Health Information Compliance Alert

Health Information News:

HAWKEYE STATE RAISES CONCERNS OVER MEDICAL PRIVACY

Should law enforcement officials be given access to private medical documents to help solve crime? A case in a small Iowa town is spawning controversy over what some perceive as needlessly rigid medical privacy protections.

A dead infant was discovered dismembered on May 30 at a recycling center in Storm Lake, Iowa and the incident has raised significant concerns over the efficacy of the privacy rule, according to the Des Moines Register.

Police officials involved in the subsequent investigation obtained a court order seeking the medical records of women who took pregnancy tests at hospitals and clinics during the previous months, but Planned Parenthood would not permit access to the patients' records. A district court judge ordered Planned Parenthood to release the records, but the Iowa Supreme Court issued a temporary stay on the order.

A report in the Aug. 24 New York Times reports that Planned Parenthood's lawyers and its associates argued that there was no justifiable reason to presume the infant's mother had a pregnancy test at a clinic or doctor's office, and that the private medical information being sought by investigators amounts to law enforcement agents seeking documents that may have no bearing on the case.

And a solution to this controversial issue doesn't appear to be in sight. The Times reports that a local Iowa lawyer indicated that a client of his was considering suing another clinic for turning over records to the sheriff concerning a pregnancy that ended when the fetus died. However, since the client would have to disclose her real name if she sues the clinic for damages, the lawyer said she was not sure she would sue, despite her anger at the clinic for failing to contact her before releasing information.

  • A top official with the Centers for Medicare & Medicaid Service is urging health care providers covered by the Health Insurance Portability and Accountability Act transactions standard not to drag their feet if they want a one-year compliance extension.

    In an Aug. 26 statement, Chief Operating Officer Ruben King-Shaw Jr. points out that legislation passed late last year allows covered entities to secure a one year extension on compliance from Oct. 16, 2002 to Oct. 16, 2003 if they submit a brief HIPAA compliance plan to CMS by Oct. 15, 2002. Covered entities can submit the plan by mail, but CMS prefers online submissions at www.cms.hhs.gov/hipaa/hipaa2/ascaform.asp.

    The deadline for extensions, King-Shaw notes, is rapidly approaching.

    "CMS is encouraging everyone to submit their compliance plans now, and to implement and test the new standards as soon as possible," King-Shaw says. "If there's any doubt about whether you will be ready by October 16, then it's especially important that you file a request so you can take advantage of the one-year extension authorized by Congress."

    Additional HIPAA compliance resources available from CMS are available at http://www.cms.hhs.gov/hipaa/hipaa2/.

  • Some professional sports teams may just have hit a home run with the Health Insurance Portability and Accountability Act. Since the final privacy rule was issued Aug. 9, some professional teams including some in the National Football League and in Major League Baseball were worried that if the regulation were strictly applied to them, then players' medical information would create a blitz of unwanted bureaucracy.

    That fear has dissipated lately as teams have come to realize that the rule provides them with a way out. As it turns out, "professional sports teams are unlikely to be covered entities" under the reg, according to final rule published in the Aug. 14 Federal Register.

    That means that professional teams could add clauses to their contracts specifically prohibiting the release of medical information, according to an Aug. 13 article by the New York Times. The Times reportsthat the only league that currently releases medical information is Major League Baseball, which discloses the records of a player who may be ripe for a trade.

  • While those who market medical information seem content with the recent changes to the privacy rule, at least one health privacy group says the changes will adversely affect patients' privacy rights.

    According to Janlori Goldman, director of the Health Privacy Project at Georgetown University, the Department of Health and Human Services' final privacy rule doesn't apply enough restrictions on those who market medical information.

    In the article, "Changes to Medical Privacy Regulation Ease Marketing Safeguards," Goldman notes that HHS has removed significant rules that acted as safeguards for patients.

    The new rules redefine "marketing" so that it includes any communications that encourage recipients to purchase or use a product or service. The revamped marketing also incorporates occasions under which covered entities disclose protected health information to another entity in exchange for direct or indirect remuneration.

    Under the new definition, communications made for these purposes are not considered marketing: Descriptions of a health-related product or service that the party issuing the communication is providing; treatment of a patient; or case management or care coordination of an individual, or recommendations regarding alternative treatments, providers, or care settings.

    Goldman says these changes make it tougher for patients to maintain their privacy. For example, she says HHS has written the rule to say that it is not considered a marketing strategy for a drug store to accept payment from a drug maker to send out a mailing to patients based on their diagnoses and their specific medications.

    "HHS is now legalizing and legitimizing a controversial practice that has been widely decried by consumers and health care providers as reprehensible," she argues.

  • Other Articles in this issue of

    Health Information Compliance Alert

    View All