Act protecting patient information goes into effect today
Starting today, health care patients have a little more paperwork to deal with.
But it's to their benefit, said Pam Nalley, privacy officer for Yuma Regional Medical Center.
Beginning today, people checking into hospitals nationwide will receive a written explanation of how the hospital uses and discloses patient information. The new procedures are the result of the Health Insurance Portability and Accountability Act (HIPAA) of 1996, which established privacy standards for the use and release of patients' personal health information, referred to as 'protected health information.'
The federally mandated standards also apply to other health care providers such as doctors' offices, laboratories and even the Yuma County Health Department, Nalley said. It also impacts third-party insurers and clearing houses for the transfer of medical information.
HIPAA has come under criticism for adding another layer of paperwork to health care and raised concerns by some that it may put up roadblocks for medical treatment, shut out information to loved ones and create a government database of personal information.
"It depends on who you talk to whether it will help or not," Nalley said. But after 1. years of work to ensure YRMC will be in compliance, she has concluded that "it really is a strong program to protect patients' privacy" and will actually improve the quality of care as health care providers become more sensitive to the rights of patients.
"It is a good thing," she said.
HIPAA grew out of the movement toward electronic transfer of information for the filing of medical claims, Nalley said. That raised concerns about a person's medical information being readily available.
And so the privacy provisions were crafted. "It definitely gives the patient more rights and more say in how their health information is used and shared," she said.
"In the past, perhaps the door has been a little too open," she said. "I think most people would prefer protection of their medical privacy. It's their call now how much information we share."
It won't, however, block the sharing of information for the continuation of a person's medical care, she said. For example, if a person was treated at the YRMC emergency room then flown to Barrows, "we would transfer their medical information so the patient would receive the best care possible."
The information would also be shared with doctors, nurses, therapists, emergency personnel and others involved in the patient's care. Health care providers also wouldn't need authorization to file claims with third-party insurers.
But if a person was being treated in a hospital in Washington, D.C., for example, and hadn't been transferred by YRMC, the patient's information wouldn't be released to the Washington hospital without the patient's permission.
"There's a fine line between the continuum of care and just wanting to build up information on a person," Nalley said. "The patient can say who can receive information and who can't."
That means patients could say they don't want to be listed in the hospital's patient directory, she said. "We don't want to encourage that, but it is an option. Most people like to have visitors. But if they opt out, there would be no visitors, no condition report for the paper. Even if their mother calls, we can't acknowledge."
Nalley said she has heard a number of concerns about the enforcement of HIPAA.
One concern is whether a son or daughter who has been caring for an elderly mother can receive medical information, Nalley said. "Under HIPAA, if a patient says they want family to hear, that's verbal authorization for them to be there and listen to the doctor and nurses. If the patient says they don't want a son or daughter to know, we have to respect those wishes."
Another concern is whether health care providers could share information with each other, such as if a doctor was called in for a consultation, Nalley said. "When the rule was first written, the doctor couldn't even call the pharmacy unless the patient signed authorization with the pharmacy. They realized that was too restrictive."
Also, she said, she's heard concerns about whether the offspring of winter visitors would be able to call and receive information on a parent's condition. "We would have to have the OK from the patient," Nally said.
However, if the patient was unable to give authorization and the hospital knew his identity and that of his family, "it would be OK to contact them and let them know," Nalley said.
HIPAA has three parts, Nalley explained. The privacy standard that goes into effect today is the first phase; the next is implementation of the transaction codes for the electronic transfer of claims and payments that have to be in place by Oct. 15; and the security of information transmitted electronically, such as encryption and secure portals, that will be required by April 21, 2005, so the information can't be intercepted.
"That will be very expensive," Nalley said. In fact, the entire implementation of HIPAA has a high price tag. Estimated cost just for the first phase is $22 billion, all of which is being borne by health care providers, she said.
The bottom line, Nalley said, is that "our true goal is to get the patient well. We'll give them the best treatment possible but we'll keep it quiet."
Nalley is available to speak to offices and organizations that would like to learn more about HIPAA. She can be reached at 336-7600.
Joyce Lobeck can be reached at email@example.com or 539-6853.