomplished "by encouraging the development of a health information system through the establishment of standards and requirements for the electronic transmission of certain health information." (1) The law requires the health industry to implement a series of data and transaction standards, including using a single electronic format for health providers to bill for their services. Additional standard processes are included for health plan enrollment and disenrollment, insurance eligibility checking, payment and remittance advice, authorization of referrals, and other kinds of health information exchange. The financial benefits anticipated from uniform billing, claims processing, coordination of benefits, and other functions are estimated to exceed the costs of implementing the standards by $1.5 billion in the first five years (a net savings of $1.7 billion for health plans, and a net cost of $.2 billion for providers). The single year net savings for the year 2002 could be $3.1 billion ($1.6 billion for plans and $1.5 billion for providers). (2) Essentially, HIPAA requires the Secretary of Health and Human Services (HHS) to adopt and mandate the use of standards for common electronic administrative transactions and to establish a privacy standard for personal health information. (3) The Department of HHS has released some of these proposed standards (many are developed and in use to some degree) in a published 'notice of proposed rule making' (NPRM), which invites public commentary. The regulations become final only after these comments have been taken into account. There are four important features of the legislation: 1. Health care providers do not have to engage in electronic health transactions. But if they do, they must comply with HIPAA transaction data standards. Providers may comply by sending paper or nonstandard non·stan·dard adj. 1. Varying from or not adhering to the standard: nonstandard lengths of board. 2. electronic transactions to a clearinghouse' where they must be converted into the required format and data elements. 2. Health plans must be able to accept transactions in standard HIPAA format, may not refuse or delay a transaction, or adversely affect the entity sending it for 'lack of proper content' if the transaction is compliant with standard health information data elements. (Plans will, however, be able to ask for additional information to determine the reasonability of the claim, such as test results to support a diagnosis.) They may comply by receiving transactions at a designated clearinghouse, which then legitimately converts them to the plan's internal format. 3. Those covered by HIPAA security standards must protect the health care information they maintain or transmit electronically from improper access, alternation alternation /al·ter·na·tion/ (awl?ter-na´shun) the regular succession of two opposing or different events in turn. alternation of generations metagenesis. , or loss. 4. Those covered by HIPAA privacy standards must not wrongfully disclose individually identifiable health information. Standards for HIPAA transactions Although most of the HIPAA standards apply to electronic transactions, they have far reaching effects on the organization, protection, and transmission of health care data for many other purposes. With few exceptions, the standards apply to each and every provider, plan, and clearinghouse that transmits any health information in electronic form. HIPAA transactions include: * Health claims or equivalent encounter information transfer * Health claims attachments * Enrollment and disenrollment actions in a health plan * Eligibility status in a health plan * Health care payment and remittance advice * Health plan premium payments * First report of injury * Health claim status * Referral certification and authorization The supporting HIPAA standards for transactions are: * Employer Unique identifiers for each * Health care provider * Individual * Health plan * Code sets for selected data elements * Assurances of security and confidentiality for health information * Electronic signature standards for health information transactions * Specific data sets for coordination of benefits information The Secretary of HHS is also required to promulgate To officially announce, to publish, to make known to the public; to formally announce a statute or a decision by a court. final regulations with respect to the privacy of individually identifiable health information in the absence of federal legislation. Penalties Each covered entity that fails to comply with HIPAA requirements can be fined not more than $100 per violation, up to a maximum of $25,000 per year for all violations of a given standard. An entity could be penalized pe·nal·ize tr.v. pe·nal·ized, pe·nal·iz·ing, pe·nal·iz·es 1. To subject to a penalty, especially for infringement of a law or official regulation. See Synonyms at punish. 2. up to a maximum of $250,000 and imprisoned im·pris·on tr.v. im·pris·oned, im·pris·on·ing, im·pris·ons To put in or as if in prison; confine. [Middle English emprisonen, from Old French emprisoner : en- for up to 10 years for wrongful disclosure of individually identifiable health information. The maximum penalties for wrongful disclosure could be assessed if "the offense is committed with intent to sell, transfer, or use individual identifiable health information for commercial advantage, personal gain, or malicious harm." (4) The general tenor, however, is to promote efficiency by encouraging compliance. HIPAA allows the HHS Secretary to forgo or reduce the penalty if the entity reasonably did not know of the violation (but not under circumstances of willful neglect Noun 1. willful neglect - a tendency to be negligent and uncaring; "he inherited his delinquency from his father"; "his derelictions were not really intended as crimes"; "his adolescent protest consisted of willful neglect of all his responsibilities" ). Further, the Secretary may give the entity additional time or provide technical assistance to reach compliance. Preemption preemption U.S. policy that allowed the first settlers, or squatters, on public land to buy the land they had improved. Since improved land, coveted by speculators, was often priced too high for squatters to buy at auction, temporary preemptive laws allowed them to acquire of state law Standards for HIPAA transactions supersede To obliterate, replace, make void, or useless. Supersede means to take the place of, as by reason of superior worth or right. A recently enacted statute that repeals an older law is said to supersede the prior legislation. contrary provisions of state law, unless the Secretary determines that the law addresses controlled substances is 'otherwise necessary,' or, in the case of privacy, is more stringent than the federal health information privacy requirements. Broad consultation Widespread industry input is required for the adoption of HIPAA transactions standards. The Secretary must consult with the National Uniform Billing Committee (chaired by a representative of the American Hospital Association American Hospital Association (AHA), n.pr a nonprofit national organization of individuals, institutions, and organizations engaged in direct patient care. The association works to promote the improvement of health care services. ), the National Uniform Claim Committee (chaired by a representative of the American Medical Association American Medical Association (AMA), professional physicians' organization (founded 1847). Its goals are to protect the interests of American physicians, advance public health, and support the growth of medical science. ), the Workgroup for Electronic Data Interchange WEDI, pronounced "wee dee" is a not-for-profit user group in the United States for users of Electronic Data Interchange (EDI) in public and private healthcare. The organization is sometimes referred to by other names that include some or all of the words: (with significant insurance industry representation), and the American Dental Association American Dental Association (ADA), n.pr a nonprofit professional association whose membership is dental professionals in the United States. Its purpose is to assist its members in providing the highest professional and ethical care to the citizens of the . Additionally, the Secretary must rely on the recommendations of the National Committee on Vital and Health Statistics (NCVHS NCVHS National Committee on Vital and Health Statistics ), a national advisory council of 18 experts drawn from the private sector to advise on health data policy, and must consult with appropriate federal and state agencies and private organizations. On the privacy regulation, the Secretary must consult with NCVHS and the Attorney General. Moreover, the Secretary must adopt standards that have achieved industry consensus through processes accredited accredited recognition by an appropriate authority that the performance of a particular institution has satisfied a prestated set of criteria. accredited herds cattle herds which have achieved a low level of reactors to, e.g. by the American National Standards Institute See ANSI. (body, standard) American National Standards Institute - (ANSI) The private, non-profit organisation (501(c)3) responsible for approving US standards in many areas, including computers and communications. ANSI is a member of ISO. (ANSI (American National Standards Institute, New York, www.ansi.org) A membership organization founded in 1918 that coordinates the development of U.S. voluntary national standards in both the private and public sectors. It is the U.S. member body to ISO and IEC. ). HIPAA restricts the choices of standards to those that have been developed, adopted, or modified by a standards setting organization that is accredited by ANSI, unless (1) the different standard will substantially reduce administrative costs administrative costs, n.pl the overhead expenses incurred in the operation of a dental benefits program, excluding costs of dental services provided. and (2) proper rulemaking procedures are followed. Status of the major standards choices Since the latter half of 1996, HHS has examined health data standards with substantial industry consultation and public commentary obtained from the notices of proposed rule making (NPRM). HIPAA transactions and code sets The NPRM for HIPAA claims transactions and code sets was published on May 7, 1998. The standard was developed by X12, an ANSI-accredited standards committee, and is labeled "837." "X12 837" provides a format for submitting an electronic claim, including the data elements that must be present for payment and the code sets that specify the acceptable values data elements may take on. To handle the more detailed specifications and range of different situations, an official implementation guide is incorporated by reference. Along with X12 837, the NPRM proposed adopting ICD-9 codes The following is a list of codes for International Statistical Classification of Diseases and Related Health Problems. These codes are in the public domain. abbr. Health Care Financing Administration HCFA, n.pr See Health Care Financing Administration. Common Procedure Coding System Noun 1. coding system - a system of signals used to represent letters or numbers in transmitting messages code - a coding system used for transmitting messages requiring brevity or secrecy (HCPCS HCPCS Healthcare Common Procedure Coding System ) codes for non-institutional or ambulatory department procedures, and National Council for Prescription Drug Programs Overview The National Council for Prescription Drug Programs (NCPDP) is a not-for-profit, Standards Development Organization (SDO) that is accredited by the American National Standards Institute (ANSI). NCPDP is headquartered in Scottsdale, Arizona. (NCPDP NCPDP National Council for Prescription Drug Programs ) codes for drug payment claims. National standard provider identifier Also on May 7,1998, the NPRM for the national provider identifier National Provider Identifier Medicare A unique 8 character ID assigned by the National Provider System to providers/suppliers who bill for services or goods. See Medicare Identification Number, NSC, OSCAR, UPIN. (NPI NPI National Provider Identifier, see there ) proposed an eight-digit alphanumeric identifier for use in electronic claims processing electronic claims processing Electronic billing The electronic–ie, by modem–submission of a bill to third-party payers, for physician services rendered . The NPI would be unique for each provider and assigned for life. Persuasive public comments argued, however, that for ease of use, the NPI should be only numeric. Adopting this public comment would increase the size of the identifier to ten digits, including one mathematically calculated digit to assure the accuracy of the other digits. National standard employer identifier Released for public comment on June 16, 1998, the national employer identification number Applicable to the United States, an Employer Identification Number or EIN (also known as Federal Employer Identification Number or (FEIN)) is the corporate equivalent to a Social Security Number, although it is issued to anyone, including individuals, who has to pay is issued and maintained by the Internal Revenue Service. Because there is widespread industry acceptance and use of this identifier, it generated the fewest comments. Security The HIPAA security standard, released for public comment on August 12, 1998, fulfills the mandate that any covered entity 'that maintains or transmits health information shall maintain reasonable and appropriate administrative, technical, and physical safeguards." (5) This standard proposes areas of risk avoidance that must be addressed by covered entities to protect individually identifiable health information from improper access, alteration, or loss. It is intended to assist health plans, providers, and clearinghouses to establish appropriate safeguards for assuring the integrity and confidentiality of this information. Its flexibility permits entities of various sizes and complexities to have different security solutions. For example, a solo practitioner will not be expected to have the more elaborate security mechanisms of a large health plan. Because none of the HIPAA transactions presently requires an electronic signature, adopting a supporting standard could be delayed until the health industry, or for industry in general, settles on a common mechanism for a digital signature. Privacy The privacy proposal, published on November 3,1999, establishes federal protection for the confidentiality of individually identifiable health information. This protection is balanced with permitted disclosures of the information by covered entities under specified conditions, for such purposes as public health, research, and law enforcement. It gives individuals more control over the use of their personal health information and reaffirms the rights of patients to see copy, and amend this information, and to learn of any disclosures. Generally, individuals must consent to all disclosures of their health information for uses other than health care, payment, and operations. Exceptions are spelled out in the rule, along with the conditions that must be met for the exceptions to be valid. Health plans, providers, and clearinghouses that engage in electronic HIPAA transactions must notify patients about their health information privacy practices and inform them of their methods for tracking permissible disclosures. Clearinghouses that simply pass on electronic health transactions without manipulating the data would be exempt from many of these requirements. Additional HIPAA standards Final rules for the standards should be published some time later this year. Also, standards for a national health plan identifier and for health claims attachments, which supply additional information to plans to determine a claim's reasonableness, will be proposed for public comment. Work on the national individual (patient) identifier was halted in 1998 by Vice President Gore until the privacy of health information is adequately protected and Congress forbade HHS to spend appropriated funds on implementing such identifiers until specifically approved by law. Timing of implementation By law, each health plan, provider, and clearinghouse must comply with the particular HIPAA administrative simplification standard or specification no later than 24 months after the Secretary's adoption (small health plans will have 36 months). "Small health plans" are to be defined by the Secretary, possibly those with fewer than 50 beneficiaries or with gross revenues below a given level. If the transactions and code set rules are published in final form in June 2000, with an effective date of August 2000, full compliance would be expected by August 2002. Although covered entities could agree among themselves to conduct transactions using the adopted standards before August 2002, penalties could not be assessed before then. Most of the standards with published 'notices of proposed rule making' will likely have compliance dates in 2002; the claims transactions and code sets standards are expected to be the first to be formally adopted. Major issues The costs of making the transition to the legislated standards and processes remain a worrisome factor. Testing and certifying that covered entities meet HIPAA standards will be a health industry responsibility, because there is no federal funding for these purposes. National (both federal and private) resources for implementing and maintaining standards, like the national provider identifier, will be needed. Further, covered entities will most likely adopt the various standards in some sort of sequence, rather than trying to implement all of them simultaneously, which will necessitate continual adjustments and expense until the total set is achieved. Conclusion All providers, plans, and clearinghouses will be affected by the federally mandated uniform standards for health care administrative transactions. For providers who deal with billing services and clearinghouses for claims transactions, the standards will be transparent. Over time, as providers purchase new information systems and software that incorporate these standards, they will gain the capability to deal directly with plans for electronic claims submission and payment. The costs of protecting against security risks will probably rise with the size of the provider's business. The privacy standard will clarify how individually identifiable health information is to be protected-the rights of individuals and the responsibilities of the covered entities. Obtaining these benefits, however, will require additional resources to reduce the risk of unwarranted disclosure. Many good protection practices can be found in the report of the National Research Council, For the Record: Protecting Electronic Health Information." (6) Additional information on privacy and the health system may be found in The Limits of Privacy by Etzioni Amatai. (7) The largest opportunity for modifying each standard is during the NPRM's public comment period. For five of the standards, that window of opportunity has passed. However, there is a two-year period between the effective date of each final standard and its required implementation, giving rise to the potential for suggesting changes that improve effectiveness and reduce the burden of compliance. Four more standards are planned with no timetable for release. Providers can have a strong voice in changing the standards by working through representation at the meetings of the standard developing organizations, X12 and NCPDP in particular, and the national uniform billing and claims committees, and through official updating processes that will be established under HIPAA. The information age brings continual change and opportunities to improve the efficiency of administrative practices. It also brings growing responsibility to protect the confidentiality of personal health information shared in those practices. Although there are two years before these standards must be implemented, and cost and compliance issues resolved, work has already begun in many health institutions to identify and address them.. References (1.) "Report on H.R. 3103, Health Insurance Portability and Accountability Act of 1996." Congressional Record A daily publication of the federal government that details the legislative proceedings of Congress. The Congressional Record began in 1873 and, in 1947, a feature called The Daily Digest was added to briefly highlight the daily legislative activities of each House, (July 31, 1996), 142(115), Washington DC: USGPO USGPO United States Government Printing Office , H94739516. Section 261. (2.) "Notice of Proposed Rulemaking A notice of proposed rulemaking or NPRM is issued by law when a regulatory agency of the United States Federal Government wishes to add, remove, or change a rule (or regulation) as part of the rulemaking process. Outside the USA. for the National Standard Health care Provider Identifier, IX. Impact Analysis, A. Executive Summary," Federal Register May 7, 1998 (Volume 63, Number 88), Proposed Rules, pp. 25320-25357, http://ern.aspe.hhs.gov/ora web/plsql/ern.rule.rule text?user id=8rule.id=12 (3.) Fitzmaurice, J. M. A New Twist in U.S. Health care Data Standards Develpment. Adoption of Electronic Health care Transactions Standards for Administrative Simplification." International Journal of Medical Informatics medical informatics, n the field of information science concerned with the analysis and dissemination of medical data through the application of computers to various aspects of health care and medicine. , 1998, 48 (1-3): 19-28. (4.) "Report on HR. 3103, Health Insurance Portability and Accountability Act of 1996." Section 1177. (5.) "Report on H.R. 3103, Health Insurance Portability and Accountability Act of 1996." Section 1173 (d) (2). (6.) Computer Science and Telecommunications Board, National Research Council, For the Record: Protecting electronic Health Information, Washington, DC: National Academy Press, 1997. (7.) Eizionl, Amatal, The Limits of Privacy. New York New York, state, United States New York, Middle Atlantic state of the United States. It is bordered by Vermont, Massachusetts, Connecticut, and the Atlantic Ocean (E), New Jersey and Pennsylvania (S), Lakes Erie and Ontario and the Canadian province of , New York: (Basic Books) Perseus Books Group, 1999. Recommended Resources Numerous educational opportunities are available to inform and assist physician executives in complying with HIPAA transaction standards. There will be many courses, seminars, and consultants interested in aiding the transition, but a good start is viewing the World Wide Web sources for the public comments on the proposals, implementation guides, and schedule for publication of the HIPAA regulations at http://aspe.hhs.gov/adminsimp/index.htm. AHIMA AHIMA American Health Information Management Association (Chicago, IL) 233 N. Michigan Avenue, Suite 2150 Chicago, Illinois 60601-5519 312/233-1100 The 38,000 members of the American Health Information Management Association The American Health Information Management Association (AHIMA) is a non-profit association for health information management professionals. The organization was founded in 1928, and has 51,000 members. are experts in both clinical data and information management working in a variety of care settings including hospitals, physician offices, managed care organizations, and long-term care facilities long-term care facility n. See skilled nursing facility. . With a 70-year tradition of promoting quality health care through quality information, AHIMA has been instrumental in shaping industry standards, legislation, and regulation and in educating government agencies and the public on health information management issues. For further information, visit www.ahima.org. AMIA 4915 St. Elmo Avenue, Suite 401 Bethesda, Maryland 20814 301/657-1291 The American Medical Informatics Association is dedicated to the development and application of information technology that supports patient care, teaching, research, and health care administrators. Its 3,700 members include developers of clinical information systems, academically based health care professionals, and health care information systems users. For further information, visit www.amia.org. CHIM CHIM Center for Healthcare Information Management 3800 Packard Road, Suite 150 Ann Arbor, Michigan  “Ann Arbor” redirects here. For other uses, see Ann Arbor (disambiguation). Ann Arbor is a city in the U.S. state of Michigan and the county seat of Washtenaw County. 48108-2073 Phone 734/973/6116 The Center for Healthcare information Management's mission is to positively impact the industry through the promotion of health care information technology. By disseminating information, convening educational programming, and fostering a collaborative environment, CHIM members seek to bring a greater awareness and understanding among professionals on how information technology can be harnessed to improve the quality and cost effectiveness of health care. For further information, visit www.chim.org. CHIME 3300 Washtenaw Avenue, Suite 225 Ann Arbor, Michigan 48104-4250 Phone 734/665-0000 The College of Healthcare Information Management Executives College of Healthcare Information Management Executives, or CHIME, is a United States professional organization formed to aid the professional development needs of healthcare industry Chief Information Officers (CIOs), and to advocate the more effective use of information is dedicated to serving the professional needs of CIOs and advancing the strategic application of information management in health care. For further information, visit www.chime-net.org. HIMSS HIMSS Healthcare Information and Management Systems Society 230 East Ohio Street, Suite 500 Chicago, Illinois 60611-3269 312/664-HIMSS The Healthcare Information and Management Systems Society Founded in 1961, the Healthcare Information and Management Systems Society (HIMSS) is a healthcare industry membership organization exclusively focused on providing leadership for the optimal use of medical informatics technology and management systems. provides leadership in health care for the management of systems, information, and change through high quality publications, educational opportunities, and member services. HIMSS has 40 regional chapters and more than 12,000 members working in health care organizations internationally. Members include professionals in the fields of clinical systems, information systems, management engineering, and telecommunications. For further information, visit www.hims.org. The Joint Healthcare Information Technology Alliance (JHITA JHITA Joint Healthcare Information Technology Alliance ), is composed of the American Health Information Management Association (AHIMA), American Medical Informatics Association (AMIA), Center for Healthcare Information Management (CHIM), College of Healthcare Information Management Executives (CHIME), and Healthcare Information and Management Systems Society (HIMSS). For further information, visit www.jhita.org. RELATED ARTICLE: Osteopaths Oppose Privacy Proposal The American Osteopathic Association American Osteopathic Association, n.pr an organization that promotes the development and progression of osteopathic medicine and serves as a professional society for osteopathic practitioners within the United States. , which represents 44,000 osteopathic physicians, has called for the withdrawal of the U.S. Department of Health and Human Services' proposal to protect the privacy of medical information. While the AOA AOA American Optometric Association; American Orthopsychiatric Association; American Osteopathic Association. AOA 1 American Orthopaedic Association 2 American Osteopathic Association, see there supports DHHS DHHS Department of Health & Human Services (US government) DHHS Dana Hills High School (Dana Point, California) DHHS Deaf and Hard of Hearing Services DHHS Deaf and Hard of Hearing Services 's efforts to develop privacy standards, it thinks that the proposal falls short of the goals envisioned by the Secretary of HHS. To adequately address the privacy of medical records, the AOA believes that the following issues need to be resolved by Congress before meaningful protection can be achieved: * The scope of covered records. The proposal attempts to cover many paper records by stating that any information that is electronic, or becomes electronic at any time, is covered under the rule. This could make it burdensome for individual physicians to determine what is electronic, what is paper, and what may become electronic. * Accountability. Anyone who violates a patient's privacy should be held accountable. Therefore, Congress should enact federal legislation that expands accountability to include employers, insurance companies, bankers, billing agents, and anyone else that might have access and misuse patient information. Misuse of a patient's health information could lead to discrimination in employment, insurance, and health care coverage. * Proper authorization. Too many government agencies have access to patients' private medical information. Allowing all health-related agencies access to medical records without authorization may result in wrongful disclosure or use. * Cost. The administrative requirements set forth by the proposal are expensive and redundant and could add significantly to the cost of care in many small physician offices. Jim Hawkins J. Michael Fitzmaurice, PhD, is Senior Science Advisor for Information Technology in the Immediate Office of the Director, Agency for Healthcare Research and Quality Agency for Healthcare Research and Quality, n.pr formerly known as the Agency for Health Care Policy and Research, this agency researches the quality of medical care and health services. (AHRQ AHRQ, n.pr See Agency for Healthcare Research and Quality. ). He can be reached by calling 301/594-3938 or via email at mfitz-mau@AHRQ.GOF GOF Gang of Four (Erich Gamma, Richard Helm, Ralph Johnson, John Vlissides; authors of the book Design Patterns) GOF Gang of Four (short-time Communist China's leader after the death of Mao) . The views expressed here are his and not necessarily those of AHRQ or of the Department of Health and Human Services Noun 1. Department of Health and Human Services - the United States federal department that administers all federal programs dealing with health and welfare; created in 1979 Health and Human Services, HHS . Jeffrey S. Rose, MD, is the Chief Medical Officer of Cyber Plus Corporation, author of Medicine and the Information Age (ACPE ACPE Accreditation Council for Pharmacy Education ACPE American Council on Pharmaceutical Education ACPE American College of Physician Executives ACPE Association for Clinical Pastoral Education, Inc. Press, 1998), and an Instructor of the Health Information course for the American College of Physician Executives. He can be reached by calling 303/981-3220 or via email at jsr@indra.com. |
|
||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion