A Practitioner's Response to the New Health Privacy Regulations

Article excerpt

The vital importance of clients' right to make their own decisions about disclosure of their health information suffered a serious blow with a highly significant policy shift affecting the way in which health care is delivered. The Bush administration decided to vacate the Clinton policy ensuring informed consent for disclosure of any health care information, thereby abrogating the patient's right to veto the transmission of this information (Pear, 2002), The new privacy regulations of the Health Insurance Portability and Accountability Act (hereinafter, HIPAA) (P.L. 104-191; Standards for Privacy, 2002) replace the requirement for patient authorization with only a notice of the provider's privacy policy. The supplantation of the patient's right to control the disclosure of information with a privacy policy notice, along with other modifications in the new HIPAA regulations, promises to have a far-ranging impact on health care delivery in this country.

This policy shift requires social workers to develop new ways of managing client information and to respond strategically to the way in which client health information is managed in the health care industry.

HISTORY OF PRIVACY AND PRIVACY REGULATION

The genesis of medical privacy and confidentiality is found in the Hippocratic Oath, which directs the physician not to reveal private patient information (Resier, Dyck, & Curran, 1977). Before the legal establishment of physician--patient testimonial privilege in New York State in 1828 (Nye, 1982), there had already been a long-standing and widespread acceptance of the physician's duty to maintain patient information as private and confidential. The importance of protecting patient health information by nonphysicians was prompted by the growth of health care in the mid-20th century and was acknowledged by the expansion of testimonial privilege to other health and mental health professionals. This privilege was first established in the state court systems (Foster, 1982) and was later introduced to the federal judiciary for social work psychotherapists in the Jaffee v. Redmond (1996) decision.

The regulation of confidentiality in health care was extended to conditions such as AIDS and substance abuse, then to public health and research. Although confidentiality protects the patient from harm caused by disclosure, exceptions may require disclosure to protect third parties from harm (Tarasoff v. Regents of the University of California, 1976). The importance of maintaining confidentiality can be seen in the sanctions and penalties provided by law (Dickson, 1998).

The complexity and specialization in health care has given rise to reorganization of service delivery into new forms, including preferred provider organizations, health maintenance organizations, large group practices, and multiple-hospital corporations. As a result,more people have access to patient medical records than previously. Not only has computerization of patient records expanded access, it has increased the potential for breaches of privacy to a level that was previously impossible (Rice & Katz, 2001). Access continued to expand with the growth of third-party payer systems and their demands to justify payment. The compilation of patient records in large databases made possible large-scale public health research into patterns of illness, effective treatments, and improved quality of care. The benefits associated with patient data banks encouraged the creation of a national health information infrastructure (Committee on Maintaining Privacy, 1997).

In 1996 the drive to establish this infrastructure received a boost with the establishment of HIPAA. Before HIPAA, employee benefits terminated with employment. HIPAA established the continuity of these benefits for an 18-month transition period to new employment. The portability mandate necessitated the development of a unique health identifier to track the medical services provided throughout a person's lifetime. …