Monday, April 14, 2003
Well, HIPAA ("making your life better by making it worse") goes into effect today. It started out as health insurance reform - the acronym stands for Health Insurance Portability and Accountability Act - and, as originally postulated, was a good idea. (The key words here are "as originally postulated.") The purpose of this piece of legislation was to make it possible for someone to keep health insurance when they changed jobs; in the past, someone with a bad health record, or a family member with a bad health problem, could be denied insurance through their new employer when they changed jobs, since the new insurance company might not want to accept someone with high health costs.
So far, so good. Then someone decided to tack on "administrative simplification" to the bill, as follows:
The Administrative Simplification provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA, Title II) require the Department of Health and Human Services to establish national standards for electronic health care transactions and national identifiers for providers, health plans, and employers. It also addresses the security and privacy of health data. Adopting these standards will improve the efficiency and effectiveness of the nation's health care system by encouraging the widespread use of electronic data interchange in health care.
Again, nothing really wrong here, either; it makes sense that simplifying the transfer of medical information and encouraging electronic record storage would be a good idea. Medical records, in large part, have not changed since the nineteenth century; notes are still hand written and stored in paper files. Record storage and retrieval is a constant bugaboo for hospitals and physicians. Patient privacy also needs to be considered, and this has taken over most of HIPAA; the most stringent and detailed regulations of the Act deal with this issue.
The problem here is that the regulations, as drawn up, are not a simplification, they are a complication. Medical centers and physicians' offices have had to invest a lot of money and time in training everyone on these procedures. This means residents, attending physicians, ward clerks/secretaries, medical assistants, maybe even janitorial staff. Everyone. The list of things the regulations affect are huge: I can't email my patients, for instance, because we do not have encrypted email. When I finish charts at night, I can't leave them on the counter at my nurses' station any more because the cleaning staff might walk by and see patient information. When I pointed out that the office cleaners would have the same access to charts in my room, I was told that the nurses' station was "public space" as opposed to my "private space"; equally vulnerable physically, but protected legally. You figure it out.
In addition, every patient coming in now has to be given a copy of our medical group's statement of compliance with HIPAA regulations and patient rights, and they have to sign a form stating that they've been given this copy, and if they refuse to sign we have to document that. We're trying to figure out how we can indicate that a patient has already signed off on this so they don't wind up signing multiple times and getting multiple copies (for instance, if we refer the patient to our gastroenterologist in some other office, he/she will be given another form to sign unless we can figure out how to let the office staff know that the patient has already been counseled).
Our administrative risk manager is buzzing around the office now making sure everything is shipshape, so I'd better sign off. If she catches me blogging she might have a heart attack, and I'd like to spare her that.