Monday, April 14, 2003
The Health Insurance Portability and Accountability Act, which takes effect Monday, carries potentially stiff penalties for violators of patient privacy.
By Adam Marcus
MONDAY, April 14 (HealthScoutNews) -- Employers who try to peek at workers' medical records now risk potentially steep fines and even jail time, thanks to broad new patient privacy rules that went into effect Monday.
After six years of body work, the 1996 Health Insurance Portability and Accountability Act (HIPAA) is now the law. It covers health providers from plastic surgeons to pharmacists, hospitals and clinics, and health plans.
"While many states have enacted laws giving differing degrees of protection, there has never before been a federal standard defining and ensuring medical privacy," Secretary of Health and Human Services Tommy Thompson says in a statement. "Now new federal standards are coming into force to protect the personal health information of every American patient."
Although the original intent of HIPAA was to allow consumers to carry their insurance from job to job, the final version tilts more towards protecting the privacy of medical records and information. It covers both physical and mental health.
Under the new law, for example, doctors, hospitals, insurers and health care companies can no longer share patient information with third parties without a patient's authorization. Also sign-in sheets in doctors' waiting rooms can no longer request personal information.
Scofflaws face civil and criminal charges, including fines of $100 per breach up to $250,000, as well as a maximum 10-year jail term for leaking patient information with intent to harm.
The passage of the law set off a scramble by doctors, hospitals and other medical institutions to bring themselves into compliance. A new, multimillion dollar industry of HIPAA consultants sprouted to help them manage the changes.
The health act tries to keep sensitive information out of the hands of marketers, employers, reporters, and others who might abuse it. At the same time, it guarantees patients the right to view, copy and add to their own records.
Despite reports to the contrary, there are some things the law doesn't do. For instance, patients may communicate with their doctors by e-mail, as long as the network they use is secure and encrypts the message. And it allows family and friends to visit sick loved ones in the hospital and send flowers or other care packages -- unless the patient has asked to be left alone.
But not everyone sees much to recommend in HIPAA. A coalition of health care groups has filed suit in federal court to reject the regulations, while some members of Congress have introduced legislation to plug what they consider to be loopholes in the law.
Kathryn Serkes, a spokeswoman for the Association of American Physicians and Surgeons, in Tucson, Ariz., calls the new rules "bad, bad stuff."
Serkes says patients may believe the HIPPA forms they'll now be signing at their doctors' offices grant or deny permission to disclose their medical information. But in reality, they are merely an advisory about how that information is going to be used, she says.
While the data are intended to be stripped of names and other identifiers, she adds, her group believes those protections are transparent to prying eyes.
"The loss of the consent in the current regulations are a travesty for patient privacy," Serkes says.
Serkes also notes that the rules covering data security aren't fully implemented until April 2005. Until then, she says, the door's open. "It's like sticking up a security sticker on your house window without installing the alarm," she adds.
Serkes' group hopes that patients will exploit a loophole in HIPAA to avoid these potential problems. The law doesn't cover doctors who don't transmit medical information electronically; for instance, records can be faxed from one health-provider to another, provided there are "reasonable" safeguards. The association has launched an advertising campaign urging consumers to pressure their doctors to stay out of the program.
To learn more about HIPAA, try the U.S. Department of Health and Human Services. You can also try the Health Privacy Project.
Copyright © 2003 ScoutNews, LLC. All rights reserved.