Hi-tech ID wristbands boost safety, efficiency

New policy details procedure for missing patients

New Cellular Therapeutics Lab boosts SHC's bone marrow transplant capacity

Emergency Medicine faculty promotes specialty halfway around the globe

Revised policies mean cell phones, laptops can be used in some areas

Physicians can take simple steps to improve patient safety





Volume 27 No. 2 February 2003

Learning to live with HIPAA

By: Joseph Hopkins,
professor of medicine and associate chief of staff

* * *

The new federal law called the Health Insurance Portability and Accountability Act - known to most of us as HIPAA - will require us to think differently about the way we handle patient information, and will require us to change some of our long-standing practices. As we approach HIPAA's effective date of April 14, consider these scenarios that will be affected by the law:

What health information can be shared with a patient's family and friends?
If a patient's spouse calls you asking for information on his/her condition, how much information can you provide?

Under HIPAA, patients will have expanded rights to review their medical record and request corrections or amendments.
How should you handle these requests?

A fundamental concept in HIPAA is "minimum necessary" disclosure of information. This means that health-care personnel should obtain and disclose only the minimum amount of health information needed for a specific task. While the "minimum necessary" regulation does not apply to health-care professionals in the course of treating patients, remember that health information flows out of health-care settings for a variety of other purposes.
How will the "minimum necessary" requirement be applied in educational conferences, research projects or the completion of disability forms and other administrative tasks?

E-mail is becoming a ubiquitous part of our lives, including our clinical practice.
How and when can protected health information be discussed via e-mail?

You learn that a close friend or neighbor is in the ICU. Although you are not part of this patient's care team, out of concern you stop in to check on how the patient is doing. To your surprise, the nurse at the bedside refuses to let you look at the patient's flow chart. She says her HIPAA training forbids this.
Is she correct?

A patient asks that certain sensitive health information not be recorded in his/her chart.
How would you respond?

You find it convenient and helpful to store some facts about patients on your PDA or laptop computer. You also work on lectures involving case presentations at home.
What must you do to protect this information?

Members of your clinic are interested in starting a new case management service and support group for patients with a particular chronic disease. You want to mail an announcement about these programs to all of your patients with this diagnosis. You also anticipate that at some point you will invite financial contributions from these patients to help defer some of the costs of this very helpful activity, as no insurer will cover it. One of your staff says you can't contact these patients for either purpose because of HIPAA.
Is she right?

You are faxing health information about a patient to another health-care provider, but you accidentally press a wrong digit and send the information to a local department store. You have heard there are severe financial penalties for HIPAA violations.
What should you do now?

* * *

All of these situations are addressed in the HIPAA regulations and will be incorporated into SHC policies, and it's important that we as physicians know how to respond. In most of the aforementioned situations, the appropriate responses are not very difficult or disruptive when physicians understand what HIPAA requires.

That's why education is a key part of HIPAA. The law requires that all those in the health-care workforce receive training on HIPAA concepts and policies before April 14. This includes mandatory training of all members of the Stanford Hospital medical staff, including community physicians as well as Stanford physicians.

SHC is currently developing training materials as well as plans for disseminating this information to physicians and staff. We anticipate that all physicians will be required to complete a Web-based, online educational module that will take about 35 minutes. It will include a short test and will generate a record of completion for the medical staff office. Alternate formats, such as CD-ROMs or in-person seminars, are also being considered.

The ultimate goal is to enable physicians - along with all our health-care personnel - to deal with HIPAA successfully, so that it becomes a routine part of our practice rather than a disruption.