HIPAA
rules finally published, affecting all
Many hospital managers can count on being involved with provisions of
the newly released Health Insurance Portability and Accountability Act
(HIPAA). After much anticipation, the privacy provisions were finally
published in the Federal Register Dec. 20.
The law aims to better protect the privacy of patient medical records.
Material managers undoubtedly will be affected because they see and
process bills for devices, which are linked to specific patients.
Similar to other healthcare workers who handle patient identification
numbers and medical charts, material managers will need to comply with
HIPAA's privacy and protection rules, said a company official at Ernst
& Young, an auditing firm in Greenville, NC.
The
new rules limit even the routine release of private health information.
They push criminal and civil sanctions for wrongful disclosure.
Taking effect in early 2003, the new rules set requirements for providers,
scientists and research institutions using patient data. Also, patients
will have access rights to their files and can request corrections and
changes.
Health and Human Services Secretary Donna Shalala said Congress still
needs to consider areas not addressed in HIPAA, such as patient data
in life insurance and worker compensation statements. She also said
the regulation needs clarity on formalizing penalties and legal actions
for violating patient privacy records.
Pressure on providers
Opponents
said HIPAA will jeopardize care whenever healthcare providers do not
have instant and timely access to medical histories. For instance, the
rules could hinder clinics in reminding women to undergo mammograms
or diabetics to have retinal screenings, the American Association of
Health Plans said in a statement.
Other critics have said HIPAA will force hospitals to increase budgets
for new computer systems, staff training and hospital security systems.
But others said that increased efficiencies should quickly counter implementation
costs, which are estimated to be between $17 billion and $22 billion
nationally over the next 10 years.
Moody's
Investor Service said HIPAA will impose "meaningful but not devastating"
financial burdens on not-for-profit hospitals. Some critics feel small
physician practices and other provider groups may be most at financial
risk.
Penalties for intentionally violating the regulation could include fines
of up to $50,000 and a year in prison. Selling patient information can
bring a maximum fine of $250,000 and up to 10 years in prison.
HPN
|
