HIPAA IS A SUBJECT that is little understood and generates lots of concern among clinical laboratories and every type of healthcare provider that generates clinical data.
On August 14, final privacy regulations were published in the Federal Register. The implementation deadline for most healthcare entities is April 14, 2003, just a short eight months away.
Although the privacy aspects of HIPAA stimulate much public debate, other parts of the legislation mandate common formats for submitting claims and transferring clinical data. With much justification, providers of all types expect to spend lots of time and money on compliance.
Labs To Be Affected
Because information is the stock in trade of all laboratories and pathology group practices, the long-term impact of HIPAA will be profound. That’s because laboratory test data makes up a substantial part of every patient’s permanent health record.
One aspect of HIPAA which makes it more treacherous than other types of legislation is the penalties for breaching a patient’s privacy. HIPAA makes it possible for employees within an organization to face legal consequences for violations of the law. This is a primary reason why HIPAA is getting the full attention of so many hospital administrators.
What has grabbed headlines, however, is the battle between certain consumer groups and the healthcare industry. As originally drafted during the Clinton Administration, HIPAA privacy regulations would have placed a heavy burden on providers to get every patient’s written acknowledgement to access or release information, even for purposes of treatment.
As issued by the Department of Health and Human Services (HHS) on August 14, the final regulations relax many of these requirements. In opposition to this change are groups like the American Civil Liberties Union and the Health Privacy Project at Georgetown University.
The final rule does not require hospitals and providers to obtain written consent from patients to access their medical records for treatment and claims. They must, however, provide some notice of privacy practices and make a good-faith effort to have the patient acknowledge that notice was given.
For hospital inpatients and outpatients, laboratories will be covered by documentation presented at time of admission or registration. Testing done for physicians’ offices will present different challenges. THE DARK REPORT expects that very practical and relatively simple procedures will be quickly developed and become an accepted industry standard.
One unknown factor is how the plaintiff’s bar will use HIPAA to attack providers, including labs, for alleged violation of a patient’s privacy. At this point in time, that is certainly one of the biggest wild cards that come with HIPAA.