|
|
barracks, also got a rude awakening about the federal patient privacy law that went into effect a year ago.
"A gentleman came to the station for help. His wife was transported to the hospital for a psychiatric evaluation and she was transferred to another hospital and the hospital wouldn’t tell him what hospital she was transferred to," said Sivo.
For Delaware County’s Director of Emergency Services Ed Truitt, who oversees about 130 dispatchers charged with conveying information to emergency medical technicians and paramedics, HIPAA presented a rather ironic dilemma.
"We had to dispense a dispatcher who had a fall, to Riddle (hospital) and called to find out how the dispatcher was doing and they weren’t allowed to tell us," said Truitt.
The Health Insurance Portability and Accountability Act of 1996, also known as HIPAA, was initially intended by Congress to protect health insurance coverage for workers and their families when they change or lose their jobs.
But when it went into effect April 14, 2003, it brought with it regulations formed by the U.S. Department of Health and Human Services at the behest of Congress, intended to protect the privacy of individuals’ medical information.
Almost every American probably has been exposed to HIPAA, whether through filling out long privacy forms in their doctors’ offices, or trying to find which room a relative is in at a hospital.
While most people agree that protecting patient privacy is a good idea, those "covered entities" charged with implementing HIPAA admit it has been a complicated, costly and sometimes confusing process.
Nancy Bucher, vice president and chief compliance and privacy officer for Crozer-Keystone Health System, which includes five Delaware County hospitals, described HIPAA as "somewhat onerous."
"HIPAA is a very complex law. It is about the size of the Delaware County phone book," said Bucher.
Officials at all Delaware County hospitals have conducted ongoing education of staff members since before the law went into effect, and have installed computer software to accommodate the demands of HIPAA.
"The hospital did have to pay for the data systems changes as well as the educational costs associated with training more than 1,800 staff, 300-plus volunteers and providing information to all our physicians," said Dennis Burt, privacy officer at Riddle Memorial Hospital in Middletown.
Delaware County Medical Society Executive Director David McKeighan said some local doctors have experienced delays in getting diagnostic study results for patients and in getting reimbursed for services because certain laboratories and billing vendors do not have computer software compliant with HIPAA.
"It certainly has been an inconvenience and an expense," said McKeighan, who noted that doctors have had to install new software, restructure their offices and designate compliance officers because of HIPAA.
Training staff about HIPAA has been a big part of the implementation of a new patient access plan at Mercy Fitzgerald Hospital in Darby, which has reduced 24 points of entry into Mercy’s information intake network to six hubs, said Vice President of Mission Services Sister Donna Watto.
Coverage and punishment
Registration areas will soon be installed in the hospital lobby that will also help address HIPAA regulations and ensure the patient’s privacy, noted Watto. She believes it is worth the expense.
"I’m a confidentiality nut," Wattos said. "I really believe people have a right to privacy so it’s not imposing to me to make sure people have that right."
In addition to hospitals, "covered entities" mandated to carry out HIPAA regulations include doctors, emergency medical technicians/ambulance services, health plans, including HMOs, Medicare and Medicaid, health-care clearinghouses such as billing services, and health-care providers who elect to transmit claim information electronically.
They must provide all patients with their information policies, refuse to respond to requests for any detailed medical information unless the patient expressly consents, and allow patients to opt out of hospital directories.
Even if a patient opts to stay in a hospital directory, the only information allowed to be released to members of the media or anyone else is the patient’s location in the facility and general medical condition such as "stable" or "critical." Those making inquiries must know the name of the patient.
The burden of compliance rests on health-care personnel. Violators can be sentenced to up to 10 years in prison and fined up to $250,000 in criminal penalties, and $100 per violation or up to $25,000 per year for civil penalities.
Some hospital officials are so concerned about paying penalties that even when patients opt to stay in the directory, they refuse to release information, said former Chadds Ford resident Teri Henning, media law counsel for the Pennsylvania Newspaper Association.
"Some hospitals have chosen to be overly cautious and the net result is the public doesn’t get even some basic information about matters of legitimate public concern," said Henning.
She said she has received complaints from reporters unable to get information about such public health issues as potential cases of Severe Acute Respiratory Syndrome, also known as SARS, or West Nile virus in the community.
"There is no doubt it has made it more difficult for newspapers and other media outlets to gather news related to accidents and public health issues," said Henning.
Under HIPAA, hospital officials are required to report matters of public health concern to public health officials. Since Delaware County has no health department of its own, reports are made to the state health department, which has a health center in Chester.
Up until about two months ago, there was some confusion among doctors as to whether HIPAA prohibited them from reporting communicable diseases to the state health department, said McKeighan.
Pennsylvania Health Department spokesman Richard McGarvey noted that the reporting rules for communicable diseases are the same as before HIPAA was enacted. Delaware County cases are handled by an epidemiologist at the state health department office in Reading, Berks County, and the Chester state health center staff.
State health officials in Harrisburg determine whether it is in the interest of public safety to release basic information about cases or potential cases of reportable diseases.
Last year, about a week after HIPAA went into effect, the public was able to learn about a potential case of SARS at Mercy Fitzgerald Hospital because the patient’s family had given hospital officials consent to release general information to the media.
Because hospitals are covered by HIPAA, reporters are often unable to get the conditions of accident or crime victims from hospital personnel. However, police officers, firefighters, family members, bystanders, medical examiners and the patients themselves are not restricted by HIPAA and are free to give information, noted Henning.
"Public officials and public agencies often improperly cite HIPAA in denying access to information. In most cases they are not covered entities and are not covered by the provisions," said Henning.
She said the National Newspaper Association has made a formal request to the U.S. Department of Health and Human Services to publicly acknowledge that state and federal open record laws are not pre-empted by HIPAA when custodians of records are not covered by the act.
Plenty of questions
Craig Palosky, a spokesman for HHS, maintains that the regulations are already very clear about who is not covered by HIPAA.
He said a lot of the complaints the agency has received since HIPAA went into effect a year ago have been based on misconceptions, many of which he insists could be cleared up by people accessing the HIPAA Web site at www.hhs.gov/ocr/hipaa/.
"We have been adding to the guidance on the Web site to continue to help people better understand the privacy rules," said Palosky.
In the last year the Frequently Asked Questions section on the HIPAA Web site has been accessed more than two million times and there have been more than 20,000 calls made to the toll-free HIPAA hotline at 1-866-627-7748, said Palosky.
He noted that the agency has received more than 5,000 complaints from consumers who still don’t feel their privacy is sufficiently protected.
In 1999 the agency received about 52,000 comments from the public on the proposed HIPAA regulations and about 24,000 more on the final regulations in early 2001. About 11,000 more comments from the public were submitted to the agency in 2002 when amendments were made dealing with "issues of workability," noted Palosky.
He said no further amendments are currently planned for the HIPAA regulations which, can be amended once every 12 months.
Law enforcement officials and prosecutors would not like to see amendments to HIPAA so much as they would like to see a better understanding by hospital personnel as to the exceptions made to the act for criminal investigations.
"The general provisions of HIPAA are not geared to criminal investigations or law enforcement. They are geared to the new privacy regulations for medical records. It’s not a crime-fighting tool," said Delaware County Deputy District Attorney Sheldon Kovach, chief of the law and appeals division.
Assistant District Attorney Michael Galantino, who has headed Delaware County’s special victims unit since its inception 5½ years ago, admits HIPAA is very complicated. He participated in a training seminar held in March 2003 at Crozer-Chester Medical Center, Upland.
"I think what is needed is better training for health-care providers in understanding what exceptions there are in dealing with law enforcement cases. I know Crozer in particular has done a lot of training in that regard," said Galantino.
Kovach said there is an exception to HIPAA in which doctors are mandated to report gunshot wounds and are also required as medical professionals to report suspected child and elder abuse, and rape.
"But hospitals are cautioned that those reports must be made to public health officials and not necessarily made to police, so there’s an example of why there may be confusion," said Kovach.
Sgt. Willard, whose department investigates close to 50 shootings a year in Chester -- eight homicides last year -- said HIPAA could be burdensome for his five detectives when they need to interview witnesses and victims who are hospitalized.
"The potential is there that it could present some difficulty for us. If there is someone we need to talk to who is a witness in a homicide we’re investigating they could be released from the hospital and we wouldn’t know about it," said Willard.
Sgt. Willard said he understands the position hospital personnel are in because of HIPAA, but he still has to do his job.
"Balancing the rights of the individual against solving a homicide is a problem," the Chester detective said. "Things can get tough enough without this."
TOMORROW: Problems created by HIPAA
