The art and law of privacy: Providers get some answers about parameters
The art and law of privacy: Providers get some answers about parameters
Hospitals must provide reasonable safeguards to protect information
The federal Department of Health and Human Services (HHS) issued its first in a series of guidance materials on new federal privacy protections for medical records and other personal health information — and many providers say it’s a good start.
The 57-page document, "Standards for Privacy of Individually Identifiable Health Information," was released July 6 and seeks to clarify confusion in the privacy provision of the Health Insurance Portability and Accountability Act of 1996. The guidance addresses some issues of concern reflected in the more than 11,000 separate public comments on the final rule submitted to HHS during a 30-day comment period last March. The privacy regulations were finalized in April.
Topics in the guidance include consent, minimum necessary use, oral communications, business associate agreements, regulations regarding minors, communications and marketing, research, government access to health information, and payment.
Soundproof rooms not required
According to the guidance, hospitals do not have to build private, soundproof rooms to prevent conversations about a patient’s condition from being overheard. Instead, the rule requires that hospitals provide reasonable safeguards to protect confidential information, such as using curtains, screens, or similar barriers.
HHS has taken what it calls a "first step toward easing some of the rules’ unnecessary burdens on hospitals and their patients" on three of the American Hospital Association’s (AHA) most significant issues — the minimum necessary standard, oral communications, and consent.
In addition, HHS promised in the guidance to take further steps to address other problems with the oral communications and consent requirements, AHA says. For example, HHS confirmed AHA’s concern that the regulations currently do not allow a hospital to use protected health information it receives from a physician to schedule surgery or a procedure for a first-time patient until the hospital obtains the patient’s consent. HHS states that it intends to fix this issue in a subsequent action.
Other likely changes or modifications to the rule include:
• Pharmacists may fill physicians’ phone-in prescriptions before obtaining patient consent.
• Covered entities may engage in whatever communications are necessary for "quick, effective, high quality health care," including routine oral communications with family and staff.
• Common practices such as sign-up sheets, X-ray light boards, and bedside medical charts are not prohibited.
• There may be changes to ensure parents have appropriate access to information about the health of their children.
The AHA was concerned that HHS did not address the association’s concerns on issues such as data aggregation for benchmarking, business associate requirements, and disclosures to the government. This is not HHS’ last chance to clarify the rules, however. The department says it plans to release additional guidance materials to help health care providers and insurers comply with the regulations, set to take effect in April 2003.
To view the guidance in full, visit www.hhs.gov/ocr/hipaa.
Subscribe Now for Access
You have reached your article limit for the month. We hope you found our articles both enjoyable and insightful. For information on new subscriptions, product trials, alternative billing arrangements or group and site discounts please call 800-688-2421. We look forward to having you as a long-term member of the Relias Media community.