[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

industry pub on Health Care Personal Information NondisclosureAct of 1998

To: med-privacy <med-privacy@essential.org>
Subject: industry pub on Health Care Personal Information NondisclosureAct of 1998
From: Peter Marshall <techdiff@ix.netcom.com>
Date: Mon, 25 Jan 1999 15:38:27 -0800


http://www.medscape.com/SCP/DBT/1998/v10.n06/d4239.appl/d4239.appl-01.html

 Legislators Look Anew at Patient Confidentiality

Kimberly Applequist, JD, Paula C. Ohliger, JD, Robyn A. Meinhardt, RN, JD

[Drug Benefit Trends 10(6):17, 1998. © 1998 SCP Communications, Inc.]

Introduction

Laws governing disclosure of patient drug records have been on the books for
years at the federal and state levels. Recent trends in the health care
industry-including the expansion of managed care, the growth of large,
integrated health care delivery networks, and the computerization of patient
medical and prescription drug records-have focused further attention on the
issue. There is increased awareness of the risk of both inadvertent and
willful disclosure of confidential patient medical and prescription drug
records as more people within an organization have access to computer
databases, and as such records are increasingly used for purposes other than
patient care and payment for services.

Measures that would change and strengthen laws and regulations governing
medical record confidentiality are being considered by Congress and a number
of state legislatures. In the Senate, the Health Care Personal Information
Nondisclosure Act of 1998 was introduced on April 2 as S.B. 1921.

What the Act Provides

The Act would require providers, plans, health oversight agencies, health
and life insurers, and other entities to establish "appropriate
administrative, technical, and physical safeguards to protect the
confidentiality, security, accuracy, and integrity of protected health
information created, received, obtained, maintained, used, transmitted, or
disposed of" by the entity. It would prohibit disclosure of protected health
information except as authorized, and it would create civil and criminal
penalties for unauthorized disclosures.

"Protected health information" includes any information that is not
"nonidentifiable health information" and relates to the past, present, or
future physical or mental health of an individual; provision of health care
to such an individual; or payment for such health care. "Health care"
includes the sale or dispensing of a drug, device, or other
health-care-related item. "Nonidentifiable health information" is that which
would otherwise be protected but does not reveal the identity of an
individual in question.

Authorization Requirements

The Act would require health care providers and other entities to obtain
informed consent for disclosure of protected health information.
Authorization for disclosure in connection with treatment, payment, and
health care operations would be obtained from an individual at the time of
treatment and/or enrollment in a health plan.

Authorization for disclosure of information about an individual under any
other circumstances would require explicit consent. Delivery of treatment or
payment for services could not be conditioned upon receipt of such
authorization.

For an authorization to be valid, the individual and nature of the
information would have to be identified, as well as the type of person or
entity to whom the information would be disclosed and the purpose of the
disclosure. Authorization would have to be in written or electronic form,
with a unique identifier, and subject to revocation by the individual.

Exceptions

The Act provides authorization exceptions in emergency circumstances: to
protect individuals from serious imminent harm; for certain disclosures to
health oversight agencies, public health authorities, and health
researchers; for disclosures for law enforcement; and for civil, judicial,
and administrative procedures.

The Act does not require special authorization (other than the routine
authorization obtained upon enrollment in a plan or upon provision of
services) for internal disclosures of protected health information for
quality-assurance activities or outcomes assessments, reviews of competence
or qualifications of health care professionals, accreditation or licensing
activities, analysis of plan claims or health care records, evaluations of
plan and provider performance, or utilization review. It does not require
special authorization for disclosure of an individual's protected health
information by a health care provider to a managed care plan or other
insurer providing coverage, or to agents of the health care provider.
However, disclosures to other entities or individuals would require the
authorization of the individual affected.

Status of the Legislation

The Act has been sent to the Senate Committee on Labor and Human Resources.
At press time, no information was available on its ultimate adoption.
However, along with growing public awareness of changes in the health care
industry, interest in confidentiality of medical records is also likely to
grow, and further legislative efforts in this area seem likely.

   Copyright © 1994-1998 by the publishers involved.

Prev by Date: "New Perils of Sharing or Selling Prescription Information"
Next by Date: Bazelon Center on Congr. med-privacy legislation
Prev by thread: "New Perils of Sharing or Selling Prescription Information"
Next by thread: Bazelon Center on Congr. med-privacy legislation
Index(es):
- Date
- Thread