Privacy and Confidentiality of Patient Records
Background
The "Health Insurance Portability and Accountability Act of
1996" (HIPAA) included provisions designed to lower costs for
the health care industry by requiring the adoption of Federal transaction
standards for electronic transfers of health care information. At
the same time, HIPAA required the adoption of new safeguards to protect
the security and confidentiality of that information. The final regulations
governing privacy and confidentiality of patient records were issued
in December 2000 and took effect on April 14, 2001. On March 27,
2002 the Bush Administration issued modifications to the privacy
regulations eliminating the patient consent requirement and redefining
the types of activities that would be subject to regulations with
respect to marketing. Covered entities, including care providers,
were required to be in compliance with the final rules by April 14,
2003.
The rule covers all individually identifiable health information
used or disclosed by a covered entity in any form. It provides new
rights for patients to understand and control how their health information
is used; generally limits use of an individual’s health information
to health purposes; establishes the privacy safeguard standards
that covered entities must meet, with consideration given to the
need for flexibility and scalability to account for the nature of
each entity’s business or practice; and establishes accountability
for medical records use and release. The rule contains special protection
for psychotherapy notes.
On April 14, 2003, Representative
Ed Markey (D-MA) introduced legislation
to restore provisions in the original
rule promulgated by the Clinton
Administration with respect to
consent and marketing. H.R. 1709, the "Stop Taking Our Health Privacy (STOHP) Act," would
reinstate the requirement that
patients must give their permission
before their personal medical information can be used or disclosed
for treatment, payment, or health
care operations. The bill would
also expand the definition of "marketing" for
purposes of regulating commercial
activities. Consumer advocates
are concerned that loopholes in
the new regulation have led to circumstances under
which consumers have no control
about commercial uses of their
medical information.
AAGP Position
AAGP supports strong protections
for the privacy and confidentiality of patients’ medical
records, including electronic records, and in particular for psychotherapeutic
notes. Health plans must protect the confidentiality of patients’ medical
records. Patients must have more control over how the personal
information contained in their medical records will be used and
disclosed. Specifically, entities should be prohibited from disclosing
individually identifiable health information unless authorized
by the individual patient.
At the same time, AAGP believes that there should not be unnecessary
impediments to coordination of clinical care, or unnecessary barriers
to medical research. There must be a reasonable and ethically sound
process that allows access to protected data for research purposes
while, at the same time, protecting individuals’ rights and
ensuring confidentiality.
March 2004
|
