Insurers Sort Of Like Med Privacy Rules
By Steven Brostoff, Washington Editor
NU Online News Service, March 22, 10:16 a.m. EST, Washington?Insurers and employers are praising the revised medical privacy rule issued yesterday by the Department of Health and Human Services, but are withholding their full support.
Donald Young, president of the Washington-based Health Insurance Association of America, said that while the revised rule responds to some of HIAA's concerns over cost and complexity, he is skeptical that minor changes can solve the problem.
"A better approach would be to create a single national privacy standard," Mr. Young said. "A federal rule that preempts state privacy requirements can safeguard patient privacy and reduce burdensome compliance costs."
James A. Klein, president of the Washington-based American Benefits Council, an employers group, said he is "encouraged" by the changes but continues to have concerns. He agreed that Congress should adopt a single national standard to eliminate conflicting or duplicative state laws.
In addition, Mr. Klein said he believes the controversial "minimum necessary" standard needs further revision.
"The new proposed changes clarify the standard as it applies to conversations among health professionals," he said.
"However, a more precise rule is needed to state that health professionals may not restrict access to personal health information that a health plan determines is minimally necessary to fulfill its health care operations and quality assurance responsibilities," Mr. Klein said.
HHS Secretary Tommy G. Thompson said that the revised rule is intended to safeguard patient privacy while correcting unintended consequences that threatened access to quality care.
Much of the controversy surrounded the minimum necessary rule, which says that providers covered by the rule must limit the disclosure of personal health information to the "minimum necessary" to accomplish certain legitimate purposes, such as claims.
Insurance groups say this standard is so imprecise that it could make it difficult for insurers to obtain information needed to perform legitimate functions.
However, the revised rule addresses the minimum standard language only slightly. The new standard applies only to oral communications among providers and says that providers need only take "reasonable safeguards" when discussing personal health information.
If so, the new standard says, then incidental disclosures, such as another patient hearing a snippet of conversation, would not be subject to penalties.
As for marketing, the new standard explicitly requires health plans to obtain specific authorization from an individual before sending any marketing material.
The privacy rule was mandated by the Health Insurance Portability and Accountability Act. Unless it is revised again, health plans and other covered entities will have to comply with the rule by April 14, 2003.
© Arc, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to TMSalesOperations@arc-network.com. For more information visit Asset & Logo Licensing.