March 23, 2001 (Washington) -- It's not only unclear what is happening with "final" federal patient medical privacy rules, it's tough to get people to agree on what the rules would do.
Welcome to another full-on Washington war of words, with talk on one side of the "unintended consequences" of the rules and countercharges that these objections are "misinformation" to kill off the new requirements.
According to Robert Heird, senior vice president for Anthem Blue Cross and Blue Shield, the rules as written would "harm consumers" since they would "slow the delivery and payment of care." The rules, he claimed, "will require a major reorganization of every doctor's office, hospital, pharmacy, laboratory, research facility, and health plan."
But Janlori Goldman, a privacy advocate who heads Georgetown University's Health Privacy Project, tells WebMD, "The industry is putting a full-out assault on the regulation, and they have a receptive ear" with the Bush Administration.
She adds, "We [must] not be swayed by distortions and exaggerations. I think that consumers have a lot to be concerned about right now, looking at how hospitals and health plans and pharmacists are resisting. I just think they [providers] don't want to be regulated. It will cost money -- there's no question."
The new standards, in the works for years, had been published in "final" form in the last weeks of Clinton's term in office last year. They establish for the first time a national right to privacy over individual health information.
Under the rules, patients would have the right to see and amend their medical records. Moreover, they would have more authority over the use of their health information; patients would have to give a one-time consent before their records could be used for treatment, payment, and other healthcare operations.
The rules apply to doctors and other healthcare providers, health plans, and companies that process and transmit claims data.
The regulations do not, however, allow consumers to sue over breaches of their privacy, and does not directly apply to others who may handle patient health information, such as life insurers and employers. And advocates of the rule said that it doesn't offer adequate protections in some areas, by allowing law enforcement relatively easy access to patient records, and permitting limited use of personal health information for fundraising and marketing efforts.
The requirements are supposed to go into effect on April 14 -- most providers would then have two years to comply -- but that date may well slip.
Pres. George W. Bush's Health Secretary Tommy Thompson has opened up the rules for additional public comments; in the coming weeks, the Administration may delay the effective date and rework the rules.
According to CVS pharmacy executive Carlos Ortiz, who testified Thursday at a congressional hearing on the rules, the standards would require pharmacies to obtain written consent from patients before filling any of their prescriptions. The rules are a "prescription for chaos," he said, since 40% of prescriptions are dropped off and picked up by someone other than the patient. To continue serving patients, CVS would have to prepare patients for the written consent requirement. That would cost more than $60 million, Ortiz claimed.