 |
 |
      |
|||||||||||||||||||
 |
||||||||||||||||||||
   |
||||||||||||||||||||
|
|
||||||||||||||||||||
|
After a recent spate of medical privacy violations, health information seems tainted with an electronic stain. The security breaches occurred earlier this month when Kaiser Permanente e-mails containing confidential patient information were erroneously sent to hundreds of wrong addresses. About the same time, the Dana-Farber Cancer Institute in Boston revealed that personal information, such as names and Social Security numbers, might have been stolen from its database. While officials from each organization were busy apologizing to patients for the mishaps, Department of Health and Human Services Secretary Donna Shalala was finalizing new Health Insurance Portability and Accountability Act regulations, which will impose national standards for the electronic exchange of health information. The 1996 act is intended to simplify recordkeeping in the health industry. It has been enacted in bits and pieces as officials pore over remarks from the public to determine the best course of action for making the health care industry more efficient. Digital
data "The hospitals that have not prepared up to this point for [the new regulations] will feel the biggest cost to become compliant," said Jim Schuping, executive vice president of the Workgroup for Electronic Data Interchange in Reston, Va. The company has started a program to help hospitals implement the new rules. "They will feel like, 'Oh, my God. How can I do this?' But two years to become compliant should be enough for someone starting at ground zero," Schuping said. HHS makes a convincing case for EDI by pointing out that the health care industry now uses about 400 different formats for health care claims alone. The department also notes that EDI could save the health care industry close to $30 billion during the next 10 years. In other words, it's out with the paperwork and in with digital data. But
there are issues that have yet to be resolved-namely, a final ruling
on how to keep medical information secure and private. "They [HHS] have looked at more than 52,000 comments from the public on medical privacy," said Zoe Hudson, senior policy analyst for the Health Privacy Project at Georgetown University's Institute for Health Care Research and Policy. "HHS has been very quiet about what changes they will make to the proposed rules. Any changes will probably be consumer friendly because the administration has nothing to lose. It can be one of their last hurrahs." The Clinton administration's "last hurrah" came sooner than expected when White House officials announced Aug. 19 that they would likely expand the proposed privacy rules published in November, signaling the first time that the health care industry would be legally forced to limit the disclosure of individual medical information. Whatever the outcome, the Clinton administration ruling will become law because Congress could not meet its self-imposed deadline. Now more than ever, privacy has become an issue that politicians and organizations want to make public. Practice
and theory Most people aren't even sure how to protect themselves against electronic privacy violations, according to the survey. As a possible remedy, consumer groups want lawmakers to give patients more control over their medical records. For companies like Ensure Technologies, makers of ID badges that use wireless technology to log users in and out of the hospital network, the final regulations are critical to how future medical technologies are developed. "Our product guarantees 'unique user authentication,' one of the principal guidelines of [the new regulation]," said Lynn Pollack, marketing manager of Ensure. "Obviously, we are keeping our eye on rules applicable to our company. I think they [HHS] recognize, though, that hospital security in practice and theory are two different things. Usually, the first person that logs into a workstation that day is the log-in name for everyone afterward. [The new regulation] makes sure that every health care provider with access to records is accounted for, and it will probably stay that way." Growing
pains The proposed privacy rules are just as frustrating, said Carol Bickford, MS, RN, senior policy fellow for the American Nurses Association's Department of Nursing Practice. "Part of our concern is the fact that the writer of the [proposed rules] muddied the waters by including the word 'privacy' in multiple locations when it should not have been 'privacy.' There is not a clear distinction between confidentiality, privacy and security. "This is a major issue for us. Clearly, they need to extend privacy not just to patients, but to clinicians as well. We need to be careful in assuring that the security and confidentiality surrounding the clinicians' identity is just as important as the patients'." Nurses have always been concerned about the confidentiality and security of patient information, Bickford said, but the problem is that nurses are rarely involved in the systems side of security. "I don't think we have been adequately prepared to understand our responsibility in using a password for new systems, which is the first line of defense against compromise," she said. "That is changing as nurses become more involved in the information side of operations. I think our nurses are supportive of requirements for confidentiality as long as they don't compromise their work too badly." Under the new standards regulations, any violation of an EDI requirement will draw a fine of $25,000. The proposed privacy regulations call for fines of $50,000 to $250,000 and prison time, depending on the severity of the violation. The next few months will determine exactly what those violations are. In the meantime, patients and providers continue to trust that their e-mails are secure and private medical information doesn't fall into the wrong hands. |
|||||||||||||||||||
 |
|
|
NEWS
AND TRENDS | CAREER
CENTER | EDUCATION
|
|
||||||||||||||||
