Courtesy of the Association for Electronic Health Care Transactions, what follows is the congressional intent of H.R. 3323, the recently enacted legislation to delay by one year the compliance date of the HIPAA transactions and code sets rule. Rep. William Thomas (R-Calif.), chair of the House Ways and Means Committee, submitted the congressional intent in the Congressional Record. The congressional intent provides useful clarifications for health care entities that must comply with the transactions rule.

Click here for HDM article and text of congressional intent

Posted to HIPAAcomply 1/8/02

TOP

Proposed addenda to the HIPAA Implementation Guides published

Proposed addenda to the HIPAA Implementation Guides have been published. A proposed rule to adopt these addenda as part of the standards is in preparation at HHS for publication soon.

Each of the X12N Implementation Guides originally published May 2000 and adopted for use under HIPAA have had addenda created for them. Since these guides were named for use under HIPAA, these Draft Addenda will go through a Notice of Proposed Rule Making (NPRM) process, just as the original Implementation Guides did, before becoming a final addenda to the guides published by X12N. Only the modifications noted in this Draft Addenda will be considered in the NPRM. For more information and to download the Addenda go to:

http://www.wpc-edi.com/hipaa/addenda

Posted to HIPAAcomply 11/1/01

TOP

Security Fears Force Cancer Center To Shelve Wireless Plan
Computerworld.com (August 29, 2001)

The MD Andersen Cancer Center in Houston has put on hold a pilot plan to provide wireless LAN access to users on its five-building campus due to security concerns.

Click here for entire text of the article

Posted to HIPAAcomply 9/6/01

TOP

Physician Group Files Privacy Suit
Health Data Management (September 4, 2001)

One month after saying it would challenge the constitutionality of the medical privacy rule, the Association of American Physicians and Surgeons filed a lawsuit on Aug. 30. The Tucson, Ariz.-based organization originally announced the filing on July 31, but actually held off to enable other groups and individuals to join.

Click here for complete HDM article

Posted to HIPAAcomply 9/5/01

TOP

Industry Leaders ask HHS for quick action on Privacy
Health Data Management (August 7, 2001)

Some 86 organizations signed a letter asking Health and Human Services Secretary Tommy Thompson to expedite modifications to the privacy rule through new rule making. The American Medical Association and Healthcare Leadership Council spearheaded the campaign. Signers included dozens of provider organizations, major payer associations, and business groups representing food marketers, drug stores, homebuilders, manufacturers and retailers. The U.S. Chamber of Commerce also signed the letter.

Click here for complete HDM article

Posted to HIPAAcomply 8/7/01

TOP

Tom Scully, New CMS Administrator, and Congressional Staff comment on HIPAA “Delay” proposals

AFEHCT held its Annual Washington Policy Forum on July 9th & 10th in
Washington, DC.  At that meeting, Tom Scully, new CMS (formerly HCFA)
Administrator spoke about HIPAA "delay" proposals.  It is the only time the
Bush administration has spoken in public and on the record on the subject of
HIPAA "delay" proposals.

Three Congressional staffers close to the HIPAA "delay" situation also
addressed the HIPAA "delay" situation.

Click here to read what they all had to say

Posted to HIPAAcomply 7/13/01

TOP

HHS to publish NPRM to retract final rule of NDC's as standard

Posted to HIPAAcomply 7/13/01

TOP

HHS ISSUES FIRST GUIDANCE ON NEW PATIENT PRIVACY PROTECTIONS

The Department of Health and Human Services (HHS) today issued the first in a series of guidance materials on new federal privacy protections for medical records and other personal health information.

Today's guidance explains and clarifies key provisions of the medical privacy regulation, which was published last December. Providing this guidance is part of an ongoing process to help health care providers and health plans come into compliance with the regulation by April 14, 2003.

"The patient privacy rule will provide strong protections for personal health information while maintaining the high quality of care that Americans expect," HHS Secretary Tommy G. Thompson said. "This guidance is an opening step in helping physicians, health care providers and health plans understand their obligations to patients under the rule."

The guidance -- available on the Web at http://www.hhs.gov/ocr/hipaa/ -- answers common questions about the new protections for consumers and requirements for doctors, hospitals, other providers, health plans and health insurers, and health care clearinghouses. It also clarifies some of the confusion regarding the meaning of key provisions of the rule.

For example, the guidance makes clear that hospitals do not have to build private, soundproof rooms to prevent overheard conversations about a patient's condition, as some mistakenly believed. Rather, the rule simply requires that hospitals provide reasonable safeguards to protect confidential information - such as using curtains, screens or similar barriers, which are often already used. The guidance also indicates that the rule allows a friend or relative to pick up a patient's prescription at the pharmacy, as often occurs today.

Congress in 1996 recognized the need for national patient privacy standards and set a three-year deadline for itself to enact such protections as part of the Health Insurance Portability and Accountability Act of 1996 (HIPAA). When Congress did not enact such legislation after three years, the law required HHS to adopt such protections via regulation.

HHS proposed federal privacy standards in 1999 and, after reviewing and considering more than 50,000 public comments on them, published final standards in December 2000. Secretary Thompson requested public comment on the rule this spring before allowing the rule to take effect on April 14.

The guidance addresses many key issues of concern reflected in the more than 11,000 separate public comments on the final rule submitted to HHS during a 30-day comment period this March. Topics include patient consent, parental rights, marketing, medical research and governmental access issues.

Most covered entities have until April 14, 2003, to comply with the patient privacy rule; small health plans have an additional year to comply. HHS' Office for Civil Rights will conduct extensive outreach to consumers and health care providers to explain what the rule means for them. HHS also will provide technical assistance and further guidance to health care providers and other covered entities to help them comply.

As permitted under the HIPAA law itself, HHS also expects to propose appropriate changes to the rule in order to ensure that it does not adversely affect patients' access to quality health care. For example, Secretary Thompson has said he intends to propose modifications to ensure that a pharmacist can fill a phoned-in prescription for a new patient, even when the pharmacist does not first have the patient's signed consent on file.

A fact sheet summarizing the privacy rule's rights and protections is available on the Web at http://www.hhs.gov/news/press/2001pres/01fsprivacy.html. More detailed information about the rule, including the initial guidance, is available at http://www.hhs.gov/ocr/hipaa/.

Posted to HIPAAcomply 6/27/01

TOP

AHA responds to letter from 31 members of congress regarding delays in HIPAA deadlines 

31 members of Congress have sent a letter to President Bush advising that the President not change or delay the privacy provisions of the Health Insurance Portability and Accountability Act (HIPAA). The AHA has responded  by expressing disagreement in a letter to the congressional members, led by Rep. Ed. Markey, D-MA.

Click here for text of the letter from congressional members to President Bush (PDF format)

Click here for text of the letter from AHA to members of Congress (from AHA's web site)

Posted to HIPAAcomply 6/27/01

TOP

NCVHS subcommittee to assess transaction standards in public meeting

The NCVHS (National Committee on Vital and Health Statistics, which is an advisory body to DHHS) Subcommittee on Standards and Security will meet on June 26 at the Renaissance Hotel, 999 9th Street, N.W., Washington, D.C. 

This will be a working session to complete their assessment of the modifications to transaction standards and final rules recommended by the Designated Standards Maintenance Organizations, and of general industry HIPAA readiness. 

Recommendations to the Secretary will be drafted for full committee review. For more information visit www.ncvhs.hhs.gov.

Posted to HIPAAcomply 6/20/01

TOP

HHS to provide guidance on HIPAA
AHA News (June 8, 2001)

A long-awaited guidance document on steps necessary to implement HIPAA privacy regulations is expected to be released in the next few days.

Click here to more information from AHA

Posted to HIPAAcomply 6/11/01

TOP

Arizona Rep. introduces new HIPAA Legislation 
Health Data Management (May 30, 2001)

Rep. John Shadegg (R-Ariz.) has introduced legislation to establish uniform, delayed compliance dates for most of the HIPAA administrative simplification provisions. The bill, H.R. 1975, is similar to legislation Sen. Larry Craig previously introduced in the Senate. Craig on May 25 considered pulling his bill from committee and putting it on the Senate floor for immediate action, but could not muster enough support.

Click here for HDM article

Click here for full text of bill - HR 1975

Posted to HIPAAcomply 5/30/01

TOP

Bill to delay HIPAA still in Committee
Health Data Management (May 29, 2001)

Efforts on May 25 to bring HIPAA legislation to the Senate floor for an immediate vote failed and the bill remains in the Finance Committee. The bill, S. 836, sets an October 16, 2004 compliance date for HIPAA rules governing transactions/code sets, data security and provider and payer identifiers; or two years after the final rules are adopted and reliable provider and payer identifiers are available, whichever is later. The American Medical Association, American Public Human Services Association and Blue Cross and Blue Shield Association requested the legislation.

Click here for complete HDM article

Posted to HIPAAcomply 5/29/01

TOP

WEDI/SNIP hosts webcast 5/31/01 on Transactions Business Issues 

Thursday, May 31, 2:00 - 3:30 p.m. EDT

Are you looking for updates on the "hot topics" with which the WEDI SNIP Business Issues workgroup has been grappling for the past few months? Do you need to know what strategies industry experts are developing to resolve these contentious issues? Join a panel of industry experts in a webcast May 31 at 2:00 p.m. EDT to discuss key issues from two White Papers: Direct Data Entry and Data Code Sets Compliance. The primary authors of the White Papers will present a brief overview of their papers, engage in a discussion of the key issues with an industry panel, and address questions submitted by the audience. The webcast will also follow up on key issues that arose from the December audiocast on the 837 transaction.

Participants should review the Direct Data Entry and Data Code Set Compliance white papers (in PDF format) prior to the webcast. Visit WEDI SNIP website for more information, and visit the online registration page to register today.

Posted to HIPAAcomply 5/29/01

TOP

Democratic Senate could help privacy law 
Reuters (May 25, 2001)

The U.S. Senate will be more likely to take a favorable view of privacy legislation when it comes under Democratic control, privacy advocates and observers said Friday.

Click here for full text of article

Posted to HIPAAcomply 5/29/01

TOP

House Ways & Means committee chair considers legislation to overturn HIPAA Privacy regs.
Health Data Management (May 23, 2001)

Rep. William Thomas (R-Calif.) is considering pushing for legislation to overturn the medical privacy rule authorized under the Health Insurance Portability and Accountability Act. He also wants to examine other HIPAA rules, according to a source close to the committee.

Click here for full story from HDM

Posted to HIPAAcomply 5/23/01

TOP

AFEHCT Annual Policy Forum scheduled for July 9th and 10th

The Association For Electronic Healthcare Transactions (AFEHCT) has scheduled it's Annual Washington Policy Forum for July 9 - 10, 2001 at the Marriott Metro Center in Washington, D.C. The issues to be discussed include:

• HIPAA Delay Proposals
• HIPAA Privacy
• HIPAA Enforcement
• Security
• HIPAA: The Early Days

Click here for an agenda in PDF format from AFEHCT's website

Posted to HIPAAcomply 5/23/01

TOP

WEDI SNIP holds June forum on HIPAA implementation, 
June 19th and 20th

HYATT REGENCY EMBARCADERO CENTER 
5 Embarcadero Center 
San Francisco, CA 94111 
(415) 788-1234

Join WEDI SNIP in San Francisco on June 19-20 to hear and participate in discussions on the latest HIPAA implementation issues and implementation strategies. This interactive one and one half day meeting will include discussions on the latest and hottest HIPAA implementation issues, and will provide opportunities for interactive discussions with the speakers. Join WEDI SNIP as we begin moving towards HIPAA compliance. Sessions at the WEDI SNIP June Forum On HIPAA Implementation: Moving Towards HIPAA Compliance will include:

EDUCATION WORKGROUP:
New WEDI SNIP Tools and Resources 
Hear about the newly available resources from WEDI SNIP. The education workgroup will unveil the redesigned WEDI SNIP website, improved to make it easier for you to find the resources you need. The workgroup will also introduce the new web-based Issues Database, and will review the WEDI SNIP Discussion Forum that is used to solicit input on topics and white papers. The workgroup will also solicit your input on topics for future web cast events.

Regional HIPAA Implementation Efforts: Getting Up, Close and Personal with HIPAA. 
Hear the latest about what Regional Implementation efforts are doing at the state and local level to bring together providers, plans, clearinghouses, government, and other affected organizations to work collaboratively towards the successful implementation of HIPAA. A panel of four leaders from regional efforts will discuss their local efforts and will field audience questions.

SECURITY AND PRIVACY WORKGROUP:
Where We've Been and Where We're Going
Join the Security & Privacy workgroup as they review the consensus making process and the work products they've developed thus far. Offer comments on where the workgroup is going as they provide the latest updates and comparisons of the most controversial Privacy areas. The workgroup will also address how Privacy has changed with the final rules and how they intersect with Security.

New Policies and Procedures White Paper 
Are you struggling with implementation of the final Privacy Rule? Are you worried about the policy and procedure to-do's you'll be faced with once the HIPAA awareness has occurred and the assessment is complete? This presentation will provide you with a starting point by discussing the most critical areas of the Privacy rule that require development of policies and procedures. The paper will provide references to specific sections of the regulation and preamble where the requirement is specified, and will note cautions for particularly critical areas of implementation. Learn about this new sub workgroup and leave with helpful suggestions.

Small Provider Case Study 
The large providers and health plans are buzzing with HIPAA activity - but what about the small practice? The Vendor Technologies sub workgroup, together with other participants, has completed a small provider survey and a white paper detailing the key areas of concern for this covered entity type. Hear some helpful suggestions on how to get started.

INDUSTRY EXPERT PANEL:
Where We Are with HIPAA 
Engage in a discussion with leaders in the industry. Invited panelists represent X12N, HL7, NCPDP, DSMO, NCVHS, ADA, AMA, and AHA. Hear an update on the activities of the respective groups related to HIPAA readiness. Each speaker will offer insights on how WEDI SNIP can assist their organization in this process.

TRANSACTIONS WORKGROUP:
Transactions Workgroup Update 
Hear a brief overview of the latest Transactions Workgroup activities, issues, and work products.

Sequencing 
Details to come. Visit the WEDI SNIP website at http://www.wedi.org/snip/Events/SNIP_June/Index.html next week for a synopsis of this session.

Data Review and the Web-Based Issues Database 
This session will entail the final outcome of Data Review questions from audience participants from the December 19 WEDI/SNIP audiocast on the HealthCare Claim/Encounter Transaction (X12N 837). Additional issues that have been brought to the Data Review sub workgroup will be discussed. The Data Review workgroup will demonstrate the use of the newly developed WEDI/SNIP issues database while going through these exercises.

Translations: Data Mapping Issues and Technology 
This session will provide an overview of the latest findings of AFEHCT's ASPIRE (Administrative Simplification Print Image Research Effort) project and the Taxonomy crosswalk issue. The workgroup will also present an introduction to translator technology that is available on the market today and where you can go to find more information.

Testing Tips, Tools, and Tricks 
Join industry experts in a lively discussion of the main issues surrounding trading partner testing. Learn what has been done to date in the Testing Sub-workgroup and discover new and interesting ways to relieve the burden of testing with all of your trading partners. Bring along your concerns as it relates to this topic to assist making this a productive discussion.

Business Issues 
Details to come. Visit the WEDI SNIP website at http://www.wedi.org/snip/Events/SNIP_June/Index.html next week for a synopsis of this session.

REGISTER TODAY!
Visit the WEDI SNIP website at www.wedi.org/snip. The registration fee is $350 for WEDI members and $450 for WEDI nonmembers. Registrations will be accepted via mail, email, fax, or the WEDI SNIP website. Please direct any questions about the WEDI SNIP June Forum to Kristin Becker, Director of SNIP, at kbecker@wedi.org, or 703/391-2714. Please visit the WEDI SNIP website often for program updates.

HOTEL ACCOMMODATIONS: 
Guest rooms have been reserved at the Hyatt Regency Embarcadero at a special rate of $220. Call 415/788-1234 to make your hotel reservation, and be sure to request the WEDI SNIP Forum rate no later than May 30.

HIPAA SUMMIT WEST:

The HIPAA Summit West conference will be held in conjunction with the WEDI SNIP June forum on June 20-22. The Summit will feature a faculty of over 100 healthcare privacy and security experts presenting five major plenary sessions and over 40 concurrent sessions. The Summit will include special sessions on the HIPAA Regulations by leading Representatives of DHHS; the HIPAA Transactions and Code Sets; Gramm-Leach-Bliley and State Law; a Privacy Mini-Summit and a Security Mini-Summit. For more information contact the HIPAA Summit directly at 1-800-546-3750, or http://www.hipaasummit.com/

Posted to HIPAAcomply 5/21/01

TOP

Survey respondents on track to meet HIPAA compliance deadlines
AHA News, May 21, 2001

Fifty-seven percent of hospitals responding to a recent AHA member survey said they are on schedule to meet the Oct. 16, 2002, deadline to comply with the electronic transactions standards of the Health Insurance Portability and Accountability Act (HIPAA).

Click here for complete article

Posted to HIPAAcomply 5/21/01

TOP

HIPAA Transactions deadline may be missed by Medicare
From Health Data Management (May 18, 2001)

The Health Care Financing Administration is backing away from earlier assertions that it expected the Medicare program to meet the October 2002 deadline for compliance with the HIPAA transactions standards. 

Click here for full story from HDM

Posted to HIPAAcomply 5/21/01

TOP

Is HHS Preparing for a Universal Medical ID Number?

House Majority Leader Dick Armey wrote to Health and Human Services (HHS) Secretary Tommy Thompson today, asking him to investigate agency guidelines issued during the Clinton Administration that strongly suggest that HHS has been preparing for a universal medical ID number.

"Are these May 2000 guidelines still in effect?" asked Armey. "If so, federal law is being violated, and I would respectfully urge you to take swift corrective action."

After media reports revealed in 1998 that HHS officials had been working on a universal medical identification number, former Vice President Al Gore moved to assure the public that the program had ended. Congress followed up by passing a law, still in effect, prohibiting just such a number.

"Imagine the implications for personal privacy if everyone had a government-issued medical ID number and the government had an unfettered search-and-seizure power over private medical records," wrote Armey. "That unfettered search-and-seizure power is currently poised to become law, thanks to the Clinton privacy regulations that are being finalized right now." Armey's letter included a photocopy from a May 2000 data standard implementation guideline document describing a database field called the "HIPAA Individual Identifier." Public Law 106-554 specifically prohibits HHS from providing any such a "unique health identifier."

"Mr. Secretary, until Congress speaks again on this subject, I would respectfully ask that you bring the medical ID project to a complete halt," wrote Armey.

A Zogby poll released yesterday reveals that nearly two-thirds of likely voters nationwide have concerns about the government maintaining computerized medical records on all Americans.

To read the letter and it's attachments, click here.

Posted to HIPAAcomply 5/17/01

TOP

Changes to HIPAA Rule Expected Soon
From Health Data Management (May 11, 2001)

The U.S. Department of Health and Human Services soon will release changes to the privacy and transactions and code sets rules of the Health Insurance Portability and Accountability Act, says William Braithwaite, senior advisor on health information policy in the department’s office of the assistant secretary for planning. 

Click here for complete article from HDM

Posted to HIPAAcomply 5/15/01

TOP

House Reps. send letter to President Bush regarding Privacy Rule

In a May 9th letter to President Bush, Reps. Bill Thomas (R-CA), chairman of the House Ways and Means Committee, and Nancy Johnson (R-CT), chairman of the committee’s health panel, ask the administration to fix the rule to “balance a patient’s privacy rights against legitimate health care needs.”

Click here to read the letter and it's attachments on American Hospital Associations' Website

Posted to HIPAAcomply 5/14/01

TOP

House Majority Leader Seeks Changes to Controversial Privacy Regulations

In a May 2nd letter, House Majority Leader Dick Armey has asked HHS Secretary Tommy Thompson to consider specific changes to the HIPAA Privacy Regulations recently finalized by Health and Human Services. At issue, is a provision that would allow HHS "full access to every American's private patient medical record". Please read on for Rep. Armey's complete letter:

May 2, 2001

The Honorable Tommy G. Thompson 
U.S. Department of Health and Human Services 
200 Independence Avenue, SW 
Washington, D.C. 20201

Dear Secretary Thompson:

Now that the President has decided to finalize the medical privacy regulation under the Health Insurance Portability and Accountability Act (HIPAA), I write to suggest specific changes to that controversial regulation, in hopes you will use your authority to strengthen rather than endanger the medical privacy of all Americans.

As I said in my earlier letter, there is language in the medical privacy regulation that grants the Department of Health and Human Services (HHS) full access to every American's private patient medical records. To wit:

A covered entity must permit access by the Secretary during normal business hours to its facilities, books, records, accounts, and other sources of information, including protected health information, that are pertinent to ascertaining compliance with the applicable requirements of this part 160 [relating to the administration of this regulation] and the applicable standards, requirements, and implementation specifications of subpart E of part 164 of this subchapter [relating to the protection of patient medical records]. If the Secretary determines that exigent circumstances exist, such as when documents may be hidden or destroyed, a covered entity must permit access by the Secretary at any time and without notice. (Emphasis added.)

-- Federal Register, Vol. 65, No. 250, December 28, 2000, p. 82802, Sec. 160.310(c)(1).

This startling provision grants federal agents the power to look into citizens' medical records without a warrant, "at any time and without notice." Every family that cherishes its privacy ought to be disturbed by this massive grant of federal authority. Americans' medical records should be protected from all bureaucrats, not just corporate ones.

I therefore respectfully suggest the following changes be made to this section of the regulation:

• Insert the words "upon at least 24 hours' notice" after the word "Secretary" in the first sentence. 
• Strike out the last sentence altogether. 
• Add language requiring the Secretary to obtain a search warrant in those exigent cases where he or she has reason to believe documents might be hidden or destroyed. 

We demand federal agents obtain a search warrant before going through our other personal papers. Why not our medical records, which are often even more sensitive?

Let us remember that federal agencies have a terrible track record when it comes to protecting sensitive information:

• HHS received an "F" last year on computer security from the House Government Reform and Oversight Subcommittee on Management and Information Technology. 
• Monday's newspapers reported that websites operated by HHS and Labor were broken into and vandalized Saturday by hackers, who posted a picture of a deceased Chinese pilot on the HHS site. How can we be sure that other, more sensitive HHS databases have not been similarly compromised? 

As you work to modify the medical privacy regulations, please, Mr. Secretary, consider the wisdom of opening up people's personal medical records to federal agents without Fourth Amendment protections. Americans deserve to know their privacy is being protected and not threatened by their own government.

Thank you for your consideration.

Respectfully, 
Dick Armey 
Member of Congress

Posted to HIPAAcomply 5/3/01

TOP

Gartner Survey Finds Most Healthcare Organizations Are Unlikely to Be Ready by HIPAA Compliance Deadlines

According to a recent survey by Gartner, Inc., a national research and advisory firm, 75% of healthcare organizations have not begun HIPAA compliance efforts by assessing their current environments and risks. The first HIPAA compliance deadline for transactions and codes sets is less than 18 months away and unless health care organizations aggressively begin compliance efforts within the next three months they will most likely miss the deadline and risk incurring high penalties and financial damage.

Click here for Gartner's press release regarding the survey.

Posted to HIPAAcomply 5/3/01

TOP

Privacy Rule Guideline to Address Several Issues 
(May 01, 2001) Health Data Management

Health and Human Services Secretary Tommy Thompson recently announced he soon will issue the first guideline to the medical privacy rule. According to an HHS source, the guideline will clarify several contentious provisions in the rule, such as the right of family members or friends to pick up a person’s prescription. The guideline, according to the source, likely also will address concerns regarding oral communications, patient consent provisions and the “minimum necessary” disclosure of information, among other issues. 

Click here for complete HDM article

Posted to HIPAAcomply 5/3/01

TOP

Final Privacy Rule to be put into effect on April 14, 2001

Secretary Thompson stated that the medical privacy debate has gone on long enough but acknowledged some concerns about the rule in the health care industry and pledged “to begin the process of issuing guidelines on how this rule should be implemented.” 

The following is the text of an HHS News Release

STATEMENT BY HHS SECRETARY TOMMY G. THOMPSON
REGARDING THE PATIENT PRIVACY RULE

Today, I am pleased to announce that the President is taking a bold and definitive step to protect the rights of citizens to keep their medical records confidential. President Bush wants strong patient privacy protections put in place now. Therefore, we will immediately begin the process of implementing the patient privacy rule that will give patients greater access to their own medical records and more control over how their personal information is used.

We have laws in this country to protect the personal information contained in bank, credit card and other financial records. Our citizens must not wait any longer for protection of the most personal of all information - their health records.

This rule makes sure that private health information doesn't fall victim to the progress of the information and technology age, where an array of data is readily available in computer systems and too often just a keystroke away from being accessed. We are giving patients peace of mind in knowing that their medical records are indeed confidential and their privacy is not vulnerable to intrusion.

The President considers this a tremendous victory for American consumers, who will continue to receive high-quality health care without sacrificing the confidentiality of their private health matters.

This town has been debating patient privacy for the better part of a decade, and President Bush believes it is now time to act and protect patients.

As you know, during the past two months, the Department of Health and Human Services and the White House have met with and listened to a broad and diverse group of lawmakers, interest groups, health care leaders and individual citizens regarding the patient privacy rule.

Our department has received more than 24,000 written comments on this issue. My staff has expedited the review of these comments as they have come in and generally found that most of the submissions broke down into similar categories. In fact, thousands of the comments were clearly part of mass mailing efforts in support of a particular view or concern. And I want to thank my staff for working hard to review these comments and pave the way for a decision this week.

We will keep these comments in mind as we continue to make sure patients receive the highest quality care and begin the process of issuing guidelines on how this rule should be implemented. The guidelines will allow us to clarify some of the confusion regarding the impact this rule might have on health care delivery and access. And we will consider any necessary modifications that will ensure the quality of care does not suffer inadvertently from this rule.

For example, to address some of the concerns raised in comments, we will make it clear through guidelines or recommended modifications that:

• Doctors and hospitals will have access to necessary medical information about a patient they are treating and they will be able to consult with other physicians and specialists regarding a patient's care. Certainly patients want their doctors to make the most informed decisions possible about their care and treatment.
• Patient care will be delivered in a timely and efficient manner and not unduly hampered by the confusing requirements surrounding consent forms. For example, pharmacists will be able to fill prescriptions over the phone and serve their customers in a timely manner.
• And, parents will have access to information about the health and well-being of their children, including information about mental health, substance abuse or abortion. The President believes this patient privacy rule will deliver strong and long overdue protections for personal medical information while maintaining the high quality of care we expect in this great nation.

We appreciate the President's leadership and courage in tackling a very complex and difficult issue that this town has wrestled with for too long. It's another example of how this President is going to be decisive and take bold action to address the concerns of the American people.

As a result of President Bush's decisive action today, our citizens finally will have the peace of mind of knowing their health records are safe and protected.

Posted to HIPAAcomply 4/12/01

TOP

Thompson Seeks Privacy Rule Changes

(By LAURA MECKLER, Associated Press Writer, March 27, 2001)

WASHINGTON (AP) - Health and Human Services Secretary Tommy Thompson said Tuesday that he expects to make changes to Clinton administration medical privacy rules, responding to industry complaints about the potential cost.

In a wide-ranging session with reporters, Thompson also indicated that he would push for the Democratic approach to aiding the uninsured and said he's learning that as a cabinet secretary, he can't always speak his mind.

``I found out you have to check with everybody before you move,'' he said. ``I've already been in the dog house several times because I haven't done that.''

The medical privacy rules, several years in the making, establish the first federal right to privacy of medical records, requiring health care providers to get written permission before disclosing personal health information.

Health industry officials pressed for more flexibility before the rules were issued and saw another opportunity when Thompson took over HHS. They heavily lobbied him to revisit the issue, and last month, Thompson put the rules on hold, opening them up for another round of public comments.

On Tuesday, he promised that he would have a decision about changes by the end of April and report to Congress soon after.

``I am fairly certain at this point - without saying for sure - there will be some modifications to simplify and to lessen the financial burden,'' he told reporters. He added that he has heard from many people about ``the tremendous burden'' and ``the tremendous cost'' that the rules would impose.

Some privacy advocates have said they fear the delay will be indefinite. ``Let me reassure you, there will be a privacy rule,'' Thompson said.

On the uninsured, Thompson said he supports tax credits to help people buy private insurance policies, as President Bush (news - web sites) has proposed.

But he said he would also like to see an expansion of the Children's Health Insurance Program, which provides subsidized coverage to families directly, much like the program he created as Wisconsin governor. This is the approach that Democrats typically favor, and Bush did not include anything like it in his budget.

``We have to work under the guidelines that the president had included,'' Thompson said. ``But I'm going to be very supportive of initiatives in Congress'' that expand CHIP.

In the meantime, he said he will encourage officials in his department to approve more state experiments that allow for programs like Wisconsin's.

Thompson also said:

-On prescription drugs for Medicare: Congress is not likely to support Bush's plan to give money to states to offer drugs to poor seniors because they want a federal program for which they can claim credit.

``They have to stand for re-election in less than two years and they want to have the credit for passing a prescription drug bill, more so than ... (sending) money to the states,'' he said.

-On a Medicaid loophole that has allowed the states to collect billions of extra dollars from Washington: He had to recuse himself from discussions because Wisconsin has an application pending to get in on the scheme that began when he was governor. ``Ask me about it in six months from now. I will tell you all you want to know about my transformation,'' he said.

-On the patients bill of rights: He's optimistic that a bill will pass Congress, saying the main sticking point now is not over the right to sue but over whether states can opt out of providing the protections.

-On Medicare contractors: He said Congress should change Medicare law to allow for more competition in choosing insurance companies to process claims and to allow for competitive pricing. ``That's going to be controversial as all get out,'' he said, ``but if you want us to do the job, give me the flexibility for contracting out for the best service possible.''

Posted to HIPAAcomply 3/28/01

TOP

HHS Secretary Likely to Change Privacy Rules
(From Reuters Health, March 27, 2001)

WASHINGTON (Reuters Health) - Health and Human Services Secretary Tommy Thompson said Tuesday that changes to the Clinton administration regulations on the confidentiality of medical records are likely. Thompson did caution, however, that comments on the controversial rules are still coming in.

``I am fairly certain, without saying for sure, there will be some modifications to simplify and to lessen the financial burden,'' Thompson told health reporters at a breakfast meeting.

Thompson said he was moved to reopen the supposedly ``final'' rules after hearing from ``health entities across America about the tremendous burden of the privacy rules and regulations and the tremendous cost that is going to be foisted upon them.'' The rules had to be delayed for 60 days--until April 14--because of an error the Clinton administration made in transmitting them to Congress.

But Thompson assured reporters that there will be privacy regulations issued. ``There will be lots of security placed in there so patients' rights and records will be protected,'' he said. And he even raised the possibility that changes might not force a delay further than April 14--that the administration could publish a ``final rule with amendments.''

The Clinton administration originally issued sweeping regulations to protect patient confidentiality in December of 2000. They were the first ever to establish national standards for how personal health information is used and distributed, and to set criminal and civil penalties for breaching patient privacy.

Consumer advocates hailed the privacy regulations for giving people unprecedented access to and control over their personal medical information. HMOs, however, expressed concern that the regulations would be too costly and complicated to implement effectively. Health plans also argued that health care costs would rise drastically if they were forced to spend large sums of money to comply with the regulations.

Posted to HIPAAcomply 3/28/01

TOP

HHS Hopes for Final Security Rule by June

Quashing rumors that the HIPAA security rule would be delayed until the end of the year, HHS says it plans to issue the rule by the end of June. Concerns over a delay were generated in part by the Bush Administration's freeze on the regulations and proposals issued in the waning days of the Clinton White House.

Click here for a PDF of this article in the February 2001 Health Information Privacy Alert

Posted to HIPAAcomply 3/1/01

TOP

Guard your genetic data from those prying eyes 
From U.S. News & World Report
March 5, 2001
http://www.usnews.com/usnews/issue/010305/nycu/genetic.htm

By Dana Hawkins 

Seven vials of blood is a lot. That was Janice Avary's first thought when she heard that her husband Gary's employer, the Burlington Northern Santa Fe railroad, was requiring that amount of blood to be taken after he filed claims for a carpal-tunnel injury. As a registered nurse in Alma, Neb., Avary says, her internal alarm was tripped. When she called the company for an explanation, Avary was stunned to hear the words "genetic test."

Her queries led a railroad workers union this month to sue, seeking an end to the allegedly secret testing. BNSF says it has stopped the yearlong pilot program, but Gary Avary thinks that if his wife hadn't asked, it would still be going on. "Unless you have a medical background, you wouldn't know to ask these questions," says Janice Avary.

DNA bias. The lawsuit–the first of its kind against a private employer–was filed just as scientists first published the map of the human genetic code. While genetic advances will likely lead more patients to seek cures for inherited diseases, they are also increasing worries among legal experts and patient rights groups about how genetic data will be used, both in the workplace and elsewhere. "There's no question some employers are testing," says Michael Werner, a lawyer for Bio, a group representing the biotech industry. "And as more tests are developed and the price drops, the market is expected to grow." Even so, there are ways to protect your privacy in the workplace–or if you choose to be tested on your own.

A big concern among genetic experts is that results from such tests could be used to block someone from being hired or promoted, or to deny insurance. Already, there are hundreds of documented cases alleging genetic discrimination by employers and insurers. For example, preliminary results from a survey by the Genetic Alliance, a coalition of patient advocacy groups, show that 42 percent of 220 respondents claimed health insurance discrimination. Sixteen percent cited bias at work and in the military. The survey included such cases as a woman who alleged she was denied long-term disability insurance because the company said she had a predisposition for Alzheimer's disease. Its decision was based on a doctor's scribbled notation in her medical record that her father might have the condition. In another instance, after a first grader was diagnosed with a genetic developmental disorder, his mother's employer eliminated the child's healthcare coverage, saying the diagnosis qualified as a pre-existing condition.

Protect yourself. While federal workers are legally protected against genetic bias in health insurance and employment, private employees are not. Rep. Louise Slaughter, a New York Democrat, says support is building for legislation she cosponsored this month that would ban such discrimination. "Each of us has bad genes, and eventually they'll all be identified with diseases," says Slaughter. Even some genetic experts who advocate responsible testing, like Vivian Weinblatt, president of the National Society of Genetic Counselors, are advising patients to consider waiting for Congress to pass such a law before getting screened. "Ask yourself: Will knowing the results make my life better? Will I make different life choices? Can I wait a year?" says Weinblatt. If results will help you to treat or prevent a condition for which you're currently at risk, like colon cancer, testing may be wise. If not, or if the results could be inconclusive, says Weinblatt, then it's probably not worth the risk of a permanent flag on your medical record.

If you decide to test, experts offer this advice: Express any concerns to your physician or a genetic counselor and ask who would have access to your records. Find out whether your employer is self-insured, meaning your boss might get the bills. And consider buying life, health, and disability insurance before getting screened.

Question whether you really need to be tested. In some cases you might consider making the same lifestyle changes you'd make if you tested positive. Those with a family history of breast cancer, for example, might forgo genetic testing and instead be vigilant about regular breast exams. Also, be aware you may learn something you could later regret knowing. For instance, one of the tests for predisposition to heart disease may also reveal a risk for Alzheimer's.

Finally, become familiar with the mechanics of testing. If your employer requires blood samples, get a list of the tests to be run. And ask what happens with the blood afterward: Is it stored or destroyed? The railroad workers are still waiting to find out; their test called for only two blood samples. "What did they do with the other five vials?" asks Janice Avary. She wonders: Were other tests planned?

© 2001 U.S.News & World Report Inc. All rights reserved.

TOP

HHS Announces New Dates for Final Privacy Rule

THIS IS A 'VERBATIM' RETYPED VERSION OF AN HHS PRESS RELEASE FAXED TO AFEHCT

FOR IMMEDIATE RELEASE 
Contact: HHS Press Office 
Friday, February 23, 2001 
202 690 6343

STATEMENT BY HHS SECRETARY TOMMY G. THOMPSON

On Dec. 28, 2000, the Department of Health and Human Services published in the Federal Register a final rule creating new federal privacy rights for personal health information. These "Standards for Privacy of Individually Identifiable Health Information" are intended to ensure patients that the privacy of their medical records is secure, and to ensure that this information is used appropriately. This administration is absolutely committed to achieving these goals.

At the same time, under the Congressional Review Act, HHS was legally required to submit this regulation for consideration by Congress for a 60-day period. Due to an oversight under the prior administration, this requirement was not met. As a result of this oversight, the 60-day period of Congressional review did not begin until Feb. 13, and therefore the effective date of the regulation has been delayed until April 14, 2001.

This legally-required time period is designed to give Congress the opportunity to review the regulation. However it also creates an opportunity to ensure that the provisions of this final rule will indeed work as intended throughout the complex field of health care, without creating unanticipated consequences that might harm patient's access to health care or the quality of that care. I believe we can protect patient privacy without harming access to health care or the quality of health care.

To ensure a thorough review of these important issues, HHS is opening the final regulation to a 30 day comment period. The Department will review the comments it receives to determine whether changes to the final rule are needed.

Our goal is to achieve privacy protection that works. I believe we should be open to the concerns of all those who care strongly about health care and privacy. And after we hear those concerns, our commitment must be to put strong and effective patient privacy protections into effect as quickly as possible.

###

Posted to HIPAAcomply 2/26/01

TOP

The Dark Side of Genetic Testing - Railroad workers allege secret sampling
From U.S. News & World Report
February 19, 2001
http://www.usnews.com/usnews/issue/010219/carpal.htm

By Dana Hawkins 

John Wiebelhaus, a fourth-generation railroad man, makes his living with his hands, laying miles of track, repairing heavy steel rails, and picking ice from the track's switches. Tough work–but Wiebelhaus loves it. "I like the idea that tracks I lay could be there 100 years," he says. "It's in my blood."

That may not be all that's in his blood, which is why, the track-maintenance foreman claims, his employer, the Burlington Northern Santa Fe railroad, has been secretly testing the blood of workers with carpal tunnel syndrome. "The railroad wants to be able to say: 'You were a time bomb. Because you are genetically predisposed to the disease, you would've gotten it whether you were a soda jerk or running a jackhammer,' " says Harry Zanville, an attorney for the railworkers' union that last week filed a lawsuit, along with Wiebelhaus, to force the company to stop the alleged covert testing. He claims that 125 workers recently gave blood samples and that at least 18 were subjected to gene tests without the employees' consent. The reason: Money, says Zanville, insisting the company hopes to avoid paying out millions in medical bills and disability to workers who develop the painful musculoskeletal disorder on the job.

The federal court lawsuit, the first of its kind against a private company, charges that the furtive testing violates the Americans with Disabilities Act and several state laws barring DNA testing by employers. The U.S. Equal Employment Opportunity Commission filed a separate petition, also in a federal court in the Northern District of Iowa. The EEOC alleges that the Fort Worth-based railroad required blood samples from workers who had submitted claims arising from carpal tunnel injuries. The blood was then allegedly tested for a genetic defect that may predispose a person to some forms of the ailment. Athena Diagnostics, the lab that allegedly conducted the tests, is also a defendant in the union's case.

Hidden reason. Gary Avary, a BNSF employee, says he discovered the alleged covert screening last month after he received a letter from his employer directing him to get his blood tested. The Nebraska track laborer had recently returned to his job after successful carpal tunnel surgery. The lawsuit alleges that when his wife, a registered nurse, inquired about the test "the secret intentions of the BNSF were inadvertently revealed." After Avary refused to take the test, the company informed him that he would be investigated for failing to cooperate. A railroad spokesperson says BNSF doesn't require workers to submit to genetic testing but that "some employees were asked to take a test."

The railroad employees are encouraged by a federal court's approval last December of a settlement in a case involving the genetic privacy rights of workers at Lawrence Berkeley Laboratory. As first reported by U.S. News, LBL workers for decades were tested without their knowledge for syphilis, pregnancy, and the genetic trait for sickle cell disease. President Clinton last year banned genetic discrimination against federal employees, but Congress has not extended the rule to the private sector. "It's important for the public to have confidence that genetic tests will be used for their benefit," says Paul Billings, cofounder of GeneSage, a company that promotes responsible DNA screening. "Unfortunately, this case suggests that we're still in the dark ages of employment-based testing."

Geneticists in particular question the legitimacy of the carpal tunnel test. They point out that the disease is a common workplace disability, and mutations of it are extremely rare. "I'm a humanist physician. I try hard to make the world a better place," says Phillip Chance, a geneticist at the University of Washington in Seattle, who discovered one of the mutations. "This would be the last thing I'd want to see happen with my work."

TOP

Click here for Archived News & Info.