April
2003
Volume 27 •
No. 4
HIPAA highlights
Seven
years after Congress passed the Health Insurance Portability and Accountability
Act, the law's medical-privacy rules take effect on April 14. The rules will
affect many aspects of physicians' day-to-day practice. Following is a summary
of key concepts and requirements of the medical-privacy rules. Meanwhile,
Stanford Hospital & Clinics is implementing new policies and procedures -
which will be discussed in future issues of Medical Staff Update - to comply
with HIPAA.AA Protected health information - refers to any medical information
that can be linked to a specific patient.
Protected health information includes patient names, dates, telephone or fax numbers, e-mail addresses, medical record numbers, account numbers, license plate or vehicle numbers, full-face photographs, and biometric identifiers such as finger prints.
Minimum necessary requirement - A fundamental tenet of HIPAA is that only the minimum amount of information needed to complete a task should be collected, used or divulged in the process.
The
minimum necessary requirement does not apply to direct patient care.
Therefore, all health-care personnel who are involved in treating a particular
patient have access to the patient's entire medical record. The minimum
necessary requirement also does not apply in disclosing medical information
to the patient or his/her legal representative, or in disclosing information
authorized for release by the patient.
The
minimum necessary requirement does apply to health-care personnel
when they use or disclose medical information for non-treatment purposes,
including claims and billing, quality assurance, strategic planning, financial
analysis, credentialing, accreditation, education and training, and research.
Treatment, payment and health-care operations - Protected health information can be collected, used and disclosed without patient authorization in certain situations, namely in direct patient treatment; in transmitting information in a billing process to seek payment; and in specific functions necessary for the operations of health-care entities, including accreditation and quality improvement. Even when medical information is used or disclosed for these purposes, however, it must be done carefully to comply with HIPAA.
Patients'
rights
- Under HIPAA, patients have the right to:
Obtain
a copy of their medical records, and correct or add to them. These include
the patient's legal medical record and billing records, and may include
other records such as research records.
Control the release of their medical information (with certain limitations)
through authorization.
Request restrictions on certain uses or disclosure of their medical information.
Request a list naming all outside parties with whom their medical information
has been shared and describing why the information was shared. This is
known as an "accounting of disclosures."
Request that health-care providers communicate with them in a certain
way or at a certain location (such as a P.O. box).
Health-care provider requirements at Stanford Hospital & Clinics - Physicians and other health-care providers at Stanford must do the following:
Complete Web-based HIPAA training by April 14 (see information on page
6) and review the policies and procedures relevant to your job function.
Do not disclose patient information outside SHC without authorization
from the patient or as required by law. Patient requests for copies of
their records should be directed to the HIMS Department at (650) 723-5721.
.
Questions answered on informed-consent policy
Revision to professoriate changes result in new "adjunct faculty" designation
New policy clarifies decision-making on admission of ED patients
Patient safety program cited as national model
Architect of Trauma Program navigated his career through twists and turns
Momentum builds with construction projects
