return to list

HHS ANNOUNCES FINAL REGULATION ESTABLISHING FIRST NATIONAL STANDARDS TO PROTECT PATIENTS' MEDICAL RECORDS

On December 20, 2000, President Clinton signed a federal regulation governing the privacy of an individual’s health care information. The regulation was published in the Federal Register on December 28, 2000 and will become effective on February 26, 2001.

Primary provisions include the following:

  • The final regulation addresses the use and disclosure of individually identifiable health information in any form. This can take the form of electronic, written or oral transmissions by health care providers.
  • Patient consent must be obtained prior to using or disclosing such protected health information for treatment, payment or health care operations.
  • Providers must obtain, in addition to the one-time consent, additional and specific authorization to use and / or disclose all protected health information for purposes other than treatment, payment or health care operations with certain exemptions.
  • The invalid use of or disclosure of protected health information to or by a health care provider’s "business associates" (e.g.; staff and consultants) will result in liability on the part of the provider. Health care providers must have written confidentiality agreements with their business associates covering uses of or disclosures of protected health information.
  • The new regulation creates four individual rights for patients: (1) to receive written notice of a provider’s information practices, including notification of patients’ rights with respect to protected health information, and changes to such practices prior to implementing such changes; (2) to obtain access to the individual’s own health information; (3) to obtain an accounting of how the individual’s health information has been disclosed; and (4) to request a correction and/or amendment of the individual's health information.
  • Civil penalties include up to $25,000 annually per provision of the regulation that has been violated; criminal penalties include up to $250,000 and/or 10 years imprisonment.
  • By February 26, 2003, most health care providers must implement administrative procedures to safeguard the confidentiality of health information; designate a privacy officer; implement confidentiality policies; train employees regarding the privacy policies; develop a complaint process for patients and determine sanctions for violations of these policies.

Now is the time to develop the policies and procedures necessary to adhere to the new privacy regulations. The federal government has given the industry until the year 2003 (New Jersey will begin even earlier); however, once the public is aware of these privacy requirements, how soon will it be before patients demand adherence, regardless of the required date of implementation? When a patient asks: "How is my personal information being protected by your office?", how well will the patient react to the following answer: "We are not required to fully protect your personal information until February 26, 2003."

Contact The Law Offices Of David S. Barmak, P.A. at (800) 709-4785 for more information on how to protect your practice / facility by adhering to these new patient privacy requirements.

For more information, please Call or E-mail



return to top   return to list