who has access to your patients' records?
| Illustration by Malcolm Garris/PhotoDisc |
By
Leigh Morgan Today, computer-based medical records change hands almost as readily as data zips along the Internet. A patient's healthcare information can often be retrieved not only by their care providers, but also by their HMOs and their employers. Even some researchers and public health organizations can get the information. But now lawmakers and health professionals are looking for ways to protect patient privacy. SHARED KNOWLEDGE Managed care relies on sharing data. With the trend toward mergers, acquisitions, and outpatient facilities, more employees in often widely dispersed organizations have access to confidential information, requiring numerous data transactions and increasing the risk of leaks. "Sharing information is a big change in health care, but we have to do it," said Jane Hirsch, MS, RN, vice president of nursing and patient care services at UCSF Stanford Health Care in San Francisco. To obtain reimbursement, healthcare workers must frequently relinquish patient data to a case worker or "utilization reviewer"—usually a complete stranger—who may question a course of treatment, Hirsch said. In addition, compliance crackdowns by government agencies can render hundreds of patient records vulnerable to inspection. Inadequate rules, policies, standards, and ethics have confused the confidentiality issue for patients and providers alike, according to Robert Gellman, a Washington, D.C.-based information policy consultant. "People do a zillion things with records, and are they morally ethical? It’s hard to say. There are a zillion unanswered questions out there, and healthcare workers really can’t answer them on their own. "Workers should demand [a clear set of rules] to protect themselves," Gellman said. STRICTER CONFIDENTIALITY LAWS While healthcare providers, HMOs, employers, researchers, and public health organizations are already bound by confidentiality laws and rules, Congress is considering another round of bills to ensure standards of patient privacy. Under a proposal introduced last September by Department of Health and Human Services Secretary Donna Shalala, PhD, breaching medical confidentiality laws could result in criminal penalties for healthcare providers. Shalala recommended that "everyone in this chain of information handling be covered by the same rules." As mandated under the Health Insurance Portability and Accountability Act, Congress must adopt Shalala’s proposal or another law or set of regulations by August 1999 to shore up privacy protections and provide legal redress for violations. Lawmakers from Washington, California, Utah, and Vermont are floating other legislative solutions although similar bills have fizzled in the past. One of the most controversial provisions of Shalala’s proposal would allow law enforcement and government intelligence officials unfettered access to patient records. The American Psychiatric Association and other mental health organizations are arguing against the recommendation. At least one congressional measure would require officials to obtain a court order in all instances before seizing protected patient information. Only 28 states have definitive confidentiality laws, and even these aren’t uniform in their approach, according to the American Health Information Management Association, whose members manage patient records throughout the industry. AHIMA supports Shalala’s proposal, but wants to see one tough federal statute replace the muddle of state laws currently on the books, said spokesperson Jack Segal. Shalala recommends retaining some of those state laws. "We’re saying make federal regulations stringent enough that we would be comfortable pre-empting existing laws," Segal said. "Anything you do has to ensure that the patient’s record is still able to do what it’s supposed to do—enhance patient care." WHAT ABOUT ME? Where does all this leave healthcare providers? Dale Miller, director of consulting services for Irongate Inc., a San Rafael, California, firm that teaches organizations how to secure health information, said that new criminal penalties wouldn’t apply to individual workers who make honest mistakes. "If entire lists of patients are sold to a drug company for advertising," Miller said, "that would be a case where you’d see criminal charges." In fact, nurses and allied healthcare workers are often the first employees to voice concerns about ensuring patient privacy, according to Miller. Patients who are worried about information getting out and destroying a personal relationship, undermining insurance coverage, or threatening their employment may talk openly to a nurse. Nurses and other healthcare professionals sometimes worry that their own patient records are being viewed by co-workers. Theoretically, that could happen, Hirsch said. "We’re in the process of developing fire walls to screen off pockets of information," she added. Hospitals also run random checks of patient files to identify who is accessing whose information. If an employee’s inquiry cannot be justified, that can be grounds for disciplinary action. From her own experiences, Hirsch said that security concerns aren’t keeping patients from revealing important health information to providers. "The vast majority of healthcare professionals take the confidentiality responsibility very, very seriously. Most patients trust that we will uphold our part of the bargain." |
|
 |
||
|
[][][][][][][][][][] PREVIOUS STORIES How the Web can help you find a job Online
mentoring [][][][][][][][][][] |
||
|
[][][][][][][][][][] RELATED WEB SITES American Health Information Management Association American Psychological Association U.S. Department of Health and Human Services [][][][][][][][][][] |
||
|
|
||
| Comments? Suggestions? Write Us. | ||