HIPAA legislation has wide-reaching impact for patients

No matter if you end up in the ER with a broken arm, call a doctor for allergy medications or have a failing liver that requires transplant surgery, at some point you will be a patient.

And that alone should compel you to understand what the recent HIPAA legislation is all about.

Since the Health Insurance Portability and Accountability Act (HIPAA) went into effect in April, the confidentiality of medical records is now protected by federal law rather than a patchwork of state regulations. The law marks the culmination of a decade-long drive to enforce a higher standard of handling confidential patient information.

With the ultimate aim of protecting both the inappropriate disclosure of private medical information and to ensure that patients have the right to know what’s in their medical records, HIPAA affects all arenas of health care.

The sweeping legislation mandates many changes. Sign-in sheets in doctors’ offices can no longer ask the reason for the visit. Computers must be password-protected and patient information not easily seen from public view. Health-care workers are not allowed to openly discuss details — patient names, type of medical care, appointments, explanations of medical conditions — that may reveal a patient’s identity unless it’s for treatment or business purposes.

The new legislation will change the way many University departments — not just the School of Medicine — do business.

Patient privacy has always been a top priority at the medical school. Signs reminding faculty, students and staff not to discuss patient information hang in every Washington University Medical Center elevator. Brochures about patient privacy line doctors’ offices. The Faculty Practice Plan provides detailed guidelines on the University’s commitment to patient privacy.

“HIPAA’s commitment to patient privacy is just a more formalized version of what we’ve been doing for years, but now it adds administrative steps to document what’s always been good practice,” said University Privacy Officer Joan M. Podleski, assistant vice chancellor for medical affairs and executive director of clinical operations for the Faculty Practice Plan. “It also sets a floor for all health-care providers in every state to follow, rather than the previous variations across the country.”

So how do you determine if HIPAA will impact your job?

“You need to stop and think: Am I ever in a situation where I have access to protected health information?” Podleski said. “It might be for research or insurance purposes in addition to regular clinical work. Or maybe you’re a student doing a rotation through a patient or clinical research area.

“Walk around the office and pretend you’re ‘paranoid Aunt Helen’ and observe what you see and hear. Do you have sticky notes with computer passwords on your desk? Have papers containing patient information been shredded? If you see something that makes you feel uncomfortable, then you need to deal with it.”

And perhaps, most importantly, as a patient you need to know your rights. From a clinical standpoint, the law offers patients a clear, understandable definition of what those rights entail. Under HIPAA’s “Notice of Privacy Practices,” every covered entity (doctor, dentist, health-care facility, insurance company) must offer an explanation of how it will deal with your protected health information and what your rights are.

But the most dramatic change HIPAA implements is its means of significantly strengthening the recourse patients now have when their medical privacy is violated.

Until now, patients who felt that they had been wronged could only file a civil suit to seek financial penalties. The new legislation, however, allows patients to file complaints with the covered entity, which must respond in certain ways and within a certain time frame, or with the Department of Health and Human Services, which can then pursue criminal penalties, including a $250,000 fine and 10 years in prison for the most serious offenses.

“Now that the penalty for violating personal health information is clearly defined on a federal level, a patient’s medical information will be even more consistently protected,” said William A. Peck, M.D., executive vice chancellor for medical affairs and dean of the medical school. “HIPAA not only strengthens a patient’s inherent right to his or her medical privacy, but now patients also have the ability to hold all health-care providers accountable for protecting those rights.”

For more information go to hipaa.wustl.edu.