Wednesday, July 11, 2007

The HIPPA in the Living Room

Found this interesting piece on the internet yesterday. It’s great food for thought and dispels much of the faulty information floating around regarding what HIPPA is SUPPOSED to be about. There are those in our state who use it as a means for avoiding accountability...
-------------------------------------------------------

IS HIPAA PROTECTING PATIENTS OR PROVIDERS?
An article in the New York Times explains that because the HIPAA laws are so technical, they are being misunderstood and misinterpreted.

The article tells the story of Gerard Nussbaum was told he could not stay with his father-in-law while he was being treated after a stroke. He was then threatened with arrest while looking through his father-in-law’s chart to prove to the nurse she was about to administer a dangerous second round of sedatives. Both nurses claimed that access to his father-in-law and his father-in-law’s records were prohibited under the Health Insurance Portability and Accountability Act, more commonly known as HIPAA.

Many providers do not understand the law, have not trained their staff members to apply it judiciously and many are afraid of the fines and jail terms threatened by the Act, although no penalty has been levied in four years. Susan McAndrew, deputy director of health information privacy at the Department of Health and Human Service believes healthcare providers are hiding behind the HIPAA law. She states “Either innocently or purposefully, entities often use this as an excuse…They say ‘HIPAA made me do it’ when, in fact, they chose for other reasons not to make the permitted disclosures.”

Many experts distinguish between “good faith nondisclosures,” such as when a random person calls in for information about a patient and they cannot verify they should disclose the information and “bad faith nondisclosures,” like using HIPAA as an excuse to refuse to gather needed records to help public investigators with a child abuse case. Ms. McAndrew explains some of the do’s and don’ts of sharing medical information:

"Medical professionals can talk freely to family and friends, unless the patient objects. No signed authorization is necessary and the person receiving the information need not have the legal standing of a health care proxy or power of attorney. As for public health authorities or those investigating crimes like child abuse, HIPAA defers to state laws, which often require such disclosure. Medical workers may not reveal confidential information about a patient or case to reporters, but they can discuss general health issues."

Most on the spot decisions are made by staff who are more comfortable saying “no” than “yes” when they are not sure of the law.

So, if you need information about a friend or family member, unless that person objects, you have every right to that information. Don’t let the staff hide behind the HIPAA law and prevent you from helping a loved one manage their care.

3 comments:

Mike said...

The privacy and security rules of HIPAA defined the amount of information that can be shared when conducting the business of healthcare. PHI can be shared for treatment, payment and healthcare operations without patient or health plan member consent (there are additional special provisions that allow PHI sharing but they are strictly defined and include law enforcement, public health, healthcare oversight activities, etc.).

I would like to introduce one website which I recently discovered a very good regulatory compliance website which provides all the useful information regarding HIPAA such as recent happenings, webinars, conferences, articles, product and much more http://www.compliancehome.com/topics/HIPAA/

Compliance advisor said...

If one needs to have a deep understanding of HIPAA and more information on HIPAA training and also HIPAA template suite along with enterprise contingency plan template suite which any organization, small or big, can use to meet their compliance requirements of Sarbanes Oxley (SOX), FISMA, ISO 17799 or any other regulation/standards requiring business impact analysis, risk assessment, disaster recovery planning (DRP), business continuity plan (BCP) and Testing & Revision of Plan, they can discover it at training-hipaa.net website by following the links given below

HIPAA Privacy and Security Certification Training
http://www.training-hipaa.net/certification_training/com_privacy_security.htm
Enterprise Contingency Plan Template Suite
http://www.training-hipaa.net/template_suite/enterprise_contingency_plan_template_suite.htm

David McDonald said...

Thank you both for sharing this information