Thursday, September 17, 2015
HIPAA Part One
I have been spending many many odd time hours at the office recently. It's not so that I can provide the best quality dental care to our large family of patients, but rather on reviewing new government regulations that affect my practice, as well as the practice of all of my peers and of medicine in general. That acronym is HIPAA, which stands for the Health Insurance Portability and Accountability Act. You will note that there is no word privacy here. That is because that is not the reason for the law as it was written in 1996. History shows us that the bipartisan law was proposed by Senator Ted Kennedy and Nancy Kassebaum and sent to President Bill Clinton for his signature in August 1996. The reason for the law was a concern for what was termed “job lock” and the insurance coverage of pre-existing medical conditions. In addition the government set about the process of trying to save money by verifying the portability of dental insurances. There was also a mandate for fraud and abuse in the law and administrative simplification provisions which they thought could save the government somewhere between 3 or 4% in administrative costs for Medicaid and Medicare. Yes, it is all about the money. Then there was a provision in the law, put in the last minute, for privacy. Kennedy and Kassebaum realized that there may be a problem with electronic transfer of data between insurance companies and the government and they assigned a mandate for congress to resolve this privacy issue within 3 years. As you can expect, by 1999 they had not fulfilled that mandate, and the job was turned over to HHS (Health and Human Services) who established OCR (Office of Civil Rights) to write the privacy laws which came out in November 1999. The document was 300 pages long and was released December of 2000. In the “final regulations” they mentioned 265 times the term "reasonable" in trying to make the privacy laws appear to be easy to manage. The final guidelines were released in July 2001. But by then there were modifications of the Notice of Proposed Mandates that came out in March of 2002 which went into effect in October of 2002. This eventually led to the forms that you sign at our office today, the “Notice of Privacy Provisions” and our “good faith effort” in getting you that information. The unfortunate thing about this process is really the privacy portion of the law really boils down to a few short words “we get your PHI (personnel health information) from you and we should not give it to anyone without our permission.” Unfortunately those few words translated into thousands of pages of documents from the federal government that we need to evaluate and respond to with hundreds of pages of documents of our own and many many hours of time. All this is based on the goal of saving the government 3% on this cost. How much does that cost us in the medical field that is passed onto you the consumer? I am not sure,However I am sure it is much more than 3%. I will review the next phase of HIPAA and its current status in my next blog beginning with the HITECH Act (Health Information Technology for Economic and Clinical Health) and the finally the Omnibus Bill passed in 2013.