Support our online development, and advance our onground research initiatives in free market economics, as we seek to showcase the brightest Next-Gen minds.
THE ME-P DISCLAIMER: Posts, comments and opinions do not necessarily represent iMBA, Inc., but become our property after submission. Copyright © 2006 to-date. iMBA, Inc allows colleges, universities, medical and financial professionals and related clinics, hospitals and non-profit healthcare organizations to distribute our proprietary essays, photos, videos, audios and other documents; etc. However, please review copyright and usage information for each individual asset before submission to us, and/or placement on your publication or web site. Attestation references, citations and/or back-links are required. All other assets are property of the individual copyright holder.
Enforcement of the HIPAA Privacy and Security Rules
By Darrell K. Pruitt; DDS
I recently came across the “CRS (Congressional Research Service) Report for Congress – Enforcement of the HIPAA Privacy and Security Rules,” updated on August 11, 2008.
http://assets.opencrs.com/rpts/RL33989_20080811.pdf
ADA News Online
If those responsible for American Dental Association publications were paying attention, someone would have posted a link to the report more than a month ago on ADA News Online. Was an editor asleep on the job or something? I think members need to know important information like this as soon as news breaks. The ADA has both the technology and the capability of serving members much more responsibly.
ADA Lobbyists
The cover sheet to the report says that the report is “Prepared for Members and Committees of Congress.” Dentists need to know what their representatives are being told by stakeholders and their lobbyists. By the way, where are the ADA lobbyists? Quite frankly, it is my opinion that they are not earning their pay unless they work for basement bargain prices – which they don’t.
HIPAA
The very first sentence of the report reminds us what the HIPAA Rule of 1996 was supposed to be about before it was quietly amended in 2003: “The Health Insurance Portability and Accountability Act of 1996 (HIPAA), directed HHS to adopt standards to facilitate the electronic exchange of health information for certain financial and administrative transactions.” (P.L. 104-191, 110 Stat. 1936 (1996), codified in part at 42 U.S.C. §§ 1320d et seq.)
That sounds benign, and the next paragraph even sounds benevolent. It promises reduced administrative costs for providers (doctors) as well as payers (insurance companies) through simplification of administration.
“Part C of HIPAA requires ‘the development of a health information system through the establishment of standards and requirements for the electronic transmission of certain health information.’ Such standards are required to be consistent with the objective of reducing the administrative costs of providing and paying for health care.”
HHS Simplification
The report expands on the HHS meaning of “simplification” under the topic: “The HIPAA Administrative Simplification Enforcement Rule” (CRS-8): “The Privacy Rule permits any person to file an administrative complaint for violations. An individual may file a compliant with the Secretary if the individual believes that the covered entity is not complying with the administrative simplification provisions.”
Less Administration?
What was that? Did you notice what happened? Doctors were promised less administrative costs through simplification, and then suddenly the CRS Report advertises to politicians that simplification is actually meant to help disgruntled constituents. Modern payback can be delivered using HIPAA inspectors instead of lawyers and nuisance suits. It not only simplifies scaring the water out of doctors, but it is cheaper (more accessible) for consumers when revenge is taxpayer-funded. For those providers expecting good news, I’m afraid promises once again took second seat to votes.
So if the simplification actually does not apply to providers, what are doctors left with? Responsibilities; of course via “Responsibilities of Covered Entities,” (CRS-9): “Covered entities are required to provide records and compliance reports to the Secretary to determine compliance, and to cooperate with complaint investigations and compliance reviews.”
Secretarial Action
Since there is a good chance that the HIPAA responsibilities will make a few covered entities angry, someone, probably a seasoned OSHA inspector, had the foresight to create a rule to take care of that potential problem as well. “Secretarial Action,” (CRS 9): “Finally, the Rule includes a provision that prohibits covered entities from threatening, intimidating, coercing, discriminating against, or taking any other retaliatory action against anyone who complains to HHS or otherwise assists or cooperates in the HIPAA enforcement process.”
Enter PWC
That means, providers would do well to be kind to HHS-contracted PriceWaterhouseCoopers inspectors as they search through office computers for evidence. For dentists, if you offer the contract worker a cup of coffee “with a whole lot of sugar,” be sure you are smiling. For one thing, they will probably be working on commission soon. And remember, it is a felony to intentionally contaminate someone’s drink, even before HHS starts adding up penalties.
Civil Money Penalties
Which brings us to “Civil Money Penalties,” (CRS 10): “Once a penalty has become final, the Secretary is obligated to notify the public, state, and local medical and professional organizations; state agencies administering health care programs; utilization and quality peer review organizations; and state and local licensing agencies and organizations.”
The NPI Number
Remember the voluntary but permanent NPI number, FOIA-disclosable data and the NPPES? This is where the modular HIPAA plan comes together to form a club-like weapon of intimidation. If HHS determines that a dentist steps out of line, the Secretary is obligated to let everyone know about the HIPAA infraction for the common good – using the Internet. That will keep the future doctors down on the farm. or anywhere else but med school. What are we doing to our grandchildren’s access to quality healthcare, friends?
Common Complaints
Here are the most common complaints: “HIPAA Enforcement Activity,” (CRS 14):
“According to HHS, the compliance issues most frequently investigated were for [1] impermissible use or disclosure of protected health information, [2] lack of adequate safeguards for protected health information, [3] lack of patient access to his or her protected health information, [4] the disclosure of more information than is minimally necessary to satisfy a particular request for information, and [5] failure to have an individual’s authorization for a disclosure that requires one.”
How Much Info is Enough?
I think we may be reading a mistake in the document concerning item number 4: “the disclosure of more information than is minimally necessary to satisfy a particular request for information.” Wow! How is a provider to know how much is just enough information, and not too much? Have doctors been sending insurance companies telephone books out of frustration?
Perhaps doctors think that even if all this sounds tedious, time consuming, expensive and otherwise heavy in liability, HHS isn’t interested in solo practitioners. PWC inspectors are going after the big players simply because patient complaints are more than likely being filed against impersonal hospitals, pharmacies and insurance companies. Not doctors.
Vague Statements
Doctors are sometimes wrong: “The covered entities most commonly required to take corrective action by HHS, in order of frequency, include private practices, general hospitals, outpatient facilities, health plans, and pharmacies.” Even though the statement is 180 degrees vague, I think the author means to say that private practices are hit most frequently.
Assessment
Now, as a bookend to this opinion piece, let me repeat the 1996 purpose of HIPAA: The Health Insurance Portability and Accountability Act of 1996 directed HHS to adopt standards to facilitate the electronic exchange of health information for certain financial and administrative transactions.”
Conclusion
It sounds hollow now; but your thoughts and comments are appreciated from all covered-entities, not just the dentists.
Practice Management: http://www.springerpub.com/prod.aspx?prod_id=23759
Physician Financial Planning: http://www.jbpub.com/catalog/0763745790
Medical Risk Management: http://www.jbpub.com/catalog/9780763733421
Healthcare Organizations: www.HealthcareFinancials.com
Health Administration Terms: www.HealthDictionarySeries.com
Physician Advisors: www.CertifiedMedicalPlanner.com
Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com or Bio: www.stpub.com/pubs/authors/MARCINKO.htm
Subscribe Now: Did you like this Executive-Post, or find it helpful, interesting and informative? Want to get the latest E-Ps delivered to your email box each morning? Just subscribe using the link below. You can unsubscribe at any time. Security is assured.
Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos
Copyright 2008 iMBA Inc: All rights reserved, USA, unless otherwise noted. Use is restricted to Executive-Post subscribers only. No redistribution is allowed. To avoid violation of iMBA Inc copyright restrictions and redistribution policy, please register for your own free Executive-Post membership. Detailed information and registration links are available at:
Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos
Referrals: Thank you in advance for your electronic referrals to the Executive-Post
Share this:
Filed under: Health Law & Policy, Information Technology | 1 Comment »
The Leading Business Education Network for Doctors, Financial Advisors and Health Industry Consultants 