The U.S. Department of Health and Human Services (HHS) released the final changes to the privacy regulations of...
the Health Insurance Portability and Accountability Act (HIPAA) late last month.
Part of HIPAA deals with IT security and acts as a set of standards the ensure the secure and private exchange of patient information between health care agencies like doctor's offices, hospitals and insurance companies, among others.
The privacy rules approved by Health and Human Services are essentially what was proposed in March with one exception. Health care providers no longer have to get patients to sign-off on the privacy rules.
Now, patients only need to acknowledge they received a copy of the rules, which govern how sensitive medical data can be shared.
Kate Borten, president of the Marblehead Group, a consulting firm specializing in HIPAA, said the change in consent is a good thing for patients. Under the previous guidelines, patients had to sign the consent form to be treated. The rules ended up coercing patients into signing the consent form.
"You couldn't refuse to sign this blanket consent at one place then go across the street to get treatment without signing consent there," Borten said.
While patients no longer have to sign a consent form, they will have to sign a form acknowledging they received a privacy notice, which Borten said is far more empowering. This notice will tell patients how their information is used and also what privacy rights patients have.
Most patients probably don't realize the amount of information sharing that goes on between various health care related businesses, Borten said. "Such sharing happens all the time but patients just don't know about it," she said.
Patients may be happy to hear that patient information can't be used for marketing purposes without explicit consent of patients. For example, doctors and hospitals can't sell lists to drug companies without patients' permission.
When patients are given the sheet outlining how sensitive data will be handled, it's a good time for patients to ask questions of their doctors or pharmacists. "This is an ideal opportunity for individuals to think about these issues," Borten said.
Searchsecurity.com HIPAA coverage
In fact, Borten thinks informing patients of the privacy rules will help draw the public more into the debate over the privacy of medical data. This is particularly powerful at the local level, she said.
"Let's say you are chatting with a neighbor about how nurses at your doctor's office were having a conversation about a patient that you could hear," Borten said. "Your friend then tells you how careful their doctor is with information. You may want to switch to that doctor given concerns about your own confidential information."
The privacy provisions are set to take affect in April 2003.
Dig Deeper on Security Resources