HIPAA a challenge for occ-med researchers

Take care with identifiers

The new HIPAA rules also present a challenge to medical researchers, who need to be able to identify individual patients in clinical studies and to track them over time. (Research plays a significant role in the occupational health profession, as experts seek to understand the connection between job tasks, the working environment, and injury and illness.)

"HIPAA regulations are a wake-up call for clinical researchers who now need to modernize their approach to managing private clinical information," says Eran Bellin, MD, a medical researcher who also is the head of New York City-based Montefiore Medical Center’s HIPAA security subcommittee. HIPAA specifically requires hospitals to "implement a mechanism to encrypt and decrypt electronic protected health information."

Bellin, who could find no existing computer software to meet both privacy rules under HIPAA and his own research needs, built one. The innovative program encrypts identifiers (such as a Social Security number) on a clinical trial patient’s electronic medical record. The key or code to the encryption system, and therefore access to the patient’s medical record, is then stored in a separate database on another computer.

"The software is significant for Montefiore, because, as the university hospital and academic medical center for the Albert Einstein College of Medicine, we conduct trials involving hundreds of patients and tens of millions of dollars annually," says Bellin, who hopes that the software will become a national model for other medical centers. The software is believed to be the first of its kind.

Patient privacy can be further protected, notes Bellin, if the encryption key becomes the property of a research institution’s institutional review board — generally composed of ethicists, researchers, and community members who review and monitor clinical research and whose job it is to guard against access to patient records.

Researchers have historically been permitted to review patients’ medical records and then physically lock up the information in a drawer, file or within a computer database. When research findings are released, the data are aggregated so no individual is identified. HIPAA restricts the ways in which researchers may use or disclose protected health information in a patient’s medical record and this requires more modern methods to access and use the patient information.

The new software is called FieldEncrypt. Additional information is available at http://fieldencrypt.devguru.com.

AHA offers HIPAA guidelines

With the deadline for complying with the Health Insurance Portability and Accountability Act’s (HIPAA) privacy rule upon us, the Chicago-based American Hospital Association is reminding members about a brochure it released in February that updates guidelines for releasing information on the condition of patients under HIPAA.

The brochure is designed to inform hospital staff about how and when hospitals can release information on a patient’s condition to media, family members, and clergy. Members can download "Guidelines for Releasing Information on the Condition of Patients" at www.aha.org. Click on "HIPAA" under "Key Initiatives," then on "Updated Guidelines." Printed copies can be ordered by clicking on the "Order Guidelines" for the brochure at www.hospitalconnect.com.