WASHINGTON – New federal medical privacy rules that take effect today will be costly and, at least in Maryland, largely unnecessary, say state health care providers.
The rules, which were part of the Health Insurance Portability and Accountability Act of 1996, are supposed to limit the disclosure of a person’s medical records, give patients more control over their records and provide one national standard for record keeping.
While some states will be severely affected by the rules, health care providers in Maryland say the federal regulations are very similar to the state’s extensive Confidentiality of Medical Records Act.
But doctors here will still have to invest thousands of dollars and hours into researching the new law and creating new forms to go along with it.
“It’s outlandish, it’s ridiculous. It’s perhaps necessary but it’s definitely not easy,” said Dr. Rafael Haciski, a Baltimore gynecologist. “There is nothing simplifying about it.”
Haciski, a solo practitioner, said he has taken time away from seeing patients to create the required patient information packets, and hired lawyers to review what he call common-sense standards.
“It’s like walking up to me and asking me to demonstrate that I am breathing properly. . . It’s make-do work,” Haciski said.
Doctors and hospitals across the nation have known about the final rules since August and many have been preparing for months to comply.
“There is some anxiety,” said Cathy Selig, the assistant administrator for Calvert Internal Medicine Group. “Whenever you start with new forms and procedures it seems like there is going to be problem.”
But she and other administrators said that anxiety evaporated when they started actually looking at the regulations and realized how similar they were to the state rules.
Selig said her office created about 10,000 information packets on patient rights, and has been handing them out for weeks, but has had little other expense.
But Haciski said the new rules will have hit small practices harder than large hospitals and physician groups. The only providers who are not affected by the rules are those who keep records only on paper, and health plans with less than $5 million in annual revenue.
“There is a huge difference between a 10- to 15-member office, a huge hospital and a solo practitioner,” Haciski said. “The horizon looks totally different from each position.”
Rick Campanelli, the director of the Office of Civil Rights in the U.S. Department of Health and Human Services, said regulators considered cost when they created the rules, but determined that it was outweighed by the need for federal standards.
“This standard encourages dialogue and focus on these important privacy issues,” he said.
Campanelli said the new rules prohibit hospitals from releasing medical information for non-health reasons without patient permission. Patients will also be able to request a copy of their medical records and a list of all people who have received the record.
The rules were designed to protect patients from embarrassing breaches of medical privacy or the sharing of their records with drug companies marketing prescription drugs.
Campanelli said fears about the rules — that they might keep friends from getting patient information from a hospital or that they would force doctors’ offices to eliminate sign-in sheets, appointment reminder calls and visits from clergy — are all untrue.
Scott Conover concedes the new regulations are redundant in Maryland, but thinks they are still a good idea and have been adequately explained by the government.
“The guidance that they have put out there, I think, has been very strong and very helpful for those people who were looking for it,” said Conover, the assistant general counsel for LifeBridge Health.
He said increased patient control over their records and increased doctor awareness of privacy issues are worth the challenge of getting hospital staff and business associates used to the new rules.
The rules will require hospitals to get a signed form from all business associates who have access to patient records, certifying that they understand and will comply with the privacy regulations.
Campanelli said civil violations of the rules carry fines of up to $2,500, while those convicted of obtaining health information illegally could face fines up to $250,000 or jail time. Federal officials are encouraging voluntary compliance, saying investigations about compliance will be driven by patient complaints.
The act has two other components about electronic standards for billing and security provisions for electronic data that will become effective within the next two years.