H.I.P.A.A.

Whether you know it or not you now have a medical identification number. I just received a copy of an in-house memo from an employer concerning HIPAA Compliance. It states, "Attached is a privacy notice that (name of company) is required to provide to you based upon a new health privacy law entitled the (print following in bold) Health Insurance Portabality and Accountability Act or HIPAA for short. If you have acquired medical services or filled a prescription in the past two days, you have probably been given a similar notice by the provider. You do not need to take any action regarding this notice, we are simply required by law to provide it to you."

You are being told that this new ID number is to protect your privacy but in reality your medical privacy is now beyond your control. These new rules actually destroy your ability to restrict access to your medical records. Doctors, dentists, pharmacists and hospital personnel as well as insurance companies, are now required to share your medical records with the FDA, law enforcement agencies, the US Department of Health and Human Services and even foreign governments, without asking your permission. Such medical information cannot be withheld and doctors and insurance companies do not have to inform you as to who gets your records. The law states, "This is for national security reasons."

You will be informed at the doctor's office, the pharmacy, the hospital or other care providers about your new number. You will be asked to read the new federal regulation and sign a document stating that you did read the regulations, understand it and agree to the new procedures. If you don't sign the document your doctor may refuse to treat you and your insurance company is allowed to refuse coverage.

Anytime you feel that your doctor/patient confidentiality has been violated or you've lost your privacy rights you may complain directly to the Department of Health and Human Services. Regardless of your complaint you are not allowed to bring a lawsuit against a doctor or an insurance company for a breach of privacy. The standards for privacy of individually identifiable health information rule officially went into effect on April 14, 2001. The enforcement of that rule went into effect April 14, 2003.

To say that these new rules and regulation are to protect your medical privacy is bureaucratic double-speak at its worst.

Derry Brownfield is a practical farmer, a practical business man and a very entertaining speaker. He travels extensively throughout the country speaking about his common-sense point of view. Web Site: www.derrybrownfield.com

Of all the news articles I have read on HIPAA, not one mentioned:

In addition, disclosure of protected health information, without the individual's authorization, is permitted where the circumstances of the emergency implicates law enforcement activities (see 45 CFR 164.512(f)); national security and intelligence activities (see 45 CFR 164.512(k)(2)); or judicial and administrative proceedings (see 45 CFR 164.512(e)).

The new Health Insurance Portabality and Accountability Act passed on April 14th, 2003--Will you really benefit from these new limits on the way personal medical records may be used or disclosed?

Secretary of HHS,Tommy Thompson, thinks so.

"myths and realities about the new hipaa privacy law"

The new Health Insurance Portabality and Accountability Act passed on April 14th, 2003

Actually, no. The final measures took effect on that day. As a patient, you should be more worried about the resources your health care providers are diverting to comply with HIPAA than any disclosures of information. As a matter of law, medical records and histories can only be disclosed without authorization to government agencies if a subpoena is presented. Same as it ever was.

Much of your health information will be distributed to agencies and companies for research and statistical reasons, but that information must not contain any personal identification data. This is not new, or unusual. There is a national tumor registry that keeps track of data on every cancer patient in the country. You could scour their files for years and never determine who had the disease. What HIPAA will do, however, is slow the time it takes you to get referrals, prescriptions, second opinions, and all sorts of routine matters associated with your health. You need to sign a release every time your personal info with identifying data is given to someone other than the primary holder of the information. It's costing millions in compliance. But it's not the end of the world as patients know it.

"...the amount of man-hours spent in promotion, training, compliance, etc. for this law is staggering! It sucks up tons of time, effort and therefore money."

It is then, an unconstitutional law.

Amendment V:

"...nor shall private property be taken for public use without just compensation."

You highlighted the wrong part of the sentence: "In addition, disclosure of protected health information, without the individual's authorization, is permitted where the circumstances of the emergency implicates law enforcement activities (see 45 CFR 164.512(f)); national security and intelligence activities (see 45 CFR 164.512(k)(2)); or judicial and administrative proceedings (see 45 CFR 164.512(e)).

I don't think this is new, actually. Law enforcement and the courts have always had the ability to subpeona and/or demand all of your information.

Much of your health information will be distributed to agencies and companies for research and statistical reasons, but that information must not contain any personal identification data. This is not new, or unusual. There is a national tumor registry that keeps track of data on every cancer patient in the country. You could scour their files for years and never determine who had the disease. What HIPAA will do, however, is slow the time it takes you to get referrals, prescriptions, second opinions, and all sorts of routine matters associated with your health. You need to sign a release every time your personal info with identifying data is given to someone other than the primary holder of the information. It's costing millions in compliance. But it's not the end of the world as patients know it.

Thank you. As a programmer/analyst with about 10 to 12 years in the health-care arena, you have correctly summarized some of the effects of HIPAA. The tendency of some (normally educated and prudent) Freepers to go out of control upon reading a few lines out of a legislative bill is alarming, on occasion.

I deal with HIPAA at work every day. You, like me, have probably signed a privacy notice warning you about HIPAA rules at the pharmacy, at the dentist, at the hospital, etc. You are asked to specify who can get what info and who can't. To release medical information to anyone other than your doctor or to make payment for the care you want, you additionally have to sign an authorization giving us permission to release the information. We have to keep great track of what info is released. It is nowhere near as scary as the article makes a reader believe and in fact makes info more confidential rather than less.

You are, of course, correct. A couple of high-profile incidents brought HIPAA regulations into being. In once case, a banker acquired medical histories on loan holders. He called in the loans on those who were terminal. Another case involved stealing a computer disk with the names of over 2,000 AIDS patients and the subsequent fallout.

The truth of the matter is that most, if not all, health care providers already had policies in place that restricted the disclosure of medical information. In most cases, those policies are more stringent than HIPAA. However, now these providers must maintain the administrative documentation required by the law. That is where the expense comes in.

And a less publicized (now) provision of HIPAA has been applauded by many individuals: The "portability" section prohibits insurers from denying coverage to those who already have such coverage, meaning you can change employers and not worry about existing condition provisions in their health plans.

There is very little new in the Privacy Rule, except the administrative silliness that health care administrators like me have to do. The notices say we can release your information for various reasons, not that we have to, and these reasons are not new. The Rule actually does give the patient the explicit power to limit disclosures, which was always a practical reality, but now has been formalized.

Typical hysteria from paranoiacs whose brains are so fried they can't read and understand English.

more "process" to keep bureaucrats busy

How right you are. Bureaucrats love process. In many cases it is the raison d'etre (if you'll excuse the use of a French term) and provides job security. The real beauty of it for them is that it often justifies the existance of large empires. Without processes to "manage", they might actually have to produce something of real value.

A couple of high-profile incidents brought HIPAA regulations into being. In once case, a banker acquired medical histories on loan holders. He called in the loans on those who were terminal. Another case involved stealing a computer disk with the names of over 2,000 AIDS patients and the subsequent fallout.

Correct. The news media, in one of their occasional fads, latched onto medical privacy as a big issue -- in reality, like "church burnings" and "shark attacks" and other groupthink fads, there was no systemic problem, just the occasional screw-up common to all human enterprise. But the media was bored and so medical privacy got a couple months play and some legislators, who, like reporters, need a crisis to justify their fake jobs, -- some legislators said "Omygod we need a law!" And voila! -- HIPPA.

There was no medical pricavy problem, there is no medical privacy problem, but now Ted Kennedy has his name on another piece if law.

Taliesin--(great name, BTW)--I work in health research. Until April 14 I could call most hospitals and doctors' offices in America, give their medical records and billing departments your name, and sweet-talk them into giving me all sorts of alarming data about you. Sometimes they'd fax me your entire medical record, including the most personal information in your life. You'd be horrified at how chatty those medical records clerks and doctors' practice admins are. I was always scrupulous about sending them a signed authorization form, but a lot of them just spilled their guts and then told me that the authorization wasn't necessary. I could have been anybody--your ex-wife's attorney, your employer, a criminal; they had no way of knowing I was who I said I was or served the organization I actually work for.

As of April 14, however, everybody clammed up. The stringent penalties HIPAA imposes for violating patient privacy has had a strong chilling effect on their tongues. Now there is no way I'm prying information out of any but the most slovenly clerks unless I fax a signed authorization in first. It's very refreshing.

I'll have to believe your anecdote, but consider mine: I've been in health care for 25 years. I have direct responsibility for over 60,000 patient records. In the 8 years I have had this job, I've never fielded a complaint from a patient that their record was released to someone inappropriately.

Oooops -- there was one. I think that guy finally concluded his lawyer forged his name on the release.

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.