HIPAA requests increase as patients gain savvy

Education crucial, consultant says

Although few patients have taken advantage of the Health Information Portability and Accountability Act (HIPAA) privacy rule that allows them to amend their medical records, those numbers will increase dramatically as people gain confidence in owning their health care data, predicts Caroline Stuart, MA, RHIT, a management consultant with the Dearborn, MI-based health information management division of ACS Health Care Solutions. "Patients are just now realizing that they can demand corrections to their medical record when they have been charged for services, tests, or levels of care they did not receive," Stuart notes.

Staff should become HIPAA experts

With that in mind, she emphasizes, health care providers must make HIPAA-related education a priority. "The more we educate staff, the more patients will be educated. What I’m seeing is that [this] has not happened."

In the future, Stuart adds, amendment requests will increase "and all staff will become HIPAA experts."

After all, she points out, one of the goals of HIPAA was to educate individuals to take more responsibility for their own health care and to ensure their right to privacy and control of their personal health information.

Anticipation of the "many, many revisions" to patient records that will have to be accounted for in the future is behind the recent push by the American Hospital Association (AHA) and nine other health care organizations for the exemption of all mandatory and routine disclosures to government entities from the privacy rule’s accounting of disclosures requirement, Stuart suggests.

In mid-February 2005, those organizations urged the Department of Health and Human Services (HHS) to take immediate steps to modify the HIPAA privacy rule to that effect. In a letter to HHS secretary Mike Leavitt, the coalition organizations note that the Government Accountability Office also recommended exempting such disclosures from the rule in a report in September 2004.

That report expressed concern that the requirement to track and account for such disclosures did not support the rule’s goal of ensuring effective patient privacy protections without imposing unnecessary costs or barriers.

In her experience to date, there have been few formal HIPAA amendments to records by patients, Stuart says. "The health care industry is aware that the volume of patient requests to amend and control health care data will rise as patients become better educated."

During implementation of the HIPAA privacy regulations, which became effective April 14, 2003, she recalls, the primary concern of the health care organizations with which she worked was not education, but rather the purchase of technology to track the trail of requests for patient information should anyone ask for it.

"The problems that are arising today, post-HIPAA, are linked to facilities having the capability of merging revisions into electronic health records," Stuart notes. "Additionally, facilities are perplexed at potential problems that may arise in the submission of amendment data to fiscal agencies that could potentially delay the billing and revenue processes."

AHA and other organizations are concerned that the accompanying documentation will further clog information systems that already are jammed as patients begin to question whether they have been charged for a treatment or procedure they never received or disagree with a physician’s diagnosis because it could cause job-related problems, she says.

"If a patient goes in and asks, Who did you release my record to, and which part did you release?’ and adds, I don’t want my employer to know that I had treatment for hepatitis C, which could affect my promotion,’" Stuart points out, the resulting demands on the provider can be staggering. "Everybody has to keep a list [of sources of electronic data]."

Up until now, she says, "hospital management has been HIPAA-trained, but hospital staff have been just barely educated. If a patient asks an admitting representative to explain what the HIPAA clause in a consent form means," Stuart adds, it’s not likely he or she will get an adequate answer.

The staff knowledge level is improving, however, she says, noting that it is normal for full implementation of such a process to take a decade or more. "This is to be expected."

Stuart says she personally is looking forward to the future paperless documentation of health care data. "I have confidence that billing and reimbursement technology will advance in tandem to meet patient demands for amendment and disclosure."