Printer-friendly format

More than a decade after passage of the Health Information and Portability Accountability Act (HIPAA), many hospitals still aren’t issuing the required forms to patients that disclose their rights to keep medical information private, according to Reid Cushman, PhD, operations director of medical information technology at the University of Miami’s Miller School of Medicine.

“Lots of places don’t bother to give you the form,” Cushman said. “Clearly, it’s become this pro forma privacy thing.”

Hospitals are doing their best to comply with HIPAA, said Kathy Reep, financial services director of the Florida Hospital Association. “They are now for the most part very aware of the law.”

HIPAA has had a sweeping effect across the healthcare sector, spawning an industry of privacy consultants, influencing employer wellness plans and costing the healthcare industry hundreds of millions of dollars to comply.

Passed by Congress in 1996, the brunt of the HIPAA law didn’t take affect until 2003 and 2005. For Cushman, who started the Privacy/Data Protection Project at the University of Miami to assist healthcare groups in complying with HIPAA, the law in hindsight feels a lot like the Y2K scare in 2000.

“The moment passed,” Cushman said. “A lot of people thought this would be a wrenching thing, but they wrote their policies and moved on.”

Cushman too has moved on. The group’s website hasn’t been updated for more than a year, though he still gets occasional calls. He said the next frontier in health information privacy is genetic information.

“Given that we build an insurance system based on preexisting conditions, think about the problem that creates when your genotype indicates what things you may or may not be susceptible to,” he said. “Where do you draw the line?”

Few legislatures have taken on the issue completely, and the Florida legislature is no exception. The state does have protections for the privacy of specific conditions such as mental health and sexually transmitted diseases, Cushman said.

Another area where HIPAA has been having considerable influence regards employee wellness programs that businesses are increasingly turning toward as a way to lower their health insurance costs.

HIPAA comes into play in terms of amending the Employee Retirement Income Security Act (ERISA). “In short, it says you cannot say to somebody that you can pay a discount on your health insurance if, for example, you no longer use tobacco products or you’ve lowered cholesterol,” said Joe Lazaroti, partner in the benefits group at Jackson Lewis.

But many companies do offer incentives to get healthy because the law is unclear. Lazaroti, who advises many large corporations — some with offices in Florida — said HIPAA has created more confusion than anything else when it comes to employee benefit programs.

“The federal government needs to clean up its house and decide what policy to protect,” Lazaroti said. “Do they want to protect privacy or give employers tools to deal with wellness programs? Employers struggle with these issues. If employees don’t feel comfortable disclosing information then they’re not going to participate and we won’t have the desired effect.”

The Equal Employer Opportunities Commission has taken the position that if an employee wants to receive a discount on health insurance, he or she has to give information about their health, Lazaroti said.

CFI Westgate Resorts in Orlando was one of the first companies in the country in September 2003 to enact a ban on smoking tobacco or face termination. Late last year, the company announced it would offer cash incentives for competing in a weight-loss contest, according to Human Resource Executive Online.

“One thing HIPAA allows you as an individual is to sign over information to anybody,” Cushman said.

HIPAA also seems to tie the hands of university officials when it comes to sharing information about possibly dangerous behavior by students. This cropped up last year in a review of Florida law, following the shooting at Virginia Tech University.

According to the panel, privacy laws prohibit “those most closely involved in the fields of mental health law and higher education law that the disclosure of a student’s records without his or her consent.”

Sifting through the arcane language of such a complicated law such as HIPAA has revealed at least once thing for certain, Cushman said. “HIPAA has many glaring loopholes.”



March 2008

Tags:

None

Login and voice your opinion!