Home | Legal Matters
There was a time, not so many years ago, when the Compliance department of a hospital was an adjunct of the Office of the Medical Director, or, perhaps, the General Counsel. Perhaps the Risk Manager had a Compliance hat she wore when the occasion demanded. While there were compliance responsibilities with regard to medical records, they were mostly to do with ensuring that the all forms were completed (such as Operative Reports, or Discharge Summaries). In the late 1990's, the trend toward digitization of electronic health records raised new health care compliance concerns: privacy and security. HIPAA, an act instituted in '96, was not originally meant to deal with healthcare compliance directly. The focus was portability. The intent was to enable employees to move between jobs without losing their health insurance due to denials of enrollment by the new employer's insurer due to preexisting conditions (in fact the legislation in essence, forbade denial of enrollment on the ground of preexisting condition, when an employee was hired by a subscribing company within a certain period of time). As a result of HIPAA, a number of lawyers realized that insurance companies would have to reassess and reset risks and premiums. There is only one efficient way of undergoing this process, and that's to review the codes that are used for those claims. The problem is that these codes are not standardized. Every state has their own set of codes. The conclusion, the healthcare compliance aides to the Congress and the U.S. Department of Social services concluded, was to come up with a uniform set of claims codes. But as with all things legislative, this elicited a new concern: with all this very sensitive information being transmitted on a regular basis, there was the potential for abuse if the patient data were to end up in the hands of those unauthorized to view it, and who would perhaps use it for non-benign purposes. As a result, DHHS allowed for comments about medical privacy issues. They received nearly 40,000 comments about health information that had been mishandled with regard to its privacy. As a result of this massive inquiry, HIPAA privacy rules were established dealing with criteria and disclosure of medical information. Soon after, there were a number of rules instituted that dealt with the manufacturing of, the storage of, and the ultimate disclosure of protected health information. These six-hundred pages were the beginning of what has come to be known as HIPAA law. Since then those who know HIPAA law has become almost a cottage industry within the area of healthcare law. As Healthcare law has become more robust, and areas like healthcare compliance have been added, lawyers have had to learn more and more about the industry especially with regard to how changes affect security and privacy. Yet, as more and more health information was created, stored and transferred electronically, the hospitals and medical practices established many offices like the office for a position of Chief Information Security. In 2004 hospitals who had not yet begun the transition to electronic medical records were given some encouragement when President Bush issued an executive order that mandated a national transition to an interoperable e-health records system. After Bush's executive order was issued, Congress established funding to help with the transition. Hillary Clinton sponsored one of the first bills allotting funding. As a result of thin margins and slow reimbursement, a number regional hospitals were slow to adopt the new measures. This hurt national coordination efforts. Medicare stopped taking paper claims submissions, but there was still significant resistance among care givers to give up the pen and paper. In February, 2009 legislation was passed which would almost require every Risk Manager and Compliance Officer to have at least a rudimentary knowledge of HIPAA law, as it pertained to electronic health records. As part of the "Stimulus Package" Congress passed another law known by its acronym HITECH. HITECH did three things to affect the day to day activities of all those involved in hospital counsel, IT and hospital security officers. It provided for Thirty Billion Dollars in incentive payments to be used to accelerate the transition to an interoperative health record system. The law, enacted on Jan. 13,2010, establishes criteria for access to those funds, allowing only those who can exchange data in an accurate and secure manner. Finally, focusing on the word "secure," the law requires that the information be accessed and stored and exchanged in a manner consistent with, and supportive of, compliance with the HIPAA Privacy and Security Rules. Such a mandate is made even harder, however, by the fact that HIPAA rules were expanded and strengthened as a result of the act. As hospital staff are made aware of these new regulations, despite being in the middle of a recession, there is no doubt that lawyers will we be called upon by hospitals. Healthcare compliance will truly become HIPAA compliance.
Article Source: http://www.mycontentbuilder.com
Does your company need hipaa lawyers? Our lawyers have vast experience in the area of hipaa consulting and we would love to work with you.
Please Rate this Article
5 out of 54 out of 53 out of 52 out of 51 out of 5
Not yet Rated
Full name
E-mail address
