Federal Government Fields Privacy Complaints
The federal government's Department of Health and Human Services(HHS) has fielded more than 1800 complaints from individuals concerned about the handling of their private medical information. The federal agency responsible for enforcing new privacy protections under the Health Insurance Portability and Accountability Act is receiving roughly 75 complaints each week according to administrators.The number of complaints received in the first three months following the regulation's April 14, 2003, compliance date was 637, revealing that the pace of complaints is increasing as individuals become more aware of their rights under the new privacy regulation.
According to HHS, most of the complaints have been filed by individual patients against provider groups. The agency acknowledges that, during the first five months of its enforcement activities, no civil monetary penalties have yet been issued.
Further, according to HHS officials, a number of complaints were dismissed due to jurisdictional reasons. For example, complaints received before the compliance date or and complaints against entities not subject to HIPAA have been dismissed.
The HHS posture in the early months of enforcing the medical privacy requirements has been focused towards education and advice. However, recalcitrant or unwilling entities are likely to see a stronger enforcement action by the government.
While many organizations covered by the regulation have taken steps to comply, there continue to be numerous inquiries about minor details of the privacy rule. One common question deals with medical reception desk use of sign-in sheets, and the practice of calling patients for appointment reminders. Another area of frequent questions is proper use of the authorization form which must be signed by the patient to permit disclosure of health information for non-medical purposes. Privacy Complaints
Human resources specialists are now struggling to update their policies and procedures to insure flow of information for employment policies such as drug tests results, physical exams, medical leave requests and disability benefits.
An individual's desire for privacy and an organization's need to use or disclose certain information for treatment or business operations is a continual balancing process. The development of written policies by covered entities and employers is one important element in protecting the rights of the individual while maintaining business and health care operations.
A free check list, Implementing HIPAA in the HR Department is available on request from www.medicalprivacy.info or by fax from 630-513-8237.
About the Author . . .
. . . William S. Hubbartt is president of Hubbartt & Associates, a St.
Charles, IL consulting firm specializing in employee compensation, employee
handbooks, personnel policies and supervisory training. (www.Hubbartt.com) Mr.
Hubbartt is author "The Medical Privacy Rule - A Guide for Employers and Health
Care Providers."