In the wake of a week that saw the Health Insurance Portability and Accountability Act first scuttled, then resurrected, experts are advising their clients to steer a steady course.On Monday, April 9, HIPAA faced an uncertain future. That day, four
In the wake of a week that saw the Health Insurance Portability and Accountability Act first scuttled, then resurrected, experts are advising their clients to steer a steady course.
On Monday, April 9, HIPAA faced an uncertain future. That day, four HIPAA news items surfaced:
Hospital information technology managers and HIPAA security officers could perhaps be forgiven for any confusion they may have felt. Even the experts seemed befuddled. Some adopted a wait-and-see attitude, while others advised clients to slow down HIPAA compliance efforts.
Then, on Thursday, April 12, the Bush administration reversed course, deciding to let the rules written by the Clinton administration go ahead and take effect over the Easter weekend with no delay, meaning the compliance date of April 14, 2003, remains in effect for most covered entities. Only those healthcare plans with less than $5 million in annual income have until 2004.
Behind the on-again, off-again discussion of the HIPAA rules has been a fairly intense debate about their impact. The rules have come under fire from hospitals, insurance companies, drug companies, and several medical organizations for being too complicated and expensive to implement. As a result, Health and Human Services Secretary Tommy Thompson put a 60-day hold on implementing the rules, during which time HHS received 24,000 written comments.
Although HHS has decided to go ahead with the original mid-April deadline, it has left open the door to changes over the next several months. In addition, HHS will issue guidelines to clarify confusion about the regulations. These guidelines will recognize that doctors and hospitals must have access to medical information about their patients and be able to consult with other physicians and specialists regarding a patient's care; that patient care will not be unduly hampered by confusing requirements surrounding consent forms; and that parents will have access to information about the health of their children.
Experts are advising their clients to maintain an even keel despite this political turbulence.
"While changes may be made, thus altering the details of implementation, the goal of the privacy rule will remain the same," said Kristen K. Hughes, a healthcare attorney associated with SG&A Consulting. "The tumultuous climate surrounding the privacy rule should not delay reasonable efforts toward compliance. While changes to specific provisions of the rule may be seen over time, the issues addressed by HIPAA's privacy and security regulations will remain."
Douglas Orr, president of J&M Group, a healthcare consulting firm in Connecticut, offers similar advice.
"Privacy and security of patient data is of critical importance, irrespective of the national legislation that mandates such plans and policies," he said. "It's acceptable to continue forward with current action plans for the benefit of the institution and to continue monitoring any potential changes."
Further information about HIPAA is available at these Web sites: