New medical care privacy rules complicate care and research

Even doctors discover access to information more difficult to gain

April 06, 2003|By NEW YORK TIMES NEWS SERVICE

WASHINGTON - When Dr. Stephen C. Albrecht of Olympia, Wash., called a hospital in Tacoma recently to inquire about one of his patients, an 18-year- old being treated for an infectious disease, he had trouble getting information.

Meanwhile, under a new policy at the Hebrew Home of Greater Washington, a nursing home in Rockville, callers can get information about patients only if they have a password.

And Dr. Matthew J. Messina, a dentist in Fairview Park, Ohio, near Cleveland, said he had changed the schedule posted each day in his treatment room so patients would be identified only by their first names.

New federal rules to protect the privacy of medical records take effect April 14. The changes have touched off a quiet revolution in the health care industry. Doctors, hospitals, drugstores and other health care providers must limit the disclosure of information about patients.

From big teaching hospitals in New York to tiny clinics in West Texas, much of the industry is preoccupied with the new standards, which will be noticeable to anyone who visits a doctor or a dentist. Under the rules, providers must give a written "notice of privacy practices" to every patient, and the notice must be posted prominently in every office, clinic and hospital.

The notices tell patients how their medical information may be used and advise them of their rights, including the right to inspect and copy their records and request corrections. Patients can get copies of their doctors' notes, X-rays and laboratory test results, as well as data collected on them by their health insurance companies.

Rarely have federal rules had such pervasive effects on the health care industry. "It's a new era," said Dr. Spencer Foreman, president of Montefiore Medical Center in the Bronx, N.Y.

The rules affect not only health care providers but also their "business associates," including answering services and the people who transcribe the notes dictated by doctors after they examine patients.

An entire industry of consultants is advising health care providers on how to comply. They sell training manuals, software, security devices and other technology to prevent improper disclosure. The consultants point out that violating the rules is punishable by civil and criminal penalties - a $250,000 fine and 10 years in prison for the most serious offenses.

Federal officials say the rules should not interfere with the flow of information needed to treat patients and pay claims. But doctors and hospitals, uncertain about what the rules allow, have become much more cautious about sharing or disclosing information.

Albrecht was surprised when even he had difficulty getting information about his 18-year-old patient.

"The emergency room physician at the hospital in Tacoma would not discuss his care, the X-ray results or the lab studies for my patient, for fear of violating the federal rules," he said. "I don't know who was right legally, but I do know that the rules are creating a lot of confusion."

Researchers, journalists and clergy members say hospitals are refusing to provide types of information that have been routinely available for many years.

Alicia Mitchell, a spokeswoman for the American Hospital Association, said, "The rules clearly mean that less information will be available to news media and the public."

Scientists are racing to get permission from patients who were unaware that their information was being routinely used for research without their consent.

The rules, issued under the 1996 Health Insurance Portability and Accountability Act, were written by the Clinton administration and endorsed, with changes, by the Bush administration.

Advocates of the rules point to cases in which people were harmed or embarrassed by breaches of medical privacy. Workers with the AIDS virus or a mental illness have lost jobs. Computer hackers have gained access to treatment records for thousands of hospital patients. Pharmacies have shared their records with companies marketing prescription drugs.

In general, the rules say, health care providers must limit the disclosure of personal health information to the "minimum necessary" to achieve a given purpose. In practice, that means a multitude of changes.

Many doctors have changed sign-in sheets in their offices so patients do not have to indicate the reasons for their visits.

Dr. Conrad L. Flick of Raleigh, N.C., said he had removed the names of patients from the outside cover of their charts and installed a glass partition at the front desk so staff members could not be overheard as they scheduled appointments on the telephone.

Many Blue Cross and Blue Shield plans will not discuss claims with the spouse of a subscriber unless the subscriber has signed a form authorizing such discussions. Mutual of Omaha is revising contracts with more than 30,000 agents to add privacy protections.

Baltimore Sun Articles
|
|
|
Please note the green-lined linked article text has been applied commercially without any involvement from our newsroom editors, reporters or any other editorial staff.