HIPAA Rules Explained
New Medical Privacy Rules Meant to Protect Your Health Records
Rask: There are two things patients will see. First, doctors'
offices will ask patients to sign papers saying they are aware the office has
privacy policies in place. They can review those policies if they like. Second,
patients may be asked to sign forms that authorize sharing of medical
information with other healthcare providers involved in their care. They may be
required to sign separate forms for each provider.
Q: Is this really going to make our medical records more
Rask: I think actually, from a privacy perspective, having
these regulations in place guarantees a higher level of privacy. I don't think
there's a downside here.
Q: What's not to like?
Rask: Where there is a downside is in bigger issues that
don't relate to individual patients. Example one: In order to comply, many
doctors, hospitals, etc. are spending enormous amounts [of money] to become
compliant. Dollars that go to this are not dollars that go elsewhere. It is
important to think about the costs of making this paperwork trail. At a time
when we are having so much trouble providing minimal healthcare to so much of
our population, I would like to see more of an emphasis on care than on
paperwork. But that is a trade-off we are making to ensure better privacy.
The second problem I have is that we aren't just concerned with
the care given to an individual patient. We also are concerned about the
quality of care we provide and about patient safety. For these larger issues,
researchers need to be able to look at patient information. We need to be able
to tell when things went wrong and when they went right. The more we restrict
this research, the more we restrict our ability to describe and improve what is
going on in the healthcare system. That is a trade-off, too. Some people would
feel that the privacy of an individual outweighs any other benefit. On the
other hand, it is very difficult to change or improve healthcare if we can't
look at what is being done.
Q: Are computerized records really more secure than paper
There are very good ways to protect data electronically.
Although it sounds scary, it makes data more protected than current paper
records. For example, think about someone looking at your medical chart in the
hospital. It has a record of all that is happening -- lab results, doctor
consultations, nursing notes, orders, prescriptions, etc. Anybody who opens it
for whatever reason can see all of this information. But if the chart is an
electronic record, it's easy to limit access to any of that. So a physical
therapist writing physical therapy notes can only see information related to
physical therapy. There is an opportunity with electronic records to limit
information to those who really need to see it. It could in many ways allow
more privacy than current paper records.