Proposed Changes in HIPAA Revisited

	REGULATORY UPDATE Proposed Changes in HIPAA Revisited by Maureen Summers, RN, MBA, CHE

HIPAA HIPAA Model Compliance Extension Forms Available Late Breaking News [Editor’s Note: As promised in the Spring 2002 edition of the Tracker, we are continuing our efforts to keep you updated on the changes to HIPAA (Health Insurance Portability and Accountability Act).] HIPAA On March 21, 2002 the Department of Health and Human Services (HHS) announced changes to the HIPAA Privacy Rule that loosen restrictions on providing care before obtaining consent and discussing patient care verbally with other clinicians. The requirement that the healthcare workforce be trained to meet an April 14, 2003 compliance deadline was left intact. The Privacy Rules changes were welcomed by many providers who were concerned that they would not be able to provide fast, effective patient care under the previous guidelines. "These are common sense revisions that eliminate serious obstacles to patients getting needed care and services quickly while continuing to protect patients’ privacy," HHS Secretary Tommy G. Thompson said. Among the proposed changes: • Notice Provisions and Consent: The proposal requires providers to ask patients to acknowledge their privacy notices but allows treatment should they not do so. • Minimum Necessary and Oral Conversations: The proposed revisions maintain the "minimum necessary" requirement, but clarify that doctors can discuss patient treatment with other physicians and professionals involved in the patient’s care without fear of violating the standard. • Parental Access to Children’s Records: The proposed changes permit healthcare providers to use their discretion in providing or denying a parent access to a child’s medical records, but provider policy must be consistent with state or federal law. • Marketing: The proposal is explicit about requiring pharmacies, health plans, and other covered entities to first obtain specific authorization before sending patients any marketing material. It continues to permit doctors and other covered entities to communicate freely about treatment options and other health-related information. • Business Associate Contracts: The proposal includes model business associates contract provisions to make it easier for covered entities to implement the requirements. Covered entities are also given up to an additional year to change existing contracts. The proposed changes were published in the Federal Register on March 27, 2002. The final rule is expected to be published following 30 days of public comment. HIPAA Model Compliance Extension Forms Available The Centers for Medicare & Medicaid Services (CMS) have published the HIPAA Model Compliance Extension Form, which may be used by covered entities to request a one year extension to the October 16, 2002 compliance date for meeting the transactions and code set standard. You may access this form at www.cms.gov/hipaa/hipaa2/ascaform.asp. [top] Late Breaking News These three HIPAA standards were published in the May 31st Federal Register: Final Rule: National Employer Identifier standard stipulates the Employer Identifier Number issued by the Internal Revenue Service: http://frwebgate.access.gpo.gov/cgi-bin/getdoc.cgi?dbname=2002_register&docid=02-13616-filed.pdf. Proposed Rule: Adoption of NDC code as the standard code for drugs (except for retail pharmacy transactions): http://frwebgate.access.gpo.gov/cgi-bin/getdoc.cgi?dbname=2002_register&docid=02-13614-filed.pdf. Comments can be sent electronically to cms0003@cms.hhs.gov. Comment period closes July 1. Proposed Rule: Adoption of the addenda to the HIPAA implementation guides, developed by the DSMOs, to be part of the HIPAA transaction standards: http://frwebgate.access.gpo.gov/cgi-bin/getdoc.cgi?dbname=2002_register&docid=02-13615-filed.pdf. Comments can be sent electronically to cms0005@cms.hhs.gov. Comment period closes July 1. Visit http://aspe.hhs.gov/admnsimp/lsnotify.htm to register for automatic e-mail updates on HIPAA from the U.S. Department of Health and Human Services. [top]

About the author: MAUREEN SUMMERS, RN, MBA, CHE is the editor of the Occupational Health Tracker. She is a certified healthcare executive with extensive clinical and management experience in occupational health and rehabilitation. Ms. Summers has an active occupational health consulting business based in Kennebunk, Maine. She welcomes communication from Tracker readers and/or potential authors. Ms. Summers may be reached at 207.985.4918 or via e-mail: editor@systoc.com.