Health care providers face stricter privacy requirements
By CORTNEY ERNDT
Special to the Journal
LANSING Stricter health privacy laws are leading to an increase in reported violations and better training of new physicians.
The U.S. Department of Health and Human Services said the number of health privacy cases investigated increased from 339 in 2003 to 3,898 in 2011. About 70,259 health privacy complaints were resolved and 6,931 open complaints were made from April 14, 2003 to December 31, 2012.
Michigan State Medical Society President John Bizon said, “Training for new physicians has been expanded compared to when I went to medical school before implementation of HIPPA,” the Health Insurance Portability and Accountability Act of 1996.
Grand Valley State University graduate and Michigan State University first-year medical student Alex Brenner, of Shelbyville, said patient privacy rights were addressed at his orientation into medical school, at his care-facility job and at a research orientation at Spectrum Hospital.
“Health privacy is taken very seriously,” Brenner said.
Although health-related majors don’t take courses on law, privacy is addressed in training courses at hospitals and care facilities.
Bizon said, “I think that doctors are doing a much better job, especially given the penalties that you have for breaches of privacy. We still have work cut out for us.”
Penalties increase for noncompliance base on the level of negligence, with a maximum penalty of $1.5 million per violation.
Colin Ford, the Michigan State Medical Society director of state government affairs, said, “If you breach a patient’s trust one time, the likelihood of them coming back and being completely forthright and honest about their condition is pretty unlikely.”
Ford said there was a case where a radiology office was on leased property and the landlord threatened to release health records if the radiologist did not pay his rent.
“It was a problem with the landlord not respecting the relationship the physician had with those patients,” Ford said.
Ford said health privacy cases are not typically caused by physicians mishandling patients’ records.
“Doctors always kept medical records and it wasn’t like they took those records and then put them on the front page of a newspaper,” Ford said, “They put them in their filing shelves, which were oftentimes public.”
After HIPAA became effective, record rooms became more secure.
Most health privacy breaches occur through unauthorized access and theft.
A Health and Human Services report said 2,979 Blue Cross Blue Shield of Michigan members were affected when a hacker gained unauthorized access to a network server in 2010.
Goodwill Industries of Greater Grand Rapids Inc. had backup tapes stolen that left 10,000 individuals with unprotected health information in 2009. Muskegon’s Lake Woods Nursing and Rehabilitation Center had a laptop theft in 2010 that affected 656 patients, Health and Human Services said.
In January, Health and Human Services strengthened privacy and security protections.
For example, the changes expand many of the requirements for businesses that receive protected health information, such as contractors and subcontractors.
Also, patients can now ask for a copy of their electronic medical record in an electronic form.
When patients pay cash for treatment, they can now instruct their provider not to share information about their treatment with their health plan.
Now provisions also reduce the burden on parents to give permission for a health provider to share proof of a child’s immunization with a school.