|Editions | myCNN | Video | Audio | Headline News Brief | Feedback||
Expanded privacy rules perpetuate debate
(IDG) -- President Clinton's last-minute introduction of sweeping federal rules to protect patient privacy has sparked a new round of debate in the health-care industry, which has been awaiting the privacy regulations for the past five years.
While health privacy advocates said they favor the rules, which Clinton announced Dec. 20, critics said the unexpected move by the administration to apply health privacy protection to oral and written communications will add unnecessary complexity to an industry that's already heavily regulated. The original proposal applied only to electronic records.
"Does the government have the right to regulate every single letter that a doctor writes about a patient?" said Mark Anderson, a vice president at Meta Group Inc. in Stamford, Conn., and a former hospital CIO.
But Zoe Hudson, a senior policy analyst at the Health Privacy Project at Georgetown University in Washington, said the regulations are necessary to protect patient privacy.
"Until now, there has been no federal law that protects patient privacy," she said. "In practice, [health records] receive less protection than financial records or even video rental records."
Critics said president-elect George W. Bush could make additional changes to the Health Insurance Portability and Accountability Act of 1996 (HIPAA) after he takes office Jan. 20. Bush's office didn't immediately return phone calls seeking comment.
Under the rules, health care organizations would need to have patients sign a one-time consent agreement allowing their health data to be shared for billing and treatment purposes. Patients must also be given detailed written information about their privacy rights and be informed of any planned use of their personal information. Failure to comply with the regulations could result in civil fines or criminal charges against those who sell health information.
The regulations, which were prepared by the U.S. Department of Health and Human Services, are the final version of proposed rules that were issued a year ago, after Congress failed to pass comprehensive medical privacy legislation as required by the HIPAA.
Applying the medical privacy rules to paper and oral communications shouldn't have much impact on IT workers, said Scott Cebula, executive director of information services at MemorialCare in Long Beach, Calif.
According to the American Hospital Association in Chicago, the privacy rules will cost hospitals as much as $22.5 billion over five years. The Clinton administration, however, has estimated that the HIPAA will cost the entire health care industry $17.6 billion over 10 years.
The act also calls on hospitals, health insurers and health care clearinghouses to establish procedures for protecting patient privacy, such as appointing executives to oversee their internal procedures. And companies are prohibited from accessing health records for employment purposes.
Claudine Singer, a senior analyst at New York-based Jupiter Media Metrix Inc., said that while the HIPAA will have an enormous impact on the health care industry in the long run, it will be some time before changes occur. Most health care organizations will have two years to comply with the final rules, and smaller health care groups and community hospitals have three years.
"Don't expect enormous change tomorrow in your doctor's office," Singer said.
Hospital hack points to need for standards
RELATED IDG.net STORIES:
Power Prognosticator: Net privacy law
U.S. Department of Health and Human Services
|Back to the top||
© 2001 Cable News Network. All Rights Reserved.|
Terms under which this service is provided to you.
Read our privacy guidelines.