|[ Table of
What are the implications for clinicians and other health-care professionals of the Health Insurance Portability and Accountability Act (HIPAA) patient privacy and confidentiality statutes?
By Chris Kidd
Information Security and Privacy Officer
In order to provide appropriate care to individuals within the health-care system, patients must be willing to share all pertinent information with their providers. However, many individuals are unwilling to do so, fearing that their information may be used for purposes other than treatment, or that their privacy in general will not be protected. According to a recent survey, 17 percent of Americans indicated that they have taken steps to protect their privacy, including "physician hopping," providing incomplete or inaccurate information during diagnosis/treatment, or by refusing treatment. By 1995, public concern over privacy issues had grown more than 18 percent since 1978-from 64 percent to 82 percent.
Many states have existing privacy statutes, but they are diverse and, in many cases, do not allow patients access to their health information. Congress sought to respond to these concerns, as well as to simplify health-care administrative processes and set federal standards, by passing the Health Insurance Portability and Accountability Act of 1996 (HIPAA). A part of this law requires Health and Human Services (HHS) to develop regulations covering privacy, security, transactions (electronic data interchange) and unique identifiers-all to be implemented within a 26-month period after their final release.
The privacy rule, which requires large providers to be compliant by April 2003, affords consumers the right to control and understand how their health information will be used and disclosed. The major provisions state that:
HHS estimates the privacy implementation cost across the U.S. health-care system will be $17 billion over 10 years, which is offset by a savings of $30 billion from implementation of the electronic transactions, as required under HIPAA. While it is true that compliance will be a significant challenge, the financial costs of non-compliance may be greater, as HIPAA carries severe civil and criminal penalties (up to $250,000 in fines and 10 years in prison). The greatest casualty of non-compliance, however, may be patient care, as consumers become increasingly concerned over privacy and are unwilling to share information vital to their care.
We always welcome your comments about the magazine. Address letters to: Editor, Health Sciences Report, Office of Public Affairs, University of Utah Health Sciences Center, 50 North Medical Drive, Salt Lake City, UT 84132. FAX: (801) 585-5188. E-mail: Susan.Sample@hsc.utah.edu.