HIPAA news
HIPAA advisory
HIPAAdvisory > HIPAAnews Phoenix Health Systems
news
regs
action
tech
views
wares
alert
live
notes
latest
online HIPAA training
HIPAAstore
HIPAA help desk
search
contact us
site map

Mixed Reactions to the Privacy NPRM

Health Data Management reports HHS' summary of proposed changes to the privacy rule touted the closure of a loophole that permitted use of identifiable information without patient authorization for marketing purposes. However, a closer examination of the actual proposed rule is raising questions about whether changes make it easier to use identifiable information for marketing purposes without authorization. In the proposed rule, an expanded definition of what activities are not considered marketing actually leaves few marketing activities subject to an authorization requirement, according to the Health Privacy Project of Georgetown University, Washington, DC. In a New York Times commentary on March 30, former HHS Secretary Donna Shalala, who served in the Clinton Administration, said the proposed changes actually loosen restrictions on marketing.

Those supporting the proposed changes include the American Medical Assocation (AMA) and Healthcare Information and Management Systems Society (HIMSS). The AMA is urging specific modifications to the rule's prior consent requirement and "business associates" provisions, hoping the changes would minimize the rule's cost and administrative burden on physicians and their practices. HIMSS believes that the changes "create a privacy rule that improves conditions for healthcare providers and healthcare information technology vendors alike," said HIMSS Executive Vice President Carla Smith.

The Association of American Medical Colleges (AAMC) supports proposed changes to the health privacy regulations, but requests further modifications to protect patient care and research. Read AAMC's endorsement of the privacy rule modifications.

Read Health Data Management's article, "Privacy Rule's Marketing Provisions Remain Contentious."

Read former HHS Sec. Donna Shalala's New York Times op-ed, "A Loss to Medical Privacy."

Read AMNews' article, "Doctors keep up the push to ease burdens of privacy rule."

More on HIMSS' support of the proposed changes follows:

CHICAGO, March 27, 2002 -- The Healthcare Information and Management Systems Society (HIMSS) today released a statement expanding on comments made last week by HIMSS President and CEO H. Stephen Lieber regarding HHS' proposed changes to the HIPAA privacy rule. These proposed changes were officially posted today in the Federal Register.

Following a thorough review of HHS' Notice of Proposed Rule Making (NPRM) to the HIPAA privacy rule, HIMSS believes that the changes "create a privacy rule that improves conditions for healthcare providers and healthcare information technology vendors alike," said HIMSS Executive Vice President Carla Smith.

Her comments on behalf of the Society follow:

"As part of the Coalition for Health Information Policy (CHIP), HIMSS has advocated for the timely implementation of the 'administrative simplification rules called for by HIPAA. These uniform standards should protect identifiable personal health information, while allowing effective and efficient management and delivery of healthcare services, and fostering advances in medical and health services research and promotion of the public health.

"The NPRM, published in today's Federal Register, has addressed some of the healthcare industry's concerns with the final privacy rule. While retaining many of the core features of the original rule, such as patients' rights to confidentiality and the ability to review their own medical records, the NPRM significantly reduces the administrative burden on healthcare providers and other covered entities and should have a positive impact on healthcare information technology vendors. "According to the NPRM, healthcare providers will not be required to obtain prior written consent to use protected health information for treatment, payment, and healthcare operations. This minimizes a set of unintended consequences in dealing with the first patient contact, e.g., obtaining a prescription or scheduling an encounter, as well as with the issues of record keeping and the right to withdraw consent. In its place, providers must give notice of their information practices and seek written acknowledgement from the patient. This also allows patients to consider changing providers if they find the information-use policies unacceptable, and suggests that their treatment is no longer conditional based upon their consent.

"HIMSS supports the proposed modifications, which retain limits on use of personal health information to the 'minimum necessary,' while allowing treatment-related conversations. From a system perspective, covered entities will still need to implement role-based controls that accommodate the minimum necessary requirements for access to appropriate patients and functions. The NPRM also provides model business associate provisions, reducing the need for each covered entity to develop its own contractual terms. This would greatly simplify the process for a vendor signing contracts with multiple covered entities.

"The enormous potential of computer and communications technologies to improve healthcare delivery, quality, and access, while also reducing costs, cannot be realized unless individuals and the society are confident that safeguards are in place to protect the confidentiality of personal health information. The proposed modifications maintain this protection, while easing the administrative burden on providers and vendors. HIMSS looks forward to filing a written comment and will continue to advocate for timely implementation of the rule."

View the Privacy NPRM.

Go to TOP