Skip to main content

MGMA: Proposed HIPAA Disclosures Rule 'Unworkable'

 |  By cclark@healthleadersmedia.com  
   July 29, 2011

Just days before the close of the comment period on the proposed "accounting of disclosures" HIPAA privacy rule, providers are cranking up the volume to get the rule changed or thrown out and rewritten from scratch.

"This proposed rule is just too onerous," says Robert Tennant, senior policy adviser for the Medical Group Management Association, whose members include practices with 275,000 physicians in the U.S. 

Results from an MGMA survey released this week indicate that passage of the rule in its proposed form would be a strong or a complete disincentive to install an electronic health record system for 568 of the 1,340 respondents. Another 169 said it would be a moderate disincentive.

This proposed rule, called for by the Health Information Technology and Clinical Health Act of 2009 (HITECH), and written by the Office for Civil Rights is intended to give patients the ability to learn who viewed any medical information, even that related to treatment, payment, and health operations.

It would require physician practices with electronic health records to produce an "accounting of disclosures" and an "access report for treatment, payment and healthcare operations."

That could mean producing documents that are 2,000 pages long, Tennant said. Also, the proposed rule would require that practices keep this information for three years.

The information provided would include the date, the time the information was accessed, and what information was accessed, as well as the name of the person who accessed it, "which raises other issues such as the privacy of the employee," Tennant explained in a telephone interview.

He noted that the issue could become a problematic one for physician practices as well as health plan officials. "Let's say God forbid you had a child who died of a disease, and a health plan had denied a healthcare claim. (Under this rule), now you (would) have access to the name of the person who denied that claim."

"The Office for Civil Rights went far, far beyond the scope of the statute with this proposed rule," he said. "It's incumbent on them to circle back, and really craft a regulation that's going to be workable."

Other groups, such as the College of Healthcare Information Management Executives (CHIME), have expressed concerns. Public comments about the proposed rule are largely negative.               

Tennant added that some serious unintended consequences could result if the Department of Health and Human Services does not step back and redraft the regulation. First, he said, it would discourage many physicians from purchasing electronic health records, despite the incentive payments provided by the same HITECH Act.

Second, it may spur some providers to decline to bill payers, requiring the patient to pay the bill in full at the time of the visit or within 30 days, and recapture the money from the health plan or government payer, Tennant said.

"I have not heard of anyone who is in support of this, including the privacy advocates. It's unworkable for anybody."

Another element revealed by the MGMA survey is that patients apparently aren't clamoring to get information of this kind all that often. When asked how many patient requests for disclosure they received in the last 12 months, 65% said zero to 1 per physician.

Indeed, hospitals have echoed their concerns. For example, Paula A. Bussard, Senior Vice President for Policy & Regulatory Services for the Hospital and Healthsystem Association of Pennsylvania wrote:

"To comply with specific obligations for providing an access report, hospitals would need, for example, to disclose the identity of employees who are acting in perfectly appropriate ways—doing exactly what they are supposed to be doing—to any patient who makes a request. It is difficult to understand exactly what privacy benefit to patients supplying employees’ names in these circumstances serves."

The American College of Physicians, whose members include 132,000 internists, also called the proposal "onerous."

"We believe the proposed rules as written will have the unintended negative consequence of reducing the clinically appropriate and necessary sharing of PHI with adverse impact on patient care quality and safety," wrote Michael H. Zaroukian, MD, Chairman of the ACP's Medical Informatics Committee.

"Providers will likely resort to printing and handing records to patients for them to deliver to other providers rather than having to explain cryptic listings of record accesses in a log file."

Chad Carr, medical records manager for MedStar Emergency Medical Services of Fort Worth, said in its letter to the federal health agency that "tracking and subsequently generating a detailed report of all access activity related to electronic designated records sets (DRS) will pose substantial and unreasonable burdens for our organization."

Carr added, "Patient records are sometimes accessed numerous times on a daily basis for a host of legitimate reasons. For example, EMTs and paramedics may create an electronic patient care report (ePCR) in the field and then subsequently access that report several times to complete it. This is because there is often limited time to record all of the necessary information at the time of service."

See Also:
AHIMA: Proposed HIPAA Access Requirement a 'Significant Burden'
6 Things to Know About the HIPAA Disclosures Proposed Rule
Proposed HIPAA Disclosure Rule, Explained

 

 

Tagged Under:


Get the latest on healthcare leadership in your inbox.