HIPAA news
HIPAA advisory
HIPAAdvisory > HIPAAnews > Current News Phoenix Health Systems
news
regs
action
tech
views
wares
alert
live
notes
latest
online HIPAA training
HIPAAstore
HIPAA help desk
search
contact us
site map

Letter from Health Leadership Council

February 1, 2001 

The Honorable Tommy G. Thompson
Secretary, U.S. Department of Health and Human Services
Hubert H. Humphrey Building
200 Independence Avenue SW
Washington, D.C. 20201

Dear Secretary Thompson:

The organizations listed below are committed to protecting the confidentiality of individually identifiable information used to provide health care services.    We have long advocated the establishment of Federal standards providing nationally uniform confidentiality protections. 

Unfortunately, while certain aspects of the final HHS privacy regulations ("Standards for Privacy of Individually Identifiable Health Information") are improved over the proposed version, key provisions of the final regulations are unworkable and could seriously disrupt patient care.  New unprecedented barriers are created for patients to access the health care system, and for our ability to continue to provide health care services efficiently and effectively.   

There are several specific problems we have identified:

  • The final regulation contains substantive changes from the proposed regulation, including entirely new sections and requirements that were neither in the proposed regulation nor foreseeable by those commenting on the proposed regulations.   This fact alone argues for a new public comment period.
  • We are especially concerned about the impact of the new provision that requires that patients sign a specific patient consent before providers may use or disclose identifiable information for treatment, payment, and health care operations.  This provision was not part of the proposed regulation.  In fact, HHS went to great lengths in the proposed regulation  to explain why such a consent requirement was unworkable and therefore rejected in that version of the rule.  Maine repealed a similar law just 12 days after it took effect due to severe disruptions for family members trying to obtain prescriptions for elderly parents and other family members.
  • This new requirement will have serious consequences for many patients requiring medications.  Pharmacists will not be able to fill or refill prescriptions for consumers, and prescriptions called in by physicians will not be filled, unless a written consent is on file at the pharmacy.  The requirements will create delays for patients, for parents with sickf children, and others who will have to come to the pharmacy to sign consents before the pharmacist can fill or refill a prescription.   Elderly and disabled individuals, who often cannot pick up their prescriptions because of various infirmities, will be forced to sign a written consent form before anyone can pick up their prescriptions for them.   With over three billion prescriptions filled in the United States last year, disruptions in even a small percentage of these transactions could adversely impact millions of patients.
  • The final regulation needs clarification as to whether it requires covered entities to limit information to the "minimum necessary" when using patient information for treatment.   The rule excludes "disclosures to or requests by" a health care provider for treatment from the "minimum necessary" rule, but is less clear on whether the standard applies to "use" of information.    This is not a minor technical detail.  Definitive clarification is needed that use of patient information for treatment is not subject to the minimum necessary rule.  Limiting the ability of teams of health professionals, and health profession trainees, in a hospital setting to use a patient's complete medical chart or freely discuss and communicate among themselves in the course of treating patients could be disruptive and potentially dangerous.
  • The lack of adequate transition provisions in the regulation create a potentially chilling scenario two years after the February 26, 2001 effective date.  On that date, no health care provider will be able to use or disclose  identifiable patient information for most health care activities without a signed consent from patients. How providers will obtain consent forms from over 200 million Americans by the compliance date  is a staggering problem that could interfere with everything from refilling routine prescriptions, sending out reminder notices about appointments, conducting disease management programs, maintaining quality assurance programs, doing claims adjudication, medication compliance, and so on.
  • While the regulation was improved over the proposed version with respect to  research, we continue to have concerns.  By modifying the Common Rule with respect to the enormous quantity of health research that requires access to archived patient records, the final regulation will impose significant new burdens and record-keeping requirements on research institutions that will divert resources from research.  In addition, we are concerned about the new requirement that Institutional Review Boards (IRBs) make determinations as to whether the privacy risks to individuals are "reasonable in relation to the anticipated benefits if any to the individuals, and the importance of the knowledge to be obtained from that research." This introduces into the IRB process a determination for which there are no normative standards, and which will of necessity be based on the belief structures and ideologies of individual IRB members.
  • The final regulation is contrary to HIPAA's goals of "administrative simplification," and at odds with the law's requirement that the privacy standards reduce the administrative costs of providing health care.

By no means is this an exhaustive list of problems we have identified.   A more detailed, technical list is being compiled which we will forward to you as soon as possible. 

The organizations listed below are asking you to review the February 26, 2001 effective date of the regulation to give the Department an adequate opportunity to look at the areas of concerns we have raised.   Mr. Secretary, we stand ready to work with you to develop protections that are workable and effective for patients and the health care delivery system.   

Sincerely,

Academy of Managed Care Pharmacy
AdvaMed
American Association of Health Plans
American Benefits Council
American Clinical Laboratory Association
American Managed Behavioral Healthcare Association
American Medical Rehabilitation Providers Association
American Occupational Therapy Association
American Pharmaceutical Association
American Physical Therapy Association
American Society of Consultant Pharmacists
American Medical Group Association
American Physical Therapy Association
Private Practice Section
Association of American Medical Colleges
Biotechnology Industry Organization
Blue Cross and Blue Shield Association
Disease Management Association of America
Easter Seals
The ERISA Industry Committee
Federation of American Hospitals
Food Marketing Institute
Home Medical Equipment Association of America
Hospice Association of America
Health Insurance Association of America
Healthcare Leadership Council
Medical Group Management Association
National Association of Chain Drug Stores
National Association of Health Underwriters
National Association for the Support of
Long-Term Care
National Association for Home Care
National Association of Manufacturers
National Association of Rehabilitation Agencies
Pharmaceutical Research and Manufacturers of America
Premier Inc.
Society for Human Resource Management
The National Business Coalition on
e-Commerce & Privacy
U.S. Chamber of Commerce
VHA Inc.

Go to TOP