Federal Legislation to Assure Confidentiality. (Patient Privacy)
Americans have grown grudgingly accustomed to having certain aspects of their lives open to inspection, be it their credit rating or job history. Yet, there is one area that virtually all of them wish to keep confidential--their medical records. However, due to the uneven patchwork of state laws regarding use and disclosure of such records, patients' rights and confidentiality have not always been adequately protected.
That fact was recognized by Congress when it enacted the Health Insurance Portability and Accountability Act (HIPAA) in 1996, requiring new safeguards to protect the privacy of health information. The resulting regulations, crafted by the Department of Health and Human Services, were signed into law by Pres. Bush in 2001, and the Privacy Rule--which applies to individually identifiable health information in electronic, written, oral, and any other form--gives the health care industry until Apr. 14, 2003, to comply. The law is being administered by the Office of Civil Rights, a division of Health and Human Services.
For patients, the law represents a new civil right to privacy, giving them actionable recourse in the event that their private medical records are not "reasonably" safeguarded. For insurance companies, hospitals, doctors' offices, health care providers, health plans, health care clearinghouses, and other covered entities, the HIPAA regulations present new challenges throughout their systems and operations.
The challenges are particularly acute regarding the oral privacy rule, which extends from such scenarios as a physician discussing treatment with a person next to another patient in a semiprivate hospital room to a health plan employee reading patient information from a computer screen in earshot of others not authorized for access to it. …