HIPAA: The federal government strikes health care again

http://www.jewishworldreview.com/cols/jennings.html ^ | Marianne M. Jennings

[rhema]

I stand behind the yellow line at the Fry's pharmacy because Hipaa says so. Hipaa is not a large store greeter or immigrant pharmacist from Uzbekistan. The Feds have been at it again, regulating their little hearts out on medical care, something they will tinker with until we have a quality health care system like our neighbors to the North, one in which we wait six weeks for an appendectomy, the expedited schedule for surgery due to pain.

This time the Feds developed the Health Insurance Portability Accountability Act - Hipaa. Hipaa does many things, including lots of boilerplate notices for us. The boilerplate notices explain privacy rights on medical records and the right to keep the next pharmacy customer from knowing your medications. Hence, the yellow line to put us out of earshot. I wonder if they know I can still read the paperwork from behind the yellow line.

I got a Hipaa notice from the pharmacy, the dentist, the pediatrician, and the mammography folks. When the orthodontist threatened me with Hipaa paper work, I declined.

Hipaa notices read like a second-grade teacher explaining when recess will be allowed. For example, did you know that under Hipaa a doctor can disclose to a relative that you have died? Oh, what times are these that doctors were squealing on you to relatives about your death without you ever knowing. Good thing the Feds are on the job.

Medical care providers now must have a "Privacy Officer" to administer Hipaa rights. I envision a Nurse Ratched type as the Hipaa privacy officer, stamping forms for Hipaa waivers as she glances over her half specs to police the yellow line. My eight-year-old cited Hipaa for refusing to discuss what the dentist told him about cavities and brushing. "I refuse to answer on the grounds of Hipaa. Get a waiver from the privacy officer," he huffed, glancing through his Yu-Gi-Oh cards. Ah, federal empowerment!

[bedolido]

I gave my doctor a hard time by teller him I wouldn't sign a hippa release because it would allow him to reread the notes he'd written in my file. Needless to say... he didn't think it was funny (it still isn't). Hippa is good and bad. Good because companies cannot use your pharmasuitcle (sp sorry) or medical history to hire or fire you cuz they can't get to it. I work for a major food retailer with pharmacies in 22 states (It's Your Store) and was involved in the hippa guidelines and programming. Now hippa won't let my company look at my medical drug files and use them against me... at least that's whats supposed to happen.

[neb52]

Does this guy not relize that HIPPA is about protecting your VERY PERSONAL MEDICAL INFORMATION. Oh the poor soul has to wait behind a yellow line, so he can't look over somebodies shoulder to look at what medicine they getting, OH THE HUMANITY! Trust me the HIPPA standards implementation burden is on those that are providing the services. I know since I use to be a Technology Consultant that had many medical clients and now works for a major regional hospital. If he only knew how the information was casually handled before hand, he wouldn't be complaining.

[FairOpinion]

This was concocted under the Clinton administration and just went into effect.

Unfortunately the Bush administration didn't kill it, which is what it should have done with most of its provisions.

[marsh2]

You have no idea about the costs. The Counties had to entirely revamp their computer system software for social service, behavioral (mental) health and public health. I can't even get statistics at a meaningful level about "clients" we serve and services being provided and trends for planning purposes.

Pretty soon fiscal administrators will have to "take the word" of department heads they need additional staff, new software or a new program. Without Management Information Services reports, we have no idea what is happening in HIPPA governed departments.

[My2Cents]

Standing behind yellow lines at Fry's pharmacy is not part of the HIPAA privacy rule. The compliance standard for privacy in this new federal regulation is that "regulated entities" (e.g., Fry's pharmacy, physicians' offices, dental offices, etc.) take "reasonable measures to protect patient privacy and confidentiality." And the "regulated entities" get to decide what's reasonable! (In Fry's case, they've opted for a yellow line.)

There has been a lot of confusion of what HIPAA requires and what it doesn't require. The reason for the confusion is that the rule itself does not spell out specific actions or requirements that healthcare providers must take to protect patient privacy. This lack of clear mandates, or hoops to jump through, has resulted in wild speculation about what the rule requires, usually by HIPAA scam artists who want to sell their own "compliance resources" to healthcare providers, and drum up their market by throwing around wild intepretations of the HIPAA rule. The fact that the standard of compliance is "reasonable measures", HIPAA is perhaps the first federal regulation that relies upon the regulated parties' commonsense to implement it.

It's funny -- people usually complain about the onerous nature of federal regulations. Now, with HIPAA, there's finally a rule that defers to the commonsense of the regulated community, giving a lot of latitude to healthcare providers in determining how they will comply, and some people think THIS is absurd and more "regulatory burden."

[My2Cents]

The Bush Administration couldn't kill it, because it's the law (passed by Congress in 1996). The Bush Admin. did modify the original Clinton privacy rule to eliminate the need for specific informed consent before a healthcare provider could use one's health information for treatment, payment, and healthcare operation purposes. This was an improvement in the rule in terms of being able to actually treat people, eliminated a lot of the originally required paperwork, but the changes were bitterly opposed by the privacy lobby in DC for not being tough enough.

[Mind-numbed Robot]

Now hippa won't let my company look at my medical drug files and use them against me...

Couldn't they just get your records from the police department?

Sorry! Of course I am just teasing.

[bedolido]

Couldn't they just get your records from the police department?

They CAN do that... but they'll never find out that I'm on Xenax, Welbutin, Zoloft, Pacil, Versaid and Viagra... just those... really nothing else... who said that?

[tahiti]

"Medical care providers now must have a "Privacy Officer" to administer Hipaa rights"

Amendment V

"...nor shall private property be taken for public use without just compenesation."

[My2Cents]

What's the connection between the requirement for a "Privacy Officer" and the Fifth Amendment?

[myrabach]

I for one, cannot see very much benefit of HIPPA... I had a real run in at my doctors office when they insisted upon calling me out of my name as a number. I'm a number at the deli counter in my market thank you very much. I've been on a first name basis at my doctor's for more tna 30 years!

And if you read these guidelines very closely you will see that HIPPA can do whatever it wants with your medical information and doesn't need to 'splain to you what they've done. They don't even have to answer a complaint when you feel you're privacy has been infringed upon.

Seems to me all they've done is open wide the door for big brother government to have all your medical information to themselves.

[Morgan in Denver]

neb52,

I'm writing to you but this could have been to numerous posters.

Read the HIPPA brochure that each health care provider is required to hand out to you. Also note, each of these people are responsible for enforcing HIPPA and will not treat a patient without it signed and in their files. They are also required to report anyone who refuses to sign these forms.

I'm not putting on my tinfoil hat just yet but there is no question that the patient is signing away rights we had before. Prior to HIPPA, law enforcement was required to get a judge to order surrendering medical information. Reading the information on HIPPA, once you've signed their forms we have released any provider from confidentiality.

[not_apathetic_anymore]

I work at an outpatient surgery center. Heres a scenario I deal with at least weekly. A few days before the surgery the anesthesiologist sits down to review the chart and make sure we're set to go. They'll often want to look at say an EKG or other report that was done at another Dr.'s office. That used to be no problem. YOu'd call the other doc's office explain the situation and they'd fax the report over. That's great, you get the information you need to treat patients.

As far as we can tell it's still supposed to be that way, if you're a health care provider you're supposed to be able to have access to other information to care for patients. But everyone is scared to death to violate HIPAA and no one knows for sure what will violate and what won't. There is a whole cottage industry of HIPAA experts of whom you can ask questions. These question and answer sessions come for a heafty fee and with a disclaimer that it's their best educated guess they're not providing guarantees that such a set-up would clear HIPAA.

So, now thanks to HIPAA, here's the scenairo YOu call an office to get some report, everyone thinks it should be ok, they feel really bad, but they won't fax over the informaion. They're too scared of getting nailed. So,you have to get ahold of the patient and them to ask them to pretty please either stop by their DR's office or ask their dr to fax them a release of information form...fill it out...fax it back, so they can fax the needed information to us. But wait...the patient isn't home...what kind of cryptic message can you legally leave...because someone who isn't an authorized person could overhear the message. Hours of everyone's time are wasted on a very simple issue. People are angry and frustrated. Its an albatross, requiring more man hours ($$) to administer and health care gets still more expensive.

[TheBattman]

HIPPA is the biggest act of stupidity I have seen in a long time. This was my intorduction to it:

I worked a band camp hosted at a university here in Arkansas. At the director's meeting the first day, we were informed of the new HIPPA regulations and how they applied. the following example was used -

A student is signed up for camp. This student has a sevier allergie to peanuts. Under the HIPPA regulations, no other directors, band camp staff, or anyone else involved in the camp can be notified.

One councelor could be assigned to that camper for the week, but that councelor could not disclose his/her assignement, even if that councelor had to leave camp for some reason.

Another example given -

A camper has a mental disorder causing them to have fits of uncontrolable rage. Although this is disclosed on the child's camp regisration form, no councelor or staff can be warned. Even if there are warning signs to look for to anticipate an outburst - no-one on staff or faculty can be told of the child's condition.

A specific actual case -

This same camp has, for the entire 30 year history of the camp, used the university's own staff nurse to see ill/hurt campers. Because of HIPPA regulations, the university's nurse could no longer see the campers. The camp is now required to hire it's own nurse specifically for the camp.

Can anyone explain what the difference is between the university's nurse seeing patients vs. a privately hired nurse seeing the patients?

[neb52]

Yeah the calling the patient by a number part always bugged me, the funny thing is at the hospital that I work at the ER Admitting people still call people out by their name. From what I have seen HIPPA only works as far as the employees want it to and as far as the patient is willing to tolerate. The only real protection is that the information will be keeped out of the public eye and out of your employer's hands. Otherwise whose to know that your information is really being protected. I don't know about opening the door to more big brother is watching, the part I know throughly is the Technology side and that part is pretty good. A lot of doctors work from home, especially the night shift ones. Instead of coming in imediately when paged they prefer to log in at home and view the patients records and x-rays. This data needed guidelines on how to protect it and HIPPA provided that and the concequences if they are violated.

[TexasRepublic]

HIPAA requires all medically related computer systems to be compliant -- billing, scheduling, electronic medical records, you name it. The software upgrade sometimes requires a hardware upgrade also. So when your office visits and insurance premiums go up and your favorite doctor retires early to rid himself of the hassles, you should thank HIPAA and other government intrusions upon healthcare.

[evilC]

They should check if they are a "covered entity".

I believe that you are only covered if you exchange patient info electronically and/or take Medicaid patients.

[My2Cents]

You're partly correct. There probably isn't much of a benefit from HIPAA. Most conscientious providers' offices already take care to protect patient privacy, and HIPAA probably adds nothing new. What it does require which is new is that it requires your doctor, dentist, optomistrist, pharmacist, etc., to tell you how they will use your health information (for purposes related to "treatment, payment, and healthcare operation"), and that any other uses are prohibited and must be authorized by you. This isn't all that radical a change.

HIPAA protects "individually identified health information," which means that a receptionist can't blurt out, "Mr. Jones, the doctor is ready to see you about your impotency problem!..." A name by itself is not protected health information. So, a receptionist can call out, "Mr. Jones, the doctor is ready to see you...." That kind of announcement into the reception area doesn't inform everyone else in the room anything about Mr. Jones' reason for being there. The offices that might go so far as to protect a patient by not announcing their name could be a specialist, because based on the kind of specialist, everyone in the reception room may know why you are there, but they don't know your name. So, Mr. Jones may be at an oncologist's office, but the receptionist will not say, "Mr. Bob Jones, come on in..." because that reveals your identify, tied to the fact that you're there to see a cancer specialist. That kind of information -- name, and implied information about the person's health condition -- is what is to be protected under HIPAA.

As to the government getting your health information, they already have it if you are a Medicaid or Medicare patient.

[Brandon]

So, now thanks to HIPAA, here's the scenairo YOu call an office to get some report, everyone thinks it should be ok, they feel really bad, but they won't fax over the informaion. They're too scared of getting nailed. So,you have to get ahold of the patient and them to ask them to pretty please either stop by their DR's office or ask their dr to fax them a release of information form...fill it out...fax it back, so they can fax the needed information to us. But wait...the patient isn't home...what kind of cryptic message can you legally leave...because someone who isn't an authorized person could overhear the message. Hours of everyone's time are wasted on a very simple issue. People are angry and frustrated. Its an albatross, requiring more man hours ($$) to administer and health care gets still more expensive.

I work at a major medical center in administration. If you're facing those problems, you're dealing with incompetent referring physicians. As soon as the referring physician realized he was going to be sending this patient to you, he should have the patient sign a release authorizing him to provide you with his entire medical record, if needed, in order to facilitate continuity of care. At your end, you can fight this, by refusing to accept referrals untl the referring physician faxes you a copy of the signed release. Then when you need new information, waive the previously-signed release under their noses.

This isn't rocket science. This is stuff that we (health care providers) should have been doing all along. I mean, think about the scenario you just described. Imagine that your doctor's office receive a phone call requesting that some or all of your medical record be faxed over to them. Do you really want that happening without your knowledge or consent? The HIPAA thing is no big deal; it's a minor inconvenience. I know, because I deal with this issue on a daily basis in the course of my work.