Healthcare Managers Prefer Hipaa Privacy Rule As Is, Survey Finds

Healthcare Financial Management, May, 2001

The Health Insurance Portability and Accountability Act (HIPAA) final privacy rule is acceptable as written to most of the healthcare professionals surveyed by Phoenix Health Systems, Washington, D.C. The finding contrasts with the claims that the rule is burdensome, unaffordable, and unrealistic by major healthcare organizations, such as the American Medical Association, American Hospital Association, and the Blue Cross and Blue Shield Association. A total of 517 responses were received, 266 from hospitals and other healthcare provider organizations, and most of the rest from payer organizations, clearinghouses, and vendors.

The survey asked healthcare executives, managers, and professionals whether specific provisions of the controversial rule should be removed, relaxed, remain as written, or be made stricter. The responses across all participant groups overwhelmingly supported the rule as written. Almost 65 percent of respondents felt the requirement that healthcare organizations obtain patient consent to use patient data for treatment or healthcare operations was appropriate. About 70 percent of all respondents and more than 80 percent of healthcare provider staff agreed with the provision that patients should have the right to inspect health data used to make decisions about them. Similarly, 70 percent of respondents agreed that the privacy rule should apply to all individual patient data, regardless of how it is transmitted. Earlier versions of the privacy rule had specified that it applied only to electronic data.

Almost 65 percent of all respondents agreed that patient health information should not be used without authorization or consent, although, in a rare exception to the overall trend of agreement, 75 percent of respondents from payer organizations wanted this provision removed. About 59 percent of all respondents and 65 percent of provider staff respondents agreed that only the minimum necessary disclosure of personal health information should be allowed, even when authorized. Well over half of respondents said that patient data should be available without authorization for medical research, law enforcement, and other emergency public needs. However only 34 percent of respondents agreed with the provision allowing providers limited use of patient data without patient authorization for fund raising, while 56 percent felt the provision should be made stricter.

More than half of respondents agreed with provisions allowing patients the right to access and request amendments to their own health records, inspect health information used to make decisions about them, receive an accounting of disclosures of their health information, and request disclosure restrictions.

Almost 55 percent of respondents agreed that state laws that are stricter should preempt HIPAA, while 40 percent felt that HIPAA always should preempt state laws. More than 65 percent of all respondents agreed with the provision denying patients the right to sue their HMOs.